Remove the RECYCLER.exe virus
Closed
infomimi
-
¡El Desaparecido! -
¡El Desaparecido! -
Hello,
please I have a problem with the RECYCLER.exe virus.
When I sent a folder from my PC to my flash drive which was empty before, I found a folder called RECYCLER.exe. It told me it was a virus; I scanned my flash drive but the antivirus didn't detect any viruses, which is strange. And since I copied the folder from my PC, it means this virus is inside, but when I did a full scan, I found nothing.
It told me to show hidden folders by using Control Panel --> Folder Options --> Show hidden files and folders, but the folders remain hidden and when I go back to the folder options, I find the option to show hidden files and folders disabled. I don't know why this problem exists and I can't solve it.
Please help me to destroy this virus and if you have other ideas, please let me know.
Thanks in advance.
please I have a problem with the RECYCLER.exe virus.
When I sent a folder from my PC to my flash drive which was empty before, I found a folder called RECYCLER.exe. It told me it was a virus; I scanned my flash drive but the antivirus didn't detect any viruses, which is strange. And since I copied the folder from my PC, it means this virus is inside, but when I did a full scan, I found nothing.
It told me to show hidden folders by using Control Panel --> Folder Options --> Show hidden files and folders, but the folders remain hidden and when I go back to the folder options, I find the option to show hidden files and folders disabled. I don't know why this problem exists and I can't solve it.
Please help me to destroy this virus and if you have other ideas, please let me know.
Thanks in advance.
Configuration: Windows XP Internet Explorer 7.0
26 réponses
- 1
- 2
Suivant
Hey there
No panic
C_XX & Chiquitine29 have created what you need!
Download and install UsbFix from C_XX & Chiquitine29
Connect your external data sources to your PC (USB stick, external hard drive, etc...) that may have been infected without opening them
# Double click on the UsbFix shortcut present on your desktop.
# Choose option 1 (Search)
# Let the tool work.
# Then post the UsbFix.txt report that will appear.
# Note: The UsbFix.txt report is saved at the root of the drive. (C:\UsbFix.txt)
(CTRL+A to select all, CTRL+C to copy and CTRL+V to paste)
# Note: "Process.exe", a component of the tool, is detected by some antivirus software (AntiVir, Dr.Web, Kaspersky Anti-Virus) as a RiskTool.
It is not a virus, but a utility designed to terminate processes.
In the wrong hands, this utility could stop security software (Antivirus, Firewall...) hence the alert issued by these antivirus programs.
No panic
C_XX & Chiquitine29 have created what you need!
Download and install UsbFix from C_XX & Chiquitine29
Connect your external data sources to your PC (USB stick, external hard drive, etc...) that may have been infected without opening them
# Double click on the UsbFix shortcut present on your desktop.
# Choose option 1 (Search)
# Let the tool work.
# Then post the UsbFix.txt report that will appear.
# Note: The UsbFix.txt report is saved at the root of the drive. (C:\UsbFix.txt)
(CTRL+A to select all, CTRL+C to copy and CTRL+V to paste)
# Note: "Process.exe", a component of the tool, is detected by some antivirus software (AntiVir, Dr.Web, Kaspersky Anti-Virus) as a RiskTool.
It is not a virus, but a utility designed to terminate processes.
In the wrong hands, this utility could stop security software (Antivirus, Firewall...) hence the alert issued by these antivirus programs.
Hello,
Please avoid SMS language,
Then,
▶ Download UsbFix from C_XX & Chiquitine29 & Chimay8
▶ Installation tutorial
▶ Search tutorial
▶ Start the installation with the default settings
▶ Connect your external data sources to your PC (USB flash drive, external hard drive, etc.) that may have been infected (!) without opening them (!)
▶ Double-click the UsbFix shortcut on your desktop
▶ Choose option 1 (search)
▶ Let the tool work
▶ Then post the UsbFix.txt report that will appear
Notes:
1- The UsbFix.txt report is saved at the root of the drive
2- If the Desktop does not reappear, press Ctrl + Alt + Delete, Tab "File", "New task", type explorer.exe and confirm
3- "Process.exe", a component of the tool, is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky Anti-Virus) as a RiskTool.
It is not a virus, but a utility designed to terminate processes.
In the wrong hands, this utility could stop security software (Antivirus, Firewall...) which is why these antivirus programs issue an alert.
--
A subject that is marked "unresolved" is like someone shopping at the store without paying...
So, please remember to mark your subject as RESOLVED
Please avoid SMS language,
Then,
▶ Download UsbFix from C_XX & Chiquitine29 & Chimay8
▶ Installation tutorial
▶ Search tutorial
▶ Start the installation with the default settings
▶ Connect your external data sources to your PC (USB flash drive, external hard drive, etc.) that may have been infected (!) without opening them (!)
▶ Double-click the UsbFix shortcut on your desktop
▶ Choose option 1 (search)
▶ Let the tool work
▶ Then post the UsbFix.txt report that will appear
Notes:
1- The UsbFix.txt report is saved at the root of the drive
2- If the Desktop does not reappear, press Ctrl + Alt + Delete, Tab "File", "New task", type explorer.exe and confirm
3- "Process.exe", a component of the tool, is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky Anti-Virus) as a RiskTool.
It is not a virus, but a utility designed to terminate processes.
In the wrong hands, this utility could stop security software (Antivirus, Firewall...) which is why these antivirus programs issue an alert.
--
A subject that is marked "unresolved" is like someone shopping at the store without paying...
So, please remember to mark your subject as RESOLVED
############################## | UsbFix V6.081 |
User : ali (Administrators) # PC-EF468E4D29DB
Update on 28/01/2010 by El Desaparecido , C_XX & Chimay8
Start at: 23:58:19 | 28/01/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com
Intel(R) Pentium(R) 4 CPU 2.66GHz
Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : COMODO Antivirus 3.9 [ Enabled | (!) Outdated ]
FW : COMODO Firewall[ Enabled ]3.9
C:\ -> Local hard drive # 17.57 GB (8.19 GB free) # FAT32
D:\ -> Local hard drive # 17.63 GB (4.67 GB free) # FAT32
E:\ -> Local hard drive # 21.49 GB (2.39 GB free) # NTFS
F:\ -> Local hard drive # 17.64 GB (4.93 GB free) # NTFS
G:\ -> CD-ROM drive
H:\ -> CD-ROM drive
I:\ -> Removable drive # 7.45 GB (2.62 GB free) [ALIFASH] # FAT32
J:\ -> Removable drive # 1.88 GB (753.37 MB free) [NIHAD FLASH] # FAT32
############################## | Active Processes |
C:\WINDOWS\System32\smss.exe 612
C:\WINDOWS\system32\winlogon.exe 720
C:\WINDOWS\system32\services.exe 764
C:\WINDOWS\system32\lsass.exe 776
C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe 924
C:\WINDOWS\system32\svchost.exe 984
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe 1168
C:\WINDOWS\system32\svchost.exe 1216
C:\WINDOWS\system32\spoolsv.exe 1644
C:\WINDOWS\Explorer.EXE 1876
C:\Program Files\Java\jre6\bin\jqs.exe 208
C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe 600
C:\Program Files\Panda USB Vaccine\USBVaccine.exe 1388
C:\WINDOWS\system32\jjj.exe 1416
C:\Program Files\Java\jre6\bin\jusched.exe 1620
C:\Program Files\COMODO\livePCsupport\ELPS.exe 1824
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe 1840
C:\WINDOWS\system32\ctfmon.exe 1924
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe 1988
C:\WINDOWS\system32\ping.exe 536
C:\WINDOWS\system32\wscntfy.exe 648
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe 1820
C:\WINDOWS\system32\CNAB3RPK.EXE 1772
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe 1868
C:\WINDOWS\system32\wuauclt.exe 2744
################## | Infectious Elements |
C:\WINDOWS\System32\jjj.exe
C:\autorun.inf
C:\autorun.inf -> file called : "C:\jjj.exe" ( Present ! )
C:\JJJ.exe
D:\autorun.inf
D:\autorun.inf -> file called : "D:\jjj.exe" ( Present ! )
D:\JJJ.exe
E:\autorun.inf
E:\autorun.inf -> file called : "E:\jjj.exe" ( Present ! )
E:\JJJ.exe
F:\autorun.inf
F:\autorun.inf -> file called : "F:\jjj.exe" ( Present ! )
F:\JJJ.exe
I:\autorun.inf
I:\JJJ.exe
J:\autorun.inf
J:\JJJ.exe
################## | Registry |
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "win32dll"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoFind"
[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoFolderOptions"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoFolderOptions"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoRun"
################## | Mountpoints2 |
################## | ! End of report # UsbFix V6.081 ! |
User : ali (Administrators) # PC-EF468E4D29DB
Update on 28/01/2010 by El Desaparecido , C_XX & Chimay8
Start at: 23:58:19 | 28/01/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com
Intel(R) Pentium(R) 4 CPU 2.66GHz
Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : COMODO Antivirus 3.9 [ Enabled | (!) Outdated ]
FW : COMODO Firewall[ Enabled ]3.9
C:\ -> Local hard drive # 17.57 GB (8.19 GB free) # FAT32
D:\ -> Local hard drive # 17.63 GB (4.67 GB free) # FAT32
E:\ -> Local hard drive # 21.49 GB (2.39 GB free) # NTFS
F:\ -> Local hard drive # 17.64 GB (4.93 GB free) # NTFS
G:\ -> CD-ROM drive
H:\ -> CD-ROM drive
I:\ -> Removable drive # 7.45 GB (2.62 GB free) [ALIFASH] # FAT32
J:\ -> Removable drive # 1.88 GB (753.37 MB free) [NIHAD FLASH] # FAT32
############################## | Active Processes |
C:\WINDOWS\System32\smss.exe 612
C:\WINDOWS\system32\winlogon.exe 720
C:\WINDOWS\system32\services.exe 764
C:\WINDOWS\system32\lsass.exe 776
C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe 924
C:\WINDOWS\system32\svchost.exe 984
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe 1168
C:\WINDOWS\system32\svchost.exe 1216
C:\WINDOWS\system32\spoolsv.exe 1644
C:\WINDOWS\Explorer.EXE 1876
C:\Program Files\Java\jre6\bin\jqs.exe 208
C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe 600
C:\Program Files\Panda USB Vaccine\USBVaccine.exe 1388
C:\WINDOWS\system32\jjj.exe 1416
C:\Program Files\Java\jre6\bin\jusched.exe 1620
C:\Program Files\COMODO\livePCsupport\ELPS.exe 1824
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe 1840
C:\WINDOWS\system32\ctfmon.exe 1924
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe 1988
C:\WINDOWS\system32\ping.exe 536
C:\WINDOWS\system32\wscntfy.exe 648
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe 1820
C:\WINDOWS\system32\CNAB3RPK.EXE 1772
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe 1868
C:\WINDOWS\system32\wuauclt.exe 2744
################## | Infectious Elements |
C:\WINDOWS\System32\jjj.exe
C:\autorun.inf
C:\autorun.inf -> file called : "C:\jjj.exe" ( Present ! )
C:\JJJ.exe
D:\autorun.inf
D:\autorun.inf -> file called : "D:\jjj.exe" ( Present ! )
D:\JJJ.exe
E:\autorun.inf
E:\autorun.inf -> file called : "E:\jjj.exe" ( Present ! )
E:\JJJ.exe
F:\autorun.inf
F:\autorun.inf -> file called : "F:\jjj.exe" ( Present ! )
F:\JJJ.exe
I:\autorun.inf
I:\JJJ.exe
J:\autorun.inf
J:\JJJ.exe
################## | Registry |
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "win32dll"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoFind"
[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoFolderOptions"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoFolderOptions"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoRun"
################## | Mountpoints2 |
################## | ! End of report # UsbFix V6.081 ! |
############################## | UsbFix V6.081 |
User : ali (Administrators) # PC-EF468E4D29DB
Update on 28/01/2010 by El Desaparecido, C_XX & Chimay8
Start at: 23:58:19 | 28/01/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com
Intel(R) Pentium(R) 4 CPU 2.66GHz
Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : COMODO Antivirus 3.9 [ Enabled | (!) Outdated ]
FW : COMODO Firewall[ Enabled ]3.9
C:\ -> Local disk # 17.57 Go (8.19 Go free) # FAT32
D:\ -> Local disk # 17.63 Go (4.67 Go free) # FAT32
E:\ -> Local disk # 21.49 Go (2.39 Go free) # NTFS
F:\ -> Local disk # 17.64 Go (4.93 Go free) # NTFS
G:\ -> CD-ROM drive
H:\ -> CD-ROM drive
I:\ -> Removable disk # 7.45 Go (2.62 Go free) [ALIFASH] # FAT32
J:\ -> Removable disk # 1.88 Go (753.37 Mo free) [NIHAD FLASH] # FAT32
############################## | Active processes |
C:\WINDOWS\System32\smss.exe 612
C:\WINDOWS\system32\winlogon.exe 720
C:\WINDOWS\system32\services.exe 764
C:\WINDOWS\system32\lsass.exe 776
C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe 924
C:\WINDOWS\system32\svchost.exe 984
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe 1168
C:\WINDOWS\system32\svchost.exe 1216
C:\WINDOWS\system32\spoolsv.exe 1644
C:\WINDOWS\Explorer.EXE 1876
C:\Program Files\Java\jre6\bin\jqs.exe 208
C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe 600
C:\Program Files\Panda USB Vaccine\USBVaccine.exe 1388
C:\WINDOWS\system32\jjj.exe 1416
C:\Program Files\Java\jre6\bin\jusched.exe 1620
C:\Program Files\COMODO\livePCsupport\ELPS.exe 1824
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe 1840
C:\WINDOWS\system32\ctfmon.exe 1924
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe 1988
C:\WINDOWS\system32\ping.exe 536
C:\WINDOWS\system32\wscntfy.exe 648
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe 1820
C:\WINDOWS\system32\CNAB3RPK.EXE 1772
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe 1868
C:\WINDOWS\system32\wuauclt.exe 2744
################## | Infectious elements |
C:\WINDOWS\System32\jjj.exe
C:\autorun.inf
C:\autorun.inf -> file called : "C:\jjj.exe" ( Present ! )
C:\JJJ.exe
D:\autorun.inf
D:\autorun.inf -> file called : "D:\jjj.exe" ( Present ! )
D:\JJJ.exe
E:\autorun.inf
E:\autorun.inf -> file called : "E:\jjj.exe" ( Present ! )
E:\JJJ.exe
F:\autorun.inf
F:\autorun.inf -> file called : "F:\jjj.exe" ( Present ! )
F:\JJJ.exe
I:\autorun.inf
I:\JJJ.exe
J:\autorun.inf
J:\JJJ.exe
################## | Registry |
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "win32dll"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoFind"
[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoFolderOptions"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoFolderOptions"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoRun"
################## | Mountpoints2 |
################## | ! End of report # UsbFix V6.081 ! |
User : ali (Administrators) # PC-EF468E4D29DB
Update on 28/01/2010 by El Desaparecido, C_XX & Chimay8
Start at: 23:58:19 | 28/01/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com
Intel(R) Pentium(R) 4 CPU 2.66GHz
Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : COMODO Antivirus 3.9 [ Enabled | (!) Outdated ]
FW : COMODO Firewall[ Enabled ]3.9
C:\ -> Local disk # 17.57 Go (8.19 Go free) # FAT32
D:\ -> Local disk # 17.63 Go (4.67 Go free) # FAT32
E:\ -> Local disk # 21.49 Go (2.39 Go free) # NTFS
F:\ -> Local disk # 17.64 Go (4.93 Go free) # NTFS
G:\ -> CD-ROM drive
H:\ -> CD-ROM drive
I:\ -> Removable disk # 7.45 Go (2.62 Go free) [ALIFASH] # FAT32
J:\ -> Removable disk # 1.88 Go (753.37 Mo free) [NIHAD FLASH] # FAT32
############################## | Active processes |
C:\WINDOWS\System32\smss.exe 612
C:\WINDOWS\system32\winlogon.exe 720
C:\WINDOWS\system32\services.exe 764
C:\WINDOWS\system32\lsass.exe 776
C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe 924
C:\WINDOWS\system32\svchost.exe 984
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe 1168
C:\WINDOWS\system32\svchost.exe 1216
C:\WINDOWS\system32\spoolsv.exe 1644
C:\WINDOWS\Explorer.EXE 1876
C:\Program Files\Java\jre6\bin\jqs.exe 208
C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe 600
C:\Program Files\Panda USB Vaccine\USBVaccine.exe 1388
C:\WINDOWS\system32\jjj.exe 1416
C:\Program Files\Java\jre6\bin\jusched.exe 1620
C:\Program Files\COMODO\livePCsupport\ELPS.exe 1824
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe 1840
C:\WINDOWS\system32\ctfmon.exe 1924
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe 1988
C:\WINDOWS\system32\ping.exe 536
C:\WINDOWS\system32\wscntfy.exe 648
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe 1820
C:\WINDOWS\system32\CNAB3RPK.EXE 1772
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe 1868
C:\WINDOWS\system32\wuauclt.exe 2744
################## | Infectious elements |
C:\WINDOWS\System32\jjj.exe
C:\autorun.inf
C:\autorun.inf -> file called : "C:\jjj.exe" ( Present ! )
C:\JJJ.exe
D:\autorun.inf
D:\autorun.inf -> file called : "D:\jjj.exe" ( Present ! )
D:\JJJ.exe
E:\autorun.inf
E:\autorun.inf -> file called : "E:\jjj.exe" ( Present ! )
E:\JJJ.exe
F:\autorun.inf
F:\autorun.inf -> file called : "F:\jjj.exe" ( Present ! )
F:\JJJ.exe
I:\autorun.inf
I:\JJJ.exe
J:\autorun.inf
J:\JJJ.exe
################## | Registry |
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "win32dll"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoFind"
[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoFolderOptions"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoFolderOptions"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoRun"
################## | Mountpoints2 |
################## | ! End of report # UsbFix V6.081 ! |
• Download UsbFix to your Desktop:
(!) Connect your external data sources to your PC (USB key, external hard drive, etc...) that may have been infected without opening them.
• Double click on UsbFix.exe on your desktop.
• In the main menu, choose the option " F " for French and press [enter].
• In the second menu, choose the option " 2 " (Deletion) and press [enter].
• Your desktop will disappear and the PC will restart.
• Upon restarting, UsbFix will scan your PC, let the tool do its work.
• Then post the UsbFix.txt report that will appear with the desktop.
• Note: The UsbFix.txt report is saved at the root of the disk. (C:\UsbFix.txt)
(CTRL+A to select all, CTRL+C to copy, and CTRL+V to paste)
Note: "Process.exe", a component of the tool, is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky Anti-Virus) as a RiskTool.
It is not a virus, but a utility designed to stop processes.
In the wrong hands, this utility could stop security software (Antivirus, Firewall...) hence the alert issued by these antivirus programs.
• Tutorial: http://pagesperso-orange.fr/NosTools/tuto_usbfix3.html
• Home: http://pagesperso-orange.fr/NosTools/usbfix.html
--
@+
(!) Connect your external data sources to your PC (USB key, external hard drive, etc...) that may have been infected without opening them.
• Double click on UsbFix.exe on your desktop.
• In the main menu, choose the option " F " for French and press [enter].
• In the second menu, choose the option " 2 " (Deletion) and press [enter].
