Shortcut Virus
Closed
mats04
Posts
3
Registration date
Saturday January 4, 2014
Status
Member
Last seen
January 4, 2014
-
Jan 4, 2014 at 10:24 AM
2011N2 Posts 13352 Registration date Saturday January 29, 2011 Status Security contributor Last seen December 24, 2016 - Jan 4, 2014 at 11:43 AM
2011N2 Posts 13352 Registration date Saturday January 29, 2011 Status Security contributor Last seen December 24, 2016 - Jan 4, 2014 at 11:43 AM
Related:
- Shortcut Virus
- Goose virus - Download - Other
- At the rate shortcut key - Guide
- Can jpg have virus - Guide
- Keyboard shortcut for accented e - Guide
- Online virus scan - Guide
4 responses
2011N2
Posts
13352
Registration date
Saturday January 29, 2011
Status
Security contributor
Last seen
December 24, 2016
39
Jan 4, 2014 at 10:49 AM
Jan 4, 2014 at 10:49 AM
Hello,
This type issue could be caused by a USB virus. It will spread to all of your USB memory devices and hard disk.
Here is a tool to remove the virus and vaccinate your USB against further viruses.
Download UsbFix (created by El Desaparecido) on your desktop.
http://ccm.net/download/download-24089-usbfix
If your antivirus gives an alert, ignore it and temporarily deactivate the antivirus.
Plug in your usb devices (Flash drive, pen drive. External HD etc...) don't open them.
Double click sur UsbFix.exe.
Click on deletion
.
Let the tool work.
At the end of the scan a report will show which you can copy and paste here..
The report is save at the root ( C:\UsbFix.txt ).
You can also vaccinate against any virus.
Gabriel.
This type issue could be caused by a USB virus. It will spread to all of your USB memory devices and hard disk.
Here is a tool to remove the virus and vaccinate your USB against further viruses.
Download UsbFix (created by El Desaparecido) on your desktop.
http://ccm.net/download/download-24089-usbfix
If your antivirus gives an alert, ignore it and temporarily deactivate the antivirus.
Plug in your usb devices (Flash drive, pen drive. External HD etc...) don't open them.
Double click sur UsbFix.exe.
Click on deletion
.
Let the tool work.
At the end of the scan a report will show which you can copy and paste here..
The report is save at the root ( C:\UsbFix.txt ).
You can also vaccinate against any virus.
Gabriel.
mats04
Posts
3
Registration date
Saturday January 4, 2014
Status
Member
Last seen
January 4, 2014
Jan 4, 2014 at 11:15 AM
Jan 4, 2014 at 11:15 AM
############################## | UsbFix V 7.158 | [Deletion]
User: NOZATRU (Administrator) # NOZATRU-PC
Updated 02/01/2014 by El Desaparecido - Team SosVirus
Started at 00:14:23 | 05/01/2014
Website : http://www.en.usbfix.net
Changelog : https://www.usb-antivirus.com/fr/maj/
Support : https://www.sosvirus.net/
Upload Malware : http://www.sosvirus.net/upload_malware.php
Contact : http://www.en.usbfix.net/contact/
PC: ASUSTeK Computer Inc. (N51Vf )
CPU: Intel(R) Core(TM)2 Duo CPU T5900 @ 2.20GHz
RAM -> [Total : 3070 Mo| Free : 1491 Mo]
Bios: American Megatrends Inc.
