Pendrive shortcut folders
Solved/Closed
Nivetha.v93
Posts
3
Registration date
Wednesday March 19, 2014
Status
Member
Last seen
August 12, 2014
-
Mar 19, 2014 at 10:11 AM
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 - Aug 12, 2014 at 04:09 PM
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 - Aug 12, 2014 at 04:09 PM
Related:
- Pendrive shortcut folders
- At shortcut - Guide
- Pendrive eject shortcut key - Guide
- Pi keyboard shortcut - Guide
- Keyboard stuck in shortcut mode - Guide
- Lg tv sleep timer shortcut - Guide
4 responses
2011N2
Posts
13352
Registration date
Saturday January 29, 2011
Status
Security contributor
Last seen
December 24, 2016
39
Mar 19, 2014 at 04:32 PM
Mar 19, 2014 at 04:32 PM
Hello,
This type issue could be caused by a USB virus. It will spread to all of your USB memory devices and hard disk.
Here is a tool to remove the virus and vaccinate your USB against further viruses.
Download UsbFix (created by El Desaparecido) on your desktop.
http://ccm.net/download/download-24089-usbfix
If your antivirus gives an alert, ignore it and temporarily deactivate the antivirus.
Plug in your usb devices (Flash drive, pen drive. External HD etc...) don't open them.
Double click sur UsbFix.exe.
Click on deletion
.
Let the tool work.
At the end of the scan a report will show which you can copy and paste here..
The report is save at the root ( C:\UsbFix.txt ).
You can also vaccinate against any virus.
Gabriel.
This type issue could be caused by a USB virus. It will spread to all of your USB memory devices and hard disk.
Here is a tool to remove the virus and vaccinate your USB against further viruses.
Download UsbFix (created by El Desaparecido) on your desktop.
http://ccm.net/download/download-24089-usbfix
If your antivirus gives an alert, ignore it and temporarily deactivate the antivirus.
Plug in your usb devices (Flash drive, pen drive. External HD etc...) don't open them.
Double click sur UsbFix.exe.
Click on deletion
.
Let the tool work.
At the end of the scan a report will show which you can copy and paste here..
The report is save at the root ( C:\UsbFix.txt ).
You can also vaccinate against any virus.
Gabriel.
problem is solved. now pendrive is opening asusual without shortcuts. I am so happy thanks for ur good suggestions. but after the deletion the tool reported a in a notepad. what to do with that notepad now.
2011N2
Posts
13352
Registration date
Saturday January 29, 2011
Status
Security contributor
Last seen
December 24, 2016
39
Mar 24, 2014 at 01:27 PM
Mar 24, 2014 at 01:27 PM
Hello,
Good. :)
Paste the report in your next answer please.
Gabriel.
Good. :)
Paste the report in your next answer please.
Gabriel.
Nivetha.v93
Posts
3
Registration date
Wednesday March 19, 2014
Status
Member
Last seen
August 12, 2014
Aug 12, 2014 at 11:12 AM
Aug 12, 2014 at 11:12 AM
############################## | UsbFix V 7.167 | [Deletion]
User: Nivetha Nive (Administrator) # HOME-PC
Updated 13/03/2014 by El Desaparecido - Team SosVirus
Started at 19:59:06 | 12/08/2014
Website : http://www.en.usbfix.net/
Changelog : http://www.en.usbfix.net/changelog/
Support : https://ccm.net/forum/viruses-security-7
Upload Malware : http://www.sosvirus.net/upload_malware.php
Contact : http://www.en.usbfix.net/contact/
PC: LENOVO (Base Board Product Name)
CPU: Pentium(R) Dual-Core CPU T4500 @ 2.30GHz
RAM -> [Total : 1979 Mo| Free : 1515 Mo]
Bios: LENOVO
Boot: Normal boot
OS: Microsoft Windows 7 Ultimate (6.1.7601 32-Bit) Service Pack 1
WB: Windows Internet Explorer : 11.0.9600.16518
SC: Security Center [(!) Disabled]
WU: Windows Update [(!) Disabled]
AS: Windows Defender [Enabled | Updated]
FW: Windows FireWall [(!) Disabled]
C:\ (%systemdrive%) -> Fixed drive # 78 Gb (55 Mb free - 71%) [] # NTFS
D:\ -> Fixed drive # 107 Gb (82 Mb free - 76%) [] # NTFS
E:\ -> Fixed drive # 113 Gb (112 Mb free - 100%) [] # NTFS
################## | Active Processes |
C:\Windows\system32\csrss.exe (ID: 364 |ParentID: 344)
C:\Windows\system32\wininit.exe (ID: 416 |ParentID: 344)
C:\Windows\system32\csrss.exe (ID: 428 |ParentID: 408)
C:\Windows\system32\services.exe (ID: 472 |ParentID: 416)
C:\Windows\system32\winlogon.exe (ID: 504 |ParentID: 408)
C:\Windows\system32\lsass.exe (ID: 512 |ParentID: 416)
C:\Windows\system32\lsm.exe (ID: 520 |ParentID: 416)
C:\Windows\system32\svchost.exe (ID: 660 |ParentID: 472)
C:\Windows\system32\svchost.exe (ID: 756 |ParentID: 472)
C:\Windows\System32\svchost.exe (ID: 836 |ParentID: 472)
C:\Windows\System32\svchost.exe (ID: 888 |ParentID: 472)
C:\Windows\system32\svchost.exe (ID: 928 |ParentID: 472)
C:\Windows\system32\svchost.exe (ID: 976 |ParentID: 472)
C:\Windows\system32\svchost.exe (ID: 1204 |ParentID: 472)
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ID: 1260 |ParentID: 472)
C:\Windows\System32\spoolsv.exe (ID: 1488 |ParentID: 472)
C:\Windows\system32\svchost.exe (ID: 1520 |ParentID: 472)
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (ID: 1568 |ParentID: 472)
C:\Windows\system32\svchost.exe (ID: 1648 |ParentID: 472)
C:\Windows\system32\svchost.exe (ID: 1680 |ParentID: 472)
C:\Windows\system32\svchost.exe (ID: 2020 |ParentID: 472)
C:\Windows\system32\svchost.exe (ID: 112 |ParentID: 472)
C:\Windows\system32\taskhost.exe (ID: 688 |ParentID: 472)
C:\Windows\system32\Dwm.exe (ID: 2120 |ParentID: 888)
C:\Windows\Explorer.EXE (ID: 2152 |ParentID: 2112)
