SOSVirus : Dépannage PC Gratuit Forums Aide à la désinfection – Forum Virus Sécurité USB VBS virus, can’t remove it with USBfix! (and i only know English!)

15 sujets de 1 à 15 (sur un total de 19)
  • Auteur
    Messages
  • handakes
    Participant
    Nombre d'articles : 9

    hi there,
    first of all, i would appreciate it if the the support can be given in English since i only know English next to my native tongue, sorry for that..
    you can still reply in any language as i will be using google translate, but i jsut prefer not to.
    anyway, after a visit to my local copy store, i picked up the virus that’s accurately described on the « USBfix » website, there’s just one catch, USBfix can’t remove it completely, and it comes back after i restart!
    it really removes it, the first run at least, but when i run it again it always finds “1” more element, and i don’t think it can be removed! cause when i restart all the symptoms come back again..
    here’s a bunch of logs, please help! thanks..

    USBfix log after the first run
    [spoiler:3c4y34ec]############################## | UsbFix V 7.184 | [Clean]

    User: MOI (Administrator) # MOI-PC
    Updated 20/10/2014 by El Desaparecido – SosVirus
    Started at 18:47:25 | 01/11/2014

    Website : http://www.en.usbfix.net/
    Changelog : http://www.en.usbfix.net/changelog/
    Support : http://www.sosvirus.net/
    Upload Malware : http://www.sosvirus.net/upload_malware.php
    Live detection : http://how-to-remove.us/
    Contact : http://www.en.usbfix.net/contact/

    ################## | System information |

    MB: ASUSTeK Computer INC. (P8Z68-V PRO GEN3)
    CPU: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz
    GC: NVIDIA GeForce GTX 670
    RAM -> [Total : 8159 Mo | Free : 5385 Mo]
    Bios: American Megatrends Inc.
    Boot: Normal boot

    OS: Microsoft™ Windows 7 Ultimate (6.1.7601 64-Bit) Service Pack 1
    WB: Internet Explorer : 11.00.9600.16428
    WB: Google Chrome : 38.0.2125.111
    WB: Mozilla Firefox : 34.0

    ################## | Security Information |

    AV: Bitdefender Antivirus Free Edition [(!) Disabled |Updated]
    AS: Windows Defender [Enabled |(!) Outdated]
    AS: Bitdefender Antivirus Free Edition [(!) Disabled |Updated]
    AS: Malwarebytes Anti-Malware : 2.0.3.1025
    FW: Windows Firewall [Enabled]
    SC: Security Center [Enabled]
    WU: Windows Update [Enabled]

    ################## | Disk Information |

    C: (%SystemDrive%) -> Fixed disk # 100 Gb (53 Gb free – 53%) [] # NTFS
    D: -> Fixed disk # 149 Gb (39 Gb free – 26%) [Series] # NTFS
    E: -> Fixed disk # 932 Gb (66 Gb free – 7%) [My Stuff] # NTFS
    F: -> Fixed disk # 149 Gb (45 Gb free – 30%) [Xbox] # NTFS
    G: -> Fixed disk # 366 Gb (37 Gb free – 10%) [Games] # NTFS
    L: -> Removable disk # 2 Gb (224 Mb free – 12%) [] # FAT

    ################## | Generic Research |

    Deleted! L:temp.lnk.242784.gzquar.lnk
    Deleted! L:DCIM.lnk.242784.gzquar.lnk
    Deleted! L:tmp.lnk.242784.gzquar.lnk
    Deleted! L:CA.lnk.242784.gzquar.lnk
    Deleted! L:samsungapps.lnk.242432.gzquar.lnk
    Deleted! L:Autorun.inf.lnk.242432.gzquar.lnk
    Deleted! L:media.lnk.242432.gzquar.lnk
    Deleted! L:SlideME.lnk.242432.gzquar.lnk
    Deleted! L:antispamlogs.lnk.242432.gzquar.lnk
    Deleted! L:Android.lnk.242432.gzquar.lnk
    Deleted! L:Scoreloop.lnk.242432.gzquar.lnk
    Deleted! L:stickbox.lnk.242432.gzquar.lnk
    Deleted! L:Socialin.lnk.242784.gzquar.lnk
    Deleted! L:Sounds.lnk.242432.gzquar.lnk
    Deleted! L:0001.vcf.lnk.242432.gzquar.lnk
    Deleted! L:Sounds.lnk.242784.gzquar.lnk
    Deleted! L:download.lnk.242432.gzquar.lnk
    Deleted! L:bluetooth.lnk.242432.gzquar.lnk
    Deleted! L:AlarmClockXtreme.lnk.242432.gzquar.lnk
    Deleted! L:0004.vcf.lnk.242432.gzquar.lnk
    Deleted! L:Ringtones.lnk.242432.gzquar.lnk
    Deleted! L:Enregistrement.lnk.242784.gzquar.lnk
    Deleted! L:social_cache.lnk.242432.gzquar.lnk
    Deleted! L:Music.lnk.242432.gzquar.lnk
    Deleted! L:openfeint.lnk.242784.gzquar.lnk
    Deleted! L:system.lnk.242432.gzquar.lnk
    Deleted! L:Other.lnk.242432.gzquar.lnk
    Deleted! L:rodrigo y gabriela album 2006 mp3 320k.lnk.242432.gzquar.lnk
    Deleted! L:Picture.lnk.242432.gzquar.lnk
    Deleted! L:ZeptoLab.lnk.242784.gzquar.lnk
    Deleted! L:openfeint.lnk.242432.gzquar.lnk
    Deleted! L:0002.vcf.lnk.242432.gzquar.lnk
    Deleted! L:RecForge.lnk.242432.gzquar.lnk
    Deleted! L:ZeptoLab.lnk.242432.gzquar.lnk
    Deleted! L:0003.vcf.lnk.242432.gzquar.lnk
    Deleted! L:Books.lnk.242432.gzquar.lnk
    Deleted! L:Recordings.lnk.242432.gzquar.lnk
    Deleted! L:Video.lnk.242432.gzquar.lnk
    Deleted! L:backups.lnk.242784.gzquar.lnk
    Deleted! L:mo7adra.txt.lnk.242432.gzquar.lnk
    Deleted! L:fitnastica.lnk.242432.gzquar.lnk
    Deleted! L:backups.lnk.242432.gzquar.lnk
    Deleted! L:ScreenCapture.lnk.242432.gzquar.lnk
    Deleted! L:LOST.DIR.lnk.242432.gzquar.lnk
    Deleted! L:dumpstate_app_201304182235_com_android_phone_error.log.lnk.242432.gzquar.lnk
    Deleted! L:New folder.lnk.242432.gzquar.lnk
    Deleted! L:ApplifierVideoCache.lnk.242432.gzquar.lnk
    Deleted! L:dumpstate_app_201303121954_com_android_phone_error.log.lnk.242432.gzquar.lnk

    (!) Temporary files deleted. (5.39257144927979 MB)

    ################## | Registry |

    ################## | Regedit Run |

    F2 – HKLM..Winlogon : [Shell] explorer.exe
    F2 – [x64] HKLM..Winlogon : [Shell] explorer.exe
    F2 – HKLM..Winlogon : [Userinit] userinit.exe
    F2 – [x64] HKLM..Winlogon : [Userinit] C:Windowssystem32userinit.exe,
    04 – HKCU..Run : [OscarEditor] « C:Program Files (x86)X7 Oscar Keyboard Editor\OscarEditor.exe » Minimum
    04 – HKCU..Run : [OscarKeyboard] « C:Program Files (x86)X7 Oscar Keyboard EditorOscarEditor.exe » Minimum
    04 – HKCU..Run : [KiesHelper] C:Program Files (x86)SamsungKiesKiesHelper.exe /s
    04 – HKCU..Run : [KiesTrayAgent] C:Program Files (x86)SamsungKiesKiesTrayAgent.exe
    04 – HKCU..Run : [SandboxieControl] « C:Program FilesSandboxieSbieCtrl.exe »
    04 – HKLM..Run : [JMB36X IDE Setup] C:WindowsRaidToolxInsIDE.exe
    04 – HKLM..Run : [SwitchBoard] C:Program Files (x86)Common FilesAdobeSwitchBoardSwitchBoard.exe
    04 – HKLM..Run : [AdobeCS5ServiceManager] « C:Program Files (x86)Common FilesAdobeCS5ServiceManagerCS5ServiceManager.exe » -launchedbylogin
    04 – HKLM..Run : [ASUS AiChargerPlus Execute] C:Program Files (x86)InstallShield Installation Information{E6931688-DA2B-4E16-8539-3D323D69C677}AiChargerPlus.exe
    04 – HKLM..Run : [Adobe Reader Speed Launcher] « C:Program Files (x86)AdobeReader 10.0ReaderReader_sl.exe »
    04 – HKLM..Run : [Adobe ARM] « C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe »
    04 – [x64] HKLM..Run : [RtHDVCpl] C:Program FilesRealtekAudioHDARAVCpl64.exe -s
    04 – [x64] HKLM..Run : [AdobeAAMUpdater-1.0] « C:Program Files (x86)Common FilesAdobeOOBEPDAppUWAUpdaterStartupUtility.exe »
    04 – [x64] HKLM..Run : [ShadowPlay] C:Windowssystem32rundll32.exe C:Windowssystem32nvspcap64.dll,ShadowPlayOnSystemStart
    04 – [x64] HKLM..Run : [NvBackend] « C:Program Files (x86)NVIDIA CorporationUpdate CoreNvBackend.exe »
    04 – [x64] HKLM..Run : [XboxStat] « C:Program FilesMicrosoft Xbox 360 AccessoriesXboxStat.exe » silentrun
    04 – [x64] HKLM..Run : [AtherosBtStack] « C:Program Files (x86)Bluetooth SuiteBtvStack.exe »
    04 – [x64] HKLM..Run : [AthBtTray] « C:Program Files (x86)Bluetooth SuiteAthBtTray.exe »
    04 – HKUS-1-5-19..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun
    04 – HKUS-1-5-20..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun
    04 – HKUS-1-5-21-630149823-2377076548-582725754-1000..Run : [OscarEditor] « C:Program Files (x86)X7 Oscar Keyboard Editor\OscarEditor.exe » Minimum
    04 – HKUS-1-5-21-630149823-2377076548-582725754-1000..Run : [OscarKeyboard] « C:Program Files (x86)X7 Oscar Keyboard EditorOscarEditor.exe » Minimum
    04 – HKUS-1-5-21-630149823-2377076548-582725754-1000..Run : [KiesHelper] C:Program Files (x86)SamsungKiesKiesHelper.exe /s
    04 – HKUS-1-5-21-630149823-2377076548-582725754-1000..Run : [KiesTrayAgent] C:Program Files (x86)SamsungKiesKiesTrayAgent.exe
    04 – HKUS-1-5-21-630149823-2377076548-582725754-1000..Run : [SandboxieControl] « C:Program FilesSandboxieSbieCtrl.exe »
    04 – HKUS-1-5-19..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe
    04 – HKUS-1-5-20..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe

    ################## | UsbFix – Information |

    Info : How to remove shortcut virus on flash disk (Video)
    Info : Shortcut virus on flash disk, What is it ?

