Infection in PC 2014-09-03T05:14:32+00:00
  • Auteur
    Messages
  • Photo du profil de priam120priam120
    Participant
    Post count: 0

    I run the clean from usbfix and it shows 2 infected files. Then i thought it cleaned. but again i run the clean, computer shows 2 infected files. I am attaching the report. please help

    ############################## | UsbFix V 7.181 | [Clean]

    User: DELL (Administrator) # DELL-PC
    Updated 31/08/2014 by El Desaparecido – SosVirus
    Started at 12:57:11 | 03/09/2014

    Website : http://www.en.usbfix.net/
    Changelog : http://www.en.usbfix.net/changelog/
    Support : https://www.sosvirus.net/
    Upload Malware : https://www.sosvirus.net/upload_malware.php
    Contact : http://www.en.usbfix.net/contact/

    ################## | System information |

    MB: Dell Inc. (0XJN1N)
    CPU: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz
    RAM -> [Total : 4044 Mo | Free : 2912 Mo]
    Bios: Dell Inc.
    Boot: Normal boot

    OS: Microsoft™ Windows 7 Home Premium (6.1.7600 64-Bit)
    WB: Internet Explorer : 8.00.7600.16385
    WB: Mozilla Firefox : 31.0

    ################## | Security Information |

    AV: ESET NOD32 Antivirus 7.0 [Enabled |(!) Outdated]
    AS: Windows Defender [Enabled |(!) Outdated]
    AS: ESET NOD32 Antivirus 7.0 [Enabled |(!) Outdated]
    FW: Windows Firewall [Enabled]
    SC: Security Center [Enabled]
    WU: Windows Update [Enabled]

    ################## | Disk Information |

    C: (%SystemDrive%) -> Fixed disk # 93 Gb (39 Gb free – 42%) [System] # NTFS
    D: -> Fixed disk # 146 Gb (7 Gb free – 5%) [Priya] # NTFS
    F: -> Fixed disk # 146 Gb (24 Gb free – 17%) [Entertainment] # NTFS
    G: -> Fixed disk # 80 Gb (12 Gb free – 15%) [Ramesh] # NTFS
    H: -> Removable disk # 7 Gb (6 Gb free – 86%) [] # FAT32

    ################## | Generic Research |

    (!) Temporary files deleted. (0.984259605407715 MB)

    ################## | Registry |

    Not deleted ! … Tentative au redémarrage… HKCUSoftwareHola
    Not deleted ! … Tentative au redémarrage… HKUS-1-5-21-3512343878-334908861-238928385-1000SoftwareHola