• Your desktop will disappear and the PC will restart.
• Upon restarting, UsbFix will scan your PC, let the tool do its work.
• Then post the UsbFix.txt report that will appear with the desktop.
• Note: The UsbFix.txt report is saved at the root of the disk. (C:\UsbFix.txt)
(CTRL+A to select all, CTRL+C to copy, and CTRL+V to paste)
Note: "Process.exe", a component of the tool, is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky Anti-Virus) as a RiskTool.
It is not a virus, but a utility designed to stop processes.
In the wrong hands, this utility could stop security software (Antivirus, Firewall...) hence the alert issued by these antivirus programs.
• Tutorial: http://pagesperso-orange.fr/NosTools/tuto_usbfix3.html
• Home: http://pagesperso-orange.fr/NosTools/usbfix.html
--
@+
Hi!
It's easy, just read and follow these instructions:
1- work station>tools>folder options>view>show: hidden folders, known file extensions, protected files then apply and OK
2- you enter the folder where your system is located and launch the "Search" tab and type "EXE" and hit "search" and there will be many .EXE files displayed.
3-To recognize the type of Virus that is active on your PC, you open the task manager "control-alt-delete" and display all the processes in use
4-Once the task manager is displayed, you need to stop the process corresponding to a file written entirely in uppercase, such as "3ACDE4.EXE" or something like that because it is the virus recycle.exe in person
5-After that you go back to the search you performed in step 2 and delete ("Shift+Delete") "3ACDE4.EXE" and that's it, it's done
Then you restart your PC and that's it. To check for the absence of this type of virus, you open the task manager and normally there will no longer be 3ACDE4.EXE or anything like that, and your PC is clean!
It's a bit long, but that's how it works!
If you want more advice, you can write to me at my email "faheyv@yahoo.fr"
Ok
See you!
It's easy, just read and follow these instructions:
1- work station>tools>folder options>view>show: hidden folders, known file extensions, protected files then apply and OK
2- you enter the folder where your system is located and launch the "Search" tab and type "EXE" and hit "search" and there will be many .EXE files displayed.
3-To recognize the type of Virus that is active on your PC, you open the task manager "control-alt-delete" and display all the processes in use
4-Once the task manager is displayed, you need to stop the process corresponding to a file written entirely in uppercase, such as "3ACDE4.EXE" or something like that because it is the virus recycle.exe in person
5-After that you go back to the search you performed in step 2 and delete ("Shift+Delete") "3ACDE4.EXE" and that's it, it's done
Then you restart your PC and that's it. To check for the absence of this type of virus, you open the task manager and normally there will no longer be 3ACDE4.EXE or anything like that, and your PC is clean!
It's a bit long, but that's how it works!
If you want more advice, you can write to me at my email "faheyv@yahoo.fr"
Ok
See you!
Is RECYCLER written in uppercase in XP the virus? It seems to combine with Doc. & Setting, a menu... 32, and a fourth one whose name I’ve forgotten. Please let me know if I need to refresh the BIOS since I reinstalled XP and it reappears. Ora
Hi, it's an infection that spreads through external drives (USB sticks, external hard drives...) so even after formatting, if you reconnect an infected external drive to the PC, it will be affected again...
We need you to provide a research report using USBFix as explained above.
We need you to provide a research report using USBFix as explained above.
############################## | UsbFix 7.055 | [Search]
User: Administrator (Administrator) # SWEET-BFD6CB4B9 [ ]
Updated on 06/08/2011 by El Desaparecido
Launched at 18:55:11 | 11/08/2011
Website: http://www.teamxscript.org
Submit your sample: http://www.teamxscript.org/Upload.php
Contact: TeamXscript.ElDesaparecido@gmail.com
CPU: Intel(R) Pentium(R) 4 CPU 3.20GHz
CPU 2: Intel(R) Pentium(R) 4 CPU 3.20GHz
Microsoft Windows XP Professional (5.1.2600 32-Bit) # Service Pack 2
Internet Explorer 7.0.5730.11
Windows Firewall: Disabled /!\
RAM -> 1215 MB
C:\ (%systemdrive%) -> Hard Drive # 38 GB (32 GB free - 84%) [] # NTFS
D:\ -> Hard Drive # 36 GB (32 GB free - 88%) [New name] # NTFS
E:\ -> CD-ROM
F:\ -> Removable Drive # 969 MB (969 MB free - 100%) [tina] # FAT32
################## | Infectious Items |
Present! C:\RECYCLER\S-1-5-21-343818398-1177238915-1801674531-500
Present! D:\RECYCLER\S-1-5-21-343818398-1177238915-1801674531-500
Present! F:\RECYCLER\S-5-6-66-7737150667-1220684016-722781602-7826
Present! F:\RECYCLER\S-8-7-54-5610838146-6444661243-413661327-0248
################## | Registry |
Present! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|forceclassiccontrolpanel
Present! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoResolveSearch
################## | Mountpoints2 |
################## | Vaccine |
(!) This computer is not vaccinated!
################## | E.O.F |
User: Administrator (Administrator) # SWEET-BFD6CB4B9 [ ]
Updated on 06/08/2011 by El Desaparecido
Launched at 18:55:11 | 11/08/2011
Website: http://www.teamxscript.org
Submit your sample: http://www.teamxscript.org/Upload.php
Contact: TeamXscript.ElDesaparecido@gmail.com
CPU: Intel(R) Pentium(R) 4 CPU 3.20GHz
CPU 2: Intel(R) Pentium(R) 4 CPU 3.20GHz
Microsoft Windows XP Professional (5.1.2600 32-Bit) # Service Pack 2
Internet Explorer 7.0.5730.11
Windows Firewall: Disabled /!\
RAM -> 1215 MB
C:\ (%systemdrive%) -> Hard Drive # 38 GB (32 GB free - 84%) [] # NTFS
D:\ -> Hard Drive # 36 GB (32 GB free - 88%) [New name] # NTFS
E:\ -> CD-ROM
F:\ -> Removable Drive # 969 MB (969 MB free - 100%) [tina] # FAT32
################## | Infectious Items |
Present! C:\RECYCLER\S-1-5-21-343818398-1177238915-1801674531-500
Present! D:\RECYCLER\S-1-5-21-343818398-1177238915-1801674531-500
Present! F:\RECYCLER\S-5-6-66-7737150667-1220684016-722781602-7826
Present! F:\RECYCLER\S-8-7-54-5610838146-6444661243-413661327-0248
################## | Registry |
Present! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|forceclassiccontrolpanel
Present! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoResolveSearch
################## | Mountpoints2 |
################## | Vaccine |
(!) This computer is not vaccinated!
################## | E.O.F |
Internet Explorer 8.0.7600.16385
RAM -> 2047 MB
C:\ (%systemdrive%) -> Hard drive # 149 GB (10 GB free - 7%) [] # NTFS
D:\ -> CD-ROM
F:\ -> Removable drive # 15 GB (3 GB free - 20%) [] # FAT32
J:\ -> Hard drive # 931 GB (37 GB free - 4%) [LaCie] # FAT32
################## | Infectious items |
Present! C:\Users\FM\AppData\Roaming\8C19.tmp
Present! C:\Users\FM\AppData\Roaming\B9EC.tmp
Present! C:\Users\FM\AppData\Roaming\BD5D.tmp
Present! C:\Users\FM\AppData\Roaming\D0C9.tmp
Present! C:\Users\FM\AppData\Roaming\E659.tmp
Present! F:\DCIM.lnk
Present! J:\System Volume Information.lnk
Present! J:\FOUND.000.lnk
Present! J:\UPDATE.lnk
Present! J:\.Trashes.lnk
Present! J:\Recycled.lnk
Present! J:\.fseventsd.lnk
Present! J:\$RECYCLE.BIN.lnk
Present! J:\.Spotlight-V100.lnk
Present! J:\- ART -.lnk
Present! J:\- GEEK -.lnk
Present! J:\- LIFE -.lnk
Present! J:\Lightroom v3.0.lnk
Present! F:\Recycler\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx
Present! F:\Recycler\R-1-5-21-1482476501-1644491937-682003330-1013\acleaner.exe
Present! F:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665
Present! F:\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013
################## | Registry |
Present! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoRecentDocsHistory
Present! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoRecentDocsMenu
Present! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoRecycleFiles
Present! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoResolveSearch
Present! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoSMHelp
Present! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoWinKeys
################## | Mountpoints2 |
HKCU\.\.\.\.\Explorer\MountPoints2\{49fce0a7-3f32-11df-a771-806e6f6e6963}
Shell\AutoRun\Command = E:\LaunchU3.exe -a
################## | Vaccine |
(!) This computer is not vaccinated!
################## | E.O.F |
Thank you in advance for helping me with this task, I have 1 terabyte of photos at stake ^^. I don't usually use IE, but the virus does ^^
RAM -> 2047 MB
C:\ (%systemdrive%) -> Hard drive # 149 GB (10 GB free - 7%) [] # NTFS
D:\ -> CD-ROM
F:\ -> Removable drive # 15 GB (3 GB free - 20%) [] # FAT32
J:\ -> Hard drive # 931 GB (37 GB free - 4%) [LaCie] # FAT32
################## | Infectious items |
Present! C:\Users\FM\AppData\Roaming\8C19.tmp
Present! C:\Users\FM\AppData\Roaming\B9EC.tmp
Present! C:\Users\FM\AppData\Roaming\BD5D.tmp
Present! C:\Users\FM\AppData\Roaming\D0C9.tmp
Present! C:\Users\FM\AppData\Roaming\E659.tmp
Present! F:\DCIM.lnk
Present! J:\System Volume Information.lnk
Present! J:\FOUND.000.lnk
Present! J:\UPDATE.lnk
Present! J:\.Trashes.lnk
Present! J:\Recycled.lnk
Present! J:\.fseventsd.lnk
Present! J:\$RECYCLE.BIN.lnk
Present! J:\.Spotlight-V100.lnk
Present! J:\- ART -.lnk
Present! J:\- GEEK -.lnk
Present! J:\- LIFE -.lnk
Present! J:\Lightroom v3.0.lnk
Present! F:\Recycler\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx
Present! F:\Recycler\R-1-5-21-1482476501-1644491937-682003330-1013\acleaner.exe
Present! F:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665
Present! F:\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013
################## | Registry |
Present! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoRecentDocsHistory
Present! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoRecentDocsMenu
Present! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoRecycleFiles
Present! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoResolveSearch
Present! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoSMHelp
Present! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoWinKeys
################## | Mountpoints2 |
HKCU\.\.\.\.\Explorer\MountPoints2\{49fce0a7-3f32-11df-a771-806e6f6e6963}
Shell\AutoRun\Command = E:\LaunchU3.exe -a
################## | Vaccine |
(!) This computer is not vaccinated!
################## | E.O.F |
Thank you in advance for helping me with this task, I have 1 terabyte of photos at stake ^^. I don't usually use IE, but the virus does ^^
############################## | UsbFix 7.057 | [Search]
User: Kevin (Administrator) # KEVIN-PC [Packard Bell EasyNote LM98]
Updated on 08/17/2011 by El Desaparecido
Launched at 11:10:31 | 08/25/2011
Website: http://www.teamxscript.org
Submit your sample: http://www.teamxscript.org/Upload.php
Contact: TeamXscript.ElDesaparecido@gmail.com
CPU: Intel(R) Core(TM) i3 CPU M 350 @ 2.27GHz
CPU 2: Intel(R) Core(TM) i3 CPU M 350 @ 2.27GHz
Microsoft Windows 7 Home Premium Edition (6.1.7601 64-Bit) # Service Pack 1
Internet Explorer 8.0.7601.17514
Windows Firewall: Disabled /!\
RAM -> 3957 MB
C:\ (%systemdrive%) -> Local Disk # 453 GB (295 GB free - 65%) [Packard Bell] # NTFS
D:\ -> CD-ROM
E:\ -> Local Disk # 466 GB (89 GB free - 19%) [Michou] # NTFS
F:\ -> CD-ROM
################## | Infectious Elements |
Present! E:\film.lnk
Present! E:\Jeux.lnk
Present! E:\malcolm.lnk
Present! E:\Musique.lnk
Present! E:\Virtual DJ Pro 7 & Serial.lnk
Present! D:\Autorun.inf
Present! D:\autorun.exe
################## | Registry |
################## | Mountpoints2 |
HKCU\.\.\.\.\Explorer\MountPoints2\{5b46a07a-b797-11df-8f98-206a8a0086d1}
Shell\AutoRun\Command = F:\setup.exe
HKCU\.\.\.\.\Explorer\MountPoints2\{a374b907-78bd-11df-a7dc-806e6f6e6963}
Shell\AutoRun\Command = D:\autorun.exe
Shell\setup\Command = D:\install.exe
HKCU\.\.\.\.\Explorer\MountPoints2\{c996a5bc-7bf5-11e0-98ab-207c8f061aff}
Shell\AutoRun\Command = E:\Setup.exe
HKCU\.\.\.\.\Explorer\MountPoints2\{d54d290f-5aa8-11e0-aabf-207c8f061aff}
Shell\AutoRun\Command = "E:\WD SmartWare.exe" autoplay=true
################## | Vaccine |
D:\Autorun.inf -> Vaccine created by Panda USB Vaccine
################## | E.O.F |
User: Kevin (Administrator) # KEVIN-PC [Packard Bell EasyNote LM98]
Updated on 08/17/2011 by El Desaparecido
Launched at 11:10:31 | 08/25/2011
Website: http://www.teamxscript.org
Submit your sample: http://www.teamxscript.org/Upload.php
Contact: TeamXscript.ElDesaparecido@gmail.com
CPU: Intel(R) Core(TM) i3 CPU M 350 @ 2.27GHz
CPU 2: Intel(R) Core(TM) i3 CPU M 350 @ 2.27GHz
Microsoft Windows 7 Home Premium Edition (6.1.7601 64-Bit) # Service Pack 1
Internet Explorer 8.0.7601.17514
Windows Firewall: Disabled /!\
RAM -> 3957 MB
C:\ (%systemdrive%) -> Local Disk # 453 GB (295 GB free - 65%) [Packard Bell] # NTFS
D:\ -> CD-ROM
E:\ -> Local Disk # 466 GB (89 GB free - 19%) [Michou] # NTFS
F:\ -> CD-ROM
################## | Infectious Elements |
Present! E:\film.lnk
Present! E:\Jeux.lnk
Present! E:\malcolm.lnk
Present! E:\Musique.lnk
Present! E:\Virtual DJ Pro 7 & Serial.lnk
Present! D:\Autorun.inf
Present! D:\autorun.exe
################## | Registry |
################## | Mountpoints2 |
HKCU\.\.\.\.\Explorer\MountPoints2\{5b46a07a-b797-11df-8f98-206a8a0086d1}
Shell\AutoRun\Command = F:\setup.exe
HKCU\.\.\.\.\Explorer\MountPoints2\{a374b907-78bd-11df-a7dc-806e6f6e6963}
Shell\AutoRun\Command = D:\autorun.exe
Shell\setup\Command = D:\install.exe
HKCU\.\.\.\.\Explorer\MountPoints2\{c996a5bc-7bf5-11e0-98ab-207c8f061aff}
Shell\AutoRun\Command = E:\Setup.exe
HKCU\.\.\.\.\Explorer\MountPoints2\{d54d290f-5aa8-11e0-aabf-207c8f061aff}
Shell\AutoRun\Command = "E:\WD SmartWare.exe" autoplay=true
################## | Vaccine |
D:\Autorun.inf -> Vaccine created by Panda USB Vaccine
################## | E.O.F |
############################## | UsbFix 7.057 | [Search]
User: Kevin (Administrator) # KEVIN-PC [Packard Bell EasyNote LM98]
Updated on 17/08/2011 by El Desaparecido
Started at 23:10:31 | 25/08/2011
Website: http://www.teamxscript.org
Submit your sample: http://www.teamxscript.org/Upload.php
Contact: TeamXscript.ElDesaparecido@gmail.com
CPU: Intel(R) Core(TM) i3 CPU M 350 @ 2.27GHz
CPU 2: Intel(R) Core(TM) i3 CPU M 350 @ 2.27GHz
Microsoft Windows 7 Home Premium (6.1.7601 64-Bit) # Service Pack 1
Internet Explorer 8.0.7601.17514
Windows Firewall: Disabled /!\
RAM -> 3957 Mo
C:\ (%systemdrive%) -> Fixed Disk # 453 Go (295 Go free - 65%) [Beautiful Placard] # NTFS
D:\ -> CD-ROM
E:\ -> Fixed Disk # 466 Go (89 Go free - 19%) [Michou] # NTFS
F:\ -> CD-ROM
################## | Infectious Elements |
Present! E:\film.lnk
Present! E:\Games.lnk
Present! E:\malcolm.lnk
Present! E:\Music.lnk
Present! E:\Virtual DJ Pro 7 & Serial.lnk
Present! D:\Autorun.inf
Present! D:\autorun.exe
################## | Registry |
################## | Mountpoints2 |
HKCU\.\.\.\.\Explorer\MountPoints2\{5b46a07a-b797-11df-8f98-206a8a0086d1}
Shell\AutoRun\Command = F:\setup.exe
HKCU\.\.\.\.\Explorer\MountPoints2\{a374b907-78bd-11df-a7dc-806e6f6e6963}
Shell\AutoRun\Command = D:\autorun.exe
Shell\setup\Command = D:\install.exe
HKCU\.\.\.\.\Explorer\MountPoints2\{c996a5bc-7bf5-11e0-98ab-207c8f061aff}
Shell\AutoRun\Command = E:\Setup.exe
HKCU\.\.\.\.\Explorer\MountPoints2\{d54d290f-5aa8-11e0-aabf-207c8f061aff}
Shell\AutoRun\Command = "E:\WD SmartWare.exe" autoplay=true
################## | Vaccine |
D:\Autorun.inf -> Vaccine created by Panda USB Vaccine
################## | E.O.F |
sorry for the double post3I have an issue with my 500GB WD and I would like to have help please
User: Kevin (Administrator) # KEVIN-PC [Packard Bell EasyNote LM98]
Updated on 17/08/2011 by El Desaparecido
Started at 23:10:31 | 25/08/2011
Website: http://www.teamxscript.org
Submit your sample: http://www.teamxscript.org/Upload.php
Contact: TeamXscript.ElDesaparecido@gmail.com
CPU: Intel(R) Core(TM) i3 CPU M 350 @ 2.27GHz
CPU 2: Intel(R) Core(TM) i3 CPU M 350 @ 2.27GHz
Microsoft Windows 7 Home Premium (6.1.7601 64-Bit) # Service Pack 1
Internet Explorer 8.0.7601.17514
Windows Firewall: Disabled /!\
RAM -> 3957 Mo
C:\ (%systemdrive%) -> Fixed Disk # 453 Go (295 Go free - 65%) [Beautiful Placard] # NTFS
D:\ -> CD-ROM
E:\ -> Fixed Disk # 466 Go (89 Go free - 19%) [Michou] # NTFS
F:\ -> CD-ROM
################## | Infectious Elements |
Present! E:\film.lnk
Present! E:\Games.lnk
Present! E:\malcolm.lnk
Present! E:\Music.lnk
Present! E:\Virtual DJ Pro 7 & Serial.lnk
Present! D:\Autorun.inf
Present! D:\autorun.exe
################## | Registry |
################## | Mountpoints2 |
HKCU\.\.\.\.\Explorer\MountPoints2\{5b46a07a-b797-11df-8f98-206a8a0086d1}
Shell\AutoRun\Command = F:\setup.exe
HKCU\.\.\.\.\Explorer\MountPoints2\{a374b907-78bd-11df-a7dc-806e6f6e6963}
Shell\AutoRun\Command = D:\autorun.exe
Shell\setup\Command = D:\install.exe
HKCU\.\.\.\.\Explorer\MountPoints2\{c996a5bc-7bf5-11e0-98ab-207c8f061aff}
Shell\AutoRun\Command = E:\Setup.exe
HKCU\.\.\.\.\Explorer\MountPoints2\{d54d290f-5aa8-11e0-aabf-207c8f061aff}
Shell\AutoRun\Command = "E:\WD SmartWare.exe" autoplay=true
################## | Vaccine |
D:\Autorun.inf -> Vaccine created by Panda USB Vaccine
################## | E.O.F |
sorry for the double post3I have an issue with my 500GB WD and I would like to have help please
I have the same issue with the card of my Olympus camera LENS.