    ################## | Hijack |

    ################## | C: %SystemDrive% – Fixed drive (NTFS) |

    [01/11/2014 – 18:37:27 | ASH | 6266220 Ko] – C:hiberfil.sys
    [01/11/2014 – 18:37:30 | ASH | 8354960 Ko] – C:pagefile.sys
    [01/11/2014 – 00:49:23 | D] – C:Config.Msi
    [07/08/2014 – 20:46:40 | A | 2 Ko] – C:RHDSetup.log
    [27/09/2014 – 22:18:03 | SHD] – C:$Recycle.Bin
    [31/10/2014 – 21:36:04 | AD] – C:Kaspersky Rescue Disk 10.0
    [14/07/2009 – 05:20:08 | D] – C:PerfLogs
    [07/08/2014 – 18:00:14 | SHD] – C:Documents and Settings
    [07/08/2014 – 18:00:14 | SHD] – C:Recovery
    [07/08/2014 – 20:45:39 | D] – C:Intel
    [07/08/2014 – 20:49:23 | D] – C:RaidTool
    [07/08/2014 – 21:30:39 | D] – C:Downloads
    [15/09/2014 – 04:17:31 | D] – C:GOG Games
    [27/09/2014 – 22:17:28 | RD] – C:Users
    [27/09/2014 – 22:23:08 | RD] – C:Sandbox
    [31/10/2014 – 16:03:36 | AD] – C:RescueCD Logs
    [31/10/2014 – 19:48:38 | D] – C:FRST
    [01/11/2014 – 00:45:09 | SHD] – C:System Volume Information
    [01/11/2014 – 00:45:13 | RHD] – C:MSOCache
    [01/11/2014 – 15:56:42 | RD] – C:Program Files (x86)
    [01/11/2014 – 16:55:51 | RD] – C:Program Files
    [01/11/2014 – 16:56:02 | HD] – C:ProgramData
    [01/11/2014 – 17:33:53 | D] – C:Windows
    [01/11/2014 – 18:47:16 | D] – C:UsbFix

    ################## | D: – Fixed drive (NTFS) |

    [27/09/2014 – 22:18:03 | SHD] – D:$RECYCLE.BIN
    [22/07/2012 – 22:26:53 | SHD] – D:System Volume Information
    [08/08/2013 – 10:41:51 | D] – D:Anime
    [18/04/2014 – 18:59:20 | D] – D:Series

    ################## | E: – Fixed drive (NTFS) |

    [27/09/2014 – 22:18:03 | SHD] – E:$RECYCLE.BIN
    [21/07/2012 – 17:26:40 | RASH | 8 Ko] – E:BOOTSECT.BAK
    [14/07/2009 – 03:38:58 | RASH | 375 Ko] – E:bootmgr
    [26/04/2011 – 14:27:45 | SHD] – E:RECYCLER
    [21/07/2012 – 17:26:39 | SHD] – E:Boot
    [08/03/2014 – 18:01:03 | D] – E:My stuff
    [11/04/2014 – 16:15:22 | D] – E:media
    [11/08/2014 – 06:51:59 | D] – E:GAMES
    [28/08/2014 – 02:44:15 | D] – E:Records
    [23/09/2014 – 10:09:42 | SHD] – E:System Volume Information
    [24/10/2014 – 19:30:29 | D] – E:Programs
    [29/10/2014 – 03:31:47 | D] – E:SMSKEES

    ################## | F: – Fixed drive (NTFS) |

    [29/10/2014 – 11:44:29 | D] – F:Ultra.Street.Fighter.IV.PROPER.XBOX360-KileyNBeagle
    [21/06/2013 – 16:48:43 | D] – F:Ultimate.Marvel.vs.Capcom.3.XBOX360-iMARS
    [01/11/2014 – 04:28:36 | D] – F:Ultra.Street.Fighter.IV.XBOX360-iMARS
    [07/03/2012 – 17:26:24 | A | 3 Ko] – F:LIVE GOLD CODES.txt
    [14/12/2013 – 21:21:20 | A | 0 Ko] – F:TBD.txt
    [05/07/2013 – 19:57:04 | A | 439256 Ko] – F:Guide bradygames Ultimate Marvel vs Capcom 3.pdf
    [15/05/2013 – 18:29:29 | A | 93 Ko] – F:MetalGearTimelineV2.jpg
    [15/05/2013 – 18:32:44 | A | 153 Ko] – F:Metal Gear Solid Chronology PSVitaGamer Forum.htm
    [27/09/2014 – 22:18:03 | SHD] – F:$RECYCLE.BIN
    [21/07/2012 – 05:02:29 | D] – F:Devil May Cry HD
    [21/07/2012 – 05:06:18 | D] – F:coods
    [21/07/2012 – 05:06:58 | D] – F:DRM FREE
    [21/07/2012 – 05:13:32 | D] – F:Mass Effect 3
    [21/07/2012 – 05:23:40 | D] – F:Red dead redemption
    [21/07/2012 – 05:47:57 | D] – F:Xbox Codes
    [21/07/2012 – 14:57:54 | SHD] – F:System Volume Information
    [05/02/2013 – 18:45:37 | D] – F:Video partition
    [15/05/2013 – 18:32:44 | D] – F:Metal Gear Solid Chronology PSVitaGamer Forum_files
    [07/06/2014 – 23:05:29 | D] – F:titanfall multi xbox360 region free xdg3 p2p
    [15/07/2014 – 03:58:40 | D] – F:injustice
    [29/07/2014 – 18:26:41 | D] – F:dark souls ii xbox360 imars
    [01/09/2014 – 19:35:20 | D] – F:Ninja Gaiden Black
    [29/09/2014 – 10:29:25 | D] – F:diablo iii reaper of souls ultimate evil edition xbox360 complex
    [20/10/2014 – 08:28:16 | D] – F:Utilities

    ################## | G: – Fixed drive (NTFS) |

    [01/12/2006 – 22:37:14 | N | 884 Ko] – [VirusTotal – (0/53)] – G:msdia80.dll
    [27/09/2014 – 22:18:03 | SHD] – G:$RECYCLE.BIN
    [01/10/2014 – 13:53:28 | D] – G:LAN
    [10/10/2014 – 00:06:34 | SHD] – G:System Volume Information
    [24/10/2014 – 18:58:09 | D] – G:Xbox Temp
    [31/10/2014 – 08:13:57 | D] – G:My New Super Games