Boot: Normal boot
OS: Microsoft® Windows Vista(TM) Home Premium (6.0.6001 32-Bit) Service Pack 1
WB: Windows Internet Explorer : 7.0.6001.18000
WB: Google Chrome : 31.0.1650.63
WB: Mozilla Firefox : 26.0
SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Norton Internet Security [Enabled | Updated]
AS: Windows Defender : 1.1.1600.0
FW: Windows FireWall Service [Enabled]
C:\ (%systemdrive%) -> Fixed drive # 233 Gb (155 Mb free - 67%) [VistaOS] # NTFS
D:\ -> Fixed drive # 221 Gb (184 Mb free - 83%) [DATA] # NTFS
E:\ -> CD-ROM
F:\ -> Removable drive # 241 Mb (241 Mb free - 100%) [] # FAT32
################## | Stopped processes |
Stopped! C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe (ID: 2180 |ParentID: 780)
Stopped! C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe (ID: 3456 |ParentID: 2180)
Stopped! C:\Windows\system32\SearchIndexer.exe (ID: 4872 |ParentID: 780)
Stopped! C:\Windows\system32\taskeng.exe (ID: 7720 |ParentID: 1264)
Stopped! C:\Windows\system32\SearchProtocolHost.exe (ID: 1400 |ParentID: 4872)
Stopped! C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (ID: 2160 |ParentID: 780)
Stopped! C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (ID: 7572 |ParentID: 780)
Stopped! C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 7940 |ParentID: 6020)
Stopped! C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 3740 |ParentID: 7940)
Stopped! C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 4884 |ParentID: 7940)
Stopped! C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 7656 |ParentID: 7940)
Stopped! C:\Windows\system32\WUDFHost.exe (ID: 6544 |ParentID: 1216)
Stopped! C:\Windows\system32\SearchFilterHost.exe (ID: 3428 |ParentID: 4872)
################## | Regedit Run |
04 - HKLM\..\Run : [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
04 - HKLM\..\Run : [DisableS3S4] c:\DisableS3S4.cmd
04 - HKLM\..\Run : [CLMLServer] "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"
04 - HKLM\..\Run : [P2Go_Menu] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
04 - HKLM\..\Run : [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
04 - HKLM\..\Run : [IaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe
04 - HKLM\..\Run : [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
04 - HKLM\..\Run : [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
04 - HKLM\..\Run : [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
04 - HKLM\..\Run : [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
04 - HKLM\..\Run : [HControlUser] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
04 - HKLM\..\Run : [ATKOSD2] C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
04 - HKLM\..\Run : [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
04 - HKLM\..\Run : [ADSMTray] C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe
04 - HKLM\..\Run : [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe
04 - HKLM\..\Run : [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe
04 - HKLM\..\Run : [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe
04 - HKLM\..\Run : [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
04 - HKLM\..\Run : [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
04 - HKLM\..\Run : [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
04 - HKLM\..\Run : [ApnTBMon] "C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
04 - HKLM\..\Run : [VNT] C:\Program Files\VNT\vntldr.exe
04 - HKLM\..\Run : [Yahoo Messenger]
04 - HKLM\..\Run : [mobilegeni daemon] C:\Program Files\Mobogenie\DaemonProcess.exe
04 - HKLM\..\Run : [AutoRunExterminator] C:\Users\NOZATRU\Downloads\New Folder\AutoRunExterminator.exe
04 - HKLM\..\RunOnce : []
04 - HKLM\..\RunOnce : [Malwarebytes Anti-Malware] D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
04 - HKU\S-1-5-19\..\Run : [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
04 - HKU\S-1-5-20\..\Run : [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
04 - HKU\S-1-5-21-309273636-1800129990-2084782303-1000\..\Run : [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
04 - HKU\S-1-5-21-309273636-1800129990-2084782303-1000\..\Run : [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
04 - HKU\S-1-5-21-309273636-1800129990-2084782303-1000\..\Run : [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
04 - HKU\S-1-5-21-309273636-1800129990-2084782303-1000\..\Run : [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
04 - HKU\S-1-5-21-309273636-1800129990-2084782303-1000\..\Run : [Facebook Update] "C:\Users\NOZATRU\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
################## | Generic Research |
(!) Temporary files deleted.