I can see my photos when I view them on the camera, but when I try to read the card with a PC to recover them, a RECYCLER folder has appeared on my card containing only one file: 4f883.exe and not my photos.
The UsbFix link mentioned earlier doesn't work anymore!!!!
I can see my photos when I view them on the camera, but when I try to read the card with a PC to recover them, a RECYCLER folder has appeared on my card containing only one file: 4f883.exe and not my photos.
The UsbFix link mentioned earlier doesn't work anymore!!!!
Thank you. Here is the report
############################## | UsbFix V 7.089 | [Search]
User: cw (Administrator) # CW-VAIO
Updated on 09/06/2012 by El Desaparecido
Started at 13:32:38 | 18/06/2012
Website: https://www.sosvirus.net/
Forum: http://forum.eldesaparecido.com
Suspicious file? : http://eldesaparecido.com/upload.php
Contact: contact@eldesaparecido.com
PC: Sony Corporation (VGN-NW21EF_S) (x64-based PC) # Notebook
CPU: Pentium(R) Dual-Core CPU T4300 @ 2.10GHz (2100)
RAM -> [Total : 4063 | Free : 1916]
BIOS: BIOS Date: 05/09/08 11:12:06 Ver: 08.00.10
BOOT: Normal boot
OS: Microsoft Windows 7 Home Premium Edition (6.1.7601 64-Bit) # Service Pack 1
WB: Windows Internet Explorer 9.0.8112.16421
SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [(!) Disabled | Updated]
FW: Windows Firewall Service [Enabled]
C:\ (%systemdrive%) -> Fixed Disk # 289 GB (116 GB free - 40%) [] # NTFS
D:\ -> Removable Disk # 4 GB (4 GB free - 98%) [] # FAT32
F:\ -> CD-ROM
################## | Active Processes |
C:\Windows\system32\csrss.exe (540)
C:\Windows\system32\wininit.exe (612)
C:\Windows\system32\csrss.exe (624)
C:\Windows\system32\services.exe (668)
C:\Windows\system32\winlogon.exe (700)
C:\Windows\system32\lsass.exe (712)
C:\Windows\system32\lsm.exe (720)
C:\Windows\system32\svchost.exe (848)
C:\Windows\system32\svchost.exe (940)
C:\Windows\system32\atiesrxx.exe (988)
C:\Windows\System32\svchost.exe (384)
C:\Windows\System32\svchost.exe (436)
C:\Windows\system32\svchost.exe (536)
C:\Windows\system32\svchost.exe (1112)
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (1176)
C:\Windows\system32\atieclxx.exe (1192)
C:\Windows\system32\svchost.exe (1312)
C:\Windows\System32\spoolsv.exe (1564)
C:\Windows\system32\svchost.exe (1604)
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (1748)
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe (1780)
C:\Program Files (x86)\Ciel\Ciel Pilotage\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe (1848)
C:\Program Files (x86)\SFR\3G Connection Manager\SFRABCDService.exe (1908)
C:\Windows\system32\svchost.exe (1948)
C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (1980)
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (1396)
C:\Program Files\Sony\VAIO Power Management\SPMService.exe (784)
C:\Windows\SysWOW64\DllHost.exe (1156)
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe (2108)
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (2288)
C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (2316)
C:\Program Files\Sony\VAIO Smart Network\VSNService.exe (2360)
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (2420)
C:\Windows\System32\svchost.exe (2448)
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (2516)
C:\Windows\system32\taskhost.exe (2964)
C:\Windows\system32\Dwm.exe (1808)
C:\Windows\Explorer.EXE (3032)
C:\Windows\system32\taskeng.exe (3240)
C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe (3272)
C:\Program Files\Apoint\Apoint.exe (3456)
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (3464)
C:\Program Files\Java\jre6\bin\jusched.exe (3500)
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (3512)
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (3524)
C:\Program Files\Apoint\ApMsgFwd.exe (3540)
C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe (3548)
C:\Windows\splwow64.exe (3580)
C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe (3616)
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (3696)
C:\Program Files\Apoint\Apntex.exe (3788)
C:\Program Files\Apoint\Apvfb.exe (3796)
C:\Program Files (x86)\SAGEM\SAGEM F@st 800-840\dslmon.exe (3804)
C:\Program Files (x86)\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (3840)
C:\Windows\system32\conhost.exe (3856)
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (4028)
C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe (3176)
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (3192)
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (3344)
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (3740)
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (3488)
C:\Program Files (x86)\Mozilla Firefox\firefox.exe (924)
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (2692)
C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\FOXIT READER.EXE (3764)
C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe (3084)
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (4340)
C:\Windows\system32\SearchIndexer.exe (4348)
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (4512)
C:\Windows\system32\svchost.exe (4780)
C:\Windows\system32\WUDFHost.exe (4908)
C:\Program Files\Windows Media Player\wmpnetwk.exe (4932)
C:\Windows\System32\svchost.exe (1292)
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (4916)
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (4452)
C:\Windows\system32\svchost.exe (5736)
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (804)
C:\Windows\system32\rundll32.exe (5308)
C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe (1924)
C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\DeviceSetup.exe (4336)
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE (5660)
C:\Windows\system32\taskeng.exe (7484)
C:\UsbFix\Go.exe (10068)
C:\Windows\system32\wbem\wmiprvse.exe (9988)
C:\Windows\system32\SearchProtocolHost.exe (10816)
C:\Windows\system32\SearchFilterHost.exe (10840)
################## | Infectious Items |
Present! D:\Recycler\desktop.ini
################## | Registry |
################## | Mountpoints2 |
HKCU\.\.\.\.\Explorer\MountPoints2\G
Shell\AutoRun\Command = G:\SFR.exe
HKCU\.\.\.\.\Explorer\MountPoints2\{3c890ad7-05ec-11e1-9a6b-0024be42af4c}
Shell\AutoRun\Command = G:\LGAutoRun.exe
HKCU\.\.\.\.\Explorer\MountPoints2\{448920fd-5db7-11df-aefb-0024be42af4c}
Shell\AutoRun\Command = G:\AutoRun.exe
HKCU\.\.\.\.\Explorer\MountPoints2\{6b4fdd6c-5db5-11df-a481-0024be42af4c}
Shell\AutoRun\Command = G:\AutoRun.exe
################## | Vaccine |
(!) This computer is not vaccinated!
################## | E.O.F |
############################## | UsbFix V 7.089 | [Search]
User: cw (Administrator) # CW-VAIO
Updated on 09/06/2012 by El Desaparecido
Started at 13:32:38 | 18/06/2012
Website: https://www.sosvirus.net/
Forum: http://forum.eldesaparecido.com
Suspicious file? : http://eldesaparecido.com/upload.php
Contact: contact@eldesaparecido.com
PC: Sony Corporation (VGN-NW21EF_S) (x64-based PC) # Notebook
CPU: Pentium(R) Dual-Core CPU T4300 @ 2.10GHz (2100)
RAM -> [Total : 4063 | Free : 1916]
BIOS: BIOS Date: 05/09/08 11:12:06 Ver: 08.00.10
BOOT: Normal boot
OS: Microsoft Windows 7 Home Premium Edition (6.1.7601 64-Bit) # Service Pack 1
WB: Windows Internet Explorer 9.0.8112.16421
SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [(!) Disabled | Updated]
FW: Windows Firewall Service [Enabled]
C:\ (%systemdrive%) -> Fixed Disk # 289 GB (116 GB free - 40%) [] # NTFS
D:\ -> Removable Disk # 4 GB (4 GB free - 98%) [] # FAT32
F:\ -> CD-ROM
################## | Active Processes |
C:\Windows\system32\csrss.exe (540)
C:\Windows\system32\wininit.exe (612)
C:\Windows\system32\csrss.exe (624)
C:\Windows\system32\services.exe (668)
C:\Windows\system32\winlogon.exe (700)
C:\Windows\system32\lsass.exe (712)
C:\Windows\system32\lsm.exe (720)
C:\Windows\system32\svchost.exe (848)
C:\Windows\system32\svchost.exe (940)
C:\Windows\system32\atiesrxx.exe (988)
C:\Windows\System32\svchost.exe (384)
C:\Windows\System32\svchost.exe (436)
C:\Windows\system32\svchost.exe (536)
C:\Windows\system32\svchost.exe (1112)
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (1176)
C:\Windows\system32\atieclxx.exe (1192)
C:\Windows\system32\svchost.exe (1312)
C:\Windows\System32\spoolsv.exe (1564)
C:\Windows\system32\svchost.exe (1604)
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (1748)
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe (1780)
C:\Program Files (x86)\Ciel\Ciel Pilotage\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe (1848)
C:\Program Files (x86)\SFR\3G Connection Manager\SFRABCDService.exe (1908)
C:\Windows\system32\svchost.exe (1948)
C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (1980)
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (1396)
C:\Program Files\Sony\VAIO Power Management\SPMService.exe (784)
C:\Windows\SysWOW64\DllHost.exe (1156)
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe (2108)
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (2288)
C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (2316)
C:\Program Files\Sony\VAIO Smart Network\VSNService.exe (2360)
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (2420)
C:\Windows\System32\svchost.exe (2448)
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (2516)
C:\Windows\system32\taskhost.exe (2964)
C:\Windows\system32\Dwm.exe (1808)
C:\Windows\Explorer.EXE (3032)
C:\Windows\system32\taskeng.exe (3240)
C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe (3272)
C:\Program Files\Apoint\Apoint.exe (3456)
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (3464)
C:\Program Files\Java\jre6\bin\jusched.exe (3500)
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (3512)
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (3524)
C:\Program Files\Apoint\ApMsgFwd.exe (3540)
C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe (3548)
C:\Windows\splwow64.exe (3580)
C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe (3616)
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (3696)
C:\Program Files\Apoint\Apntex.exe (3788)
C:\Program Files\Apoint\Apvfb.exe (3796)
C:\Program Files (x86)\SAGEM\SAGEM F@st 800-840\dslmon.exe (3804)
C:\Program Files (x86)\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (3840)
C:\Windows\system32\conhost.exe (3856)
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (4028)
C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe (3176)
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (3192)
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (3344)
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (3740)
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (3488)
C:\Program Files (x86)\Mozilla Firefox\firefox.exe (924)
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (2692)
C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\FOXIT READER.EXE (3764)
C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe (3084)
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (4340)
C:\Windows\system32\SearchIndexer.exe (4348)
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (4512)
C:\Windows\system32\svchost.exe (4780)
C:\Windows\system32\WUDFHost.exe (4908)
C:\Program Files\Windows Media Player\wmpnetwk.exe (4932)
C:\Windows\System32\svchost.exe (1292)
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (4916)
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (4452)
C:\Windows\system32\svchost.exe (5736)
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (804)
C:\Windows\system32\rundll32.exe (5308)
C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe (1924)
C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\DeviceSetup.exe (4336)
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE (5660)
C:\Windows\system32\taskeng.exe (7484)
C:\UsbFix\Go.exe (10068)
C:\Windows\system32\wbem\wmiprvse.exe (9988)
C:\Windows\system32\SearchProtocolHost.exe (10816)
C:\Windows\system32\SearchFilterHost.exe (10840)
################## | Infectious Items |
Present! D:\Recycler\desktop.ini
################## | Registry |
################## | Mountpoints2 |
HKCU\.\.\.\.\Explorer\MountPoints2\G
Shell\AutoRun\Command = G:\SFR.exe
HKCU\.\.\.\.\Explorer\MountPoints2\{3c890ad7-05ec-11e1-9a6b-0024be42af4c}
Shell\AutoRun\Command = G:\LGAutoRun.exe
HKCU\.\.\.\.\Explorer\MountPoints2\{448920fd-5db7-11df-aefb-0024be42af4c}
Shell\AutoRun\Command = G:\AutoRun.exe
HKCU\.\.\.\.\Explorer\MountPoints2\{6b4fdd6c-5db5-11df-a481-0024be42af4c}
Shell\AutoRun\Command = G:\AutoRun.exe
################## | Vaccine |
(!) This computer is not vaccinated!
################## | E.O.F |
stick to the deletion report but not much available
it would have been better to create your own topic
it would have been better to create your own topic
Thank you, but actually yesterday I realized that no one was responding to me and I created my own topic.
ok
a bit of reading to answer your questions here:
https://forums.commentcamarche.net/forum/affich-37636394-desinfecter-une-cle-usb-ou-un-disque-amovible
and continue on the other topic
see you later
a bit of reading to answer your questions here:
https://forums.commentcamarche.net/forum/affich-37636394-desinfecter-une-cle-usb-ou-un-disque-amovible
and continue on the other topic
see you later
############################## | UsbFix V 7.129 | [Removal]
User: W12 (Administrator) # W12-PC
Updated on 06/24/2013 by El Desaparecido
Launched at 14:58:57 | 07/16/2013
Website: http://sosvirus.net/
Upload Malware: http://www.sosvirus.net/upload-malware-pour-analyse-t489.html
Contact: ***@***
PC: MICRO-STAR INTERNATIONAL CO.,LTD (MS-7529) (x64-based PC)
CPU: Intel(R) Core(TM)2 Duo CPU E7500 @ 2.93GHz (2933)
RAM -> [Total: 3071 | Free: 1827]
BIOS: Default System BIOS
BOOT: Normal boot
OS: Microsoft Windows 7 Professional (6.1.7601 64-Bit) # Service Pack 1
WB: Windows Internet Explorer 9.0.8112.16421
SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AS: Windows Defender [Enabled | Updated]
FW: Windows FireWall Service [Enabled]
C:\ (%systemdrive%) -> Hard disk # 59 Go (19 Go free - 33%) [] # NTFS
D:\ -> Hard disk # 107 Go (35 Go free - 32%) [Local disk] # NTFS
E:\ -> Hard disk # 67 Go (37 Go free - 55%) [] # NTFS
F:\ -> CD-ROM
H:\ -> CD-ROM
################## | El Desaparecido Section |
HKLM\SOFTWARE | Run : [FixCamera] - C:\Windows\FixCamera.exe
HKLM\SOFTWARE | Run : [tsnp325] - C:\Windows\tsnp325.exe
HKLM\SOFTWARE | Run : [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
HKLM\SOFTWARE | Run : [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
HKLM\SOFTWARE | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM\SOFTWARE | Run : [AccuWeatherWidget] - "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE\wow6432Node | Run : [FixCamera] - C:\Windows\FixCamera.exe
HKLM\SOFTWARE\wow6432Node | Run : [tsnp325] - C:\Windows\tsnp325.exe
HKLM\SOFTWARE\wow6432Node | Run : [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
HKLM\SOFTWARE\wow6432Node | Run : [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
HKLM\SOFTWARE\wow6432Node | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM\SOFTWARE\wow6432Node | Run : [AccuWeatherWidget] - "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
HKLM\SOFTWARE\wow6432Node | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE | RunOnce : [] -
HKLM\SOFTWARE\wow6432Node | RunOnce : [] -
HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-1748201786-431495879-1759824913-1000\SOFTWARE | Run : [Supercopier.exe] - C:\Program Files (x86)\Supercopier\Supercopier.exe
HKU\S-1-5-21-1748201786-431495879-1759824913-1000\SOFTWARE | Run : [DAEMON Tools Lite] - "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
HKU\S-1-5-21-1748201786-431495879-1759824913-1000\SOFTWARE | Run : [EPSON Stylus SX200 Series] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEFE.EXE /FU "C:\Windows\TEMP\E_S8EE4.tmp" /EF "HKCU"
HKU\S-1-5-21-1748201786-431495879-1759824913-1000\SOFTWARE | Run : [Facebook Update] - "C:\Users\W12\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
HKU\S-1-5-21-1748201786-431495879-1759824913-1000\SOFTWARE | Run : [IDMan] - C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
HKU\S-1-5-21-1748201786-431495879-1759824913-1000\SOFTWARE | Run : [WebCake Desktop] - "C:\Users\W12\AppData\Roaming\WebCake\WebCakeDesktop.exe"
HKU\S-1-5-21-1748201786-431495879-1759824913-1001\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-1748201786-431495879-1759824913-1001\SOFTWARE | Run : [ProgLauncher] - C:\Program Files (x86)\ProgDVB\ProgLauncher.exe
HKU\S-1-5-21-1748201786-431495879-1759824913-1001\SOFTWARE | Run : [IDMan] - C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
HKU\S-1-5-21-1748201786-431495879-1759824913-1001\SOFTWARE | Run : [Supercopier.exe] - C:\Program Files (x86)\Supercopier\Supercopier.exe
HKU\S-1-5-21-1748201786-431495879-1759824913-1001\SOFTWARE | Run : [DAEMON Tools Lite] - "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
HKU\S-1-5-21-1748201786-431495879-1759824913-1001\SOFTWARE | Run : [Skype] - "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
HKU\S-1-5-21-1748201786-431495879-1759824913-1001\SOFTWARE | Run : [EPSON Stylus SX200 Series] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEFE.EXE /FU "C:\Windows\TEMP\E_S8EE4.tmp" /EF "HKCU"
HKU\S-1-5-21-1748201786-431495879-1759824913-1001\SOFTWARE | Run : [Facebook Update] - "C:\Users\W12\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
HKU\S-1-5-18\SOFTWARE | Run : [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-21-1748201786-431495879-1759824913-1001\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
################## | Stopped Processes |
Stopped! C:\Windows\system32\nvvsvc.exe (828)
Stopped! C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (852)
Stopped! C:\Windows\System32\spoolsv.exe (1408)
Stopped! C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (1572)
Stopped! C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (1660)
Stopped! C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe (1808)
Stopped! C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe (2060)
Stopped! C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (2104)
Stopped! C:\Program Files (x86)\WebCake\WebCakeDesktop.Updater.exe (2184)
Stopped! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (2692)
Stopped! C:\Program Files\iPod\bin\iPodService.exe (3340)
Stopped! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (3368)
Stopped! C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (4588)
Stopped! C:\Windows\system32\nvvsvc.exe (3016)
Stopped! C:\Windows\system32\taskhost.exe (4696)
Stopped! C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (4240)
Stopped! C:\Windows\vsnp325.exe (4380)
Stopped! C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe (1008)
Stopped! C:\Program Files (x86)\Supercopier\Supercopier.exe (2668)
Stopped! C:\Windows\System32\spool\drivers\x64\3\E_IATIEFE.EXE (3732)
Stopped! C:\Program Files (x86)\Internet Download Manager\IDMan.exe (1896)
Stopped! C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (356)
Stopped! C:\Users\W12\AppData\Roaming\WebCake\WebCakeDesktop.exe (4464)
Stopped! C:\Program Files (x86)\TechniSat DVB\bin\Server4PC.exe (2740)
Stopped! C:\Windows\FixCamera.exe (704)
Stopped! C:\Windows\tsnp325.exe (1300)
Stopped! C:\Program Files (x86)\iTunes\iTunesHelper.exe (2300)
Stopped! C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (3832)
Stopped! C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe (4704)
Stopped! C:\Program Files (x86)\AIMP3\AIMP3.exe (3552)
Stopped! C:\Windows\SysWOW64\DllHost.exe (1980)
Stopped! C:\Windows\system32\msiexec.exe (4684)
Stopped! C:\Windows\SysWOW64\NOTEPAD.EXE (4260)
################## | Infectious Items |
Not deleted! H:\setup.exe
Deleted! D:\Thumbs.db
Not deleted! H:\autorun.inf
(!) Temporary files deleted.