    ################## | L: – Removable drive (FAT) |

    [08/10/2011 – 12:24:54 | D] – L:.TSQuran
    [01/11/2014 – 18:39:10 | HD] – L:.Trashes
    [29/03/2014 – 08:51:20 | D] – L:.quickoffice
    [15/01/2014 – 13:06:52 | D] – L:.mmsyscache
    [03/10/2011 – 18:41:40 | D] – L:.indiroid
    [01/11/2014 – 18:39:54 | A | 2 Ko] – L:Sounds.lnk.242784.gzquar
    [01/11/2014 – 18:40:02 | A | 2 Ko] – L:ZeptoLab.lnk.242432.gzquar
    [01/11/2014 – 18:40:04 | A | 2 Ko] – L:backups.lnk.242432.gzquar
    [01/11/2014 – 18:40:22 | A | 2 Ko] – L:samsungapps.lnk.242432.gzquar
    [01/11/2014 – 18:40:24 | A | 2 Ko] – L:Socialin.lnk.242784.gzquar
    [01/11/2014 – 18:40:24 | A | 2 Ko] – L:antispamlogs.lnk.242432.gzquar
    [01/11/2014 – 18:40:24 | A | 2 Ko] – L:Android.lnk.242432.gzquar
    [01/11/2014 – 18:40:24 | A | 2 Ko] – L:Autorun.inf.lnk.242432.gzquar
    [01/11/2014 – 18:40:24 | A | 2 Ko] – L:temp.lnk.242784.gzquar
    [01/11/2014 – 18:40:24 | A | 2 Ko] – L:Scoreloop.lnk.242432.gzquar
    [01/11/2014 – 18:40:24 | A | 2 Ko] – L:stickbox.lnk.242432.gzquar
    [01/11/2014 – 18:40:26 | A | 2 Ko] – L:SlideME.lnk.242432.gzquar
    [01/11/2014 – 18:40:26 | A | 2 Ko] – L:0001.vcf.lnk.242432.gzquar
    [01/11/2014 – 18:40:26 | A | 2 Ko] – L:bluetooth.lnk.242432.gzquar
    [01/11/2014 – 18:40:26 | A | 2 Ko] – L:download.lnk.242432.gzquar
    [01/11/2014 – 18:40:26 | A | 2 Ko] – L:AlarmClockXtreme.lnk.242432.gzquar
    [01/11/2014 – 18:40:28 | A | 2 Ko] – L:Other.lnk.242432.gzquar
    [01/11/2014 – 18:40:28 | A | 2 Ko] – L:system.lnk.242432.gzquar
    [01/11/2014 – 18:40:28 | A | 2 Ko] – L:0004.vcf.lnk.242432.gzquar
    [01/11/2014 – 18:40:28 | A | 2 Ko] – L:Ringtones.lnk.242432.gzquar
    [01/11/2014 – 18:40:28 | A | 2 Ko] – L:DCIM.lnk.242784.gzquar
    [01/11/2014 – 18:40:28 | A | 2 Ko] – L:Enregistrement.lnk.242784.gzquar
    [01/11/2014 – 18:40:28 | A | 2 Ko] – L:Music.lnk.242432.gzquar
    [01/11/2014 – 18:40:28 | A | 2 Ko] – L:social_cache.lnk.242432.gzquar
    [01/11/2014 – 18:40:30 | A | 2 Ko] – L:tmp.lnk.242784.gzquar
    [01/11/2014 – 18:40:30 | A | 2 Ko] – L:openfeint.lnk.242784.gzquar
    [01/11/2014 – 18:40:30 | A | 2 Ko] – L:RecForge.lnk.242432.gzquar
    [01/11/2014 – 18:40:30 | A | 2 Ko] – L:0002.vcf.lnk.242432.gzquar
    [01/11/2014 – 18:40:30 | A | 2 Ko] – L:rodrigo y gabriela album 2006 mp3 320k.lnk.242432.gzquar
    [01/11/2014 – 18:40:30 | A | 2 Ko] – L:Picture.lnk.242432.gzquar
    [01/11/2014 – 18:40:30 | A | 2 Ko] – L:openfeint.lnk.242432.gzquar
    [01/11/2014 – 18:40:30 | A | 2 Ko] – L:0003.vcf.lnk.242432.gzquar
    [01/11/2014 – 18:40:32 | A | 2 Ko] – L:CA.lnk.242784.gzquar
    [01/11/2014 – 18:40:32 | A | 2 Ko] – L:Recordings.lnk.242432.gzquar
    [01/11/2014 – 18:40:32 | A | 2 Ko] – L:LOST.DIR.lnk.242432.gzquar
    [01/11/2014 – 18:40:32 | A | 2 Ko] – L:Video.lnk.242432.gzquar
    [01/11/2014 – 18:40:32 | A | 2 Ko] – L:Books.lnk.242432.gzquar
    [01/11/2014 – 18:40:32 | A | 2 Ko] – L:mo7adra.txt.lnk.242432.gzquar
    [01/11/2014 – 18:40:34 | A | 2 Ko] – L:dumpstate_app_201304182235_com_android_phone_error.log.lnk.242432.gzquar
    [01/11/2014 – 18:40:34 | A | 2 Ko] – L:media.lnk.242432.gzquar
    [01/11/2014 – 18:40:34 | A | 2 Ko] – L:New folder.lnk.242432.gzquar
    [01/11/2014 – 18:40:34 | A | 2 Ko] – L:fitnastica.lnk.242432.gzquar
    [01/11/2014 – 18:40:34 | A | 2 Ko] – L:ApplifierVideoCache.lnk.242432.gzquar
    [01/11/2014 – 18:40:34 | A | 2 Ko] – L:ScreenCapture.lnk.242432.gzquar
    [01/11/2014 – 18:40:34 | A | 2 Ko] – L:dumpstate_app_201303121954_com_android_phone_error.log.lnk.242432.gzquar
    [08/10/2011 – 07:00:34 | D] – L:.droidga
    [04/03/2014 – 09:03:24 | D] – L:.downloadTemp
    [16/09/2014 – 14:50:10 | D] – L:.android_secure
    [28/02/2014 – 23:09:16 | D] – L:.adc

    ################## | Vaccin |

    C:Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
    D:Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
    E:Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
    F:Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
    G:Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
    L:Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)

    ################## | E.O.F | http://www.sosvirus.net/ | http://www.en.usbfix.net/ |[/spoiler:3c4y34ec]

    USBfix log after the second run before the restart

    [spoiler:3c4y34ec]b]############################## | UsbFix V 7.184 | [Clean][/b]

    User: MOI (Administrator) # MOI-PC
    Updated 20/10/2014 by El Desaparecido – SosVirus
    Started at 18:57:13 | 01/11/2014

    Website : http://www.en.usbfix.net/
    Changelog : http://www.en.usbfix.net/changelog/
    Support : http://www.sosvirus.net/
    Upload Malware : http://www.sosvirus.net/upload_malware.php
    Live detection : http://how-to-remove.us/
    Contact : http://www.en.usbfix.net/contact/

    ################## | System information |

    MB: ASUSTeK Computer INC. (P8Z68-V PRO GEN3)
    CPU: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz
    GC: NVIDIA GeForce GTX 670
    RAM -> [Total : 8159 Mo | Free : 5059 Mo]
    Bios: American Megatrends Inc.
    Boot: Normal boot

    OS: Microsoft™ Windows 7 Ultimate (6.1.7601 64-Bit) Service Pack 1
    WB: Internet Explorer : 11.00.9600.16428
    WB: Google Chrome : 38.0.2125.111
    WB: Mozilla Firefox : 34.0

    ################## | Security Information |

    AV: Bitdefender Antivirus Free Edition [(!) Disabled |Updated]
    AS: Windows Defender [Enabled |(!) Outdated]
    AS: Bitdefender Antivirus Free Edition [(!) Disabled |Updated]
    AS: Malwarebytes Anti-Malware : 2.0.3.1025
    FW: Windows Firewall [Enabled]
    SC: Security Center [Enabled]
    WU: Windows Update [Enabled]

    ################## | Disk Information |

    C: (%SystemDrive%) -> Fixed disk # 100 Gb (53 Gb free – 53%) [] # NTFS
    D: -> Fixed disk # 149 Gb (39 Gb free – 26%) [Series] # NTFS
    E: -> Fixed disk # 932 Gb (66 Gb free – 7%) [My Stuff] # NTFS
    F: -> Fixed disk # 149 Gb (45 Gb free – 30%) [Xbox] # NTFS
    G: -> Fixed disk # 366 Gb (37 Gb free – 10%) [Games] # NTFS
    L: -> Removable disk # 2 Gb (225 Mb free – 12%) [] # FAT

    ################## | Generic Research |

    (!) Temporary files deleted. (1.5627384185791 MB)

    ################## | Registry |

    ################## | Regedit Run |

    F2 – HKLM..Winlogon : [Shell] explorer.exe
    F2 – [x64] HKLM..Winlogon : [Shell] explorer.exe
    F2 – HKLM..Winlogon : [Userinit] userinit.exe
    F2 – [x64] HKLM..Winlogon : [Userinit] C:Windowssystem32userinit.exe,
    04 – HKCU..Run : [OscarEditor] « C:Program Files (x86)X7 Oscar Keyboard Editor\OscarEditor.exe » Minimum
    04 – HKCU..Run : [OscarKeyboard] « C:Program Files (x86)X7 Oscar Keyboard EditorOscarEditor.exe » Minimum
    04 – HKCU..Run : [KiesHelper] C:Program Files (x86)SamsungKiesKiesHelper.exe /s
    04 – HKCU..Run : [KiesTrayAgent] C:Program Files (x86)SamsungKiesKiesTrayAgent.exe
    04 – HKCU..Run : [SandboxieControl] « C:Program FilesSandboxieSbieCtrl.exe »
    04 – HKLM..Run : [JMB36X IDE Setup] C:WindowsRaidToolxInsIDE.exe
    04 – HKLM..Run : [SwitchBoard] C:Program Files (x86)Common FilesAdobeSwitchBoardSwitchBoard.exe
    04 – HKLM..Run : [AdobeCS5ServiceManager] « C:Program Files (x86)Common FilesAdobeCS5ServiceManagerCS5ServiceManager.exe » -launchedbylogin
    04 – HKLM..Run : [ASUS AiChargerPlus Execute] C:Program Files (x86)InstallShield Installation Information{E6931688-DA2B-4E16-8539-3D323D69C677}AiChargerPlus.exe
    04 – HKLM..Run : [Adobe Reader Speed Launcher] « C:Program Files (x86)AdobeReader 10.0ReaderReader_sl.exe »
    04 – HKLM..Run : [Adobe ARM] « C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe »
    04 – [x64] HKLM..Run : [RtHDVCpl] C:Program FilesRealtekAudioHDARAVCpl64.exe -s
    04 – [x64] HKLM..Run : [AdobeAAMUpdater-1.0] « C:Program Files (x86)Common FilesAdobeOOBEPDAppUWAUpdaterStartupUtility.exe »
    04 – [x64] HKLM..Run : [ShadowPlay] C:Windowssystem32rundll32.exe C:Windowssystem32nvspcap64.dll,ShadowPlayOnSystemStart
    04 – [x64] HKLM..Run : [NvBackend] « C:Program Files (x86)NVIDIA CorporationUpdate CoreNvBackend.exe »
    04 – [x64] HKLM..Run : [XboxStat] « C:Program FilesMicrosoft Xbox 360 AccessoriesXboxStat.exe » silentrun
    04 – [x64] HKLM..Run : [AtherosBtStack] « C:Program Files (x86)Bluetooth SuiteBtvStack.exe »
    04 – [x64] HKLM..Run : [AthBtTray] « C:Program Files (x86)Bluetooth SuiteAthBtTray.exe »
    04 – HKUS-1-5-19..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun
    04 – HKUS-1-5-20..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun
    04 – HKUS-1-5-21-630149823-2377076548-582725754-1000..Run : [OscarEditor] « C:Program Files (x86)X7 Oscar Keyboard Editor\OscarEditor.exe » Minimum
    04 – HKUS-1-5-21-630149823-2377076548-582725754-1000..Run : [OscarKeyboard] « C:Program Files (x86)X7 Oscar Keyboard EditorOscarEditor.exe » Minimum
    04 – HKUS-1-5-21-630149823-2377076548-582725754-1000..Run : [KiesHelper] C:Program Files (x86)SamsungKiesKiesHelper.exe /s
    04 – HKUS-1-5-21-630149823-2377076548-582725754-1000..Run : [KiesTrayAgent] C:Program Files (x86)SamsungKiesKiesTrayAgent.exe
    04 – HKUS-1-5-21-630149823-2377076548-582725754-1000..Run : [SandboxieControl] « C:Program FilesSandboxieSbieCtrl.exe »
    04 – HKUS-1-5-19..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe
    04 – HKUS-1-5-20..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe

    ################## | UsbFix – Information |

    Info : How to remove shortcut virus on flash disk (Video)
    Info : Shortcut virus on flash disk, What is it ?