################## | Registry |
################## | Listing |
[07/10/2013 - 17:43:17 | SHD] - C:\$RECYCLE.BIN
[12/03/2009 - 02:11:47 | N | 0 Ko] - C:\app3.LOG
[07/10/2013 - 17:43:22 | D] - C:\ASUS.DAT
[19/06/2009 - 13:36:32 | D] - C:\ASUS.SYS
[18/09/2006 - 21:43:36 | A | 0 Ko] - C:\autoexec.bat
[16/04/2008 - 11:27:15 | SHD] - C:\Boot
[21/01/2008 - 02:24:42 | RASH | 325 Ko] - C:\bootmgr
[16/04/2008 - 11:27:17 | N | 8 Ko] - C:\BOOTSECT.BAK
[04/04/2007 - 19:01:54 | N | 0 Ko | 78E5AC1AA5D0A50BB4B6B7354F923068] - C:\CA21.txt
[04/01/2014 - 22:13:00 | D] - C:\Config.Msi
[18/09/2006 - 21:43:37 | N | 0 Ko] - C:\config.sys
[19/06/2009 - 13:42:19 | N | 16 Ko | 77E1082093C5486F5EBED23A2F6D2961] - C:\devlist.txt
[19/06/2009 - 13:42:08 | D] - C:\eSupport
[18/06/2009 - 23:45:16 | N | 1 Ko | 36D375D2114975FCC87E1FF1AF1234C9] - C:\faclog.txt
[19/06/2009 - 13:42:16 | N | 0 Ko] - C:\Finish.log
[04/01/2014 - 21:20:06 | ASH | 3144804 Ko] - C:\hiberfil.sys
[19/06/2009 - 12:19:51 | N | 0 Ko | 3F2664F3F4078DD52A48D5170F874870] - C:\igoogle_log.txt
[19/06/2009 - 12:50:03 | | 21120 Ko] - C:\inject.log
[19/06/2009 - 12:50:03 | N | 18574 Ko | 1966B64D77B48B5C93C9ECC6E210D7AE] - C:\inject.log.txt
[19/06/2009 - 12:25:56 | D] - C:\Intel
[19/06/2009 - 12:04:48 | RHD] - C:\MSOCache
[23/12/2008 - 09:21:05 | N | 1024 Ko] - C:\N51V.BIN
[06/01/2009 - 09:22:11 | N | 0 Ko] - C:\N51VF_N51VG_VISTA.10
[08/08/2008 - 07:22:19 | N | 0 Ko] - C:\NERO.LOG
[07/01/2009 - 09:16:08 | N | 0 Ko | 98173687643F3B788EBD59796EC32A4C] - C:\NIS2009.TXT
[15/03/2007 - 23:18:45 | N | 0 Ko | 9F9F657D665A4FDD8ADF0DAC16C4DF21] - C:\OFFICE2007_A.TXT
[04/01/2014 - 21:20:04 | ASH | 3451048 Ko] - C:\pagefile.sys
[19/06/2009 - 00:40:50 | N | 0 Ko | E12CF7AC07595F5146854AB501A0939F] - C:\Pass.txt
[22/04/2009 - 09:11:33 | N | 3 Ko] - C:\Patch.LOG
[21/01/2008 - 02:32:31 | D] - C:\PerfLogs
[04/01/2014 - 21:48:39 | D] - C:\Program Files
[04/01/2014 - 23:08:56 | D] - C:\ProgramData
[15/01/2009 - 08:13:21 | N | 0 Ko | F11F6474174980BF06C5B38F01090702] - C:\READER_A.TXT
[06/01/2009 - 09:22:11 | N | 0 Ko] - C:\RECOVERY.DAT
[19/06/2009 - 13:27:54 | N | 2 Ko] - C:\RHDSetup.log
[19/06/2009 - 13:33:47 | N | 0 Ko] - C:\setup.log
[19/06/2009 - 12:01:10 | N | 0 Ko | 8DFD780B7317303FE2A3DD2D5D6FF0D6] - C:\SumHidd.txt
[19/06/2009 - 12:00:14 | N | 0 Ko | 557794E4EBB995BFF7C606D9150A65BB] - C:\SumOS.txt
[04/01/2014 - 22:49:28 | SHD] - C:\System Volume Information
[19/06/2009 - 13:37:46 | D] - C:\temp
[05/01/2014 - 00:14:25 | D] - C:\UsbFix
[04/01/2014 - 22:41:22 | N | 15 Ko | 7B0A5EDC88377E9C22D1ADDC253EA66E] - C:\UsbFix [Clean 1] NOZATRU-PC.txt
[04/01/2014 - 23:26:30 | N | 7 Ko | 365448882B3D8803F439EF2CA63C406B] - C:\UsbFix [Clean 2] NOZATRU-PC.txt