################## | Registry |
################## | Mountpoints2 |
Deleted! HKCU\.\.\.\.\Explorer\MountPoints2\{5efa5270-b1bb-11e2-a518-002421bbc481}
Deleted! HKCU\.\.\.\.\Explorer\MountPoints2\{5efa528b-b1bb-11e2-a518-002421bbc481}
Deleted! HKCU\.\.\.\.\Explorer\MountPoints2\{7b083aa8-948c-11e2-94d1-002421bbc481}
Deleted! HKCU\.\.\.\.\Explorer\MountPoints2\{e22c5289-a420-11e2-8e3a-002421bbc481}
################## | Listing |
[05/03/2013 - 19:19:36 | SHD ] C:\$Recycle.Bin
[16/07/2013 - 14:53:35 | RASHD ] C:\Autorun.inf
[05/03/2013 - 19:14:47 | SHD ] C:\Boot
[21/11/2010 - 04:23:51 | RASH | 383786] C:\bootmgr
[05/03/2013 - 19:14:48 | N | 8192] C:\BOOTSECT.BAK
[16/07/2013 - 14:53:41 | D ] C:\Config.Msi
[12/05/2013 - 21:58:17 | D ] C:\dell
[10/05/2013 - 21:05:09 | D ] C:\Dev-Pas
[14/07/2009 - 06:08:56 | SHD ] C:\Documents and Settings
[12/03/2013 - 14:33:05 | D ] C:\dvbdream
[27/06/2013 - 19:42:54 | D ] C:\FFOutput
[14/05/2013 - 20:09:26 | D ] C:\Fraps
[25/03/2013 - 21:01:10 | N | 230424] C:\img2-001.raw
[14/03/2013 - 21:43:34 | N | 365] C:\MAX.BAK
[14/03/2013 - 21:43:34 | N | 365] C:\max.pas
[07/04/2013 - 14:20:13 | RHD ] C:\MSOCache
[05/03/2013 - 19:24:06 | D ] C:\NVIDIA
[16/07/2013 - 12:56:41 | ASH | 1073741824] C:\pagefile.sys
[14/07/2009 - 04:20:08 | D ] C:\PerfLogs
[04/07/2013 - 10:30:02 | D ] C:\Program Files
[16/07/2013 - 14:53:35 | D ] C:\Program Files (x86)
[16/07/2013 - 14:53:35 | HD ] C:\ProgramData
[05/03/2013 - 19:19:16 | SHD ] C:\Recovery
[28/03/2013 - 23:20:39 | D ] C:\Report
[16/07/2013 - 13:08:01 | D ] C:\rsit
[20/04/2013 - 19:51:43 | D ] C:\sn0wbreeze
[16/07/2013 - 14:52:58 | SHD ] C:\System Volume Information
[13/03/2013 - 21:44:54 | D ] C:\TP
[15/03/2013 - 18:36:57 | D ] C:\TPWW
[16/07/2013 - 15:03:07 | D ] C:\UsbFix
[16/07/2013 - 15:03:18 | A | 9789] C:\UsbFix [Clean 1] W12-PC.txt
[16/07/2013 - 14:52:39 | N | 9984] C:\UsbFix [Scan 1] W12-PC.txt
[16/07/2013 - 14:58:20 | N | 9709] C:\UsbFix [Scan 2] W12-PC.txt
[05/03/2013 - 19:26:06 | D ] C:\Users
[12/04/2013 - 09:15:55 | N | 413] C:\wakeuptoken.info
[15/07/2013 - 01:25:11 | D ] C:\Windows
[05/03/2013 - 19:19:36 | SHD ] D:\$RECYCLE.BIN
[27/06/2013 - 19:45:12 | D ] D:\amine
[16/07/2013 - 14:53:36 | RASHD ] D:\Autorun.inf
[16/02/2013 - 10:22:12 | D ] D:\Config.Msi
[15/07/2013 - 19:51:53 | D ] D:\special music folder
[15/07/2013 - 15:54:48 | D ] D:\Downloads
[05/12/2009 - 20:21:58 | N | 166406] D:\Recording.amr
[17/03/2012 - 00:45:51 | D ] D:\frikwi
[15/07/2013 - 15:57:05 | D ] D:\My documents
[18/03/2013 - 15:41:46 | D ] D:\msdownld.tmp
[16/07/2013 - 03:56:32 | N | 610826] D:\New Microsoft Office Word Document.docx
[14/07/2013 - 02:44:30 | D ] D:\Program Files (x86)
[10/07/2013 - 22:17:13 | D ] D:\RAI2LUXE
[01/07/2011 - 23:09:59 | SHD ] D:\RECYCLER
[16/07/2013 - 04:22:11 | D ] D:\sab
[28/09/2012 - 11:27:30 | SHD ] D:\System Volume Information
[25/04/2013 - 08:57:12 | D ] D:\?????? ??????
[05/03/2013 - 19:19:36 | SHD ] E:\$RECYCLE.BIN
[16/07/2013 - 14:53:37 | RASHD ] E:\Autorun.inf
[05/12/2011 - 21:41:27 | D ] E:\bnituf
[02/04/2013 - 18:01:43 | D ] E:\Config.Msi
[01/01/2013 - 17:09:20 | N | 25600] E:\contacts.xls
[15/07/2013 - 14:20:46 | D ] E:\GAMER
[18/11/2012 - 11:37:26 | D ] E:\I am learning Word
[02/04/2013 - 13:55:44 | D ] E:\Program Files (x86)
[01/07/2011 - 23:11:46 | SHD ] E:\RECYCLER
[26/01/2012 - 22:59:10 | N | 1236] E:\Serial photo instrument.lnk
[28/09/2012 - 23:07:34 | SHD ] E:\System Volume Information
[15/07/2013 - 14:10:57 | D ] E:\Downloads
[12/03/2013 - 15:36:16 | D ] E:\VIRTUAL MACHINE
[28/05/2013 - 12:05:34 | D ] H:\Crack
[28/05/2013 - 12:05:46 | R | 43] H:\autorun.inf
[28/05/2013 - 12:07:31 | R | 2098729728] H:\setup-1.bin
[28/05/2013 - 12:10:49 | R | 2100000000] H:\setup-2.bin
[28/05/2013 - 12:13:05 | R | 1941413161] H:\setup-3.bin
[28/05/2013 - 12:13:06 | R | 1269842] H:\setup.exe
################## | Vaccine |
C:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
D:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
E:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
################## | E.O.F | http://sosvirus.net |
User: W12 (Administrator) # W12-PC
Updated on 06/24/2013 by El Desaparecido
Launched at 14:58:57 | 07/16/2013
Website: http://sosvirus.net/
Upload Malware: http://www.sosvirus.net/upload-malware-pour-analyse-t489.html
Contact: ***@***
PC: MICRO-STAR INTERNATIONAL CO.,LTD (MS-7529) (x64-based PC)
CPU: Intel(R) Core(TM)2 Duo CPU E7500 @ 2.93GHz (2933)
RAM -> [Total: 3071 | Free: 1827]
BIOS: Default System BIOS
BOOT: Normal boot
OS: Microsoft Windows 7 Professional (6.1.7601 64-Bit) # Service Pack 1
WB: Windows Internet Explorer 9.0.8112.16421
SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AS: Windows Defender [Enabled | Updated]
FW: Windows FireWall Service [Enabled]
C:\ (%systemdrive%) -> Hard disk # 59 Go (19 Go free - 33%) [] # NTFS
D:\ -> Hard disk # 107 Go (35 Go free - 32%) [Local disk] # NTFS
E:\ -> Hard disk # 67 Go (37 Go free - 55%) [] # NTFS
F:\ -> CD-ROM
H:\ -> CD-ROM
################## | El Desaparecido Section |
HKLM\SOFTWARE | Run : [FixCamera] - C:\Windows\FixCamera.exe
HKLM\SOFTWARE | Run : [tsnp325] - C:\Windows\tsnp325.exe
HKLM\SOFTWARE | Run : [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
HKLM\SOFTWARE | Run : [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
HKLM\SOFTWARE | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM\SOFTWARE | Run : [AccuWeatherWidget] - "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE\wow6432Node | Run : [FixCamera] - C:\Windows\FixCamera.exe
HKLM\SOFTWARE\wow6432Node | Run : [tsnp325] - C:\Windows\tsnp325.exe
HKLM\SOFTWARE\wow6432Node | Run : [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
HKLM\SOFTWARE\wow6432Node | Run : [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
HKLM\SOFTWARE\wow6432Node | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM\SOFTWARE\wow6432Node | Run : [AccuWeatherWidget] - "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
HKLM\SOFTWARE\wow6432Node | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE | RunOnce : [] -
HKLM\SOFTWARE\wow6432Node | RunOnce : [] -
HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-1748201786-431495879-1759824913-1000\SOFTWARE | Run : [Supercopier.exe] - C:\Program Files (x86)\Supercopier\Supercopier.exe
HKU\S-1-5-21-1748201786-431495879-1759824913-1000\SOFTWARE | Run : [DAEMON Tools Lite] - "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
HKU\S-1-5-21-1748201786-431495879-1759824913-1000\SOFTWARE | Run : [EPSON Stylus SX200 Series] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEFE.EXE /FU "C:\Windows\TEMP\E_S8EE4.tmp" /EF "HKCU"
HKU\S-1-5-21-1748201786-431495879-1759824913-1000\SOFTWARE | Run : [Facebook Update] - "C:\Users\W12\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
HKU\S-1-5-21-1748201786-431495879-1759824913-1000\SOFTWARE | Run : [IDMan] - C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
HKU\S-1-5-21-1748201786-431495879-1759824913-1000\SOFTWARE | Run : [WebCake Desktop] - "C:\Users\W12\AppData\Roaming\WebCake\WebCakeDesktop.exe"
HKU\S-1-5-21-1748201786-431495879-1759824913-1001\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-1748201786-431495879-1759824913-1001\SOFTWARE | Run : [ProgLauncher] - C:\Program Files (x86)\ProgDVB\ProgLauncher.exe
HKU\S-1-5-21-1748201786-431495879-1759824913-1001\SOFTWARE | Run : [IDMan] - C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
HKU\S-1-5-21-1748201786-431495879-1759824913-1001\SOFTWARE | Run : [Supercopier.exe] - C:\Program Files (x86)\Supercopier\Supercopier.exe
HKU\S-1-5-21-1748201786-431495879-1759824913-1001\SOFTWARE | Run : [DAEMON Tools Lite] - "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
HKU\S-1-5-21-1748201786-431495879-1759824913-1001\SOFTWARE | Run : [Skype] - "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
HKU\S-1-5-21-1748201786-431495879-1759824913-1001\SOFTWARE | Run : [EPSON Stylus SX200 Series] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEFE.EXE /FU "C:\Windows\TEMP\E_S8EE4.tmp" /EF "HKCU"
HKU\S-1-5-21-1748201786-431495879-1759824913-1001\SOFTWARE | Run : [Facebook Update] - "C:\Users\W12\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
HKU\S-1-5-18\SOFTWARE | Run : [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-21-1748201786-431495879-1759824913-1001\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
################## | Stopped Processes |
Stopped! C:\Windows\system32\nvvsvc.exe (828)
Stopped! C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (852)
Stopped! C:\Windows\System32\spoolsv.exe (1408)
Stopped! C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (1572)
Stopped! C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (1660)
Stopped! C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe (1808)
Stopped! C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe (2060)
Stopped! C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (2104)
Stopped! C:\Program Files (x86)\WebCake\WebCakeDesktop.Updater.exe (2184)
Stopped! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (2692)
Stopped! C:\Program Files\iPod\bin\iPodService.exe (3340)
Stopped! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (3368)
Stopped! C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (4588)
Stopped! C:\Windows\system32\nvvsvc.exe (3016)
Stopped! C:\Windows\system32\taskhost.exe (4696)
Stopped! C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (4240)
Stopped! C:\Windows\vsnp325.exe (4380)
Stopped! C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe (1008)
Stopped! C:\Program Files (x86)\Supercopier\Supercopier.exe (2668)
Stopped! C:\Windows\System32\spool\drivers\x64\3\E_IATIEFE.EXE (3732)
Stopped! C:\Program Files (x86)\Internet Download Manager\IDMan.exe (1896)
Stopped! C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (356)
Stopped! C:\Users\W12\AppData\Roaming\WebCake\WebCakeDesktop.exe (4464)
Stopped! C:\Program Files (x86)\TechniSat DVB\bin\Server4PC.exe (2740)
Stopped! C:\Windows\FixCamera.exe (704)
Stopped! C:\Windows\tsnp325.exe (1300)
Stopped! C:\Program Files (x86)\iTunes\iTunesHelper.exe (2300)
Stopped! C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (3832)
Stopped! C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe (4704)
Stopped! C:\Program Files (x86)\AIMP3\AIMP3.exe (3552)
Stopped! C:\Windows\SysWOW64\DllHost.exe (1980)
Stopped! C:\Windows\system32\msiexec.exe (4684)
Stopped! C:\Windows\SysWOW64\NOTEPAD.EXE (4260)
################## | Infectious Items |
Not deleted! H:\setup.exe
Deleted! D:\Thumbs.db
Not deleted! H:\autorun.inf
(!) Temporary files deleted.
################## | Registry |
################## | Mountpoints2 |
Deleted! HKCU\.\.\.\.\Explorer\MountPoints2\{5efa5270-b1bb-11e2-a518-002421bbc481}
Deleted! HKCU\.\.\.\.\Explorer\MountPoints2\{5efa528b-b1bb-11e2-a518-002421bbc481}
Deleted! HKCU\.\.\.\.\Explorer\MountPoints2\{7b083aa8-948c-11e2-94d1-002421bbc481}
Deleted! HKCU\.\.\.\.\Explorer\MountPoints2\{e22c5289-a420-11e2-8e3a-002421bbc481}
################## | Listing |
[05/03/2013 - 19:19:36 | SHD ] C:\$Recycle.Bin
[16/07/2013 - 14:53:35 | RASHD ] C:\Autorun.inf
[05/03/2013 - 19:14:47 | SHD ] C:\Boot
[21/11/2010 - 04:23:51 | RASH | 383786] C:\bootmgr
[05/03/2013 - 19:14:48 | N | 8192] C:\BOOTSECT.BAK
[16/07/2013 - 14:53:41 | D ] C:\Config.Msi
[12/05/2013 - 21:58:17 | D ] C:\dell
[10/05/2013 - 21:05:09 | D ] C:\Dev-Pas
[14/07/2009 - 06:08:56 | SHD ] C:\Documents and Settings
[12/03/2013 - 14:33:05 | D ] C:\dvbdream
[27/06/2013 - 19:42:54 | D ] C:\FFOutput
[14/05/2013 - 20:09:26 | D ] C:\Fraps
[25/03/2013 - 21:01:10 | N | 230424] C:\img2-001.raw
[14/03/2013 - 21:43:34 | N | 365] C:\MAX.BAK
[14/03/2013 - 21:43:34 | N | 365] C:\max.pas
[07/04/2013 - 14:20:13 | RHD ] C:\MSOCache
[05/03/2013 - 19:24:06 | D ] C:\NVIDIA
[16/07/2013 - 12:56:41 | ASH | 1073741824] C:\pagefile.sys
[14/07/2009 - 04:20:08 | D ] C:\PerfLogs
[04/07/2013 - 10:30:02 | D ] C:\Program Files
[16/07/2013 - 14:53:35 | D ] C:\Program Files (x86)
[16/07/2013 - 14:53:35 | HD ] C:\ProgramData
[05/03/2013 - 19:19:16 | SHD ] C:\Recovery
[28/03/2013 - 23:20:39 | D ] C:\Report
[16/07/2013 - 13:08:01 | D ] C:\rsit
[20/04/2013 - 19:51:43 | D ] C:\sn0wbreeze
[16/07/2013 - 14:52:58 | SHD ] C:\System Volume Information
[13/03/2013 - 21:44:54 | D ] C:\TP
[15/03/2013 - 18:36:57 | D ] C:\TPWW
[16/07/2013 - 15:03:07 | D ] C:\UsbFix
[16/07/2013 - 15:03:18 | A | 9789] C:\UsbFix [Clean 1] W12-PC.txt
[16/07/2013 - 14:52:39 | N | 9984] C:\UsbFix [Scan 1] W12-PC.txt
[16/07/2013 - 14:58:20 | N | 9709] C:\UsbFix [Scan 2] W12-PC.txt
[05/03/2013 - 19:26:06 | D ] C:\Users
[12/04/2013 - 09:15:55 | N | 413] C:\wakeuptoken.info
[15/07/2013 - 01:25:11 | D ] C:\Windows
[05/03/2013 - 19:19:36 | SHD ] D:\$RECYCLE.BIN
[27/06/2013 - 19:45:12 | D ] D:\amine
[16/07/2013 - 14:53:36 | RASHD ] D:\Autorun.inf
[16/02/2013 - 10:22:12 | D ] D:\Config.Msi
[15/07/2013 - 19:51:53 | D ] D:\special music folder
[15/07/2013 - 15:54:48 | D ] D:\Downloads
[05/12/2009 - 20:21:58 | N | 166406] D:\Recording.amr
[17/03/2012 - 00:45:51 | D ] D:\frikwi
[15/07/2013 - 15:57:05 | D ] D:\My documents
[18/03/2013 - 15:41:46 | D ] D:\msdownld.tmp
[16/07/2013 - 03:56:32 | N | 610826] D:\New Microsoft Office Word Document.docx
[14/07/2013 - 02:44:30 | D ] D:\Program Files (x86)
[10/07/2013 - 22:17:13 | D ] D:\RAI2LUXE
[01/07/2011 - 23:09:59 | SHD ] D:\RECYCLER
[16/07/2013 - 04:22:11 | D ] D:\sab
[28/09/2012 - 11:27:30 | SHD ] D:\System Volume Information
[25/04/2013 - 08:57:12 | D ] D:\?????? ??????