C:\Windows\system32\runonce.exe (ID: 2260 |ParentID: 2152)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 2560 |ParentID: 660)
################## | Regedit Run |
F2 - HKLM\..\Winlogon : [Shell] explorer.exe
F2 - [64bit] HKLM\..\Winlogon : [Shell] explorer.exe
F2 - HKLM\..\Winlogon : [TaskMan] C:\Users\Nivetha Nive\AppData\Roaming\Update\MSupdate.exe
F2 - [64bit] HKLM\..\Winlogon : [TaskMan] C:\Users\Nivetha Nive\AppData\Roaming\Update\MSupdate.exe
F2 - HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe,
F2 - [64bit] HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe,
F3 - HKCU\..\Winlogon : [Shell] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-24560811\ehj2121.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-22476544\k7jj1j1.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-69537311\7da5353.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-61208711\zy126d0107.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-69032111\7d43j31.exe,C:\Users\Nivetha Nive\AppData\Roaming\Update\MSupdate.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-60193611\7da5sa1.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1464710\fd861221.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-14564210\fd865221.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-5618147819\atnxw11a9.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1770020\a77700j.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1753420\a761222j.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455986\s2361a1.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-86753420\a7656222j.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-863420\a56738wj.exe,C:\RECYCLER\mscinet.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-189911\e9roa17700.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-18751311\eproa17700.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-11820146\b12pr100.exe,explorer.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-90965120\afjhbewj.exe
04 - HKCU\..\Run : [afewfw] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-90965120\afjhbewj.exe
04 - HKCU\..\Run : [b1e1pr00] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-11820146\b12pr100.exe
04 - HKCU\..\Run : [e9oa17700] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-189911\e9roa17700.exe
04 - HKCU\..\Run : [Windows Security Firewall Manager] C:\RECYCLER\mscinet.exe
04 - HKCU\..\Run : [a37367] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-863420\a56738wj.exe
04 - HKCU\..\Run : [a765627] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-86753420\a7656222j.exe
04 - HKCU\..\Run : [s2361a121] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455986\s2361a1.exe
04 - HKCU\..\Run : [Rrsasr] C:\Users\Nivetha Nive\AppData\Roaming\Identities\Rrsasr.exe
04 - HKCU\..\Run : [Adobe System Incorporated] C:\Users\NIVETH~1\AppData\Local\Temp\Adobe\Reader_sl.exe
04 - HKCU\..\Run : [Windows Update Service] C:\Users\NIVETH~1\AppData\Local\Temp\windows\winsys.exe
04 - HKCU\..\Run : [CreativeAudio] "C:\ProgramData\CreativeAudio\epoaztybt.exe"
04 - HKCU\..\Run : [a7127] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1753420\a761222j.exe
04 - HKCU\..\Run : [a77007] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1770020\a77700j.exe
04 - HKCU\..\Run : [antaw411r9] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-5618147819\atnxw11a9.exe
04 - HKCU\..\Run : [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
04 - HKCU\..\Run : [dd75421] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-14564210\fd865221.exe
04 - HKCU\..\Run : [dd754121] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1464710\fd861221.exe
04 - HKCU\..\Run : [MicrosoftPerfWD] "C:\Users\NIVETH~1\AppData\Local\Temp\bqltmhhidxh.exe"
04 - HKCU\..\Run : [MicrosoftStCnt] "C:\Users\NIVETH~1\AppData\Local\Temp\tfoqkoispnl.exe"
04 - HKCU\..\Run : [7da5sa1] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-60193611\7da5sa1.exe
04 - HKCU\..\Run : [Windows Update Manager] C:\Users\Nivetha Nive\AppData\Roaming\Update\MSupdate.exe
04 - HKCU\..\Run : [743433j1] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-69032111\7d43j31.exe
04 - HKCU\..\Run : [zy1725d0006] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-61208711\zy126d0107.exe
04 - HKCU\..\Run : [7a453531] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-69537311\7da5353.exe
04 - HKCU\..\Run : [k7jjj01] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-22476544\k7jj1j1.exe
04 - HKCU\..\Run : [e2j2121] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-24560811\ehj2121.exe
04 - HKCU\..\Policies\Explorer\run : [Windows Update] "C:\Users\Nivetha Nive\AppData\Roaming\Identities\pxdci\pxdci.exe" -shell
04 - HKLM\..\Run : [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
04 - HKLM\..\Run : [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\..\Run : [EnergyUtility] C:\Program Files\Lenovo\EnergyCut\utilty.exe
04 - HKLM\..\Run : [EnergyCut] C:\Program Files\Lenovo\EnergyCut\EnergyCut.exe
04 - HKLM\..\Run : [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
04 - HKLM\..\Policies\Explorer\run : [14848316] C:\PROGRA~2\msaeq.exe
04 - HKLM\..\Policies\Explorer\run : [818979077] C:\PROGRA~2\msvcz.exe
04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-3825681123-1208484509-3888531729-1005\..\Run : [afewfw] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-90965120\afjhbewj.exe