[04/01/2014 - 23:29:05 | N | 10 Ko | 81BD06DC08809FF616741BEC8280C61E] - C:\UsbFix [Clean 3] NOZATRU-PC.txt
[04/01/2014 - 23:55:06 | N | 10 Ko | 42A57B11AB9614559DF6E99171616891] - C:\UsbFix [Clean 4] NOZATRU-PC.txt
[05/01/2014 - 00:14:46 | A | 9 Ko | C76BD0D59764C5545B4139946A200BB1] - C:\UsbFix [Clean 5] NOZATRU-PC.txt
[04/01/2014 - 23:58:36 | N | 6 Ko | 788BC53C208400ADE8A5FDF6C872B653] - C:\UsbFix [Listing 1] NOZATRU-PC.txt
[04/01/2014 - 23:27:49 | N | 8 Ko | E739795FC21A9F816402968C7B019D13] - C:\UsbFix [Scan 1] NOZATRU-PC.txt
[04/01/2014 - 23:30:11 | N | 7 Ko | 9423FFABF45A98EBCF6846EAD0C68CFE] - C:\UsbFix [Scan 2] NOZATRU-PC.txt
[04/01/2014 - 23:57:57 | N | 7 Ko | 097867FF329C5797369177CE69033A7D] - C:\UsbFix [Scan 3] NOZATRU-PC.txt
[07/10/2013 - 17:16:36 | D] - C:\Users
[02/06/2009 - 11:11:40 | N | 0 Ko | 7F85EFF5A80EADEAA89921A579A12E40] - C:\v55.txt
[04/01/2014 - 21:31:24 | D] - C:\Windows
[09/02/2009 - 05:30:41 | N | 0 Ko | EEB8662B4310622974DCF47655EAE1E4] - C:\WindowsLive_A.TXT
[04/01/2014 - 21:53:33 | SHD] - D:\$RECYCLE.BIN
[04/03/2012 - 13:36:03 | D] - D:\5619aa22142de56c7ce7d875cc5ef2
[03/03/2013 - 16:32:40 | D] - D:\5ad36c3738652ec30a73c4
[04/01/2014 - 23:58:20 | RASHD] - D:\Autorun.inf
[07/11/2003 - 01:06:12 | N | 75 Ko] - D:\Flower Offering 2013.doc
[04/01/2014 - 21:52:27 | N | 76 Ko] - D:\Flower Offering 2014.doc
[28/07/2013 - 11:56:57 | D] - D:\NOZATRU-PC
[08/01/2012 - 13:15:31 | N | 3451048 Ko] - D:\pagefile.sys
[04/01/2014 - 23:08:53 | D] - D:\Program Files
[04/01/2014 - 23:50:19 | D] - D:\Programmes
[07/10/2013 - 03:50:50 | SHD] - D:\System Volume Information
[04/01/2014 - 23:50:19 | D] - D:\Videos
[27/04/2011 - 09:15:36 | D] - F:\BROTHER
[18/04/2013 - 12:40:22 | N | 19 Ko] - F:\MARK URTAZON.docx
[04/01/2014 - 22:41:22 | AD] - F:\Autorun.inf
[04/01/2014 - 20:45:30 | N | 31 Ko] - F:\Marie Grace P. Rodriguez RESUME.doc
[24/08/2011 - 21:44:36 | N | 40 Ko | 31EF42F935D0D04C03723E929558D6DD] - F:\Starter Wallpaper Changer.exe
################## | Vaccin |
D:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
F:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
################## | E.O.F | https://www.usbfix.net/ - https://www.sosvirus.net/ |
User: NOZATRU (Administrator) # NOZATRU-PC
Updated 02/01/2014 by El Desaparecido - Team SosVirus
Started at 00:14:23 | 05/01/2014
Website : http://www.en.usbfix.net
Changelog : https://www.usb-antivirus.com/fr/maj/
Support : https://www.sosvirus.net/
Upload Malware : http://www.sosvirus.net/upload_malware.php
Contact : http://www.en.usbfix.net/contact/
PC: ASUSTeK Computer Inc. (N51Vf )
CPU: Intel(R) Core(TM)2 Duo CPU T5900 @ 2.20GHz
RAM -> [Total : 3070 Mo| Free : 1491 Mo]
Bios: American Megatrends Inc.