[05/03/2013 - 19:19:36 | SHD ] E:\$RECYCLE.BIN
[16/07/2013 - 14:53:37 | RASHD ] E:\Autorun.inf
[05/12/2011 - 21:41:27 | D ] E:\bnituf
[02/04/2013 - 18:01:43 | D ] E:\Config.Msi
[01/01/2013 - 17:09:20 | N | 25600] E:\contacts.xls
[15/07/2013 - 14:20:46 | D ] E:\GAMER
[18/11/2012 - 11:37:26 | D ] E:\I am learning Word
[02/04/2013 - 13:55:44 | D ] E:\Program Files (x86)
[01/07/2011 - 23:11:46 | SHD ] E:\RECYCLER
[26/01/2012 - 22:59:10 | N | 1236] E:\Serial photo instrument.lnk
[28/09/2012 - 23:07:34 | SHD ] E:\System Volume Information
[15/07/2013 - 14:10:57 | D ] E:\Downloads
[12/03/2013 - 15:36:16 | D ] E:\VIRTUAL MACHINE
[28/05/2013 - 12:05:34 | D ] H:\Crack
[28/05/2013 - 12:05:46 | R | 43] H:\autorun.inf
[28/05/2013 - 12:07:31 | R | 2098729728] H:\setup-1.bin
[28/05/2013 - 12:10:49 | R | 2100000000] H:\setup-2.bin
[28/05/2013 - 12:13:05 | R | 1941413161] H:\setup-3.bin
[28/05/2013 - 12:13:06 | R | 1269842] H:\setup.exe
################## | Vaccine |
C:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
D:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
E:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
################## | E.O.F | http://sosvirus.net |
############################## | UsbFix V 7.149 | [Search]
User: CELINA (Administrator) # MAISON-14764DEB
Updated on 03/11/2013 by El Desaparecido - Team SosVirus
Launched at 17:29:48 | 04/11/2013
Website: https://www.usbfix.net/
Forum: https://www.sosvirus.net/
Upload Malware: http://www.sosvirus.net/upload_malware.php
Contact: https://www.usb-antivirus.com/fr/contact/
PC: Dell Inc. (0GM819)
CPU: Intel(R) Pentium(R) Dual CPU E2160 @ 1.80GHz
RAM -> [Total: 997 | Free: 433]
Bios: Dell Inc.
Boot: Normal boot
OS: Microsoft Windows XP Professional (5.1.2600 32-Bit) Service Pack 3
WB: Windows Internet Explorer: 8.0.6001.18702
WB: Mozilla Firefox: 1.8.1.14: 2008040413
SC: Security Center Service [(!) Disabled]
WU: Windows Update Service [(!) Disabled]
FW: Windows FireWall Service [(!) Disabled]
C:\ (%systemdrive%) -> Fixed disk # 39 GB (5 GB free - 13%) [] # NTFS
D:\ -> Fixed disk # 39 GB (7 GB free - 18%) [] # NTFS
E:\ -> Fixed disk # 39 GB (2 GB free - 6%) [] # NTFS
F:\ -> Fixed disk # 32 GB (340 MB free - 1%) [] # NTFS
K:\ -> CD-ROM
L:\ -> Removable disk # 4 GB (3 GB free - 90%) [] # FAT32
################## | Active Processes |
C:\WINDOWS\System32\smss.exe (ID: 600 | ParentID: 4)
C:\WINDOWS\system32\csrss.exe (ID: 648 | ParentID: 600)
C:\WINDOWS\system32\winlogon.exe (ID: 672 | ParentID: 600)
C:\WINDOWS\system32\services.exe (ID: 728 | ParentID: 672)
C:\WINDOWS\system32\lsass.exe (ID: 740 | ParentID: 672)
C:\WINDOWS\system32\svchost.exe (ID: 920 | ParentID: 728)
C:\WINDOWS\system32\svchost.exe (ID: 1000 | ParentID: 728)
C:\WINDOWS\System32\svchost.exe (ID: 1052 | ParentID: 728)
C:\WINDOWS\system32\svchost.exe (ID: 1108 | ParentID: 728)
C:\WINDOWS\system32\svchost.exe (ID: 1168 | ParentID: 728)
C:\WINDOWS\system32\svchost.exe (ID: 1244 | ParentID: 728)
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ID: 1456 | ParentID: 728)
C:\WINDOWS\Explorer.EXE (ID: 1592 | ParentID: 1564)
C:\WINDOWS\system32\ctfmon.exe (ID: 1616 | ParentID: 1592)
C:\WINDOWS\system32\spoolsv.exe (ID: 1908 | ParentID: 728)
C:\Program Files\IB Updater\ExtensionUpdaterService.exe (ID: 2044 | ParentID: 728)
C:\WINDOWS\system32\dmwu.exe (ID: 156 | ParentID: 728)
C:\WINDOWS\system32\hkcmd.exe (ID: 324 | ParentID: 1592)
C:\Program Files\Internet Explorer\IEXPLORE.EXE (ID: 336 | ParentID: 204)
C:\Documents and Settings\CELINA\Local Settings\Application Data\NVIDIA Corporation\Update\nvupd32.exe (ID: 384 | ParentID: 204)
C:\WINDOWS\system32\igfxpers.exe (ID: 396 | ParentID: 1592)
C:\WINDOWS\Installer\MSI60.tmp (ID: 460 | ParentID: 728)
C:\WINDOWS\system32\igfxsrvc.exe (ID: 112 | ParentID: 920)
C:\Program Files\USB Disk Security\USBGuard.exe (ID: 592 | ParentID: 1592)
C:\Program Files\Hard Disk Sentinel\HDSentinel.exe (ID: 768 | ParentID: 1592)
C:\PROGRA~1\SRTOOL~1\Datamngr\DATAMN~1.EXE (ID: 1008 | ParentID: 1592)
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe (ID: 1180 | ParentID: 1592)
C:\WINDOWS\system32\svchost.exe (ID: 1212 | ParentID: 728)
C:\Program Files\SuperCopier2\SuperCopier2.exe (ID: 1164 | ParentID: 1592)
C:\Program Files\USB Safely Remove\USBSafelyRemove.exe (ID: 1920 | ParentID: 1592)
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (ID: 2076 | ParentID: 1592)
C:\Program Files\Internet Download Manager\IDMan.exe (ID: 2192 | ParentID: 1592)
C:\Program Files\Skype\Phone\Skype.exe (ID: 2480 | ParentID: 1592)
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (ID: 2588 | ParentID: 728)
C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe (ID: 2640 | ParentID: 1592)
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (ID: 2872 | ParentID: 920)
C:\Program Files\Internet Download Manager\IEMonitor.exe (ID: 3700 | ParentID: 2192)
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (ID: 2152 | ParentID: 728)
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe (ID: 2424 | ParentID: 2152)
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe (ID: 2436 | ParentID: 2152)
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe (ID: 2464 | ParentID: 2152)
C:\Documents and Settings\CELINA\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (ID: 3304 | ParentID: 1592)
C:\Documents and Settings\CELINA\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (ID: 624 | ParentID: 3304)
C:\Documents and Settings\CELINA\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (ID: 1932 | ParentID: 3304)
C:\UsbFix\Go.exe (ID: 3024 | ParentID: 2920)
C:\WINDOWS\system32\wbem\wmiprvse.exe (ID: 4056 | ParentID: 920)
################## | Regedit Run |
04 - HKLM\SOFTWARE | Run: [IgfxTray] - C:\WINDOWS\system32\igfxtray.exe
04 - HKLM\SOFTWARE | Run: [HotKeysCmds] - C:\WINDOWS\system32\hkcmd.exe
04 - HKLM\SOFTWARE | Run: [Persistence] - C:\WINDOWS\system32\igfxpers.exe
04 - HKLM\SOFTWARE | Run: [IMJPMIG8.1] - "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
04 - HKLM\SOFTWARE | Run: [MSPY2002] - C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
04 - HKLM\SOFTWARE | Run: [PHIME2002ASync] - C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
04 - HKLM\SOFTWARE | Run: [PHIME2002A] - C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
04 - HKLM\SOFTWARE | Run: [USB Antivirus] - C:\Program Files\USB Disk Security\USBGuard.exe
04 - HKLM\SOFTWARE | Run: [Hard Disk Sentinel] - "C:\Program Files\Hard Disk Sentinel\HDSentinel.exe" /AUTORUN
04 - HKLM\SOFTWARE | Run: [DATAMNGR] - C:\PROGRA~1\SRTOOL~1\Datamngr\DATAMN~1.EXE
04 - HKLM\SOFTWARE | Run: [avast5] - C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
04 - HKLM\SOFTWARE | RunOnce: [] -
04 - HKU\S-1-5-19\SOFTWARE | Run: [CTFMON.EXE] - C:\WINDOWS\system32\CTFMON.EXE
04 - HKU\S-1-5-20\SOFTWARE | Run: [CTFMON.EXE] - C:\WINDOWS\system32\CTFMON.EXE
04 - HKU\S-1-5-21-1801674531-162531612-2147035321-1003\SOFTWARE | Run: [SuperCopier2.exe] - C:\Program Files\SuperCopier2\SuperCopier2.exe
04 - HKU\S-1-5-21-1801674531-162531612-2147035321-1003\SOFTWARE | Run: [ctfmon.exe] - C:\WINDOWS\system32\ctfmon.exe
04 - HKU\S-1-5-21-1801674531-162531612-2147035321-1003\SOFTWARE | Run: [USB Safely Remove] - C:\Program Files\USB Safely Remove\USBSafelyRemove.exe /startup
04 - HKU\S-1-5-21-1801674531-162531612-2147035321-1003\SOFTWARE | Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
04 - HKU\S-1-5-21-1801674531-162531612-2147035321-1003\SOFTWARE | Run: [ccleaner] - "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
04 - HKU\S-1-5-21-1801674531-162531612-2147035321-1003\SOFTWARE | Run: [Google Update] - "C:\Documents and Settings\CELINA\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
04 - HKU\S-1-5-21-1801674531-162531612-2147035321-1003\SOFTWARE | Run: [IDMan] - C:\Program Files\Internet Download Manager\IDMan.exe /onboot
04 - HKU\S-1-5-21-1801674531-162531612-2147035321-1003\SOFTWARE | Run: [Skype] - "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
04 - HKU\S-1-5-21-1801674531-162531612-2147035321-1003\SOFTWARE | Run: [Facebook Update] - "C:\Documents and Settings\CELINA\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
04 - HKU\S-1-5-21-1801674531-162531612-2147035321-1003\SOFTWARE | Run: [] -
04 - HKU\S-1-5-21-1801674531-162531612-2147035321-1003\SOFTWARE | Run: [NokiaSuite.exe] - C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe -tray
04 - HKU\S-1-5-21-1801674531-162531612-2147035321-1003\SOFTWARE | Run: [Iooioq] - C:\Documents and Settings\CELINA\Application Data\Iooioq.scr
04 - HKU\S-1-5-18\SOFTWARE | Run: [CTFMON.EXE] - C:\WINDOWS\system32\CTFMON.EXE
04 - HKU\S-1-5-19\SOFTWARE | RunOnce: [nltide_3] - rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
04 - HKU\S-1-5-19\SOFTWARE | RunOnce: [nltide_2] - regsvr32 /s /n /i:U shell32
04 - HKU\S-1-5-20\SOFTWARE | RunOnce: [nltide_3] - rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
04 - HKU\S-1-5-20\SOFTWARE | RunOnce: [nltide_2] - regsvr32 /s /n /i:U shell32
04 - HKU\S-1-5-18\SOFTWARE | RunOnce: [nltide_3] - rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
04 - HKU\S-1-5-18\SOFTWARE | RunOnce: [nltide_2] - regsvr32 /s /n /i:U shell32
################## | Generic Search |
Present! L:\RECYCLER\37e32d80.scr
Present! L:\What is Municipal definition and meaning_files\default+fr.I.js
Present! L:\What is Municipal definition and meaning_files
Present! L:\What is Municipal definition and meaning_files\ga.js
Present! L:\What is Municipal definition and meaning_files\inputtools.I.js
Present! L:\What is Municipal definition and meaning_files\quant.js
Present! L:\What is Municipal definition and meaning_files\show_ads.js
Present! L:\What is Municipal definition and meaning_files\show_ads_impl.js
Present! L:\What is Municipal definition and meaning_files\ThumbSeed2.js
Present! L:\What is Municipal definition and meaning_files\ti.js
Present! L:\What is Municipal definition and meaning_files_2\default+fr.I.js
Present! L:\What is Municipal definition and meaning_files_2
Present! L:\What is Municipal definition and meaning_files_2\ga.js
Present! L:\What is Municipal definition and meaning_files_2\inputtools.I.js
Present! L:\What is Municipal definition and meaning_files_2\quant.js
Present! L:\What is Municipal definition and meaning_files_2\show_ads.js
Present! L:\What is Municipal definition and meaning_files_2\show_ads_impl.js
Present! L:\What is Municipal definition and meaning_files_2\ThumbSeed2.js
Present! L:\What is Municipal definition and meaning_files_2\ti.js
Present! L:\Recycler\desktop.ini
################## | Registry |
################## | Vaccine |
L:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
################## | E.O.F | https://www.usbfix.net/ - https://www.sosvirus.net/ |
User: CELINA (Administrator) # MAISON-14764DEB
Updated on 03/11/2013 by El Desaparecido - Team SosVirus
Launched at 17:29:48 | 04/11/2013
Website: https://www.usbfix.net/
Forum: https://www.sosvirus.net/
Upload Malware: http://www.sosvirus.net/upload_malware.php
Contact: https://www.usb-antivirus.com/fr/contact/
PC: Dell Inc. (0GM819)
CPU: Intel(R) Pentium(R) Dual CPU E2160 @ 1.80GHz
RAM -> [Total: 997 | Free: 433]
Bios: Dell Inc.
Boot: Normal boot
OS: Microsoft Windows XP Professional (5.1.2600 32-Bit) Service Pack 3
WB: Windows Internet Explorer: 8.0.6001.18702
WB: Mozilla Firefox: 1.8.1.14: 2008040413
SC: Security Center Service [(!) Disabled]
WU: Windows Update Service [(!) Disabled]
FW: Windows FireWall Service [(!) Disabled]
C:\ (%systemdrive%) -> Fixed disk # 39 GB (5 GB free - 13%) [] # NTFS
D:\ -> Fixed disk # 39 GB (7 GB free - 18%) [] # NTFS
E:\ -> Fixed disk # 39 GB (2 GB free - 6%) [] # NTFS
F:\ -> Fixed disk # 32 GB (340 MB free - 1%) [] # NTFS
K:\ -> CD-ROM
L:\ -> Removable disk # 4 GB (3 GB free - 90%) [] # FAT32
################## | Active Processes |
C:\WINDOWS\System32\smss.exe (ID: 600 | ParentID: 4)
C:\WINDOWS\system32\csrss.exe (ID: 648 | ParentID: 600)
C:\WINDOWS\system32\winlogon.exe (ID: 672 | ParentID: 600)
C:\WINDOWS\system32\services.exe (ID: 728 | ParentID: 672)
C:\WINDOWS\system32\lsass.exe (ID: 740 | ParentID: 672)
C:\WINDOWS\system32\svchost.exe (ID: 920 | ParentID: 728)
C:\WINDOWS\system32\svchost.exe (ID: 1000 | ParentID: 728)
C:\WINDOWS\System32\svchost.exe (ID: 1052 | ParentID: 728)
C:\WINDOWS\system32\svchost.exe (ID: 1108 | ParentID: 728)
C:\WINDOWS\system32\svchost.exe (ID: 1168 | ParentID: 728)
C:\WINDOWS\system32\svchost.exe (ID: 1244 | ParentID: 728)
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ID: 1456 | ParentID: 728)
C:\WINDOWS\Explorer.EXE (ID: 1592 | ParentID: 1564)
C:\WINDOWS\system32\ctfmon.exe (ID: 1616 | ParentID: 1592)
C:\WINDOWS\system32\spoolsv.exe (ID: 1908 | ParentID: 728)
C:\Program Files\IB Updater\ExtensionUpdaterService.exe (ID: 2044 | ParentID: 728)
C:\WINDOWS\system32\dmwu.exe (ID: 156 | ParentID: 728)
C:\WINDOWS\system32\hkcmd.exe (ID: 324 | ParentID: 1592)
C:\Program Files\Internet Explorer\IEXPLORE.EXE (ID: 336 | ParentID: 204)
C:\Documents and Settings\CELINA\Local Settings\Application Data\NVIDIA Corporation\Update\nvupd32.exe (ID: 384 | ParentID: 204)
C:\WINDOWS\system32\igfxpers.exe (ID: 396 | ParentID: 1592)
C:\WINDOWS\Installer\MSI60.tmp (ID: 460 | ParentID: 728)
C:\WINDOWS\system32\igfxsrvc.exe (ID: 112 | ParentID: 920)
C:\Program Files\USB Disk Security\USBGuard.exe (ID: 592 | ParentID: 1592)
C:\Program Files\Hard Disk Sentinel\HDSentinel.exe (ID: 768 | ParentID: 1592)
C:\PROGRA~1\SRTOOL~1\Datamngr\DATAMN~1.EXE (ID: 1008 | ParentID: 1592)
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe (ID: 1180 | ParentID: 1592)
C:\WINDOWS\system32\svchost.exe (ID: 1212 | ParentID: 728)
C:\Program Files\SuperCopier2\SuperCopier2.exe (ID: 1164 | ParentID: 1592)
C:\Program Files\USB Safely Remove\USBSafelyRemove.exe (ID: 1920 | ParentID: 1592)
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (ID: 2076 | ParentID: 1592)
C:\Program Files\Internet Download Manager\IDMan.exe (ID: 2192 | ParentID: 1592)
C:\Program Files\Skype\Phone\Skype.exe (ID: 2480 | ParentID: 1592)
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (ID: 2588 | ParentID: 728)
C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe (ID: 2640 | ParentID: 1592)
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (ID: 2872 | ParentID: 920)
C:\Program Files\Internet Download Manager\IEMonitor.exe (ID: 3700 | ParentID: 2192)
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (ID: 2152 | ParentID: 728)
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe (ID: 2424 | ParentID: 2152)
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe (ID: 2436 | ParentID: 2152)
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe (ID: 2464 | ParentID: 2152)
C:\Documents and Settings\CELINA\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (ID: 3304 | ParentID: 1592)
C:\Documents and Settings\CELINA\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (ID: 624 | ParentID: 3304)
C:\Documents and Settings\CELINA\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (ID: 1932 | ParentID: 3304)
C:\UsbFix\Go.exe (ID: 3024 | ParentID: 2920)
C:\WINDOWS\system32\wbem\wmiprvse.exe (ID: 4056 | ParentID: 920)
################## | Regedit Run |
04 - HKLM\SOFTWARE | Run: [IgfxTray] - C:\WINDOWS\system32\igfxtray.exe
04 - HKLM\SOFTWARE | Run: [HotKeysCmds] - C:\WINDOWS\system32\hkcmd.exe
04 - HKLM\SOFTWARE | Run: [Persistence] - C:\WINDOWS\system32\igfxpers.exe
04 - HKLM\SOFTWARE | Run: [IMJPMIG8.1] - "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
04 - HKLM\SOFTWARE | Run: [MSPY2002] - C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
04 - HKLM\SOFTWARE | Run: [PHIME2002ASync] - C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
04 - HKLM\SOFTWARE | Run: [PHIME2002A] - C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