    ################## | Regedit Run |

    F2 – HKLM..Winlogon : [Shell] explorer.exe
    F2 – [x64] HKLM..Winlogon : [Shell] explorer.exe
    F2 – HKLM..Winlogon : [Userinit] userinit.exe
    F2 – [x64] HKLM..Winlogon : [Userinit] C:Windowssystem32userinit.exe,
    04 – HKCU..Run : [RocketDock] “C:Program Files (x86)RocketDockRocketDock.exe”
    04 – HKCU..Run : [Sidebar] C:Program FilesWindows Sidebarsidebar.exe /autoRun
    04 – HKCU..Run : [Google Update] “C:UsersDELLAppDataLocalGoogleUpdateGoogleUpdate.exe” /c
    04 – HKCU..Run : [IDMan] C:Program Files (x86)Internet Download ManagerIDMan.exe /onboot
    04 – HKCU..Run : [Logitech Vid] “C:Program Files (x86)LogitechVid HDVid.exe” -bootmode
    04 – HKCU..Run : [BitTorrent Sync] “C:Program Files (x86)BitTorrent SyncBTSync.exe” /MINIMIZED
    04 – HKCU..Run : [Xvid] C:Program Files (x86)XvidCheckUpdate.exe
    04 – HKLM..Run : [googletalk] C:Program Files (x86)GoogleGoogle Talkgoogletalk.exe /autostart
    04 – HKLM..Run : [TkBellExe] “C:Program Files (x86)RealRealPlayerupdaterealsched.exe” -osboot
    04 – HKLM..Run : [DivXMediaServer] C:Program Files (x86)DivXDivX Media ServerDivXMediaServer.exe
    04 – HKLM..Run : [DivXUpdate] “C:Program Files (x86)DivXDivX UpdateDivXUpdate.exe” /CHECKNOW
    04 – HKLM..Run : [LWS] C:Program Files (x86)LogitechLWSWebcam SoftwareLWS.exe -hide
    04 – HKLM..Run : [Adobe Acrobat Speed Launcher] “C:Program Files (x86)AdobeAcrobat 9.0AcrobatAcrobat_sl.exe”
    04 – HKLM..Run : [Acrobat Assistant 8.0] “C:Program Files (x86)AdobeAcrobat 9.0AcrobatAcrotray.exe”
    04 – HKLM..Run : [AdobeCS4ServiceManager] “C:Program Files (x86)Common FilesAdobeCS4ServiceManagerCS4ServiceManager.exe” -launchedbylogin
    04 – HKLM..Run : [SunJavaUpdateSched] “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
    04 – [x64] HKLM..Run : [RTHDVCPL] C:Program FilesRealtekAudioHDARtkNGUI64.exe -s
    04 – [x64] HKLM..Run : [RtHDVBg] C:Program FilesRealtekAudioHDARAVBg64.exe /MAXX3
    04 – [x64] HKLM..Run : [IntelPAN] “C:Program FilesCommon FilesIntelWirelessCommoniFrmewrk.exe” /tf Intel PAN Tray
    04 – [x64] HKLM..Run : [FreeFallProtection] C:Program Files (x86)STMicroelectronicsAccelerometerP11FF_Protection.exe
    04 – [x64] HKLM..Run : [IgfxTray] C:Windowssystem32igfxtray.exe
    04 – [x64] HKLM..Run : [HotKeysCmds] C:Windowssystem32hkcmd.exe
    04 – [x64] HKLM..Run : [Persistence] C:Windowssystem32igfxpers.exe
    04 – [x64] HKLM..Run : [NVHotkey] rundll32.exe C:Windowssystem32nvHotkey.dll,Start
    04 – [x64] HKLM..Run : [egui] “C:Program FilesESETESET NOD32 Antivirusegui.exe” /hide /waitservice
    04 – HKUS-1-5-19..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun
    04 – HKUS-1-5-20..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun
    04 – HKUS-1-5-21-3512343878-334908861-238928385-1000..Run : [RocketDock] “C:Program Files (x86)RocketDockRocketDock.exe”
    04 – HKUS-1-5-21-3512343878-334908861-238928385-1000..Run : [Sidebar] C:Program FilesWindows Sidebarsidebar.exe /autoRun
    04 – HKUS-1-5-21-3512343878-334908861-238928385-1000..Run : [Google Update] “C:UsersDELLAppDataLocalGoogleUpdateGoogleUpdate.exe” /c
    04 – HKUS-1-5-21-3512343878-334908861-238928385-1000..Run : [IDMan] C:Program Files (x86)Internet Download ManagerIDMan.exe /onboot
    04 – HKUS-1-5-21-3512343878-334908861-238928385-1000..Run : [Logitech Vid] “C:Program Files (x86)LogitechVid HDVid.exe” -bootmode
    04 – HKUS-1-5-21-3512343878-334908861-238928385-1000..Run : [BitTorrent Sync] “C:Program Files (x86)BitTorrent SyncBTSync.exe” /MINIMIZED
    04 – HKUS-1-5-21-3512343878-334908861-238928385-1000..Run : [Xvid] C:Program Files (x86)XvidCheckUpdate.exe
    04 – HKUS-1-5-21-3512343878-334908861-238928385-1001..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun
    04 – HKUS-1-5-19..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe
    04 – HKUS-1-5-20..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe
    04 – HKUS-1-5-21-3512343878-334908861-238928385-1001..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe

    ################## | UsbFix – Information |

    Info : How to remove shortcut virus on flash disk (Video)
    Info : Shortcut virus on flash disk, What is it ?