    ################## | Hijack |

    ################## | C: %SystemDrive% – Fixed drive (NTFS) |

    [01/11/2014 – 18:37:27 | ASH | 6266220 Ko] – C:hiberfil.sys
    [01/11/2014 – 18:37:30 | ASH | 8354960 Ko] – C:pagefile.sys
    [01/11/2014 – 00:49:23 | D] – C:Config.Msi
    [07/08/2014 – 20:46:40 | A | 2 Ko] – C:RHDSetup.log
    [27/09/2014 – 22:18:03 | SHD] – C:$Recycle.Bin
    [31/10/2014 – 21:36:04 | AD] – C:Kaspersky Rescue Disk 10.0
    [14/07/2009 – 05:20:08 | D] – C:PerfLogs
    [07/08/2014 – 18:00:14 | SHD] – C:Documents and Settings
    [07/08/2014 – 18:00:14 | SHD] – C:Recovery
    [07/08/2014 – 20:45:39 | D] – C:Intel
    [07/08/2014 – 20:49:23 | D] – C:RaidTool
    [07/08/2014 – 21:30:39 | D] – C:Downloads
    [15/09/2014 – 04:17:31 | D] – C:GOG Games
    [27/09/2014 – 22:17:28 | RD] – C:Users
    [27/09/2014 – 22:23:08 | RD] – C:Sandbox
    [31/10/2014 – 16:03:36 | AD] – C:RescueCD Logs
    [31/10/2014 – 19:48:38 | D] – C:FRST
    [01/11/2014 – 00:45:09 | SHD] – C:System Volume Information
    [01/11/2014 – 00:45:13 | RHD] – C:MSOCache
    [01/11/2014 – 15:56:42 | RD] – C:Program Files (x86)
    [01/11/2014 – 16:55:51 | RD] – C:Program Files
    [01/11/2014 – 16:56:02 | HD] – C:ProgramData
    [01/11/2014 – 17:33:53 | D] – C:Windows
    [01/11/2014 – 18:54:30 | D] – C:UsbFix
    [01/11/2014 – 18:58:31 | D] – C:AdwCleaner

    ################## | D: – Fixed drive (NTFS) |

    [27/09/2014 – 22:18:03 | SHD] – D:$RECYCLE.BIN
    [22/07/2012 – 22:26:53 | SHD] – D:System Volume Information
    [08/08/2013 – 10:41:51 | D] – D:Anime
    [18/04/2014 – 18:59:20 | D] – D:Series

    ################## | E: – Fixed drive (NTFS) |

    [27/09/2014 – 22:18:03 | SHD] – E:$RECYCLE.BIN
    [21/07/2012 – 17:26:40 | RASH | 8 Ko] – E:BOOTSECT.BAK
    [14/07/2009 – 03:38:58 | RASH | 375 Ko] – E:bootmgr
    [26/04/2011 – 14:27:45 | SHD] – E:RECYCLER
    [21/07/2012 – 17:26:39 | SHD] – E:Boot
    [08/03/2014 – 18:01:03 | D] – E:My stuff
    [11/04/2014 – 16:15:22 | D] – E:media
    [11/08/2014 – 06:51:59 | D] – E:GAMES
    [28/08/2014 – 02:44:15 | D] – E:Records
    [23/09/2014 – 10:09:42 | SHD] – E:System Volume Information
    [24/10/2014 – 19:30:29 | D] – E:Programs
    [29/10/2014 – 03:31:47 | D] – E:SMSKEES

    ################## | F: – Fixed drive (NTFS) |

    [29/10/2014 – 11:44:29 | D] – F:Ultra.Street.Fighter.IV.PROPER.XBOX360-KileyNBeagle
    [21/06/2013 – 16:48:43 | D] – F:Ultimate.Marvel.vs.Capcom.3.XBOX360-iMARS
    [01/11/2014 – 04:28:36 | D] – F:Ultra.Street.Fighter.IV.XBOX360-iMARS
    [07/03/2012 – 17:26:24 | A | 3 Ko] – F:LIVE GOLD CODES.txt
    [14/12/2013 – 21:21:20 | A | 0 Ko] – F:TBD.txt
    [05/07/2013 – 19:57:04 | A | 439256 Ko] – F:Guide bradygames Ultimate Marvel vs Capcom 3.pdf
    [15/05/2013 – 18:29:29 | A | 93 Ko] – F:MetalGearTimelineV2.jpg
    [15/05/2013 – 18:32:44 | A | 153 Ko] – F:Metal Gear Solid Chronology PSVitaGamer Forum.htm
    [27/09/2014 – 22:18:03 | SHD] – F:$RECYCLE.BIN
    [21/07/2012 – 05:02:29 | D] – F:Devil May Cry HD
    [21/07/2012 – 05:06:18 | D] – F:coods
    [21/07/2012 – 05:06:58 | D] – F:DRM FREE
    [21/07/2012 – 05:13:32 | D] – F:Mass Effect 3
    [21/07/2012 – 05:23:40 | D] – F:Red dead redemption
    [21/07/2012 – 05:47:57 | D] – F:Xbox Codes
    [21/07/2012 – 14:57:54 | SHD] – F:System Volume Information
    [05/02/2013 – 18:45:37 | D] – F:Video partition
    [15/05/2013 – 18:32:44 | D] – F:Metal Gear Solid Chronology PSVitaGamer Forum_files
    [07/06/2014 – 23:05:29 | D] – F:titanfall multi xbox360 region free xdg3 p2p
    [15/07/2014 – 03:58:40 | D] – F:injustice
    [29/07/2014 – 18:26:41 | D] – F:dark souls ii xbox360 imars
    [01/09/2014 – 19:35:20 | D] – F:Ninja Gaiden Black
    [29/09/2014 – 10:29:25 | D] – F:diablo iii reaper of souls ultimate evil edition xbox360 complex
    [20/10/2014 – 08:28:16 | D] – F:Utilities

    ################## | G: – Fixed drive (NTFS) |

    [01/12/2006 – 22:37:14 | N | 884 Ko] – [VirusTotal – (0/53)] – G:msdia80.dll
    [27/09/2014 – 22:18:03 | SHD] – G:$RECYCLE.BIN
    [01/10/2014 – 13:53:28 | D] – G:LAN
    [10/10/2014 – 00:06:34 | SHD] – G:System Volume Information
    [24/10/2014 – 18:58:09 | D] – G:Xbox Temp
    [31/10/2014 – 08:13:57 | D] – G:My New Super Games

    ################## | L: – Removable drive (FAT) |

    [08/10/2011 – 12:24:54 | D] – L:.TSQuran
    [01/11/2014 – 18:39:10 | HD] – L:.Trashes
    [29/03/2014 – 08:51:20 | D] – L:.quickoffice
    [15/01/2014 – 13:06:52 | D] – L:.mmsyscache
    [03/10/2011 – 18:41:40 | D] – L:.indiroid
    [01/11/2014 – 18:39:54 | A | 2 Ko] – L:Sounds.lnk.242784.gzquar
    [01/11/2014 – 18:40:02 | A | 2 Ko] – L:ZeptoLab.lnk.242432.gzquar
    [01/11/2014 – 18:40:04 | A | 2 Ko] – L:backups.lnk.242432.gzquar
    [01/11/2014 – 18:40:22 | A | 2 Ko] – L:samsungapps.lnk.242432.gzquar
    [01/11/2014 – 18:40:24 | A | 2 Ko] – L:Socialin.lnk.242784.gzquar
    [01/11/2014 – 18:40:24 | A | 2 Ko] – L:antispamlogs.lnk.242432.gzquar
    [01/11/2014 – 18:40:24 | A | 2 Ko] – L:Android.lnk.242432.gzquar
    [01/11/2014 – 18:40:24 | A | 2 Ko] – L:Autorun.inf.lnk.242432.gzquar
    [01/11/2014 – 18:40:24 | A | 2 Ko] – L:temp.lnk.242784.gzquar
    [01/11/2014 – 18:40:24 | A | 2 Ko] – L:Scoreloop.lnk.242432.gzquar
    [01/11/2014 – 18:40:24 | A | 2 Ko] – L:stickbox.lnk.242432.gzquar
    [01/11/2014 – 18:40:26 | A | 2 Ko] – L:SlideME.lnk.242432.gzquar
    [01/11/2014 – 18:40:26 | A | 2 Ko] – L:0001.vcf.lnk.242432.gzquar
    [01/11/2014 – 18:40:26 | A | 2 Ko] – L:bluetooth.lnk.242432.gzquar
    [01/11/2014 – 18:40:26 | A | 2 Ko] – L:download.lnk.242432.gzquar
    [01/11/2014 – 18:40:26 | A | 2 Ko] – L:AlarmClockXtreme.lnk.242432.gzquar
    [01/11/2014 – 18:40:28 | A | 2 Ko] – L:Other.lnk.242432.gzquar
    [01/11/2014 – 18:40:28 | A | 2 Ko] – L:system.lnk.242432.gzquar
    [01/11/2014 – 18:40:28 | A | 2 Ko] – L:0004.vcf.lnk.242432.gzquar
    [01/11/2014 – 18:40:28 | A | 2 Ko] – L:Ringtones.lnk.242432.gzquar
    [01/11/2014 – 18:40:28 | A | 2 Ko] – L:DCIM.lnk.242784.gzquar
    [01/11/2014 – 18:40:28 | A | 2 Ko] – L:Enregistrement.lnk.242784.gzquar
    [01/11/2014 – 18:40:28 | A | 2 Ko] – L:Music.lnk.242432.gzquar
    [01/11/2014 – 18:40:28 | A | 2 Ko] – L:social_cache.lnk.242432.gzquar
    [01/11/2014 – 18:40:30 | A | 2 Ko] – L:tmp.lnk.242784.gzquar
    [01/11/2014 – 18:40:30 | A | 2 Ko] – L:openfeint.lnk.242784.gzquar
    [01/11/2014 – 18:40:30 | A | 2 Ko] – L:RecForge.lnk.242432.gzquar
    [01/11/2014 – 18:40:30 | A | 2 Ko] – L:0002.vcf.lnk.242432.gzquar
    [01/11/2014 – 18:40:30 | A | 2 Ko] – L:rodrigo y gabriela album 2006 mp3 320k.lnk.242432.gzquar
    [01/11/2014 – 18:40:30 | A | 2 Ko] – L:Picture.lnk.242432.gzquar
    [01/11/2014 – 18:40:30 | A | 2 Ko] – L:openfeint.lnk.242432.gzquar
    [01/11/2014 – 18:40:30 | A | 2 Ko] – L:0003.vcf.lnk.242432.gzquar
    [01/11/2014 – 18:40:32 | A | 2 Ko] – L:CA.lnk.242784.gzquar
    [01/11/2014 – 18:40:32 | A | 2 Ko] – L:Recordings.lnk.242432.gzquar
    [01/11/2014 – 18:40:32 | A | 2 Ko] – L:LOST.DIR.lnk.242432.gzquar
    [01/11/2014 – 18:40:32 | A | 2 Ko] – L:Video.lnk.242432.gzquar
    [01/11/2014 – 18:40:32 | A | 2 Ko] – L:Books.lnk.242432.gzquar
    [01/11/2014 – 18:40:32 | A | 2 Ko] – L:mo7adra.txt.lnk.242432.gzquar
    [01/11/2014 – 18:40:34 | A | 2 Ko] – L:dumpstate_app_201304182235_com_android_phone_error.log.lnk.242432.gzquar
    [01/11/2014 – 18:40:34 | A | 2 Ko] – L:media.lnk.242432.gzquar
    [01/11/2014 – 18:40:34 | A | 2 Ko] – L:New folder.lnk.242432.gzquar
    [01/11/2014 – 18:40:34 | A | 2 Ko] – L:fitnastica.lnk.242432.gzquar
    [01/11/2014 – 18:40:34 | A | 2 Ko] – L:ApplifierVideoCache.lnk.242432.gzquar
    [01/11/2014 – 18:40:34 | A | 2 Ko] – L:ScreenCapture.lnk.242432.gzquar
    [01/11/2014 – 18:40:34 | A | 2 Ko] – L:dumpstate_app_201303121954_com_android_phone_error.log.lnk.242432.gzquar
    [08/10/2011 – 07:00:34 | D] – L:.droidga
    [04/03/2014 – 09:03:24 | D] – L:.downloadTemp
    [16/09/2014 – 14:50:10 | D] – L:.android_secure
    [28/02/2014 – 23:09:16 | D] – L:.adc