04 - HKU\S-1-5-21-3825681123-1208484509-3888531729-1005\..\Run : [b1e1pr00] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-11820146\b12pr100.exe
04 - HKU\S-1-5-21-3825681123-1208484509-3888531729-1005\..\Run : [e9oa17700] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-189911\e9roa17700.exe
04 - HKU\S-1-5-21-3825681123-1208484509-3888531729-1005\..\Run : [Windows Security Firewall Manager] C:\RECYCLER\mscinet.exe
04 - HKU\S-1-5-21-3825681123-1208484509-3888531729-1005\..\Run : [a37367] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-863420\a56738wj.exe
04 - HKU\S-1-5-21-3825681123-1208484509-3888531729-1005\..\Run : [a765627] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-86753420\a7656222j.exe
04 - HKU\S-1-5-21-3825681123-1208484509-3888531729-1005\..\Run : [s2361a121] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455986\s2361a1.exe
04 - HKU\S-1-5-21-3825681123-1208484509-3888531729-1005\..\Run : [Rrsasr] C:\Users\Nivetha Nive\AppData\Roaming\Identities\Rrsasr.exe
04 - HKU\S-1-5-21-3825681123-1208484509-3888531729-1005\..\Run : [Adobe System Incorporated] C:\Users\NIVETH~1\AppData\Local\Temp\Adobe\Reader_sl.exe
04 - HKU\S-1-5-21-3825681123-1208484509-3888531729-1005\..\Run : [Windows Update Service] C:\Users\NIVETH~1\AppData\Local\Temp\windows\winsys.exe
04 - HKU\S-1-5-21-3825681123-1208484509-3888531729-1005\..\Run : [CreativeAudio] "C:\ProgramData\CreativeAudio\epoaztybt.exe"
04 - HKU\S-1-5-21-3825681123-1208484509-3888531729-1005\..\Run : [a7127] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1753420\a761222j.exe
04 - HKU\S-1-5-21-3825681123-1208484509-3888531729-1005\..\Run : [a77007] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1770020\a77700j.exe
04 - HKU\S-1-5-21-3825681123-1208484509-3888531729-1005\..\Run : [antaw411r9] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-5618147819\atnxw11a9.exe
04 - HKU\S-1-5-21-3825681123-1208484509-3888531729-1005\..\Run : [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
04 - HKU\S-1-5-21-3825681123-1208484509-3888531729-1005\..\Run : [dd75421] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-14564210\fd865221.exe
04 - HKU\S-1-5-21-3825681123-1208484509-3888531729-1005\..\Run : [dd754121] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1464710\fd861221.exe
04 - HKU\S-1-5-21-3825681123-1208484509-3888531729-1005\..\Run : [MicrosoftPerfWD] "C:\Users\NIVETH~1\AppData\Local\Temp\bqltmhhidxh.exe"
04 - HKU\S-1-5-21-3825681123-1208484509-3888531729-1005\..\Run : [MicrosoftStCnt] "C:\Users\NIVETH~1\AppData\Local\Temp\tfoqkoispnl.exe"
04 - HKU\S-1-5-21-3825681123-1208484509-3888531729-1005\..\Run : [7da5sa1] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-60193611\7da5sa1.exe
04 - HKU\S-1-5-21-3825681123-1208484509-3888531729-1005\..\Run : [Windows Update Manager] C:\Users\Nivetha Nive\AppData\Roaming\Update\MSupdate.exe
04 - HKU\S-1-5-21-3825681123-1208484509-3888531729-1005\..\Run : [743433j1] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-69032111\7d43j31.exe
04 - HKU\S-1-5-21-3825681123-1208484509-3888531729-1005\..\Run : [zy1725d0006] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-61208711\zy126d0107.exe
04 - HKU\S-1-5-21-3825681123-1208484509-3888531729-1005\..\Run : [7a453531] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-69537311\7da5353.exe
04 - HKU\S-1-5-21-3825681123-1208484509-3888531729-1005\..\Run : [k7jjj01] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-22476544\k7jj1j1.exe
04 - HKU\S-1-5-21-3825681123-1208484509-3888531729-1005\..\Run : [e2j2121] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-24560811\ehj2121.exe
04 - HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-21-3825681123-1208484509-3888531729-1005\..\Policies\Explorer\run : [Windows Update] "C:\Users\Nivetha Nive\AppData\Roaming\Identities\pxdci\pxdci.exe" -shell
################## | Generic Research |
Deleted ! C:\Users\Nivetha Nive\AppData\Roaming\1DFB.exe
Deleted ! C:\Users\Nivetha Nive\AppData\Roaming\3CFB.exe
Deleted ! C:\Users\Nivetha Nive\AppData\Roaming\4EBB.exe
Deleted ! C:\Users\Nivetha Nive\AppData\Roaming\6597.exe
Deleted ! C:\Users\Nivetha Nive\AppData\Roaming\7AF9.exe
Deleted ! C:\Users\Nivetha Nive\AppData\Roaming\7C40.exe
Deleted ! C:\Users\Nivetha Nive\AppData\Roaming\8FD4.exe
Deleted ! C:\Users\Nivetha Nive\AppData\Roaming\c731200
Deleted ! C:\Users\NIVETH~1\AppData\Local\Temp\Adobe\Reader_sl.exe
Deleted ! C:\Users\Nivetha Nive\AppData\Roaming\Identities\Rrsasr.exe
Deleted ! C:\Users\Nivetha Nive\AppData\Roaming\Update\MSupdate.exe
Deleted ! C:\Users\NIVETH~1\AppData\Local\Temp\c731200
Deleted ! C:\Recycler\S-1-5-21-0243556031-888888379-781863308-22476544
Deleted ! C:\Recycler\S-1-5-21-0243556031-888888379-781863308-24560811
Not deleted ! C:\ProgramData\CreativeAudio\epoaztybt.exe
Deleted ! C:\ProgramData\CreativeAudio\txdtevonjsb.exe
Not deleted ! C:\ProgramData\CreativeAudio\xsytzecrn.exe
Not deleted ! C:\Users\All Users\CreativeAudio\epoaztybt.exe
Not deleted ! C:\Users\All Users\CreativeAudio\xsytzecrn.exe
Deleted ! C:\Users\home\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\339K11YE\bet[1].exe
Deleted ! C:\Users\home\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JCL8EZXE\bet[2].exe
Deleted ! C:\Users\home\AppData\Roaming\Identities\Rrsasr.exe
Deleted ! C:\Users\Nivetha Nive\AppData\Local\Temp\ysydz.exe
Deleted ! C:\Users\Nivetha Nive\AppData\Roaming\CFBC.exe
(!) Temporary files deleted.