Boot: Normal boot
OS: Microsoft® Windows Vista(TM) Home Premium (6.0.6001 32-Bit) Service Pack 1
WB: Windows Internet Explorer : 7.0.6001.18000
WB: Google Chrome : 31.0.1650.63
WB: Mozilla Firefox : 26.0
SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Norton Internet Security [Enabled | Updated]
AS: Windows Defender : 1.1.1600.0
FW: Windows FireWall Service [Enabled]
C:\ (%systemdrive%) -> Fixed drive # 233 Gb (155 Mb free - 67%) [VistaOS] # NTFS
D:\ -> Fixed drive # 221 Gb (184 Mb free - 83%) [DATA] # NTFS
E:\ -> CD-ROM
F:\ -> Removable drive # 241 Mb (241 Mb free - 100%) [] # FAT32
################## | Stopped processes |
Stopped! C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe (ID: 2180 |ParentID: 780)
Stopped! C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe (ID: 3456 |ParentID: 2180)
Stopped! C:\Windows\system32\SearchIndexer.exe (ID: 4872 |ParentID: 780)
Stopped! C:\Windows\system32\taskeng.exe (ID: 7720 |ParentID: 1264)
Stopped! C:\Windows\system32\SearchProtocolHost.exe (ID: 1400 |ParentID: 4872)
Stopped! C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (ID: 2160 |ParentID: 780)
Stopped! C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (ID: 7572 |ParentID: 780)
Stopped! C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 7940 |ParentID: 6020)
Stopped! C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 3740 |ParentID: 7940)
Stopped! C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 4884 |ParentID: 7940)
Stopped! C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 7656 |ParentID: 7940)
Stopped! C:\Windows\system32\WUDFHost.exe (ID: 6544 |ParentID: 1216)
Stopped! C:\Windows\system32\SearchFilterHost.exe (ID: 3428 |ParentID: 4872)
################## | Regedit Run |
04 - HKLM\..\Run : [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
04 - HKLM\..\Run : [DisableS3S4] c:\DisableS3S4.cmd
04 - HKLM\..\Run : [CLMLServer] "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"
04 - HKLM\..\Run : [P2Go_Menu] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
04 - HKLM\..\Run : [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
04 - HKLM\..\Run : [IaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe
04 - HKLM\..\Run : [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
04 - HKLM\..\Run : [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
04 - HKLM\..\Run : [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
04 - HKLM\..\Run : [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
04 - HKLM\..\Run : [HControlUser] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
04 - HKLM\..\Run : [ATKOSD2] C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
04 - HKLM\..\Run : [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
04 - HKLM\..\Run : [ADSMTray] C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe
04 - HKLM\..\Run : [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe
04 - HKLM\..\Run : [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe
04 - HKLM\..\Run : [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe
04 - HKLM\..\Run : [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
04 - HKLM\..\Run : [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
04 - HKLM\..\Run : [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
04 - HKLM\..\Run : [ApnTBMon] "C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
04 - HKLM\..\Run : [VNT] C:\Program Files\VNT\vntldr.exe
04 - HKLM\..\Run : [Yahoo Messenger]
04 - HKLM\..\Run : [mobilegeni daemon] C:\Program Files\Mobogenie\DaemonProcess.exe
04 - HKLM\..\Run : [AutoRunExterminator] C:\Users\NOZATRU\Downloads\New Folder\AutoRunExterminator.exe
04 - HKLM\..\RunOnce : []
04 - HKLM\..\RunOnce : [Malwarebytes Anti-Malware] D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
04 - HKU\S-1-5-19\..\Run : [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
04 - HKU\S-1-5-20\..\Run : [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
04 - HKU\S-1-5-21-309273636-1800129990-2084782303-1000\..\Run : [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
04 - HKU\S-1-5-21-309273636-1800129990-2084782303-1000\..\Run : [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
04 - HKU\S-1-5-21-309273636-1800129990-2084782303-1000\..\Run : [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
04 - HKU\S-1-5-21-309273636-1800129990-2084782303-1000\..\Run : [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
04 - HKU\S-1-5-21-309273636-1800129990-2084782303-1000\..\Run : [Facebook Update] "C:\Users\NOZATRU\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
################## | Generic Research |
(!) Temporary files deleted.