    ################## | Vaccin |

    C:Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
    D:Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
    E:Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
    F:Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
    G:Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
    L:Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)

    ################## | E.O.F | http://www.sosvirus.net/ | http://www.en.usbfix.net/ |[/spoiler:3c4y34ec]

    after the restart, it comes back to the first one again, so i will spare you guys the repetition.

    ADW cleaner report!
    [spoiler:3c4y34ec]# AdwCleaner v3.311 – Report created 01/11/2014 at 19:06:37
    # Updated 30/09/2014 by Xplode
    # Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
    # Username : MOI – MOI-PC
    # Running from : C:UsersMOIDesktopadwcleaner_3.311.exe
    # Option : Clean

    ***** [ Services ] *****

    ***** [ Files / Folders ] *****

    File Deleted : C:UsersMOIUninstall.exe
    File Deleted : C:UsersFL2-MANAppDataLocalGoogleChromeUser DataDefaultLocal Storagehxxp_www.azlyrics.com_0.localstorage
    File Deleted : C:UsersMOIAppDataLocalGoogleChromeUser DataDefaultLocal Storagehxxp_www.azlyrics.com_0.localstorage
    File Deleted : C:UsersFL2-MANAppDataLocalGoogleChromeUser DataDefaultLocal Storagehxxp_www.azlyrics.com_0.localstorage-journal
    File Deleted : C:UsersMOIAppDataLocalGoogleChromeUser DataDefaultLocal Storagehxxp_www.azlyrics.com_0.localstorage-journal

    ***** [ Scheduled Tasks ] *****

    ***** [ Shortcuts ] *****

    ***** [ Registry ] *****

    Key Deleted : HKLMSOFTWAREClassesAppIDsecman.DLL
    Key Deleted : HKLMSOFTWAREClassessecman.OutlookSecurityManager
    Key Deleted : HKLMSOFTWAREClassessecman.OutlookSecurityManager.1
    Key Deleted : HKLMSOFTWAREMicrosoftTracingapnstub_RASAPI32
    Key Deleted : HKLMSOFTWAREMicrosoftTracingapnstub_RASMANCS
    Key Deleted : HKLMSOFTWAREClassesAppID{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
    Key Deleted : HKLMSOFTWAREClassesCLSID{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
    Key Deleted : HKLMSOFTWAREClassesCLSID{826D7151-8D99-434B-8540-082B8C2AE556}
    Key Deleted : HKLMSOFTWAREClassesInterface{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
    Key Deleted : HKLMSOFTWAREClassesInterface{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
    Key Deleted : HKLMSOFTWAREClassesTypeLib{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
    Key Deleted : [x64] HKLMSOFTWAREClassesInterface{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
    Key Deleted : [x64] HKLMSOFTWAREClassesInterface{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
    Key Deleted : HKCUSoftwareAppDataLowSoftwareadawarebp
    Key Deleted : [x64] HKLMSOFTWAREMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components464AA55239C100F32AF2D438EDDC0F47
    Key Deleted : [x64] HKLMSOFTWAREMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components5652BA3D5FB98AE31B337BF0AF939856
    Key Deleted : [x64] HKLMSOFTWAREMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components86EB95E1AFCBABE3DB9ECCC669B99494

    ***** [ Browsers ] *****

    -\ Internet Explorer v11.0.9600.17207

    -\ Mozilla Firefox v34.0 (x86 en-US)

    [ File : C:UsersMOIAppDataRoamingMozillaFirefoxProfilessgambccf.defaultprefs.js ]

    -\ Google Chrome v38.0.2125.111

    [ File : C:UsersFL2-MANAppDataLocalGoogleChromeUser DataDefaultpreferences ]

    [ File : C:UsersMOIAppDataLocalGoogleChromeUser DataDefaultpreferences ]

    Deleted [Search Provider] : hxxp://www.delta-search.com/?q= » onclick= »window.open(this.href);return false;{searchTerms}&affID=119816&babsrc=SP_ss&mntrId=6A1F00FFC46CEB91
    Deleted [Search Provider] : hxxp://en.softonic.com/s/ » onclick= »window.open(this.href);return false;{searchTerms}

    *************************

    AdwCleaner[R0].txt – [3032 octets] – [01/11/2014 19:01:28]
    AdwCleaner[S0].txt – [3169 octets] – [01/11/2014 19:06:37]

    ########## EOF – C:AdwCleanerAdwCleaner[S0].txt – [3229 octets] ##########[/spoiler:3c4y34ec]

    ZHPdiag log (on external text viewer because of the character limit)
    http://www.heypasteit.com/clip/1M4G » onclick= »window.open(this.href);return false;

    i really don’t know what to do now, i hope you guys can help me, and hopefully quick, my machine is paralyzed because of this!

    g3n-h@ckm@n
    Modérateur
    Nombre d'articles : 8206

    hello is there still any problem with your removables ?
    It doesn’t look like in the last report of usbfix

    are you sure you don’t each time read the same report ?
    using keygens , you’re sure to infect your computer, and reinfect it at each launch of them
    I recommand you to delete them

    handakes
    Participant
    Nombre d'articles : 9

    well, after i watched the video mentioned in the USBfix report (how to remove USB virus) i noticed that the virus tries to run a script like that when i boot up! but after that last time, it gave me an error with « failed to run script in (C/users/my user name/appdata/roaming/wu***** (some random letters, forgot the rest)/*script name.js) so i figured this is the last place it was hiding, i couldn’t remove it either, gave me permission issues, so i booted up in safe mode and deleted that folder, booted back up in normal mode, and it « looks » like everything is fine! i dunno how to confirm or deny that but right now i am cautiously optimistic..
    thanks for the speedy reply, i will keep you guys updated!

    g3n-h@ckm@n
    Modérateur
    Nombre d'articles : 8206

    ok i understand what it is,

    Attention!!!: Only these links are officials do not download the tool on other links!!
    Attention!!!: this tool can be detected wrongly as virus
    Attention!!!: this tool is powerful to follow scrupulously the instructions below

    All the no vital processes of Windows are going to be cut, save your work. There will be an extinction of the desktop during the scan – > no panic.

    Deactivate all your protections if possible, antivirus, sandbox, firewalls

    Download and save Pre_Scan to your desktop :

    https://www.sosvirus.net/telecharger/pre_scan/ » onclick= »window.open(this.href);return false;

    http://www.telecharger.sosvirus.net/gen-hackman/winlogon.exe » onclick= »window.open(this.href);return false; (renamed winlogon)

    If the tool is blocked by the infection use these versions with these other extensions:

    http://www.telecharger.sosvirus.net/gen-hackman/Pre_Scan.scr » onclick= »window.open(this.href);return false;
    http://www.telecharger.sosvirus.net/gen-hackman/Pre_Scan.pif » onclick= »window.open(this.href);return false;
    http://www.telecharger.sosvirus.net/gen-hackman/Pre_Scan.com » onclick= »window.open(this.href);return false;

    If the tool detects a proxy and if you did not install click  » to delete the proxy « 

    It is possible that black windows flash, let it work.
    Let the tool restart your computer.
    Post Pre_Scan_date_hour.txt which appear in the root of your system disk ( generally C: )

    Attach the report

    Anonyme
    Nombre d'articles : 0

    Hi ,

    @g3n-h@ckm@n

    O43 – CFD: 02/10/2014 – 02:15:03 ص – [] —-D C:UsersMOIAppDataRoamingNidhogg
    O43 – CFD: 01/11/2014 – 07:09:46 م – [] –H-D C:UsersMOIAppDataRoamingwusofuvir

    @handakes ,

    Please, Zip this folder : C:UsbFixQuarantine, upload the zip file en give me the link please
    Upload : http://upload.sosvirus.net/ » onclick= »window.open(this.href);return false;

    handakes
    Participant
    Nombre d'articles : 9

    first of all, thanks a million guys, for all the replies..you are the first people to actually offer me help with this!
    second of all, i didn’t get it from a keygen, but from a local copy store which i had to use my flash drive at, never again for sure, and i will be taking your advice about those keygens, it’s not worth it!
    anyway, i will run the scan you asked for tomorrow because it’s late night here and i need to go to sleep for work, will post it as soon as i have it, but for the time being, it seems to have been eliminated, i just did a couple more restarts and connected some new peripherals without any of the aforementioned symptoms anymore..