04 - HKLM\SOFTWARE | Run: [USB Antivirus] - C:\Program Files\USB Disk Security\USBGuard.exe
04 - HKLM\SOFTWARE | Run: [Hard Disk Sentinel] - "C:\Program Files\Hard Disk Sentinel\HDSentinel.exe" /AUTORUN
04 - HKLM\SOFTWARE | Run: [DATAMNGR] - C:\PROGRA~1\SRTOOL~1\Datamngr\DATAMN~1.EXE
04 - HKLM\SOFTWARE | Run: [avast5] - C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
04 - HKLM\SOFTWARE | RunOnce: [] -
04 - HKU\S-1-5-19\SOFTWARE | Run: [CTFMON.EXE] - C:\WINDOWS\system32\CTFMON.EXE
04 - HKU\S-1-5-20\SOFTWARE | Run: [CTFMON.EXE] - C:\WINDOWS\system32\CTFMON.EXE
04 - HKU\S-1-5-21-1801674531-162531612-2147035321-1003\SOFTWARE | Run: [SuperCopier2.exe] - C:\Program Files\SuperCopier2\SuperCopier2.exe
04 - HKU\S-1-5-21-1801674531-162531612-2147035321-1003\SOFTWARE | Run: [ctfmon.exe] - C:\WINDOWS\system32\ctfmon.exe
04 - HKU\S-1-5-21-1801674531-162531612-2147035321-1003\SOFTWARE | Run: [USB Safely Remove] - C:\Program Files\USB Safely Remove\USBSafelyRemove.exe /startup
04 - HKU\S-1-5-21-1801674531-162531612-2147035321-1003\SOFTWARE | Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
04 - HKU\S-1-5-21-1801674531-162531612-2147035321-1003\SOFTWARE | Run: [ccleaner] - "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
04 - HKU\S-1-5-21-1801674531-162531612-2147035321-1003\SOFTWARE | Run: [Google Update] - "C:\Documents and Settings\CELINA\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
04 - HKU\S-1-5-21-1801674531-162531612-2147035321-1003\SOFTWARE | Run: [IDMan] - C:\Program Files\Internet Download Manager\IDMan.exe /onboot
04 - HKU\S-1-5-21-1801674531-162531612-2147035321-1003\SOFTWARE | Run: [Skype] - "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
04 - HKU\S-1-5-21-1801674531-162531612-2147035321-1003\SOFTWARE | Run: [Facebook Update] - "C:\Documents and Settings\CELINA\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
04 - HKU\S-1-5-21-1801674531-162531612-2147035321-1003\SOFTWARE | Run: [] -
04 - HKU\S-1-5-21-1801674531-162531612-2147035321-1003\SOFTWARE | Run: [NokiaSuite.exe] - C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe -tray
04 - HKU\S-1-5-21-1801674531-162531612-2147035321-1003\SOFTWARE | Run: [Iooioq] - C:\Documents and Settings\CELINA\Application Data\Iooioq.scr
04 - HKU\S-1-5-18\SOFTWARE | Run: [CTFMON.EXE] - C:\WINDOWS\system32\CTFMON.EXE
04 - HKU\S-1-5-19\SOFTWARE | RunOnce: [nltide_3] - rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
04 - HKU\S-1-5-19\SOFTWARE | RunOnce: [nltide_2] - regsvr32 /s /n /i:U shell32
04 - HKU\S-1-5-20\SOFTWARE | RunOnce: [nltide_3] - rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
04 - HKU\S-1-5-20\SOFTWARE | RunOnce: [nltide_2] - regsvr32 /s /n /i:U shell32
04 - HKU\S-1-5-18\SOFTWARE | RunOnce: [nltide_3] - rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
04 - HKU\S-1-5-18\SOFTWARE | RunOnce: [nltide_2] - regsvr32 /s /n /i:U shell32
################## | Generic Search |
Present! L:\RECYCLER\37e32d80.scr
Present! L:\What is Municipal definition and meaning_files\default+fr.I.js
Present! L:\What is Municipal definition and meaning_files
Present! L:\What is Municipal definition and meaning_files\ga.js
Present! L:\What is Municipal definition and meaning_files\inputtools.I.js
Present! L:\What is Municipal definition and meaning_files\quant.js
Present! L:\What is Municipal definition and meaning_files\show_ads.js
Present! L:\What is Municipal definition and meaning_files\show_ads_impl.js
Present! L:\What is Municipal definition and meaning_files\ThumbSeed2.js
Present! L:\What is Municipal definition and meaning_files\ti.js
Present! L:\What is Municipal definition and meaning_files_2\default+fr.I.js
Present! L:\What is Municipal definition and meaning_files_2
Present! L:\What is Municipal definition and meaning_files_2\ga.js
Present! L:\What is Municipal definition and meaning_files_2\inputtools.I.js
Present! L:\What is Municipal definition and meaning_files_2\quant.js
Present! L:\What is Municipal definition and meaning_files_2\show_ads.js
Present! L:\What is Municipal definition and meaning_files_2\show_ads_impl.js
Present! L:\What is Municipal definition and meaning_files_2\ThumbSeed2.js
Present! L:\What is Municipal definition and meaning_files_2\ti.js
Present! L:\Recycler\desktop.ini
################## | Registry |
################## | Vaccine |
L:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
################## | E.O.F | https://www.usbfix.net/ - https://www.sosvirus.net/ |
############################## | UsbFix V 7.153 | [Research]
User: djo (Administrator) # DJO-PC
Updated on 09/12/2013 by El Desaparecido - Team SosVirus
Launched at 00:01:19 | 11/12/2013
Website: http://www.usbfix.net
Forum: http://www.sosvirus.net/
Upload Malware: http://www.sosvirus.net/upload_malware.php
Contact: http://www.usbfix.net/contact/
PC: Quanta (3624)
CPU: Intel(R) Core(TM)2 Duo CPU P8600 @ 2.40GHz
RAM -> [Total: 4093 | Free: 2899]
Bios: Hewlett-Packard
Boot: Normal boot
OS: Microsoft Windows 7 Ultimate Edition (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer: 8.0.7601.17514
WB: Google Chrome: 31.0.1650.63
SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AS: Windows Defender [Enabled | (!) Outdated]
AS: Windows Defender: 6.1.7600.16385 (win7_rtm.090713-1255)
FW: Windows FireWall Service [Enabled]
C:\ (%systemdrive%) -> Hard Drive # 455 Go (165 Go free - 36%) [] # NTFS
D:\ -> Hard Drive # 11 Go (2 Go free - 17%) [RECOVERY] # NTFS
E:\ -> CD-ROM
F:\ -> Removable Drive # 15 Go (3 Go free - 19%) [] # FAT32
################## | Active Processes |
C:\Windows\system32\csrss.exe (ID: 344 | ParentID: 336)
C:\Windows\system32\wininit.exe (ID: 424 | ParentID: 336)
C:\Windows\system32\csrss.exe (ID: 444 | ParentID: 416)
C:\Windows\system32\services.exe (ID: 480 | ParentID: 424)
C:\Windows\system32\lsass.exe (ID: 500 | ParentID: 424)
C:\Windows\system32\lsm.exe (ID: 508 | ParentID: 424)
C:\Windows\system32\winlogon.exe (ID: 580 | ParentID: 416)
C:\Windows\system32\svchost.exe (ID: 676 | ParentID: 480)
C:\Windows\system32\svchost.exe (ID: 752 | ParentID: 480)
C:\Windows\System32\svchost.exe (ID: 816 | ParentID: 480)
C:\Windows\System32\svchost.exe (ID: 892 | ParentID: 480)
C:\Windows\system32\svchost.exe (ID: 932 | ParentID: 480)
C:\Windows\system32\svchost.exe (ID: 348 | ParentID: 480)
C:\Windows\system32\svchost.exe (ID: 692 | ParentID: 480)
C:\Windows\system32\svchost.exe (ID: 1076 | ParentID: 480)
C:\Windows\system32\Dwm.exe (ID: 1244 | ParentID: 892)
C:\Windows\system32\svchost.exe (ID: 1844 | ParentID: 480)
C:\Windows\system32\svchost.exe (ID: 2816 | ParentID: 480)
C:\Windows\System32\svchost.exe (ID: 3000 | ParentID: 480)
C:\Windows\system32\WUDFHost.exe (ID: 2352 | ParentID: 892)
C:\Windows\System32\rundll32.exe (ID: 1632 | ParentID: 676)
C:\Windows\system32\SearchIndexer.exe (ID: 2852 | ParentID: 480)
C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 1888 | ParentID: 480)
C:\Windows\Explorer.exe (ID: 2536 | ParentID: 2568)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 2236 | ParentID: 676)
C:\Windows\System32\spoolsv.exe (ID: 2044 | ParentID: 480)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 3032 | ParentID: 2536)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 1688 | ParentID: 3032)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 1904 | ParentID: 3032)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 1652 | ParentID: 3032)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 1860 | ParentID: 3032)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 2620 | ParentID: 3032)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 2496 | ParentID: 3032)
C:\Windows\system32\taskhost.exe (ID: 2780 | ParentID: 480)
C:\UsbFix\Go.exe (ID: 2540 | ParentID: 1192)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 2936 | ParentID: 676)
################## | Regedit Run |
04 - HKLM\SOFTWARE | Run: [UIExec] - "C:\Program Files (x86)\Dim@Net\UIExec.exe"
04 - HKLM\SOFTWARE | Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run: [UIExec] - "C:\Program Files (x86)\Dim@Net\UIExec.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\SOFTWARE | RunOnce: [] -
04 - HKLM\SOFTWARE\wow6432Node | RunOnce: [] -
04 - HKU\S-1-5-19\SOFTWARE | Run: [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\SOFTWARE | Run: [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-341456389-3053273059-2714294543-1000\SOFTWARE | Run: [Facebook Update] - "C:\Users\djo\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
04 - HKU\S-1-5-21-341456389-3053273059-2714294543-1000\SOFTWARE | Run: [Akamai NetSession Interface] - "C:\Users\djo\AppData\Local\Akamai\netsession_win.exe"
04 - HKU\S-1-5-19\SOFTWARE | RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\SOFTWARE | RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe
################## | Generic Search |
Present! C:\install.exe
Present! F:\THEGG.lnk
Present! F:\tunis.lnk
Present! F:\bizetre.lnk
Present! F:\DEMANDES.lnk
Present! F:\djo.lnk
Present! F:\clic clac.lnk
Present! F:\mhamdia.lnk
Present! F:\RECYCLER.lnk
Present! F:\ccu.lnk
Present! F:\dossier permis de batir azur aout 2013.lnk
Present! F:\salle d sport.lnk
Present! F:\lyceee sfax.lnk
Present! F:\Learning Autodesk Revit Architecture 2013 - (Malestrom).lnk
Present! F:\Evermotion-HD.Cars.Vol.3.3D.Models.by_instantloader.lnk
Present! F:\ayachi clinique.lnk
Present! F:\elements rendu.lnk
Present! F:\elements rendu douar hicher.lnk
Present! F:\DOSSIER RENDU MAISON DE CULTURE MHAMDIA.lnk
Present! F:\MHAMDIAA BAZZ RENDU.lnk
Present! D:\desktop.ini
################## | Registry |
################## | Vaccine |
D:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
F:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
################## | E.O.F | http://www.usbfix.net - http://www.sosvirus.net |
User: djo (Administrator) # DJO-PC
Updated on 09/12/2013 by El Desaparecido - Team SosVirus
Launched at 00:01:19 | 11/12/2013
Website: http://www.usbfix.net
Forum: http://www.sosvirus.net/
Upload Malware: http://www.sosvirus.net/upload_malware.php
Contact: http://www.usbfix.net/contact/
PC: Quanta (3624)
CPU: Intel(R) Core(TM)2 Duo CPU P8600 @ 2.40GHz
RAM -> [Total: 4093 | Free: 2899]
Bios: Hewlett-Packard
Boot: Normal boot
OS: Microsoft Windows 7 Ultimate Edition (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer: 8.0.7601.17514
WB: Google Chrome: 31.0.1650.63
SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AS: Windows Defender [Enabled | (!) Outdated]
AS: Windows Defender: 6.1.7600.16385 (win7_rtm.090713-1255)
FW: Windows FireWall Service [Enabled]
C:\ (%systemdrive%) -> Hard Drive # 455 Go (165 Go free - 36%) [] # NTFS
D:\ -> Hard Drive # 11 Go (2 Go free - 17%) [RECOVERY] # NTFS
E:\ -> CD-ROM
F:\ -> Removable Drive # 15 Go (3 Go free - 19%) [] # FAT32
################## | Active Processes |
C:\Windows\system32\csrss.exe (ID: 344 | ParentID: 336)
C:\Windows\system32\wininit.exe (ID: 424 | ParentID: 336)
C:\Windows\system32\csrss.exe (ID: 444 | ParentID: 416)
C:\Windows\system32\services.exe (ID: 480 | ParentID: 424)
C:\Windows\system32\lsass.exe (ID: 500 | ParentID: 424)
C:\Windows\system32\lsm.exe (ID: 508 | ParentID: 424)
C:\Windows\system32\winlogon.exe (ID: 580 | ParentID: 416)
C:\Windows\system32\svchost.exe (ID: 676 | ParentID: 480)
C:\Windows\system32\svchost.exe (ID: 752 | ParentID: 480)
C:\Windows\System32\svchost.exe (ID: 816 | ParentID: 480)
C:\Windows\System32\svchost.exe (ID: 892 | ParentID: 480)
C:\Windows\system32\svchost.exe (ID: 932 | ParentID: 480)
C:\Windows\system32\svchost.exe (ID: 348 | ParentID: 480)
C:\Windows\system32\svchost.exe (ID: 692 | ParentID: 480)
C:\Windows\system32\svchost.exe (ID: 1076 | ParentID: 480)
C:\Windows\system32\Dwm.exe (ID: 1244 | ParentID: 892)
C:\Windows\system32\svchost.exe (ID: 1844 | ParentID: 480)
C:\Windows\system32\svchost.exe (ID: 2816 | ParentID: 480)
C:\Windows\System32\svchost.exe (ID: 3000 | ParentID: 480)
C:\Windows\system32\WUDFHost.exe (ID: 2352 | ParentID: 892)
C:\Windows\System32\rundll32.exe (ID: 1632 | ParentID: 676)
C:\Windows\system32\SearchIndexer.exe (ID: 2852 | ParentID: 480)
C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 1888 | ParentID: 480)
C:\Windows\Explorer.exe (ID: 2536 | ParentID: 2568)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 2236 | ParentID: 676)
C:\Windows\System32\spoolsv.exe (ID: 2044 | ParentID: 480)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 3032 | ParentID: 2536)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 1688 | ParentID: 3032)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 1904 | ParentID: 3032)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 1652 | ParentID: 3032)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 1860 | ParentID: 3032)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 2620 | ParentID: 3032)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 2496 | ParentID: 3032)
C:\Windows\system32\taskhost.exe (ID: 2780 | ParentID: 480)
C:\UsbFix\Go.exe (ID: 2540 | ParentID: 1192)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 2936 | ParentID: 676)
################## | Regedit Run |
04 - HKLM\SOFTWARE | Run: [UIExec] - "C:\Program Files (x86)\Dim@Net\UIExec.exe"
04 - HKLM\SOFTWARE | Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run: [UIExec] - "C:\Program Files (x86)\Dim@Net\UIExec.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\SOFTWARE | RunOnce: [] -
04 - HKLM\SOFTWARE\wow6432Node | RunOnce: [] -
04 - HKU\S-1-5-19\SOFTWARE | Run: [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\SOFTWARE | Run: [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-341456389-3053273059-2714294543-1000\SOFTWARE | Run: [Facebook Update] - "C:\Users\djo\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
04 - HKU\S-1-5-21-341456389-3053273059-2714294543-1000\SOFTWARE | Run: [Akamai NetSession Interface] - "C:\Users\djo\AppData\Local\Akamai\netsession_win.exe"
04 - HKU\S-1-5-19\SOFTWARE | RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\SOFTWARE | RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe
################## | Generic Search |
Present! C:\install.exe
Present! F:\THEGG.lnk
Present! F:\tunis.lnk
Present! F:\bizetre.lnk
Present! F:\DEMANDES.lnk
Present! F:\djo.lnk
Present! F:\clic clac.lnk
Present! F:\mhamdia.lnk
Present! F:\RECYCLER.lnk
Present! F:\ccu.lnk
Present! F:\dossier permis de batir azur aout 2013.lnk
Present! F:\salle d sport.lnk
Present! F:\lyceee sfax.lnk
Present! F:\Learning Autodesk Revit Architecture 2013 - (Malestrom).lnk
Present! F:\Evermotion-HD.Cars.Vol.3.3D.Models.by_instantloader.lnk
Present! F:\ayachi clinique.lnk
Present! F:\elements rendu.lnk
Present! F:\elements rendu douar hicher.lnk
Present! F:\DOSSIER RENDU MAISON DE CULTURE MHAMDIA.lnk
Present! F:\MHAMDIAA BAZZ RENDU.lnk
Present! D:\desktop.ini
################## | Registry |
################## | Vaccine |
D:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
F:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
################## | E.O.F | http://www.usbfix.net - http://www.sosvirus.net |
############################## | UsbFix V 7.154 | [Search]
User: Administrator (Administrator) # SWEET-CD11206C6
Updated on 12/13/2013 by El Desaparecido - Team SosVirus
Launched at 4:20:57 PM | 12/13/2013
Website: https://www.usbfix.net/
Forum: https://www.sosvirus.net/
Upload Malware: http://www.sosvirus.net/upload_malware.php
Contact: https://www.usb-antivirus.com/fr/contact/
PC: Hewlett-Packard (0A54h)
CPU: Intel(R) Pentium(R) Dual CPU E2160 @ 1.80GHz
RAM -> [Total: 999 | Free: 444]
Bios: Hewlett-Packard
Boot: Normal boot
OS: Microsoft Windows XP Professional (5.1.2600 32-Bit) Service Pack 3
WB: Windows Internet Explorer: 7.0.5730.13
WB: Google Chrome: 31.0.1650.63
WB: Mozilla Firefox: 15.0.1
SC: Security Center Service [(!) Disabled]
WU: Windows Update Service [Enabled]
FW: Windows FireWall Service [(!) Disabled]