################## | Registry |
Deleted ! HKCU\Software\WindowsId Manager Reader
Repaired ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|EnableLUA -> 1
Repaired ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|ConsentPromptBehaviorAdmin -> 5
Not deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mbam.exe
Not deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mbamgui.exe
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rstrui.exe
Deleted ! HKU\S-1-5-21-3825681123-1208484509-3888531729-1005\Software\Microsoft\Windows\CurrentVersion\Run|Adobe System Incorporated
Deleted ! HKU\S-1-5-21-3825681123-1208484509-3888531729-1005\Software\Microsoft\Windows\CurrentVersion\Run|antaw411r9
Deleted ! HKU\S-1-5-21-3825681123-1208484509-3888531729-1005\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|Windows Update
Deleted ! HKU\S-1-5-21-3825681123-1208484509-3888531729-1005\Software\Microsoft\Windows\CurrentVersion\Run|Rrsasr
################## | Listing |
[22/03/2014 - 19:17:56 | SHD] - C:\$Recycle.Bin
[11/06/2009 - 03:12:20 | A | 0 Ko] - C:\autoexec.bat
[11/06/2009 - 03:12:20 | N | 0 Ko] - C:\config.sys
[14/07/2009 - 10:23:55 | SHD] - C:\Documents and Settings
[13/04/2014 - 10:39:11 | D] - C:\Drivers
[12/08/2014 - 19:58:00 | ASH | 1519844 Ko] - C:\hiberfil.sys
[31/05/2014 - 21:59:29 | RASH | 0 Ko] - C:\IO.SYS
[31/05/2014 - 21:59:29 | RASH | 0 Ko] - C:\MSDOS.SYS
[11/10/2013 - 01:55:14 | RHD] - C:\MSOCache
[12/08/2014 - 19:58:03 | ASH | 2026460 Ko] - C:\pagefile.sys
[14/07/2009 - 08:07:05 | D] - C:\PerfLogs
[15/07/2014 - 18:31:10 | D] - C:\Program Files
[04/08/2014 - 19:17:47 | HD] - C:\ProgramData
[11/10/2013 - 01:52:34 | SHD] - C:\Recovery
[12/08/2014 - 20:03:33 | D] - C:\RECYCLER
[12/08/2014 - 19:43:51 | SHD] - C:\System Volume Information
[12/08/2014 - 19:57:11 | D] - C:\UsbFix
[12/08/2014 - 20:04:03 | A | 16 Ko | 56FFD97F8448F9A245F45EEBF3A4C2C3] - C:\UsbFix [Clean 8] HOME-PC.txt
[08/06/2014 - 08:05:27 | D] - C:\Users
[12/08/2014 - 19:43:52 | D] - C:\Windows
[22/03/2014 - 19:17:56 | SHD] - D:\$RECYCLE.BIN
[12/06/2014 - 20:20:43 | D] - D:\Books
[15/07/2014 - 20:00:28 | D] - D:\Film
[16/07/2014 - 19:44:54 | D] - D:\New_folder
[20/07/2014 - 18:45:57 | D] - D:\Nive
[09/08/2014 - 20:13:30 | D] - D:\Pictures
[18/05/2014 - 19:35:48 | D] - D:\resumes
[28/07/2014 - 20:45:31 | D] - D:\Softwares
[08/08/2014 - 17:56:39 | D] - D:\Songs
[06/08/2014 - 20:22:52 | D] - D:\swe
[11/10/2013 - 10:28:55 | SHD] - D:\System Volume Information
[08/07/2014 - 15:38:52 | D] - D:\Tones
[26/07/2014 - 21:13:59 | D] - D:\Videos
[17/07/2014 - 20:12:09 | D] - D:\village photos
[22/03/2014 - 19:17:56 | SHD] - E:\$RECYCLE.BIN
[29/03/2014 - 15:31:16 | N | 35 Ko] - E:\396899-aashiqui-2-movie-review.jpg
[07/05/2014 - 16:03:25 | N | 1013 Ko] - E:\AS.jpg
[07/05/2014 - 11:46:52 | N | 231 Ko] - E:\ashq.jpg
[07/05/2014 - 15:36:34 | N | 191 Ko] - E:\ashwini.jpg
[03/05/2014 - 13:22:35 | N | 91 Ko] - E:\aswini.jpg
[06/05/2014 - 09:12:56 | N | 832 Ko] - E:\CHAAYA.png
[07/05/2014 - 16:27:47 | N | 485 Ko] - E:\dcgh.jpg
[02/05/2014 - 12:06:02 | N | 233 Ko] - E:\gdhh.jpg
[27/04/2014 - 12:13:43 | N | 85 Ko] - E:\gen21.jpg
[15/07/2014 - 20:34:16 | N | 339 Ko] - E:\genr.jpg
[26/04/2014 - 20:56:40 | N | 125 Ko] - E:\ghgty.jpg
[23/04/2014 - 11:49:27 | N | 40 Ko] - E:\Gmaxresdefault.jpg
[07/05/2014 - 18:39:37 | N | 24 Ko] - E:\gyu.jpg
[05/05/2014 - 14:44:51 | N | 198 Ko] - E:\hdhfudd.jpg
[04/05/2014 - 19:21:08 | N | 231 Ko] - E:\hey baby.jpg
[06/05/2014 - 12:44:54 | N | 46 Ko] - E:\hghy.jpg
[07/05/2014 - 16:17:38 | N | 754 Ko] - E:\HHHF.jpg
[26/04/2014 - 21:18:18 | N | 99 Ko] - E:\hhjdhf.jpg
[26/04/2014 - 20:36:28 | N | 195 Ko] - E:\husdu.jpg
[18/05/2014 - 15:01:56 | N | 113 Ko] - E:\ijathe.jpg
[16/07/2014 - 21:52:16 | N | 230 Ko] - E:\Image0303.jpg
[16/07/2014 - 19:22:10 | N | 63 Ko] - E:\Image0326.jpg
[12/06/2014 - 09:32:18 | N | 154 Ko] - E:\jdjf.jpg
[05/05/2014 - 09:03:25 | N | 77 Ko] - E:\JFHUJD.jpg
[02/05/2014 - 13:45:26 | N | 133 Ko] - E:\jjfkbklfk.jpg
[18/06/2014 - 16:08:23 | N | 117 Ko] - E:\jjjjnjnjn.jpg
[04/05/2014 - 11:46:21 | N | 103 Ko] - E:\mama treatu.jpg
[04/06/2014 - 18:38:29 | N | 92 Ko] - E:\negi.jpg
[29/04/2014 - 13:00:37 | D] - E:\New folder
[16/07/2014 - 21:56:42 | N | 58 Ko] - E:\New Pictur.jpg
[15/07/2014 - 21:00:51 | N | 254 Ko] - E:\New Picture (2).jpg
[23/04/2014 - 11:21:28 | N | 149 Ko] - E:\New Picture (5.jpg
[18/06/2014 - 15:31:33 | N | 179 Ko] - E:\New Picturebh.jpg
[07/05/2014 - 17:59:12 | N | 456 Ko] - E:\nweyrk.jpg
[02/05/2014 - 10:36:08 | N | 122 Ko] - E:\pdlv.jpg
[30/04/2014 - 12:07:21 | N | 79 Ko] - E:\sssss.jpg
[07/05/2014 - 18:12:15 | N | 73 Ko] - E:\sw.jpg
[22/12/2013 - 12:03:14 | SHD] - E:\System Volume Information
[01/05/2014 - 12:24:07 | N | 117 Ko] - E:\U.jpg
[30/03/2014 - 18:35:54 | N | 28 Ko] - E:\Untitled.jpg
[02/05/2014 - 12:07:00 | N | 251 Ko] - E:\vdjvh.jpg
[26/04/2014 - 16:50:22 | N | 91 Ko] - E:\vlcsnap-2014-03-29-14h54m09s114.jpg