    ################## | Hijack |

    ################## | C: %SystemDrive% – Fixed drive (NTFS) |

    [04/11/2013 – 12:54:43 | A | 68 Ko] – C:WaxCrash.txt
    [11/02/2014 – 19:39:12 | A | 41 Ko] – C:WM Capture 7 Setup Log.txt
    [14/03/2014 – 02:25:46 | A | 8 Ko] – C:wwwLog.txt
    [30/08/2014 – 09:16:55 | ASH | 3105684 Ko] – C:hiberfil.sys
    [30/08/2014 – 09:16:57 | ASH | 4140912 Ko] – C:pagefile.sys
    [09/11/2012 – 19:24:11 | A | 1 Ko] – C:freefallprotection.log
    [29/03/2014 – 18:52:07 | A | 0 Ko] – [VirusTotal – (0/54)] – C:AVScanner.ini
    [04/11/2013 – 12:54:44 | A | 76 Ko] – C:WaxCrash.dmp
    [16/01/2014 – 08:42:40 | A | 594 Ko] – [VirusTotal – (0/55)] – C:SecurityScanner.dll
    [09/11/2012 – 19:07:22 | SHD] – C:$Recycle.Bin
    [10/11/2012 – 10:58:44 | RASH | 8 Ko] – C:BOOTSECT.BAK
    [14/07/2009 – 09:38:58 | RASH | 375 Ko] – C:bootmgr
    [14/07/2009 – 11:20:08 | D] – C:PerfLogs
    [14/07/2009 – 13:08:56 | SHD] – C:Documents and Settings
    [09/11/2012 – 19:06:58 | SHD] – C:Recovery
    [09/11/2012 – 19:14:50 | RHD] – C:MSOCache
    [09/11/2012 – 19:24:48 | D] – C:Intel
    [09/11/2012 – 19:32:55 | RD] – C:Users
    [10/11/2012 – 10:58:42 | SHD] – C:Boot
    [14/03/2013 – 17:52:25 | D] – C:dell
    [22/03/2013 – 23:58:35 | SHD] – C:System Volume Information
    [30/05/2013 – 22:45:41 | A | 0 Ko] – C:END
    [29/03/2014 – 19:02:18 | RD] – C:Program Files
    [18/05/2014 – 23:28:55 | HD] – C:ProgramData
    [05/08/2014 – 17:35:15 | RD] – C:Program Files (x86)
    [08/08/2014 – 06:51:13 | D] – C:Windows
    [03/09/2014 – 12:55:55 | D] – C:UsbFix

    ################## | D: – Fixed drive (NTFS) |

    [09/11/2012 – 19:07:22 | SHD] – D:$RECYCLE.BIN
    [15/01/2013 – 16:24:53 | SHD] – D:System Volume Information
    [17/03/2013 – 23:17:18 | D] – D:priya documents
    [18/03/2013 – 07:32:12 | D] – D:software
    [06/12/2013 – 19:21:38 | D] – D:Video
    [05/01/2014 – 17:06:02 | D] – D:old dell

    ################## | F: – Fixed drive (NTFS) |

    [10/11/2012 – 20:24:02 | SHD] – F:$RECYCLE.BIN
    [15/11/2012 – 16:03:14 | D] – F:Vice City
    [15/01/2013 – 16:24:53 | SHD] – F:System Volume Information
    [25/01/2013 – 22:18:05 | D] – F:Old dell
    [30/06/2014 – 23:19:12 | D] – F:DwnlData
    [15/07/2014 – 18:06:19 | D] – F:mobile photos
    [30/07/2014 – 21:00:32 | D] – F:Good doctor

    ################## | G: – Fixed drive (NTFS) |

    [11/11/2012 – 01:46:38 | SHD] – G:$RECYCLE.BIN
    [15/01/2013 – 16:24:53 | SHD] – G:System Volume Information
    [17/03/2013 – 21:26:39 | D] – G:Tax Malaysia
    [10/04/2014 – 10:43:21 | D] – G:Webinar
    [30/06/2014 – 22:22:32 | D] – G:Elements
    [06/07/2014 – 23:31:55 | D] – G:Photos
    [10/07/2014 – 07:31:30 | D] – G:Home Accounts
    [21/07/2014 – 13:04:38 | D] – G:desktop

    ################## | H: – Removable drive (FAT32) |

    [01/03/2014 – 13:40:00 | D] – H:mc
    [02/09/2014 – 13:33:14 | D] – H:LA

    ################## | Vaccin |

    C:Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
    D:Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
    F:Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
    G:Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
    H:Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)

    ################## | E.O.F | https://www.sosvirus.net/ | http://www.en.usbfix.net/ |

  • Photo du profil de g3n-h@ckm@ng3n-h@ckm@n
    Admin bbPress
    Post count: 8314

    hello

    deactive your protections

    run this tool http://www.aht.li/2159847/AdsFix.exe” onclick=”window.open(this.href);return false; , Select “Clean”

    If it detects a proxy and you didn’t install it , click on “delete the proxy”

    wait ’til it ends and attach the report there : https://antimalware.top” onclick=”window.open(this.href);return false;

    It’ll be given here : “your desktop” or in “C:” named Adsfix_Date_Hour.txt

Le sujet ‘Infection in PC’ est fermé à de nouvelles réponses.