    @ El Desaparecido
    I am pretty grateful for you and your neat program, dude..really .
    but unfortunately, i have installed bitdefender, and since then it detected your program along with the quarantined objects in it as a threat, and deleted them! but i can still visit that copy store as i am sure they are still suffering from that virus, i will get you a copy! maybe i will swing by them while i am going home from work tomorrow, so expect it like 24 hours from now.

    again, thanks for all the help guys, and i will keep you guys updated!

    Anonyme
    Nombre d'articles : 0

    Hi,

    Ok handakes, see you tomorrow ;)

    Regards.

    handakes
    Participant
    Nombre d'articles : 9

    @g3n-h@ckm@n wrote:

    ok i understand what it is,

    Post Pre_Scan_date_hour.txt which appear in the root of your system disk ( generally C: )

    Attach the report

    [spoiler:1yjqlzyt]¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan | g3n-h@ckm@n | 04.10.27.1 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    ¤¤¤¤¤ XP | Vista | 7 | 8 – 32/64 bits ¤¤¤¤¤ – Start 14:47:28

    Updated 27/10/2014 | 11.35 by g3n-h@ckm@n
    Contact : http://www.sosvirus.net/ » onclick= »window.open(this.href);return false;
    Pre_scan Feedbacks : feedback-t74962.html

    [MOI (Administrator)] – [MOI-PC]
    SID = S-1-5-21-630149823-2377076548-582725754-1000

    Boot: Normal boot
    System : Windows 7 Ultimate (64 bits) Ultimate Service Pack 1
    ProcessorNameString : Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz
    Identifier : Intel64 Family 6 Model 58 Stepping 9

    Memory RAM = Total (MB) : 8355 | Free (MB) : 6452
    Pagefile = Total (MB) : 16708 | Free (MB) : 14316
    Virtual = Total (MB) : 4194 | Free (MB) : 3958

    ¤¤¤¤¤¤¤¤¤¤ # Components of starting up

    C:WindowsSetupScriptsbie7_inst.exe
    C:WindowsSetupScriptsbie7_uninst.exe
    C:WindowsSetupScriptsSETUPCOMPLETE.CMD

    ¤¤¤¤¤¤¤¤¤¤¤ # Drives

    C:-> [Fixed] | [] | Total : 102400 Mo | Free : 53740 Mo -> NTFS
    D:-> [Fixed] | [Series] | Total : 152620 Mo | Free : 40390 Mo -> NTFS
    E:-> [Fixed] | [My Stuff] | Total : 953870 Mo | Free : 67970 Mo -> NTFS
    F:-> [Fixed] | [Xbox] | Total : 152620 Mo | Free : 45640 Mo -> NTFS
    G:-> [Fixed] | [Games] | Total : 374440 Mo | Free : 37640 Mo -> NTFS

    ¤¤¤¤¤¤¤¤¤¤ # Windows updates

    No detected update !!!

    ¤¤¤¤¤¤¤¤¤¤ # Sessions

    C:Windowssystem32configsystemprofile
    C:WindowsServiceProfilesLocalService
    C:WindowsServiceProfilesNetworkService
    C:UsersMOI
    C:UsersUpdatusUser
    C:UsersFL2-MAN

    Registry saved , to restore : C:Pre_ScanSaveScanERDNT.exe

    ¤¤¤¤¤¤¤¤¤¤ # Browsers

    IE : 11.0.9600.17207 (© Microsoft Corporation.)
    FF : 34.0.0.5416 (©Firefox and Mozilla Developers; available under the MPL 2 license.)
    GC : 38.0.2125.111 (Copyright 2012 Google Inc.)

    ¤¤¤¤¤¤¤¤¤¤ # FlashPlayer

    Plugin : 15.0.0.189

    ?????????? | Security

    AV : Bitdefender Antivirus Free Edition Disabled
    AS : Bitdefender Antivirus Free Edition Disabled
    AM : Malwarebytes Anti-Malware ( 1.0.1.711) []
    FW :
    WMI : OK
    WU: Windows Update Service [Auto(2)] = stopped
    AS: Windows Defender [Auto(2)] = stopped
    FW: Windows FireWall Service [Auto(2)] = stopped

    ¤¤¤¤¤¤¤¤¤¤ # Stopped processes

    976 | [Owner : |Parent : 768] – (.NVIDIA Corporation – NVIDIA Driver Helper Service, Version 340.52.) – (8.17.13.4052) = C:WindowsSystem32nvvsvc.exe
    1316 | [Owner : |Parent : 768] – (.Sandboxie Holdings, LLC – Sandboxie Service.) – (4.4.0.0) = C:Program FilesSandboxieSbieSvc.exe
    1584 | [Owner : |Parent : 768] – (.Microsoft Corporation – Spooler SubSystem App.) – (6.1.7601.17514) = C:WindowsSystem32spoolsv.exe
    1720 | [Owner : SYSTEM |Parent : 976] – (.NVIDIA Corporation – NVIDIA User Experience Driver Component.) – (8.17.13.4052) = C:Program FilesNVIDIA CorporationDisplaynvxdsync.exe
    1728 | [Owner : SYSTEM |Parent : 976] – (.NVIDIA Corporation – NVIDIA Driver Helper Service, Version 340.52.) – (8.17.13.4052) = C:WindowsSystem32nvvsvc.exe
    1980 | [Owner : MOI |Parent : 768] – (.Microsoft Corporation – Host Process for Windows Tasks.) – (6.1.7601.18010) = C:WindowsSystem32taskhost.exe
    2108 | [Owner : MOI |Parent : 2072] – (.Microsoft Corporation – Windows Explorer.) – (6.1.7601.17514) = C:Windowsexplorer.exe
    2160 | [Owner : MOI |Parent : 1124] – (.Microsoft Corporation – Task Scheduler Engine.) – (6.1.7601.17514) = C:WindowsSystem32taskeng.exe
    2268 | [Owner : MOI |Parent : 2160] – (. – CPU temperature and system information utility.) – (0.99.7.10) = E:ProgramsCPU-ZCore Temp.exe
    2352 | [Owner : MOI |Parent : 2108] – (.Realtek Semiconductor – Realtek HD Audio Manager.) – (1.0.0.614) = C:Program FilesRealtekAudioHDARAVCpl64.exe
    2636 | [Owner : MOI |Parent : 2160] – (.ASUSTeK Computer Inc. – Digi+VRM Help.) – (1.0.0.8) = C:Program Files (x86)ASUSAI Suite IIDIGI+ VRMVRMHelp.exe
    2644 | [Owner : MOI |Parent : 2160] – (.ASUSTeK Computer Inc. – ASUS Routine Controller.) – (1.0.0.1) = C:Program Files (x86)ASUSAI Suite IIAsRoutineController.exe
    2668 | [Owner : MOI |Parent : 2108] – (.NVIDIA Corporation – NVIDIA GeForce Experience Backend.) – (15.3.33.0) = C:Program Files (x86)NVIDIA CorporationUpdate CoreNvBackend.exe
    2712 | [Owner : MOI |Parent : 1720] – (.NVIDIA Corporation – NVIDIA Settings.) – (7.17.13.4052) = C:Program FilesNVIDIA CorporationDisplaynvtray.exe
    2772 | [Owner : MOI |Parent : 2108] – (.Microsoft Corporation – XBoxStat.exe.) – (1.20.146.0) = C:Program FilesMicrosoft Xbox 360 AccessoriesXBoxStat.exe
    2780 | [Owner : MOI |Parent : 2108] – (.Atheros Commnucations – Bluetooth Stack Server.) – (7.2.0.65) = C:Program Files (x86)Bluetooth SuiteBtvStack.exe
    2792 | [Owner : MOI |Parent : 2108] – (.Atheros Commnucations – Bluetooth Tray.) – (7.2.0.65) = C:Program Files (x86)Bluetooth SuiteAthBtTray.exe
    2844 | [Owner : MOI |Parent : 2108] – (. – .) – (0.0.0.0) = C:Program Files (x86)X7 Oscar Keyboard EditorOscarEditor.exe
    2912 | [Owner : MOI |Parent : 2108] – (.Samsung Electronics Co., Ltd. – Kies TrayAgent Application.) – (2.0.0.120) = C:Program Files (x86)SamsungKiesKiesTrayAgent.exe
    2304 | [Owner : SYSTEM |Parent : 768] – (. – .) – (0.0.0.0) = C:Program Files (x86)ASUSAXSP1.00.14atkexComSvc.exe
    2420 | [Owner : SYSTEM |Parent : 768] – (. – .) – (0.0.0.0) = C:Program Files (x86)ASUSAAHM1.00.14aaHMSvc.exe
    1888 | [Owner : SYSTEM |Parent : 768] – (. – .) – (0.0.0.0) = C:Program Files (x86)ASUSAsSysCtrlService1.00.11AsSysCtrlService.exe
    1296 | [Owner : SYSTEM |Parent : 768] – (.Atheros Commnucations – AdminService Application.) – (7.2.0.65) = C:Program Files (x86)Bluetooth SuiteAdminService.exe
    3128 | [Owner : MOI |Parent : 2108] – (.Google Inc. – Google Chrome.) – (38.0.2125.111) = C:Program Files (x86)GoogleChromeApplicationchrome.exe
    3144 | [Owner : MOI |Parent : 2928] – (.ASUSTek Computer Inc. – AiChargerPlus MFC Application.) – (1.0.0.0) = C:Program Files (x86)InstallShield Installation Information{E6931688-DA2B-4E16-8539-3D323D69C677}AiChargerPlus.exe
    3176 | [Owner : MOI |Parent : 2524] – (.ASUSTeK Computer Inc. – USB 3.0 Boost Service.) – (1.0.0.3) = C:Program Files (x86)ASUSAI Suite IIUSB 3.0 BoostU3BoostSvr64.exe
    3288 | [Owner : MOI |Parent : 3128] – (.Google Inc. – Google Chrome.) – (38.0.2125.111) = C:Program Files (x86)GoogleChromeApplicationchrome.exe
    3604 | [Owner : MOI |Parent : 2644] – (.ASUSTeK Computer Inc. – TurboVHelp.) – (1.0.1.18) = C:Program Files (x86)ASUSAI Suite IITurboV EVOTurboVHelp.exe
    3792 | [Owner : SYSTEM |Parent : 768] – (.Intel Corporation – Intel® PROSet Monitoring Service.) – (15.6.1.1) = C:WindowsSystem32IPROSetMonitor.exe
    3812 | [Owner : MOI |Parent : 2644] – (.ASUSTeK Computer Inc. – EPUHelp.) – (1.0.0.22) = C:Program Files (x86)ASUSAI Suite IIEPUEPUHelp.exe
    3916 | [Owner : MOI |Parent : 2644] – (.ASUSTeK Computer Inc. – AI Suite II.) – (1.0.0.40) = C:Program Files (x86)ASUSAI Suite IIAI Suite II.exe
    4700 | [Owner : MOI |Parent : 3916] – (.ASUSTeK Computer Inc. – AlertHelper.) – (1.0.0.5) = C:Program Files (x86)ASUSAI Suite IISensorAlertHelperAlertHelper.exe
    5064 | [Owner : SYSTEM |Parent : 768] – (.NVIDIA Corporation – NVIDIA Network Service.) – (1.0.8.24) = C:Program Files (x86)NVIDIA CorporationNetServiceNvNetworkService.exe
    1764 | [Owner : SYSTEM |Parent : 768] – (.NVIDIA Corporation – NVIDIA Streamer Service.) – (3.1.100.0) = C:Program FilesNVIDIA CorporationNvStreamSrvnvstreamsvc.exe
    4336 | [Owner : SYSTEM |Parent : 768] – (. – .) – (0.0.0.0) = C:WindowsSysWOW64PnkBstrA.exe
    5852 | [Owner : SYSTEM |Parent : 768] – (.Microsoft Corporation – Microsoft Windows Search Indexer.) – (7.0.7601.17610) = C:WindowsSystem32SearchIndexer.exe
    1324 | [Owner : SYSTEM |Parent : 1764] – (.NVIDIA Corporation – NVIDIA Streamer Service.) – (3.1.100.0) = C:Program FilesNVIDIA CorporationNvStreamSrvnvstreamsvc.exe
    5312 | [Owner : SYSTEM |Parent : 680] – (.Microsoft Corporation – Console Window Host.) – (6.1.7601.18229) = C:WindowsSystem32conhost.exe
    4328 | [Owner : NETWORK SERVICE |Parent : 768] – (.Microsoft Corporation – Windows Media Player Network Sharing Service.) – (12.0.7601.17514) = C:Program FilesWindows Media Playerwmpnetwk.exe
    6316 | [Owner : SYSTEM |Parent : 768] – (.Intel Corporation – Local Manageability Service.) – (7.1.10.1065) = C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe
    1620 | [Owner : SYSTEM |Parent : 768] – (.Intel Corporation – User Notification Service.) – (7.1.10.1065) = C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe
    3236 | [Owner : MOI |Parent : 1124] – (.Microsoft Corporation – Windows Update.) – (7.6.7600.320) = C:WindowsSystem32wuauclt.exe
    4888 | [Owner : MOI |Parent : 4196] – (.Adobe Systems Incorporated – AAM Updates Notifier Application.) – (1.0.175.0) = C:Program Files (x86)Common FilesAdobeOOBEPDAppUWAAAM Updates Notifier.exe
    3232 | [Owner : SYSTEM |Parent : 1124] – (.Microsoft Corporation – Task Scheduler Engine.) – (6.1.7601.17514) = C:WindowsSystem32taskeng.exe
    2764 | [Owner : SYSTEM |Parent : 3232] – (.Google Inc. – Google Installer.) – (1.3.25.5) = C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
    1144 | [Owner : SYSTEM |Parent : 5852] – (.Microsoft Corporation – Microsoft Windows Search Protocol Host.) – (7.0.7601.17610) = C:WindowsSystem32SearchProtocolHost.exe