[26/04/2014 - 16:51:05 | N | 96 Ko] - E:\vlcsnap-2014-03-29-14h55m03s146.jpg
[26/04/2014 - 16:51:27 | N | 113 Ko] - E:\vlcsnap-2014-03-29-14h55m23s91.jpg
[18/04/2014 - 15:05:28 | N | 53 Ko] - E:\vlcsnap-2014-04-13-13h58m43s178.jpg
[05/05/2014 - 14:59:52 | N | 67 Ko] - E:\vlcsnap-2014-04-26-17h44m59s188.jpg
################## | Vaccin |
D:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
E:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
################## | E.O.F | http://www.en.usbfix.net/ - https://www.sosvirus.net/ |
User: Nivetha Nive (Administrator) # HOME-PC
Updated 13/03/2014 by El Desaparecido - Team SosVirus
Started at 19:59:06 | 12/08/2014
Website : http://www.en.usbfix.net/
Changelog : http://www.en.usbfix.net/changelog/
Support : https://ccm.net/forum/viruses-security-7
Upload Malware : http://www.sosvirus.net/upload_malware.php
Contact : http://www.en.usbfix.net/contact/
PC: LENOVO (Base Board Product Name)
CPU: Pentium(R) Dual-Core CPU T4500 @ 2.30GHz
RAM -> [Total : 1979 Mo| Free : 1515 Mo]
Bios: LENOVO
Boot: Normal boot
OS: Microsoft Windows 7 Ultimate (6.1.7601 32-Bit) Service Pack 1
WB: Windows Internet Explorer : 11.0.9600.16518
SC: Security Center [(!) Disabled]
WU: Windows Update [(!) Disabled]
AS: Windows Defender [Enabled | Updated]
FW: Windows FireWall [(!) Disabled]
C:\ (%systemdrive%) -> Fixed drive # 78 Gb (55 Mb free - 71%) [] # NTFS
D:\ -> Fixed drive # 107 Gb (82 Mb free - 76%) [] # NTFS
E:\ -> Fixed drive # 113 Gb (112 Mb free - 100%) [] # NTFS
################## | Active Processes |
C:\Windows\system32\csrss.exe (ID: 364 |ParentID: 344)
C:\Windows\system32\wininit.exe (ID: 416 |ParentID: 344)
C:\Windows\system32\csrss.exe (ID: 428 |ParentID: 408)
C:\Windows\system32\services.exe (ID: 472 |ParentID: 416)
C:\Windows\system32\winlogon.exe (ID: 504 |ParentID: 408)
C:\Windows\system32\lsass.exe (ID: 512 |ParentID: 416)
C:\Windows\system32\lsm.exe (ID: 520 |ParentID: 416)
C:\Windows\system32\svchost.exe (ID: 660 |ParentID: 472)
C:\Windows\system32\svchost.exe (ID: 756 |ParentID: 472)
C:\Windows\System32\svchost.exe (ID: 836 |ParentID: 472)
C:\Windows\System32\svchost.exe (ID: 888 |ParentID: 472)
C:\Windows\system32\svchost.exe (ID: 928 |ParentID: 472)
C:\Windows\system32\svchost.exe (ID: 976 |ParentID: 472)
C:\Windows\system32\svchost.exe (ID: 1204 |ParentID: 472)
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ID: 1260 |ParentID: 472)
C:\Windows\System32\spoolsv.exe (ID: 1488 |ParentID: 472)
C:\Windows\system32\svchost.exe (ID: 1520 |ParentID: 472)
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (ID: 1568 |ParentID: 472)
C:\Windows\system32\svchost.exe (ID: 1648 |ParentID: 472)
C:\Windows\system32\svchost.exe (ID: 1680 |ParentID: 472)
C:\Windows\system32\svchost.exe (ID: 2020 |ParentID: 472)
C:\Windows\system32\svchost.exe (ID: 112 |ParentID: 472)
C:\Windows\system32\taskhost.exe (ID: 688 |ParentID: 472)
C:\Windows\system32\Dwm.exe (ID: 2120 |ParentID: 888)
C:\Windows\Explorer.EXE (ID: 2152 |ParentID: 2112)
C:\Windows\system32\runonce.exe (ID: 2260 |ParentID: 2152)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 2560 |ParentID: 660)
################## | Regedit Run |
F2 - HKLM\..\Winlogon : [Shell] explorer.exe
F2 - [64bit] HKLM\..\Winlogon : [Shell] explorer.exe
F2 - HKLM\..\Winlogon : [TaskMan] C:\Users\Nivetha Nive\AppData\Roaming\Update\MSupdate.exe
F2 - [64bit] HKLM\..\Winlogon : [TaskMan] C:\Users\Nivetha Nive\AppData\Roaming\Update\MSupdate.exe
F2 - HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe,
F2 - [64bit] HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe,
F3 - HKCU\..\Winlogon : [Shell] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-24560811\ehj2121.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-22476544\k7jj1j1.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-69537311\7da5353.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-61208711\zy126d0107.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-69032111\7d43j31.exe,C:\Users\Nivetha Nive\AppData\Roaming\Update\MSupdate.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-60193611\7da5sa1.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1464710\fd861221.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-14564210\fd865221.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-5618147819\atnxw11a9.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1770020\a77700j.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1753420\a761222j.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455986\s2361a1.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-86753420\a7656222j.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-863420\a56738wj.exe,C:\RECYCLER\mscinet.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-189911\e9roa17700.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-18751311\eproa17700.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-11820146\b12pr100.exe,explorer.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-90965120\afjhbewj.exe