################## | Registry |
################## | Listing |
[07/10/2013 - 17:43:17 | SHD] - C:\$RECYCLE.BIN
[12/03/2009 - 02:11:47 | N | 0 Ko] - C:\app3.LOG
[07/10/2013 - 17:43:22 | D] - C:\ASUS.DAT
[19/06/2009 - 13:36:32 | D] - C:\ASUS.SYS
[18/09/2006 - 21:43:36 | A | 0 Ko] - C:\autoexec.bat
[16/04/2008 - 11:27:15 | SHD] - C:\Boot
[21/01/2008 - 02:24:42 | RASH | 325 Ko] - C:\bootmgr
[16/04/2008 - 11:27:17 | N | 8 Ko] - C:\BOOTSECT.BAK
[04/04/2007 - 19:01:54 | N | 0 Ko | 78E5AC1AA5D0A50BB4B6B7354F923068] - C:\CA21.txt
[04/01/2014 - 22:13:00 | D] - C:\Config.Msi
[18/09/2006 - 21:43:37 | N | 0 Ko] - C:\config.sys
[19/06/2009 - 13:42:19 | N | 16 Ko | 77E1082093C5486F5EBED23A2F6D2961] - C:\devlist.txt
[19/06/2009 - 13:42:08 | D] - C:\eSupport
[18/06/2009 - 23:45:16 | N | 1 Ko | 36D375D2114975FCC87E1FF1AF1234C9] - C:\faclog.txt
[19/06/2009 - 13:42:16 | N | 0 Ko] - C:\Finish.log
[04/01/2014 - 21:20:06 | ASH | 3144804 Ko] - C:\hiberfil.sys
[19/06/2009 - 12:19:51 | N | 0 Ko | 3F2664F3F4078DD52A48D5170F874870] - C:\igoogle_log.txt
[19/06/2009 - 12:50:03 | | 21120 Ko] - C:\inject.log
[19/06/2009 - 12:50:03 | N | 18574 Ko | 1966B64D77B48B5C93C9ECC6E210D7AE] - C:\inject.log.txt
[19/06/2009 - 12:25:56 | D] - C:\Intel
[19/06/2009 - 12:04:48 | RHD] - C:\MSOCache
[23/12/2008 - 09:21:05 | N | 1024 Ko] - C:\N51V.BIN
[06/01/2009 - 09:22:11 | N | 0 Ko] - C:\N51VF_N51VG_VISTA.10
[08/08/2008 - 07:22:19 | N | 0 Ko] - C:\NERO.LOG
[07/01/2009 - 09:16:08 | N | 0 Ko | 98173687643F3B788EBD59796EC32A4C] - C:\NIS2009.TXT
[15/03/2007 - 23:18:45 | N | 0 Ko | 9F9F657D665A4FDD8ADF0DAC16C4DF21] - C:\OFFICE2007_A.TXT
[04/01/2014 - 21:20:04 | ASH | 3451048 Ko] - C:\pagefile.sys
[19/06/2009 - 00:40:50 | N | 0 Ko | E12CF7AC07595F5146854AB501A0939F] - C:\Pass.txt
[22/04/2009 - 09:11:33 | N | 3 Ko] - C:\Patch.LOG
[21/01/2008 - 02:32:31 | D] - C:\PerfLogs
[04/01/2014 - 21:48:39 | D] - C:\Program Files
[04/01/2014 - 23:08:56 | D] - C:\ProgramData
[15/01/2009 - 08:13:21 | N | 0 Ko | F11F6474174980BF06C5B38F01090702] - C:\READER_A.TXT
[06/01/2009 - 09:22:11 | N | 0 Ko] - C:\RECOVERY.DAT
[19/06/2009 - 13:27:54 | N | 2 Ko] - C:\RHDSetup.log
[19/06/2009 - 13:33:47 | N | 0 Ko] - C:\setup.log
[19/06/2009 - 12:01:10 | N | 0 Ko | 8DFD780B7317303FE2A3DD2D5D6FF0D6] - C:\SumHidd.txt
[19/06/2009 - 12:00:14 | N | 0 Ko | 557794E4EBB995BFF7C606D9150A65BB] - C:\SumOS.txt
[04/01/2014 - 22:49:28 | SHD] - C:\System Volume Information
[19/06/2009 - 13:37:46 | D] - C:\temp
[05/01/2014 - 00:14:25 | D] - C:\UsbFix
[04/01/2014 - 22:41:22 | N | 15 Ko | 7B0A5EDC88377E9C22D1ADDC253EA66E] - C:\UsbFix [Clean 1] NOZATRU-PC.txt
[04/01/2014 - 23:26:30 | N | 7 Ko | 365448882B3D8803F439EF2CA63C406B] - C:\UsbFix [Clean 2] NOZATRU-PC.txt