    ¤¤¤¤¤¤¤¤¤¤ # Winlogon user

    ¤¤¤¤¤¤¤¤¤¤ # Winlogon machine

    Repaired : [HKLM | Winlogon]|[userinit] : userinit.exe -> C:WindowsSyswow64userinit.exe,

    ¤¤¤¤¤¤¤¤¤¤ # Associations

    Repaired : [HKLMSoftwareClassesFoldershellopencommand] : C:WindowsExplorer.exe -> C:WindowsExplorer.exe

    ¤

    Repaired : HKLMSoftwareClientsStartMenuInternetIExplore.exeshellopencommand] : C:Program FilesInternet Exploreriexplore.exe -> « C:Program Files (x86)Internet Exploreriexplore.exe »
    Repaired : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerAssociations] : http://go.microsoft.com/fwlink/?LinkId=57426&Ext= » onclick= »window.open(this.href);return false;%s -> http://shell.windows.com/fileassoc/%04x/xml/redir.asp?Ext= » onclick= »window.open(this.href);return false;%s
    Repaired : HKLM64SOFTWAREMicrosoftWindowsCurrentVersionExplorerAssociations] : http://go.microsoft.com/fwlink/?LinkId=57426&Ext= » onclick= »window.open(this.href);return false;%s -> http://shell.windows.com/fileassoc/%04x/xml/redir.asp?Ext= » onclick= »window.open(this.href);return false;%s

    ¤¤¤¤¤¤¤¤¤¤ # Registry

    Repaired : HKLMsoftwareMicrosoftWindowsCurrentVersionExplorerHideDesktopIconsNewStartPanel]~[{9343812e-1c37-4a49-a12e-4b2d810d956b}] : 1 -> 0
    Repaired : HKLMsoftwareMicrosoftWindowsCurrentVersionExplorerHideDesktopIconsNewStartPanel]~[{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}] : 1 -> 0
    Repaired : HKLMsoftwareMicrosoftWindowsCurrentVersionExplorerHideDesktopIconsNewStartPanel]~[{20D04FE0-3AEA-1069-A2D8-08002B30309D}] : 1 -> 0
    Repaired : HKLMsoftwareMicrosoftWindowsCurrentVersionExplorerHideDesktopIconsNewStartPanel]~[{208D2C60-3AEA-1069-A2D7-08002B30309D}] : 1 -> 0
    Repaired : HKLMsoftwareMicrosoftWindowsCurrentVersionExplorerHideDesktopIconsNewStartPanel]~[{871C5380-42A0-1069-A2EA-08002B30309D}] : 1 -> 0
    Repaired : HKLMsoftwareMicrosoftWindowsCurrentVersionExplorerHideDesktopIconsNewStartPanel]~[{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}] : 1 -> 0
    Repaired : HKLMsoftwareMicrosoftWindowsCurrentVersionExplorerHideDesktopIconsNewStartPanel]~[{59031a47-3f72-44a7-89c5-5595fe6b30ee}] : 1 -> 0
    Repaired : HKLMsoftwareMicrosoftWindowsCurrentVersionpoliciesExplorer]~[NoDriveTypeAutoRun] : 255 -> 145
    Repaired : HKLMsoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer]~[NoActiveDesktop] : 1 -> 0
    Repaired : HKLMsoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer]~[NoActiveDesktopChanges] : 1 -> 0
    Repaired : HKLM64softwareMicrosoftWindowsCurrentVersionExplorerHideDesktopIconsNewStartPanel]~[{9343812e-1c37-4a49-a12e-4b2d810d956b}] : 1 -> 0
    Repaired : HKLM64softwareMicrosoftWindowsCurrentVersionExplorerHideDesktopIconsNewStartPanel]~[{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}] : 1 -> 0
    Repaired : HKLM64softwareMicrosoftWindowsCurrentVersionExplorerHideDesktopIconsNewStartPanel]~[{20D04FE0-3AEA-1069-A2D8-08002B30309D}] : 1 -> 0
    Repaired : HKLM64softwareMicrosoftWindowsCurrentVersionExplorerHideDesktopIconsNewStartPanel]~[{208D2C60-3AEA-1069-A2D7-08002B30309D}] : 1 -> 0
    Repaired : HKLM64softwareMicrosoftWindowsCurrentVersionExplorerHideDesktopIconsNewStartPanel]~[{871C5380-42A0-1069-A2EA-08002B30309D}] : 1 -> 0
    Repaired : HKLM64softwareMicrosoftWindowsCurrentVersionExplorerHideDesktopIconsNewStartPanel]~[{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}] : 1 -> 0
    Repaired : HKLM64softwareMicrosoftWindowsCurrentVersionExplorerHideDesktopIconsNewStartPanel]~[{59031a47-3f72-44a7-89c5-5595fe6b30ee}] : 1 -> 0

    ¤¤¤¤¤¤¤¤¤¤ # Access to the registry and to the administrator of the tasks

    ¤¤¤¤¤¤¤¤¤¤ # SafeBoot

    Safeboot Keys are O.K

    Alternate shell is OK !

    ?

    Safeboot Minimal Subkeys : O.K !

    ?

    Safeboot Network Subkeys : O.K !