04 - HKCU\..\Run : [afewfw] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-90965120\afjhbewj.exe
04 - HKCU\..\Run : [b1e1pr00] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-11820146\b12pr100.exe
04 - HKCU\..\Run : [e9oa17700] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-189911\e9roa17700.exe
04 - HKCU\..\Run : [Windows Security Firewall Manager] C:\RECYCLER\mscinet.exe
04 - HKCU\..\Run : [a37367] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-863420\a56738wj.exe
04 - HKCU\..\Run : [a765627] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-86753420\a7656222j.exe
04 - HKCU\..\Run : [s2361a121] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455986\s2361a1.exe
04 - HKCU\..\Run : [Rrsasr] C:\Users\Nivetha Nive\AppData\Roaming\Identities\Rrsasr.exe
04 - HKCU\..\Run : [Adobe System Incorporated] C:\Users\NIVETH~1\AppData\Local\Temp\Adobe\Reader_sl.exe
04 - HKCU\..\Run : [Windows Update Service] C:\Users\NIVETH~1\AppData\Local\Temp\windows\winsys.exe
04 - HKCU\..\Run : [CreativeAudio] "C:\ProgramData\CreativeAudio\epoaztybt.exe"
04 - HKCU\..\Run : [a7127] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1753420\a761222j.exe
04 - HKCU\..\Run : [a77007] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1770020\a77700j.exe
04 - HKCU\..\Run : [antaw411r9] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-5618147819\atnxw11a9.exe
04 - HKCU\..\Run : [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
04 - HKCU\..\Run : [dd75421] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-14564210\fd865221.exe
04 - HKCU\..\Run : [dd754121] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1464710\fd861221.exe
04 - HKCU\..\Run : [MicrosoftPerfWD] "C:\Users\NIVETH~1\AppData\Local\Temp\bqltmhhidxh.exe"
04 - HKCU\..\Run : [MicrosoftStCnt] "C:\Users\NIVETH~1\AppData\Local\Temp\tfoqkoispnl.exe"
04 - HKCU\..\Run : [7da5sa1] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-60193611\7da5sa1.exe
04 - HKCU\..\Run : [Windows Update Manager] C:\Users\Nivetha Nive\AppData\Roaming\Update\MSupdate.exe
04 - HKCU\..\Run : [743433j1] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-69032111\7d43j31.exe
04 - HKCU\..\Run : [zy1725d0006] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-61208711\zy126d0107.exe
04 - HKCU\..\Run : [7a453531] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-69537311\7da5353.exe
04 - HKCU\..\Run : [k7jjj01] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-22476544\k7jj1j1.exe
04 - HKCU\..\Run : [e2j2121] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-24560811\ehj2121.exe
04 - HKCU\..\Policies\Explorer\run : [Windows Update] "C:\Users\Nivetha Nive\AppData\Roaming\Identities\pxdci\pxdci.exe" -shell
04 - HKLM\..\Run : [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
04 - HKLM\..\Run : [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\..\Run : [EnergyUtility] C:\Program Files\Lenovo\EnergyCut\utilty.exe
04 - HKLM\..\Run : [EnergyCut] C:\Program Files\Lenovo\EnergyCut\EnergyCut.exe
04 - HKLM\..\Run : [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
04 - HKLM\..\Policies\Explorer\run : [14848316] C:\PROGRA~2\msaeq.exe
04 - HKLM\..\Policies\Explorer\run : [818979077] C:\PROGRA~2\msvcz.exe
04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-3825681123-1208484509-3888531729-1005\..\Run : [afewfw] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-90965120\afjhbewj.exe
04 - HKU\S-1-5-21-3825681123-1208484509-3888531729-1005\..\Run : [b1e1pr00] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-11820146\b12pr100.exe
04 - HKU\S-1-5-21-3825681123-1208484509-3888531729-1005\..\Run : [e9oa17700] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-189911\e9roa17700.exe
04 - HKU\S-1-5-21-3825681123-1208484509-3888531729-1005\..\Run : [Windows Security Firewall Manager] C:\RECYCLER\mscinet.exe
04 - HKU\S-1-5-21-3825681123-1208484509-3888531729-1005\..\Run : [a37367] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-863420\a56738wj.exe
04 - HKU\S-1-5-21-3825681123-1208484509-3888531729-1005\..\Run : [a765627] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-86753420\a7656222j.exe
04 - HKU\S-1-5-21-3825681123-1208484509-3888531729-1005\..\Run : [s2361a121] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455986\s2361a1.exe
04 - HKU\S-1-5-21-3825681123-1208484509-3888531729-1005\..\Run : [Rrsasr] C:\Users\Nivetha Nive\AppData\Roaming\Identities\Rrsasr.exe
04 - HKU\S-1-5-21-3825681123-1208484509-3888531729-1005\..\Run : [Adobe System Incorporated] C:\Users\NIVETH~1\AppData\Local\Temp\Adobe\Reader_sl.exe
04 - HKU\S-1-5-21-3825681123-1208484509-3888531729-1005\..\Run : [Windows Update Service] C:\Users\NIVETH~1\AppData\Local\Temp\windows\winsys.exe
04 - HKU\S-1-5-21-3825681123-1208484509-3888531729-1005\..\Run : [CreativeAudio] "C:\ProgramData\CreativeAudio\epoaztybt.exe"