C:\ (%systemdrive%) -> Fixed drive # 75 Go (68 Go free(s) - 91%) [] # NTFS
D:\ -> CD-ROM
E:\ -> Removable drive # 2 Go (1 Go free(s) - 74%) [] # FAT
################## | Active Processes |
C:\WINDOWS\System32\smss.exe (ID: 648 |ParentID: 4)
C:\WINDOWS\system32\csrss.exe (ID: 728 |ParentID: 648)
C:\WINDOWS\system32\winlogon.exe (ID: 768 |ParentID: 648)
C:\WINDOWS\system32\services.exe (ID: 844 |ParentID: 768)
C:\WINDOWS\system32\lsass.exe (ID: 872 |ParentID: 768)
C:\Program Files\HyperTechnologies\Deep Freeze\DfServEx.exe (ID: 1056 |ParentID: 844)
C:\WINDOWS\system32\svchost.exe (ID: 1088 |ParentID: 844)
C:\WINDOWS\system32\svchost.exe (ID: 1156 |ParentID: 844)
C:\WINDOWS\System32\svchost.exe (ID: 1260 |ParentID: 844)
C:\WINDOWS\system32\spoolsv.exe (ID: 1528 |ParentID: 844)
C:\Program Files\HyperTechnologies\Deep Freeze\_$Df\FrzState.exe (ID: 1852 |ParentID: 1056)
C:\WINDOWS\Explorer.EXE (ID: 1920 |ParentID: 1868)
C:\WINDOWS\system32\igfxtray.exe (ID: 248 |ParentID: 1920)
C:\WINDOWS\system32\hkcmd.exe (ID: 256 |ParentID: 1920)
C:\WINDOWS\system32\igfxpers.exe (ID: 260 |ParentID: 1920)
C:\WINDOWS\RTHDCPL.EXE (ID: 268 |ParentID: 1920)
C:\WINDOWS\system32\igfxsrvc.exe (ID: 324 |ParentID: 1088)
C:\Program Files\Google\Update\GoogleUpdate.exe (ID: 1432 |ParentID: 1492)
C:\Program Files\Internet Download Manager\IDMan.exe (ID: 3440 |ParentID: 1088)
C:\Program Files\AVAST Software\Avast\AvastSvc.exe (ID: 952 |ParentID: 844)
C:\Program Files\AVAST Software\Avast\avastUi.exe (ID: 1364 |ParentID: 3668)
C:\Program Files\Mozilla Firefox\firefox.exe (ID: 484 |ParentID: 1920)
C:\Program Files\Mozilla Firefox\plugin-container.exe (ID: 3612 |ParentID: 484)
C:\UsbFix\Go.exe (ID: 4020 |ParentID: 3476)
C:\WINDOWS\system32\wbem\wmiprvse.exe (ID: 1416 |ParentID: 1088)
################## | Regedit Run |
04 - HKLM\SOFTWARE | Run : [IgfxTray] - C:\WINDOWS\system32\igfxtray.exe
04 - HKLM\SOFTWARE | Run : [HotKeysCmds] - C:\WINDOWS\system32\hkcmd.exe
04 - HKLM\SOFTWARE | Run : [Persistence] - C:\WINDOWS\system32\igfxpers.exe
04 - HKLM\SOFTWARE | Run : [RTHDCPL] - RTHDCPL.EXE
04 - HKLM\SOFTWARE | Run : [Alcmtr] - ALCMTR.EXE
04 - HKLM\SOFTWARE | Run : [KernelFaultCheck] - %systemroot%\system32\dumprep 0 -k
04 - HKLM\SOFTWARE | Run : [AvastUI.exe] - "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
04 - HKLM\SOFTWARE | RunOnce : [] -
04 - HKU\S-1-5-20\SOFTWARE | RunOnce : [JkDefrag] - rundll32 advpack.dll,LaunchINFSection JKDEFRAG.INF,RunOnce,1,N
04 - HKU\S-1-5-20\SOFTWARE | RunOnce : [SweetRegistry] - rundll32 advpack.dll,LaunchINFSection SweetReg.inf,PerUserStub
04 - HKU\S-1-5-21-2000478354-1085031214-1417001333-500\SOFTWARE | RunOnce : [FlashPlayerUpdate] - C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_4_402_278_Plugin.exe -update plugin
04 - HKU\S-1-5-18\SOFTWARE | RunOnce : [JkDefrag] - rundll32 advpack.dll,LaunchINFSection JKDEFRAG.INF,RunOnce,1,N
04 - HKU\S-1-5-18\SOFTWARE | RunOnce : [SweetRegistry] - rundll32 advpack.dll,LaunchINFSection SweetReg.inf,PerUserStub
################## | Generic Search |
Present! E:\Recycler\S-2-1-86-6246867346-0718475762-658438130-7110\vIesVdMS.exe
Present! E:\Recycler\S-2-1-86-6246867346-0718475762-658438130-7110\UgWBCBrL.exe
Present! E:\Recycler\S-2-1-86-6246867346-0718475762-658438130-7110\OufirAdX.exe
Present! E:\Recycler\S-2-1-86-6246867346-0718475762-658438130-7110\FxAsFGvm.exe
Present! E:\Recycler\S-2-1-86-6246867346-0718475762-658438130-7110\cNtTUFSg.exe
Present! E:\Recycler\S-2-1-86-6246867346-0718475762-658438130-7110\SNxMADaL.exe
Present! E:\Recycler\S-2-1-86-6246867346-0718475762-658438130-7110\avKPFpMM.exe
Present! E:\Recycler\S-2-1-86-6246867346-0718475762-658438130-7110\GrMkTKBE.exe
Present! E:\Recycler\S-2-1-86-6246867346-0718475762-658438130-7110\BBJpRsrT.exe
Present! E:\Recycler\S-2-1-86-6246867346-0718475762-658438130-7110\xUscjVLe.cpl
Present! E:\Recycler\S-2-1-86-6246867346-0718475762-658438130-7110\pShlopdk.cpl
Present! E:\Recycler\S-2-1-86-6246867346-0718475762-658438130-7110\RVLTQsQd.cpl
Present! E:\Recycler\S-2-1-86-6246867346-0718475762-658438130-7110\DRwjVrha.cpl
Present! E:\Recycler\S-2-1-86-6246867346-0718475762-658438130-7110\SRkRGUeq.cpl
Present! E:\Recycler\S-2-1-86-6246867346-0718475762-658438130-7110\QoKWCXHq.cpl
Present! E:\Recycler\S-2-1-86-6246867346-0718475762-658438130-7110\SCncGRSH.cpl
Present! E:\Recycler\S-2-1-86-6246867346-0718475762-658438130-7110\QMwiAUtw.cpl
Present! E:\Recycler\S-2-1-86-6246867346-0718475762-658438130-7110\ITaapBpv.cpl
Present! E:\Recycler\S-3-7-50-3156644850-5882143624-416182206-0620\NZEBvUNo.exe
Present! E:\Recycler\S-3-7-50-3156644850-5882143624-416182206-0620\AGeWpyue.exe
Present! E:\Recycler\S-3-7-50-3156644850-5882143624-416182206-0620\oIjnmVVk.exe
Present! E:\Recycler\S-3-7-50-3156644850-5882143624-416182206-0620\tMGsVZuS.cpl
Present! E:\Recycler\S-3-7-50-3156644850-5882143624-416182206-0620\ByrstVoV.cpl
Present! E:\Recycler\S-3-7-50-3156644850-5882143624-416182206-0620\yxlftWWV.cpl
Present! E:\Recycler\S-1-8-24-2688600773-7634887358-415447285-4157\wHtIlsNE.cpl
Present! E:\Recycler\S-1-8-24-2688600773-7634887358-415447285-4157\PFTDMDFV.cpl
Present! E:\Recycler\S-1-8-24-2688600773-7634887358-415447285-4157\HIvJRlig.cpl
Present! E:\Recycler\S-1-8-24-2688600773-7634887358-415447285-4157\myvEScqt.cpl
Present! E:\Recycler\S-1-8-24-2688600773-7634887358-415447285-4157\gAJyevdh.cpl
Present! E:\Recycler\S-1-8-24-2688600773-7634887358-415447285-4157\OasWwcNh.cpl
Present! E:\Recycler\S-5-2-52-2367025265-1770374155-063754886-5765\OflKeYxU.exe
Present! E:\Recycler\S-5-2-52-2367025265-1770374155-063754886-5765\aJSFtjFL.exe
Present! E:\Recycler\S-5-2-52-2367025265-1770374155-063754886-5765\TpfYmywM.exe
Present! E:\Recycler\S-5-2-52-2367025265-1770374155-063754886-5765\fDGHewbq.exe
Present! E:\Recycler\S-5-2-52-2367025265-1770374155-063754886-5765\BovsxDZr.exe
Present! E:\Recycler\S-5-2-52-2367025265-1770374155-063754886-5765\cJNsJCDu.cpl
Present! E:\Recycler\S-5-2-52-2367025265-1770374155-063754886-5765\elPSaNMp.cpl
Present! E:\Recycler\S-5-2-52-2367025265-1770374155-063754886-5765\tFTgeuYG.cpl
Present! E:\Recycler\S-5-2-52-2367025265-1770374155-063754886-5765\vHWtLqea.cpl
Present! E:\Recycler\S-3-2-65-3431855032-1852778662-306082063-0508\RWbncZXc.exe
Present! E:\Recycler\S-3-2-65-3431855032-1852778662-306082063-0508\yZsBXCAD.exe
Present! E:\Recycler\S-3-2-65-3431855032-1852778662-306082063-0508\gZJbGsDm.exe
Present! E:\Recycler\S-3-2-65-3431855032-1852778662-306082063-0508\FFQFZGkK.exe
Present! E:\Recycler\S-3-2-65-3431855032-1852778662-306082063-0508\AarqrNQT.cpl
Present! E:\Recycler\S-3-2-65-3431855032-1852778662-306082063-0508\yUwhEAcK.cpl
Present! E:\Recycler\S-3-2-65-3431855032-1852778662-306082063-0508\SPnoOYRC.cpl
Present! E:\Recycler\S-3-2-65-3431855032-1852778662-306082063-0508\TtepTgFe.cpl
Present! E:\Recycler\S-8-5-43-1440201214-0365033747-076246472-1417\hBeJxMeU.exe
Present! E:\Recycler\S-8-5-43-1440201214-0365033747-076246472-1417\KOgYJWpW.exe
Present! E:\Recycler\S-8-5-43-1440201214-0365033747-076246472-1417\wUaYtPNX.exe
Present! E:\Recycler\S-8-5-43-1440201214-0365033747-076246472-1417\ahmJpePJ.exe
Present! E:\Recycler\S-8-5-43-1440201214-0365033747-076246472-1417\hxCJZWvk.exe
Present! E:\Recycler\S-8-5-43-1440201214-0365033747-076246472-1417\bAkBwwYp.exe
Present! E:\Recycler\S-8-5-43-1440201214-0365033747-076246472-1417\NOaCgxlu.exe
Present! E:\Recycler\S-8-5-43-1440201214-0365033747-076246472-1417\LmbmgxQU.exe
Present! E:\Recycler\S-8-5-43-1440201214-0365033747-076246472-1417\LtVHpiyB.exe
Present! E:\Recycler\S-8-5-43-1440201214-0365033747-076246472-1417\vQHVnkWg.cpl
Present! E:\Recycler\S-8-5-43-1440201214-0365033747-076246472-1417\NyjKXpxW.cpl
Present! E:\Recycler\S-8-5-43-1440201214-0365033747-076246472-1417\NWunbUhZ.cpl
Present! E:\Recycler\S-8-5-43-1440201214-0365033747-076246472-1417\GUcdJpGE.cpl
Present! E:\Recycler\S-8-5-43-1440201214-0365033747-076246472-1417\CXJgsqtx.cpl
Present! E:\Recycler\S-8-5-43-1440201214-0365033747-076246472-1417\raRBCaOJ.cpl
Present! E:\Recycler\S-8-5-43-1440201214-0365033747-076246472-1417\FAcXqMCn.cpl
Present! E:\Recycler\S-8-5-43-1440201214-0365033747-076246472-1417\QAyQcemX.cpl
Present! E:\Recycler\S-3-3-67-1237452015-2053762868-353826062-5255\mXICcdgT.cpl
Present! E:\Recycler\S-3-3-67-1237452015-2053762868-353826062-5255\NhDFtVLF.cpl
Present! E:\Recycler\S-3-3-67-1237452015-2053762868-353826062-5255\cJWlUhfP.cpl
Present! E:\Recycler\S-3-3-67-1237452015-2053762868-353826062-5255\reehXLSp.cpl
Present! E:\Recycler\S-3-3-67-1237452015-2053762868-353826062-5255\apgbOeFP.cpl
Present! E:\Recycler\S-2-7-07-6272712608-7371385572-844634353-7128\jdBxLiFY.exe
Present! E:\Recycler\S-2-7-07-6272712608-7371385572-844634353-7128\vidbOZQb.exe
Present! E:\Recycler\S-2-7-07-6272712608-7371385572-844634353-7128\AitFlHNP.exe
Present! E:\Recycler\S-2-7-07-6272712608-7371385572-844634353-7128\ruaEwchx.exe
Present! E:\Recycler\S-2-7-07-6272712608-7371385572-844634353-7128\PMjZRcPj.cpl
Present! E:\Recycler\S-2-7-07-6272712608-7371385572-844634353-7128\HLvdPKum.cpl
Present! E:\Recycler\S-2-7-07-6272712608-7371385572-844634353-7128\oTfHoZfx.cpl
Present! E:\Recycler\S-2-7-07-6272712608-7371385572-844634353-7128\UATknBsR.cpl
Present! E:\Recycler\S-2-7-07-6272712608-7371385572-844634353-7128\voyeSHJZ.cpl
Present! E:\Recycler\S-8-8-72-3248157706-6885418246-412240145-3088\mSRxKHeB.exe
Present! E:\Recycler\S-8-8-72-3248157706-6885418246-412240145-3088\LjuHnFmB.exe
Present! E:\Recycler\S-8-8-72-3248157706-6885418246-412240145-3088\jcUoHTYe.exe
Present! E:\Recycler\S-8-8-72-3248157706-6885418246-412240145-3088\ndFUdCcK.exe
Present! E:\Recycler\S-8-8-72-3248157706-6885418246-412240145-3088\AmnlKlaF.exe
Present! E:\Recycler\S-8-8-72-3248157706-6885418246-412240145-3088\gksQCXZQ.exe
Present! E:\Recycler\S-8-8-72-3248157706-6885418246-412240145-3088\URNORbPb.exe
Present! E:\Recycler\S-8-8-72-3248157706-6885418246-412240145-3088\HCorxGrx.cpl
Present! E:\Recycler\S-8-8-72-3248157706-6885418246-412240145-3088\IEXGxguE.cpl
Present! E:\Recycler\S-8-8-72-3248157706-6885418246-412240145-3088\ywVZNpOM.cpl
Present! E:\Recycler\S-8-8-72-3248157706-6885418246-412240145-3088\OoNoCxcj.cpl
Present! E:\Recycler\S-8-8-72-3248157706-6885418246-412240145-3088\VMoMOBkw.cpl
Present! E:\Recycler\S-8-8-72-3248157706-6885418246-412240145-3088\AqTGPBNY.cpl
Present! E:\Recycler\S-6-0-46-3021005858-1643841473-653543430-3334\APFtQEVX.exe
Present! E:\Recycler\S-6-0-46-3021005858-1643841473-653543430-3334\bxMYffQx.exe
Present! E:\Recycler\S-6-0-46-3021005858-1643841473-653543430-3334\kLUMrusY.exe
Present! E:\Recycler\S-6-0-46-3021005858-1643841473-653543430-3334\eVxGTAVS.exe
Present! E:\Recycler\S-6-0-46-3021005858-1643841473-653543430-3334\oLdKHmfy.cpl
Present! E:\Recycler\S-6-0-46-3021005858-1643841473-653543430-3334\yUwsKjFE.cpl
Present! E:\Recycler\S-6-0-46-3021005858-1643841473-653543430-3334\RnfuHlaW.cpl
Present! E:\Recycler\S-6-0-46-3021005858-1643841473-653543430-3334\plYlCOmn.cpl
Present! E:\Recycler\S-5-5-45-0164451731-5103383270-683423423-2812\pqKuKxiJ.exe
Present! E:\Recycler\S-5-5-45-0164451731-5103383270-683423423-2812\yiikBSQU.exe
Present! E:\Recycler\S-5-5-45-0164451731-5103383270-683423423-2812\wDLkmWPr.exe
Present! E:\Recycler\S-5-5-45-0164451731-5103383270-683423423-2812\KBMMTXiZ.exe
Present! E:\Recycler\S-5-5-45-0164451731-5103383270-683423423-2812\iQmDMshr.exe
Present! E:\Recycler\S-5-5-45-0164451731-5103383270-683423423-2812\PFtxDhVV.cpl
Present! E:\Recycler\S-5-5-45-0164451731-5103383270-683423423-2812\mVwXUWuI.cpl
Present! E:\Recycler\S-5-5-45-0164451731-5103383270-683423423-2812\CCeLlymh.cpl
Present! E:\Recycler\S-5-5-45-0164451731-5103383270-683423423-2812\kPMdPLVD.cpl
Present! E:\Recycler\S-5-5-45-0164451731-5103383270-683423423-2812\CMscrtWg.cpl
Present! E:\Recycler\S-5-5-45-0164451731-5103383270-683423423-2812\hVPRrqud.cpl
Present! E:\Recycler\S-2-5-30-5761824647-4504408711-747404153-0880\AMIAnNas.exe
Present! E:\Recycler\S-2-5-30-5761824647-4504408711-747404153-0880\qWjKmQpm.exe
Present! E:\Recycler\S-2-5-30-5761824647-4504408711-747404153-0880\wdSjvIdO.exe
Present! E:\Recycler\S-2-5-30-5761824647-4504408711-747404153-0880\ainkGfWM.exe
Present! E:\Recycler\S-2-5-30-5761824647-4504408711-747404153-0880\YgNygkOC.exe
Present! E:\Recycler\S-2-5-30-5761824647-4504408711-747404153-0880\svunpbKQ.exe
Present! E:\Recycler\S-2-5-30-5761824647-4504408711-747404153-0880\IUaaWdKB.exe
Present! E:\Recycler\S-2-5-30-5761824647-4504408711-747404153-0880\ttAJHbbs.exe
Present! E:\Recycler\S-2-5-30-5761824647-4504408711-747404153-0880\oUuabCfb.exe
Present! E:\Recycler\S-2-5-30-5761824647-4504408711-747404153-0880\CLRfUAHo.cpl
Present! E:\Recycler\S-2-5-30-5761824647-4504408711-747404153-0880\QXmJnsLN.cpl
Present! E:\Recycler\S-2-5-30-5761824647-4504408711-747404153-0880\LCqKOaYC.cpl
Present! E:\Recycler\S-2-5-30-5761824647-4504408711-747404153-0880\ZnkrNcbl.cpl
Present! E:\Recycler\S-2-5-30-5761824647-4504408711-747404153-0880\PcBgcKWY.cpl
Present! E:\Recycler\S-2-5-30-5761824647-4504408711-747404153-0880\hdUOdDBh.cpl
Present! E:\Recycler\S-2-5-30-5761824647-4504408711-747404153-0880\rJEbqSLm.cpl
Present! E:\Recycler\S-2-5-30-5761824647-4504408711-747404153-0880\SpsQiegI.cpl
Present! E:\Recycler\S-2-5-30-5761824647-4504408711-747404153-0880\tYubFoFl.cpl
Present! E:\Recycler\S-2-8-03-7156847618-7753008384-663088705-7560\hTxAVFfl.exe
Present! E:\Recycler\S-2-8-03-7156847618-7753008384-663088705-7560\hXaMTLxU.exe
Present! E:\Recycler\S-2-8-03-7156847618-7753008384-663088705-7560\mqrCQkTM.exe
Present! E:\Recycler\S-2-8-03-7156847618-7753008384-663088705-7560\OJhxVaOt.exe
Present! E:\Recycler\S-2-8-03-7156847618-7753008384-663088705-7560\sRSRksDR.exe
Present! E:\Recycler\S-2-8-03-7156847618-7753008384-663088705-7560\AMZSYlRq.exe
Present! E:\Recycler\S-2-8-03-7156847618-7753008384-663088705-7560\TCCMAinh.exe
Present! E:\Recycler\S-2-8-03-7156847618-7753008384-663088705-7560\lWyxdkGE.exe
Present! E:\Recycler\S-2-8-03-7156847618-7753008384-663088705-7560\KhcOGltO.exe
Present! E:\Recycler\S-2-8-03-7156847618-7753008384-663088705-7560\aubpyupf.cpl
Present! E:\Recycler\S-2-8-03-7156847618-7753008384-663088705-7560\WmgMcOJO.cpl
Present! E:\Recycler\S-2-8-03-7156847618-7753008384-663088705-7560\AumAQJKt.cpl
Present! E:\Recycler\S-2-8-03-7156847618-7753008384-663088705-7560\BmbctLbQ.cpl
Present! E:\Recycler\S-2-8-03-7156847618-7753008384-663088705-7560\HLwqrfYo.cpl
Present! E:\Recycler\S-2-8-03-7156847618-7753008384-663088705-7560\gfNQJVGb.cpl
Present! E:\Recycler\S-2-8-03-7156847618-7753008384-663088705-7560\WZRJwDbv.cpl
Present! E:\Recycler\S-2-8-03-7156847618-7753008384-663088705-7560\ZItLhGiI.cpl
Present! E:\Recycler\S-2-8-03-7156847618-7753008384-663088705-7560\bHwhRZei.cpl
Present! E:\Recycler\S-0-0-05-8240366045-3745121821-567716234-6844\ZgHYcJcq.exe
Present! E:\Recycler\S-0-0-05-8240366045-3745121821-567716234-6844\JRSesOuO.exe
Present! E:\Recycler\S-0-0-05-8240366045-3745121821-567716234-6844\qLWZrOWf.exe
Present! E:\Recycler\S-0-0-05-8240366045-3745121821-567716234-6844\vLuDfirL.exe
Present! E:\Recycler\S-0-0-05-8240366045-3745121821-567716234-6844\YrrEpoxp.exe
Present! E:\Recycler\S-0-0-05-8240366045-3745121821-567716234-6844\iemsQfdu.exe
Present! E:\Recycler\S-0-0-05-8240366045-3745121821-567716234-6844\JhDNXnpB.exe
Present! E:\Recycler\S-0-0-05-8240366045-3745121821-567716234-6844\RpPtPWxD.exe
Present! E:\Recycler\S-0-0-05-8240366045-3745121821-567716234-6844\ylRNxnny.exe
Present! E:\Recycler\S-0-0-05-8240366045-3745121821-567716234-6844\CpNMHaRl.exe
Present! E:\Recycler\S-0-0-05-8240366045-3745121821-567716234-6844\UuVejZlF.exe
Present! E:\Recycler\S-0-0-05-8240366045-3745121821-567716234-6844\tsAaLKTv.exe
Present! E:\Recycler\S-0-0-05-8240366045-3745121821-567716234-6844\AWJbNpLd.exe
Present! E:\Recycler\S-0-0-05-8240366045-3745121821-567716234-6844\WWTafdgX.exe