    ¤¤¤¤¤¤¤¤¤¤ # IFEO

    ¤¤¤¤¤¤¤¤¤¤ # Mountpoints2

    ¤¤¤¤¤¤¤¤¤¤ # Windows

    [HKLMSOFTWAREMicrosoftWindows NTCurrentVersionIniFileMappingsystem.iniBoot]|[Shell] : SYS:MicrosoftWindows NTCurrentVersionWinlogon
    [HKLM64SOFTWAREMicrosoftWindows NTCurrentVersionIniFileMappingsystem.iniBoot]|[Shell] : SYS:MicrosoftWindows NTCurrentVersionWinlogon
    [HKLM64SOFTWAREMicrosoftWindows NTCurrentVersionIniFileMappingwin.ini]|[winlogon] : SYS:MicrosoftWindows NTCurrentVersionWinlogon

    ¤¤¤¤¤¤¤¤¤¤ # Security center

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellServiceObjects{003e0278-eca8-4bb8-a256-3689ca1c2600}]|[Autostart] : C:Windowssystem32shell32.dll [ok]
    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellServiceObjects{3BF043EF-A974-49B3-8322-B853CF1E5EC5}]|[Autostart] : C:WindowsSystem32SndVolSSO.dll [ok]
    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellServiceObjects{68ddbb56-9d1d-4fd9-89c5-c0da2a625392}]|[Autostart] : C:Windowssystem32stobject.dll [ok]
    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellServiceObjects{7007ACCF-3202-11D1-AAD2-00805FC1270E}]|[Autostart] : C:WindowsSystem32netshell.dll [ok]
    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellServiceObjects{7849596a-48ea-486e-8937-a2a3009f31a9}]|[Autostart] : C:Windowssystem32shell32.dll [ok]
    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellServiceObjects{900c0763-5cad-4a34-bc1f-40cd513679d5}]|[No 'Autostart'] : C:WindowsSystem32hcproviders.dll [ok]
    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellServiceObjects{900c0763-5cad-4a34-bc1f-40cd513679d5}]|[No 'Autostart'] : C:WindowsSystem32hcproviders.dll C:WindowsSystem32hcproviders.dll
    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellServiceObjects{A1607060-5D4C-467a-B711-2B59A6F25957}]|[Autostart] : C:WindowsSystem32AltTab.dll [ok]
    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellServiceObjects{AAA288BA-9A4C-45B0-95D7-94D524869DB5}]|[Autostart] : C:Windowssystem32wpdshserviceobj.dll [ok]
    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellServiceObjects{C2796011-81BA-4148-8FCA-C6643245113F}]|[Autostart] : C:WindowsSystem32pnidui.dll [ok]
    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellServiceObjects{DA67B8AD-E81B-4c70-9B91-B417B5E33527}]|[Autostart] : C:WindowsSystem32srchadmin.dll [ok]
    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellServiceObjects{EF4D1E1A-1C87-4AA8-8934-E68E4367468D}]|[Autostart] : C:WindowsSysWOW64shdocvw.dll [ok]
    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellServiceObjects{F08C5AC2-E722-4116-ADB7-CE41B527994B}]|[Autostart] : C:WindowsSysWOW64bthprops.cpl [ok]
    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellServiceObjects{F20487CC-FC04-4B1E-863F-D9801796130B}]|[Autostart] : C:WindowsSystem32SyncCenter.dll [ok]
    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellServiceObjects{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A}]|[Autostart] : C:WindowsSystem32Actioncenter.dll [ok]
    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellServiceObjects{fbeb8a05-beee-4442-804e-409d6c4515e9}]|[Autostart] : C:Windowssystem32shell32.dll [ok]
    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellServiceObjects{ff363bfe-4941-4179-a81c-f3f1ca72d820}]|[Autostart] : C:WindowsSystem32hgcpl.dll [ok]

    Repaired : [HKLMSYSTEMCurrentControlSetservicesSharedAccessParametersFirewallPolicyDomainProfile]|[EnableFirewall] : 1 -> 0
    Repaired : [HKLMSYSTEMCurrentControlSetservicesSharedAccessParametersFirewallPolicyStandardProfile]|[EnableFirewall] : 1 -> 0
    Repaired : [HKLMSYSTEMCurrentControlSetservicesSharedAccessParametersFirewallPolicyPublicProfile]|[EnableFirewall] : 1 -> 0

    ¤¤¤¤¤¤¤¤¤¤ # Correction of the services

    Repaired : [srService] : -> 2
    Repaired : [Parvdm] : -> 2
    Repaired : [NIHardwareService] : -> 2
    Repaired : [IAStorDataMgrsvc] : -> 2
    Repaired : [agp440] : 3 -> 2
    Repaired : [ERSvc] : -> 2
    Repaired : [EapHost] : 3 -> 2
    Repaired : [Wlansvc] : 3 -> 2
    Repaired : [SharedAccess] : 4 -> 2
    Repaired : [wudfsvc] : 3 -> 2
    Repaired : [WerSvc] : 3 -> 2

    ¤¤¤¤¤¤¤¤¤¤ # Internet Explorer

    ¤¤¤¤¤¤¤¤¤¤ # reparsepoint

    ¤¤¤¤¤¤¤¤¤¤ # Detection of offsets

    ¤¤¤¤¤¤¤¤¤¤ # Files | Folders | Registry

    Moved to quarantine successfully : C:$Recycle.binS-1-5-21-630149823-2377076548-582725754-1000desktop.ini
    Moved to quarantine successfully : C:$Recycle.binS-1-5-21-630149823-2377076548-582725754-1002desktop.ini
    Deleted : C:$Recycle.binS-1-5-21-630149823-2377076548-582725754-1000
    Deleted : C:$Recycle.binS-1-5-21-630149823-2377076548-582725754-1002

    Moved to quarantine successfully : G:msdia80.dll

    ¤¤¤¤¤¤¤¤¤¤ # ADS

    Prefetch -> cleaned

    D: : Vaccinated (Vaccin created by Usbfix)
    E: : Vaccinated (Vaccin created by Usbfix)
    F: : Vaccinated (Vaccin created by Usbfix)
    G: : Vaccinated (Vaccin created by Usbfix)

    ?????????? | Hidden files

    ~ [Drive D:] : Hidden : 14 | Restored : 14
    ~ [Drive E:] : Hidden : 611 | Restored : 610
    ~ [Drive G:] : Hidden : 40 | Restored : 40
    ~ [Drive C:] : Hidden : 1 | Restored : 1
    ~ [Program Files] : Hidden : 7 | Restored : 7
    ~ [Users] : Hidden : 2 | Restored : 2
    ~ [Searches] : Hidden : 2 | Restored : 2
    ~ [Windows] : Hidden : 45 | Restored : 45
    ~ [Libraries] : Hidden : 28 | Restored : 28

    ¤¤¤¤¤¤¤¤¤¤ # Control of the partitions

    Disk: 0 Size=153G
    Pos MBRndx Type/Name Size Active Hide Start Sector Sectors



    —-


    —-



    0 0 07-NTFS 153G No No 2,048 312,573,952

    ¤¤¤¤¤¤¤¤¤¤

    [HKLM64 | Winlogon] | AutoRestartShell : 0 -> 1

    End : 15:02:15

    ¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤ – 287[/spoiler:1yjqlzyt]

    Anonyme
    Nombre d'articles : 0

    Hi,

    Run UsbFix, Choice Option and check listing + and press apply
    Choice Listing with all usb device connected and post the report Please

    handakes
    Participant
    Nombre d'articles : 9

    as promised, i took a trip to that store and got my self a copy of the suspected folder you asked for, the name is different (of course) but it’s the same contents. uploaded it to your upload center
    http://upload.sosvirus.net/www/?a=d&i=vf3Q83JQhf » onclick= »window.open(this.href);return false;

    and here’s the other report you asked for, currently i only have my mobile available, my brother’s had it too but we disinfected it now and it appears to be clean..unfortunately i can’t connect it now for the report because he’s currently not here. (report uploaded to an external viewer cause of character limit)
    http://www.heypasteit.com/clip/1M60 » onclick= »window.open(this.href);return false;

    g3n-h@ckm@n
    Modérateur
    Nombre d'articles : 8206

    Further to an infection Mabezat, Virut, Sality or other one of the kind (worm / virus) very difficult to eradicate, there is another solution to get rid of it: DrWeb CureIt

    Download drWeb, and register it on the desktop,from this link:

    https://www.freedrweb.com/download+cureit+free/?lng=fr » onclick= »window.open(this.href);return false;

    Then, as possible, burn it.

    Connect all your USB devices (mp3, mp4, external, key hard disks usb, camera.), all which was able to be connected to the computer.

    Launch DrWeb CureIt, a screen as this one displays:

    Click « OK »

    The program is going to verify that it is good up to date.

    Check the box « I agree to participate blah blah blah » …, then click to continue

    On the homepage, the click « select objects for the analysis »

    Check All on the left, then select « Click here to select files and Folders ».

    Check « My computer », what will have the effect of marking all the storages beforehand connected as aforesaid, then click « OK »

    Click on « OK » then on « Launch analysis »

    The complete analysis runs.

    Once ended, let all the infections found on « Dinsinfect », then to click « to neutralize »
    DrWeb is going to neutralize the threats and show the result(s)
    DrWeb is going to ask to restart the computer to perfect the cleaning, make it
    To post the report , go in:
    C:(generaly)the sessionDrWeb

    In this folder is « CureIt.log ».
    right click then select « Send to » = > compressed files
    Accommodate the archive

    handakes
    Participant
    Nombre d'articles : 9

    does any of the programs you guys provided sets up a « boot » folder in the root of one of my drives? the folders contains « memtest.exe » and when i try to delete that folder it gives me an error that « you need permission from trustedinstaller » to delete that folder!

    what’s going on here?

    g3n-h@ckm@n
    Modérateur
    Nombre d'articles : 8206

    this folder belongs to « Windows » , don’t touch it, normally , it’s a hidden folder

    handakes
    Participant
    Nombre d'articles : 9

    @g3n-h@ckm@n wrote:

    this folder belongs to « Windows » , don’t touch it, normally , it’s a hidden folder

    well, it’s not in the root of the C partition! it’s in another drive!

    g3n-h@ckm@n
    Modérateur
    Nombre d'articles : 8206

    it’s not dangerous , memtest.exe is a tool to test the RAM memory

15 sujets de 1 à 15 (sur un total de 19)

Vous devez être connecté pour répondre à ce sujet.