04 - HKU\S-1-5-21-3825681123-1208484509-3888531729-1005\..\Run : [a7127] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1753420\a761222j.exe
04 - HKU\S-1-5-21-3825681123-1208484509-3888531729-1005\..\Run : [a77007] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1770020\a77700j.exe
04 - HKU\S-1-5-21-3825681123-1208484509-3888531729-1005\..\Run : [antaw411r9] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-5618147819\atnxw11a9.exe
04 - HKU\S-1-5-21-3825681123-1208484509-3888531729-1005\..\Run : [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
04 - HKU\S-1-5-21-3825681123-1208484509-3888531729-1005\..\Run : [dd75421] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-14564210\fd865221.exe
04 - HKU\S-1-5-21-3825681123-1208484509-3888531729-1005\..\Run : [dd754121] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1464710\fd861221.exe
04 - HKU\S-1-5-21-3825681123-1208484509-3888531729-1005\..\Run : [MicrosoftPerfWD] "C:\Users\NIVETH~1\AppData\Local\Temp\bqltmhhidxh.exe"
04 - HKU\S-1-5-21-3825681123-1208484509-3888531729-1005\..\Run : [MicrosoftStCnt] "C:\Users\NIVETH~1\AppData\Local\Temp\tfoqkoispnl.exe"
04 - HKU\S-1-5-21-3825681123-1208484509-3888531729-1005\..\Run : [7da5sa1] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-60193611\7da5sa1.exe
04 - HKU\S-1-5-21-3825681123-1208484509-3888531729-1005\..\Run : [Windows Update Manager] C:\Users\Nivetha Nive\AppData\Roaming\Update\MSupdate.exe
04 - HKU\S-1-5-21-3825681123-1208484509-3888531729-1005\..\Run : [743433j1] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-69032111\7d43j31.exe
04 - HKU\S-1-5-21-3825681123-1208484509-3888531729-1005\..\Run : [zy1725d0006] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-61208711\zy126d0107.exe
04 - HKU\S-1-5-21-3825681123-1208484509-3888531729-1005\..\Run : [7a453531] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-69537311\7da5353.exe
04 - HKU\S-1-5-21-3825681123-1208484509-3888531729-1005\..\Run : [k7jjj01] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-22476544\k7jj1j1.exe
04 - HKU\S-1-5-21-3825681123-1208484509-3888531729-1005\..\Run : [e2j2121] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-24560811\ehj2121.exe
04 - HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-21-3825681123-1208484509-3888531729-1005\..\Policies\Explorer\run : [Windows Update] "C:\Users\Nivetha Nive\AppData\Roaming\Identities\pxdci\pxdci.exe" -shell
################## | Generic Research |
Deleted ! C:\Users\Nivetha Nive\AppData\Roaming\1DFB.exe
Deleted ! C:\Users\Nivetha Nive\AppData\Roaming\3CFB.exe
Deleted ! C:\Users\Nivetha Nive\AppData\Roaming\4EBB.exe
Deleted ! C:\Users\Nivetha Nive\AppData\Roaming\6597.exe
Deleted ! C:\Users\Nivetha Nive\AppData\Roaming\7AF9.exe
Deleted ! C:\Users\Nivetha Nive\AppData\Roaming\7C40.exe
Deleted ! C:\Users\Nivetha Nive\AppData\Roaming\8FD4.exe
Deleted ! C:\Users\Nivetha Nive\AppData\Roaming\c731200
Deleted ! C:\Users\NIVETH~1\AppData\Local\Temp\Adobe\Reader_sl.exe
Deleted ! C:\Users\Nivetha Nive\AppData\Roaming\Identities\Rrsasr.exe
Deleted ! C:\Users\Nivetha Nive\AppData\Roaming\Update\MSupdate.exe
Deleted ! C:\Users\NIVETH~1\AppData\Local\Temp\c731200
Deleted ! C:\Recycler\S-1-5-21-0243556031-888888379-781863308-22476544
Deleted ! C:\Recycler\S-1-5-21-0243556031-888888379-781863308-24560811
Not deleted ! C:\ProgramData\CreativeAudio\epoaztybt.exe
Deleted ! C:\ProgramData\CreativeAudio\txdtevonjsb.exe
Not deleted ! C:\ProgramData\CreativeAudio\xsytzecrn.exe
Not deleted ! C:\Users\All Users\CreativeAudio\epoaztybt.exe
Not deleted ! C:\Users\All Users\CreativeAudio\xsytzecrn.exe
Deleted ! C:\Users\home\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\339K11YE\bet[1].exe
Deleted ! C:\Users\home\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JCL8EZXE\bet[2].exe
Deleted ! C:\Users\home\AppData\Roaming\Identities\Rrsasr.exe
Deleted ! C:\Users\Nivetha Nive\AppData\Local\Temp\ysydz.exe
Deleted ! C:\Users\Nivetha Nive\AppData\Roaming\CFBC.exe
(!) Temporary files deleted.
################## | Registry |
Deleted ! HKCU\Software\WindowsId Manager Reader
Repaired ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|EnableLUA -> 1
Repaired ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|ConsentPromptBehaviorAdmin -> 5
Not deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mbam.exe
Not deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mbamgui.exe
Deleted ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rstrui.exe
Deleted ! HKU\S-1-5-21-3825681123-1208484509-3888531729-1005\Software\Microsoft\Windows\CurrentVersion\Run|Adobe System Incorporated
Deleted ! HKU\S-1-5-21-3825681123-1208484509-3888531729-1005\Software\Microsoft\Windows\CurrentVersion\Run|antaw411r9
Deleted ! HKU\S-1-5-21-3825681123-1208484509-3888531729-1005\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|Windows Update
Deleted ! HKU\S-1-5-21-3825681123-1208484509-3888531729-1005\Software\Microsoft\Windows\CurrentVersion\Run|Rrsasr