[04/01/2014 - 23:29:05 | N | 10 Ko | 81BD06DC08809FF616741BEC8280C61E] - C:\UsbFix [Clean 3] NOZATRU-PC.txt
[04/01/2014 - 23:55:06 | N | 10 Ko | 42A57B11AB9614559DF6E99171616891] - C:\UsbFix [Clean 4] NOZATRU-PC.txt
[05/01/2014 - 00:14:46 | A | 9 Ko | C76BD0D59764C5545B4139946A200BB1] - C:\UsbFix [Clean 5] NOZATRU-PC.txt
[04/01/2014 - 23:58:36 | N | 6 Ko | 788BC53C208400ADE8A5FDF6C872B653] - C:\UsbFix [Listing 1] NOZATRU-PC.txt
[04/01/2014 - 23:27:49 | N | 8 Ko | E739795FC21A9F816402968C7B019D13] - C:\UsbFix [Scan 1] NOZATRU-PC.txt
[04/01/2014 - 23:30:11 | N | 7 Ko | 9423FFABF45A98EBCF6846EAD0C68CFE] - C:\UsbFix [Scan 2] NOZATRU-PC.txt
[04/01/2014 - 23:57:57 | N | 7 Ko | 097867FF329C5797369177CE69033A7D] - C:\UsbFix [Scan 3] NOZATRU-PC.txt
[07/10/2013 - 17:16:36 | D] - C:\Users
[02/06/2009 - 11:11:40 | N | 0 Ko | 7F85EFF5A80EADEAA89921A579A12E40] - C:\v55.txt
[04/01/2014 - 21:31:24 | D] - C:\Windows
[09/02/2009 - 05:30:41 | N | 0 Ko | EEB8662B4310622974DCF47655EAE1E4] - C:\WindowsLive_A.TXT
[04/01/2014 - 21:53:33 | SHD] - D:\$RECYCLE.BIN
[04/03/2012 - 13:36:03 | D] - D:\5619aa22142de56c7ce7d875cc5ef2
[03/03/2013 - 16:32:40 | D] - D:\5ad36c3738652ec30a73c4
[04/01/2014 - 23:58:20 | RASHD] - D:\Autorun.inf
[07/11/2003 - 01:06:12 | N | 75 Ko] - D:\Flower Offering 2013.doc
[04/01/2014 - 21:52:27 | N | 76 Ko] - D:\Flower Offering 2014.doc
[28/07/2013 - 11:56:57 | D] - D:\NOZATRU-PC
[08/01/2012 - 13:15:31 | N | 3451048 Ko] - D:\pagefile.sys
[04/01/2014 - 23:08:53 | D] - D:\Program Files
[04/01/2014 - 23:50:19 | D] - D:\Programmes
[07/10/2013 - 03:50:50 | SHD] - D:\System Volume Information
[04/01/2014 - 23:50:19 | D] - D:\Videos
[27/04/2011 - 09:15:36 | D] - F:\BROTHER
[18/04/2013 - 12:40:22 | N | 19 Ko] - F:\MARK URTAZON.docx
[04/01/2014 - 22:41:22 | AD] - F:\Autorun.inf
[04/01/2014 - 20:45:30 | N | 31 Ko] - F:\Marie Grace P. Rodriguez RESUME.doc
[24/08/2011 - 21:44:36 | N | 40 Ko | 31EF42F935D0D04C03723E929558D6DD] - F:\Starter Wallpaper Changer.exe
################## | Vaccin |
D:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
F:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
################## | E.O.F | https://www.usbfix.net/ - https://www.sosvirus.net/ |
mats04
Posts
3
Registration date
Saturday January 4, 2014
Status
Member
Last seen
January 4, 2014
Jan 4, 2014 at 11:17 AM
Jan 4, 2014 at 11:17 AM
And how about the virus in my Laptop ?
2011N2
Posts
13352
Registration date
Saturday January 29, 2011
Status
Security contributor
Last seen
December 24, 2016
39
Jan 4, 2014 at 11:43 AM
Jan 4, 2014 at 11:43 AM
Normally it will be eradicate by UsbFix.
Gabriel.
Gabriel.