################## | Listing |
[22/03/2014 - 19:17:56 | SHD] - C:\$Recycle.Bin
[11/06/2009 - 03:12:20 | A | 0 Ko] - C:\autoexec.bat
[11/06/2009 - 03:12:20 | N | 0 Ko] - C:\config.sys
[14/07/2009 - 10:23:55 | SHD] - C:\Documents and Settings
[13/04/2014 - 10:39:11 | D] - C:\Drivers
[12/08/2014 - 19:58:00 | ASH | 1519844 Ko] - C:\hiberfil.sys
[31/05/2014 - 21:59:29 | RASH | 0 Ko] - C:\IO.SYS
[31/05/2014 - 21:59:29 | RASH | 0 Ko] - C:\MSDOS.SYS
[11/10/2013 - 01:55:14 | RHD] - C:\MSOCache
[12/08/2014 - 19:58:03 | ASH | 2026460 Ko] - C:\pagefile.sys
[14/07/2009 - 08:07:05 | D] - C:\PerfLogs
[15/07/2014 - 18:31:10 | D] - C:\Program Files
[04/08/2014 - 19:17:47 | HD] - C:\ProgramData
[11/10/2013 - 01:52:34 | SHD] - C:\Recovery
[12/08/2014 - 20:03:33 | D] - C:\RECYCLER
[12/08/2014 - 19:43:51 | SHD] - C:\System Volume Information
[12/08/2014 - 19:57:11 | D] - C:\UsbFix
[12/08/2014 - 20:04:03 | A | 16 Ko | 56FFD97F8448F9A245F45EEBF3A4C2C3] - C:\UsbFix [Clean 8] HOME-PC.txt
[08/06/2014 - 08:05:27 | D] - C:\Users
[12/08/2014 - 19:43:52 | D] - C:\Windows
[22/03/2014 - 19:17:56 | SHD] - D:\$RECYCLE.BIN
[12/06/2014 - 20:20:43 | D] - D:\Books
[15/07/2014 - 20:00:28 | D] - D:\Film
[16/07/2014 - 19:44:54 | D] - D:\New_folder
[20/07/2014 - 18:45:57 | D] - D:\Nive
[09/08/2014 - 20:13:30 | D] - D:\Pictures
[18/05/2014 - 19:35:48 | D] - D:\resumes
[28/07/2014 - 20:45:31 | D] - D:\Softwares
[08/08/2014 - 17:56:39 | D] - D:\Songs
[06/08/2014 - 20:22:52 | D] - D:\swe
[11/10/2013 - 10:28:55 | SHD] - D:\System Volume Information
[08/07/2014 - 15:38:52 | D] - D:\Tones
[26/07/2014 - 21:13:59 | D] - D:\Videos
[17/07/2014 - 20:12:09 | D] - D:\village photos
[22/03/2014 - 19:17:56 | SHD] - E:\$RECYCLE.BIN
[29/03/2014 - 15:31:16 | N | 35 Ko] - E:\396899-aashiqui-2-movie-review.jpg
[07/05/2014 - 16:03:25 | N | 1013 Ko] - E:\AS.jpg
[07/05/2014 - 11:46:52 | N | 231 Ko] - E:\ashq.jpg
[07/05/2014 - 15:36:34 | N | 191 Ko] - E:\ashwini.jpg
[03/05/2014 - 13:22:35 | N | 91 Ko] - E:\aswini.jpg
[06/05/2014 - 09:12:56 | N | 832 Ko] - E:\CHAAYA.png
[07/05/2014 - 16:27:47 | N | 485 Ko] - E:\dcgh.jpg
[02/05/2014 - 12:06:02 | N | 233 Ko] - E:\gdhh.jpg
[27/04/2014 - 12:13:43 | N | 85 Ko] - E:\gen21.jpg
[15/07/2014 - 20:34:16 | N | 339 Ko] - E:\genr.jpg
[26/04/2014 - 20:56:40 | N | 125 Ko] - E:\ghgty.jpg
[23/04/2014 - 11:49:27 | N | 40 Ko] - E:\Gmaxresdefault.jpg
[07/05/2014 - 18:39:37 | N | 24 Ko] - E:\gyu.jpg
[05/05/2014 - 14:44:51 | N | 198 Ko] - E:\hdhfudd.jpg
[04/05/2014 - 19:21:08 | N | 231 Ko] - E:\hey baby.jpg
[06/05/2014 - 12:44:54 | N | 46 Ko] - E:\hghy.jpg
[07/05/2014 - 16:17:38 | N | 754 Ko] - E:\HHHF.jpg
[26/04/2014 - 21:18:18 | N | 99 Ko] - E:\hhjdhf.jpg
[26/04/2014 - 20:36:28 | N | 195 Ko] - E:\husdu.jpg
[18/05/2014 - 15:01:56 | N | 113 Ko] - E:\ijathe.jpg
[16/07/2014 - 21:52:16 | N | 230 Ko] - E:\Image0303.jpg
[16/07/2014 - 19:22:10 | N | 63 Ko] - E:\Image0326.jpg
[12/06/2014 - 09:32:18 | N | 154 Ko] - E:\jdjf.jpg
[05/05/2014 - 09:03:25 | N | 77 Ko] - E:\JFHUJD.jpg
[02/05/2014 - 13:45:26 | N | 133 Ko] - E:\jjfkbklfk.jpg
[18/06/2014 - 16:08:23 | N | 117 Ko] - E:\jjjjnjnjn.jpg
[04/05/2014 - 11:46:21 | N | 103 Ko] - E:\mama treatu.jpg
[04/06/2014 - 18:38:29 | N | 92 Ko] - E:\negi.jpg
[29/04/2014 - 13:00:37 | D] - E:\New folder
[16/07/2014 - 21:56:42 | N | 58 Ko] - E:\New Pictur.jpg
[15/07/2014 - 21:00:51 | N | 254 Ko] - E:\New Picture (2).jpg
[23/04/2014 - 11:21:28 | N | 149 Ko] - E:\New Picture (5.jpg
[18/06/2014 - 15:31:33 | N | 179 Ko] - E:\New Picturebh.jpg
[07/05/2014 - 17:59:12 | N | 456 Ko] - E:\nweyrk.jpg
[02/05/2014 - 10:36:08 | N | 122 Ko] - E:\pdlv.jpg
[30/04/2014 - 12:07:21 | N | 79 Ko] - E:\sssss.jpg
[07/05/2014 - 18:12:15 | N | 73 Ko] - E:\sw.jpg
[22/12/2013 - 12:03:14 | SHD] - E:\System Volume Information
[01/05/2014 - 12:24:07 | N | 117 Ko] - E:\U.jpg
[30/03/2014 - 18:35:54 | N | 28 Ko] - E:\Untitled.jpg
[02/05/2014 - 12:07:00 | N | 251 Ko] - E:\vdjvh.jpg
[26/04/2014 - 16:50:22 | N | 91 Ko] - E:\vlcsnap-2014-03-29-14h54m09s114.jpg
[26/04/2014 - 16:51:05 | N | 96 Ko] - E:\vlcsnap-2014-03-29-14h55m03s146.jpg
[26/04/2014 - 16:51:27 | N | 113 Ko] - E:\vlcsnap-2014-03-29-14h55m23s91.jpg
[18/04/2014 - 15:05:28 | N | 53 Ko] - E:\vlcsnap-2014-04-13-13h58m43s178.jpg
[05/05/2014 - 14:59:52 | N | 67 Ko] - E:\vlcsnap-2014-04-26-17h44m59s188.jpg
################## | Vaccin |
D:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
E:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
################## | E.O.F | http://www.en.usbfix.net/ - https://www.sosvirus.net/ |
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,162
Aug 12, 2014 at 04:09 PM
Aug 12, 2014 at 04:09 PM
You must feel relieve has all the viruses have been destroyed?
Mar 20, 2014 at 02:04 AM
Please, paste offical link of UsbFix on your help ( http://www.en.usbfix.net/ ) and Tutorial : http://www.en.usbfix.net/2014/02/usbfix-tutorial-clean-option/
Thanks ;)
Mar 20, 2014 at 04:43 AM
OK no problem. ;)
Gabriel.