Present! E:\Recycler\S-0-0-05-8240366045-3745121821-567716234-6844\lFRQhyAO.exe
Present! E:\Recycler\S-0-0-05-8240366045-3745121821-567716234-6844\RnnIkygv.exe
Present! E:\Recycler\S-0-0-05-8240366045-3745121821-567716234-6844\WFphDlil.exe
Present! E:\Recycler\S-0-0-05-8240366045-3745121821-567716234-6844\vbqdVRul.cpl
Present! E:\Recycler\S-0-0-05-8240366045-3745121821-567716234-6844\LEvtwuAu.cpl
Present! E:\Recycler\S-0-0-05-8240366045-3745121821-567716234-6844\ISpLCUqD.cpl
Present! E:\Recycler\S-0-0-05-8240366045-3745121821-567716234-6844\dTSylRPr.cpl
Present! E:\Recycler\S-0-0-05-8240366045-3745121821-567716234-6844\XZTpLpTB.cpl
Present! E:\Recycler\S-0-0-05-8240366045-3745121821-567716234-6844\RwFplPWu.cpl
Present! E:\Recycler\S-0-0-05-8240366045-3745121821-567716234-6844\TKMLrNbm.cpl
Present! E:\Recycler\S-0-0-05-8240366045-3745121821-567716234-6844\oIHFfscI.cpl
Present! E:\Recycler\S-0-0-05-8240366045-3745121821-567716234-6844\TdXNeosS.cpl
Present! E:\Recycler\S-0-0-05-8240366045-3745121821-567716234-6844\UoLRnJON.cpl
Present! E:\Recycler\S-0-0-05-8240366045-3745121821-567716234-6844\HUIDsNtR.cpl
Present! E:\Recycler\S-0-0-05-8240366045-3745121821-567716234-6844\CRTxMxHm.cpl
Present! E:\Recycler\S-0-0-05-8240366045-3745121821-567716234-6844\JwsHRtUe.cpl
Present! E:\Recycler\S-0-0-05-8240366045-3745121821-567716234-6844\fGNerqbY.cpl
Present! E:\Recycler\S-0-0-05-8240366045-3745121821-567716234-6844\LfTnsbHJ.cpl
Present! E:\Recycler\S-0-0-05-8240366045-3745121821-567716234-6844\PqVQLFAj.cpl
Present! E:\Recycler\S-0-0-05-8240366045-3745121821-567716234-6844\eCtxRcaY.cpl
Present! E:\Recycler\S-0-0-05-8240366045-3745121821-567716234-6844\NYedKPnF.cpl
Present! E:\Recycler\S-6-3-13-5787125450-7034633114-620840638-1147\QrPsuOlx.exe
Present! E:\Recycler\S-6-3-13-5787125450-7034633114-620840638-1147\Bqagilol.exe
Present! E:\Recycler\S-6-3-13-5787125450-7034633114-620840638-1147\pVxHqUaw.exe
Present! E:\Recycler\S-6-3-13-5787125450-7034633114-620840638-1147\CKOXaved.exe
Present! E:\Recycler\S-6-3-13-5787125450-7034633114-620840638-1147\cKFlxOmG.exe
Present! E:\Recycler\S-6-3-13-5787125450-7034633114-620840638-1147\TofySMgC.exe
Present! E:\Recycler\S-6-3-13-5787125450-7034633114-620840638-1147\swdbPpXm.exe
Present! E:\Recycler\S-6-3-13-5787125450-7034633114-620840638-1147\xNhslPCD.exe
Present! E:\Recycler\S-6-3-13-5787125450-7034633114-620840638-1147\owlxgRFl.cpl
Present! E:\Recycler\S-6-3-13-5787125450-7034633114-620840638-1147\ytcNGfQL.cpl
Present! E:\Recycler\S-6-3-13-5787125450-7034633114-620840638-1147\IStZtHYL.cpl
Present! E:\Recycler\S-6-3-13-5787125450-7034633114-620840638-1147\mBPBELeH.cpl
Present! E:\Recycler\S-6-3-13-5787125450-7034633114-620840638-1147\UpNUIsav.cpl
Present! E:\Recycler\S-6-3-13-5787125450-7034633114-620840638-1147\yuQHxsvm.cpl
Present! E:\Recycler\S-6-3-13-5787125450-7034633114-620840638-1147\YgHybUGc.cpl
Present! E:\Recycler\S-6-3-13-5787125450-7034633114-620840638-1147\ZxdCoyQw.cpl
Present! E:\Recycler\S-6-0-60-1706716824-5237180112-670167581-7487\oYBYsgSf.exe
Present! E:\Recycler\S-6-0-60-1706716824-5237180112-670167581-7487\enHKqbnD.exe
Present! E:\Recycler\S-6-0-60-1706716824-5237180112-670167581-7487\dVLmbJKH.exe
Present! E:\Recycler\S-6-0-60-1706716824-5237180112-670167581-7487\CtBCmeNs.exe
Present! E:\Recycler\S-6-0-60-1706716824-5237180112-670167581-7487\dLWVnYTT.exe
Present! E:\Recycler\S-6-0-60-1706716824-5237180112-670167581-7487\wwPZVxND.exe
Present! E:\Recycler\S-6-0-60-1706716824-5237180112-670167581-7487\jgpUsMEB.exe
Present! E:\Recycler\S-6-0-60-1706716824-5237180112-670167581-7487\UdDcKxJL.exe
Present! E:\Recycler\S-6-0-60-1706716824-5237180112-670167581-7487\qSHOGJUc.exe
Present! E:\Recycler\S-6-0-60-1706716824-5237180112-670167581-7487\iZHOtEZk.cpl
Present! E:\Recycler\S-6-0-60-1706716824-5237180112-670167581-7487\SKJvcRrP.cpl
Present! E:\Recycler\S-6-0-60-1706716824-5237180112-670167581-7487\yiLcScMh.cpl
Present! E:\Recycler\S-6-0-60-1706716824-5237180112-670167581-7487\jjNpmiZB.cpl
Present! E:\Recycler\S-6-0-60-1706716824-5237180112-670167581-7487\XpPVRQar.cpl
Present! E:\Recycler\S-6-0-60-1706716824-5237180112-670167581-7487\PgplGojZ.cpl
Present! E:\Recycler\S-6-0-60-1706716824-5237180112-670167581-7487\lotwLECm.cpl
Present! E:\Recycler\S-6-0-60-1706716824-5237180112-670167581-7487\ZPryMVul.cpl
Present! E:\Recycler\S-6-0-60-1706716824-5237180112-670167581-7487\fEygqlFL.cpl
Present! E:\Recycler\S-4-1-80-3764088046-2000083328-586407104-4422\xTdPSpIq.exe
Present! E:\Recycler\S-4-1-80-3764088046-2000083328-586407104-4422\QKmeVvss.exe
Present! E:\Recycler\S-4-1-80-3764088046-2000083328-586407104-4422\LnHZjEOD.exe
Present! E:\Recycler\S-4-1-80-3764088046-2000083328-586407104-4422\jQhiEOkR.exe
Present! E:\Recycler\S-4-1-80-3764088046-2000083328-586407104-4422\CQwFqnpD.exe
Present! E:\Recycler\S-4-1-80-3764088046-2000083328-586407104-4422\nEGxonuU.cpl
Present! E:\Recycler\S-4-1-80-3764088046-2000083328-586407104-4422\FxHGsKyj.cpl
Present! E:\Recycler\S-4-1-80-3764088046-2000083328-586407104-4422\AhywGnDy.cpl
Present! E:\Recycler\S-4-1-80-3764088046-2000083328-586407104-4422\LIuEwqNX.cpl
Present! E:\Recycler\S-4-1-80-3764088046-2000083328-586407104-4422\SvaVjcoP.cpl
Present! E:\Recycler\S-8-7-23-5538156611-7337886023-404258432-5062\BIxwCTCa.exe
Present! E:\Recycler\S-8-7-23-5538156611-7337886023-404258432-5062\PUJxPMAS.exe
Present! E:\Recycler\S-8-7-23-5538156611-7337886023-404258432-5062\YINmiorZ.exe
Present! E:\Recycler\S-8-7-23-5538156611-7337886023-404258432-5062\BwFYIyZp.exe
Present! E:\Recycler\S-8-7-23-5538156611-7337886023-404258432-5062\cNeMNGyf.exe
Present! E:\Recycler\S-8-7-23-5538156611-7337886023-404258432-5062\aOYjPvTc.exe
Present! E:\Recycler\S-8-7-23-5538156611-7337886023-404258432-5062\ZIPlOhaI.exe
Present! E:\Recycler\S-8-7-23-5538156611-7337886023-404258432-5062\owphEdVk.cpl
Present! E:\Recycler\S-8-7-23-5538156611-7337886023-404258432-5062\lCCHepPh.cpl
Present! E:\Recycler\S-8-7-23-5538156611-7337886023-404258432-5062\IlZtEXxn.cpl
Present! E:\Recycler\S-8-7-23-5538156611-7337886023-404258432-5062\oBdvhOmt.cpl
Present! E:\Recycler\S-8-7-23-5538156611-7337886023-404258432-5062\JJroMiQy.cpl
Present! E:\Recycler\S-8-7-23-5538156611-7337886023-404258432-5062\ZaNtTvcl.cpl
Present! E:\Recycler\S-8-7-23-5538156611-7337886023-404258432-5062\MyyOhcPO.cpl
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\lLtPadOf.exe
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\XGjHmyjN.exe
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\BUgGiMwS.exe
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\nXLxLHxT.exe
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\hDcpfIvV.exe
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\FKmOvAhu.exe
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\aniOoybI.exe
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\WpTZlsdI.exe
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\eqEcCUiB.exe
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\BrAvpxNr.exe
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\FvwvERgT.exe
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\LtgASWiF.exe
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\XGugBKVb.exe
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\icoQWfqX.exe
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\ULJiSCnb.exe
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\ebDtSyTZ.exe
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\jdiItCJf.exe
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\SUuQjuBC.exe
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\aLoYTDdl.exe
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\CnuljaGu.exe
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\pSwYvpMJ.exe
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\xJVMHTEG.exe
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\geahAQAN.exe
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\WyxVyuwp.exe
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\rUZRetAA.exe
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\auDrmOul.exe
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\dREhXguf.exe
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\rNvmdcHi.exe
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\uQsvntMi.exe
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\AdwRQDdI.exe
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\sTjqhitd.exe
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\rLWnVhOD.exe
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\GBnWnISi.exe
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\AIrfcgYP.exe
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\uFqdMdPq.exe
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\eEijZsms.exe
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\amblGssn.exe
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\nrwacmhX.exe
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\BvekDCTR.exe
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\MweHxoTx.exe
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\NCFjhWnP.exe
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\joACOLDi.exe
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\MDAyWsOl.exe
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\LHffpcNN.exe
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\vMIvjyIt.exe
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\GKoWsWDG.exe
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\TmsWGxrS.exe
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\xUXKxIrR.exe
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\jYwPaqQq.exe
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\cnRGpYcf.cpl
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\KSZAGDhs.cpl
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\unTYXdQq.cpl
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\OUNoYHtD.cpl
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\vWsgDAYG.cpl
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\MtxCSfvo.cpl
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\YgdCWwvr.cpl
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\WdFFRFcx.cpl
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\hNdkILNK.cpl
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\UupKgJtF.cpl
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\IaGNOxHS.cpl
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\FPFpPJQY.cpl
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\LlySCOXu.cpl
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\QupZETqy.cpl
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\ttKVnRnQ.cpl
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\fPpspEFU.cpl
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\jEsKnCio.cpl
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\qebDGXvg.cpl
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\pyaqmIoH.cpl
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\TbHAjoCd.cpl
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\yklkqByw.cpl
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\CLNNfKrN.cpl
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\yjcQNkCG.cpl
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\NJtbUPdM.cpl
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\tbmsTFah.cpl
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\nLejpMnh.cpl
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\aWdkYoFi.cpl
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\grnlsWYT.cpl
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\iWpeMSiS.cpl
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\KrcjLrdG.cpl
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\xruflHje.cpl
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\fdZQxmYG.cpl
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\sgFObUSg.cpl
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\icXxrmWW.cpl
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\RuitptqD.cpl
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\iABmRjKM.cpl
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\gPHhoiiH.cpl
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\KeFKOqiM.cpl
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\eTtbnmtC.cpl
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\FQxlBRYO.cpl
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\YJGrnjpb.cpl
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\XwWenEXG.cpl
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\SDYybjsc.cpl
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\VrpAZARI.cpl
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\ufuIVvhe.cpl
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\syycLWqh.cpl
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\gJIvsIhK.cpl
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\HdXporul.cpl
################## | Registry |
Present! HKLM\Software\Microsoft\Security Center|AntiVirusDisableNotify -> 1
Present! HKLM\Software\Microsoft\Security Center|FirewallDisableNotify -> 1
Present! HKLM\Software\Microsoft\Security Center|UpdatesDisableNotify -> 1
Present! HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyMusic -> 0
Present! HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyPics -> 0
Present! HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowRecentDocs -> 0
################## | Vaccine |
E:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
################## | E.O.F | https://www.usbfix.net/ - https://www.sosvirus.net/ |
User: Administrator (Administrator) # SWEET-CD11206C6
Updated on 12/13/2013 by El Desaparecido - Team SosVirus
Launched at 4:20:57 PM | 12/13/2013
Website: https://www.usbfix.net/
Forum: https://www.sosvirus.net/
Upload Malware: http://www.sosvirus.net/upload_malware.php
Contact: https://www.usb-antivirus.com/fr/contact/
PC: Hewlett-Packard (0A54h)
CPU: Intel(R) Pentium(R) Dual CPU E2160 @ 1.80GHz
RAM -> [Total: 999 | Free: 444]
Bios: Hewlett-Packard
Boot: Normal boot
OS: Microsoft Windows XP Professional (5.1.2600 32-Bit) Service Pack 3
WB: Windows Internet Explorer: 7.0.5730.13
WB: Google Chrome: 31.0.1650.63
WB: Mozilla Firefox: 15.0.1
SC: Security Center Service [(!) Disabled]
WU: Windows Update Service [Enabled]
FW: Windows FireWall Service [(!) Disabled]
C:\ (%systemdrive%) -> Fixed drive # 75 Go (68 Go free(s) - 91%) [] # NTFS
D:\ -> CD-ROM
E:\ -> Removable drive # 2 Go (1 Go free(s) - 74%) [] # FAT
################## | Active Processes |
C:\WINDOWS\System32\smss.exe (ID: 648 |ParentID: 4)
C:\WINDOWS\system32\csrss.exe (ID: 728 |ParentID: 648)
C:\WINDOWS\system32\winlogon.exe (ID: 768 |ParentID: 648)
C:\WINDOWS\system32\services.exe (ID: 844 |ParentID: 768)
C:\WINDOWS\system32\lsass.exe (ID: 872 |ParentID: 768)
C:\Program Files\HyperTechnologies\Deep Freeze\DfServEx.exe (ID: 1056 |ParentID: 844)
C:\WINDOWS\system32\svchost.exe (ID: 1088 |ParentID: 844)
C:\WINDOWS\system32\svchost.exe (ID: 1156 |ParentID: 844)
C:\WINDOWS\System32\svchost.exe (ID: 1260 |ParentID: 844)
C:\WINDOWS\system32\spoolsv.exe (ID: 1528 |ParentID: 844)
C:\Program Files\HyperTechnologies\Deep Freeze\_$Df\FrzState.exe (ID: 1852 |ParentID: 1056)
C:\WINDOWS\Explorer.EXE (ID: 1920 |ParentID: 1868)
C:\WINDOWS\system32\igfxtray.exe (ID: 248 |ParentID: 1920)
C:\WINDOWS\system32\hkcmd.exe (ID: 256 |ParentID: 1920)
C:\WINDOWS\system32\igfxpers.exe (ID: 260 |ParentID: 1920)
C:\WINDOWS\RTHDCPL.EXE (ID: 268 |ParentID: 1920)
C:\WINDOWS\system32\igfxsrvc.exe (ID: 324 |ParentID: 1088)
C:\Program Files\Google\Update\GoogleUpdate.exe (ID: 1432 |ParentID: 1492)
C:\Program Files\Internet Download Manager\IDMan.exe (ID: 3440 |ParentID: 1088)
C:\Program Files\AVAST Software\Avast\AvastSvc.exe (ID: 952 |ParentID: 844)
C:\Program Files\AVAST Software\Avast\avastUi.exe (ID: 1364 |ParentID: 3668)
C:\Program Files\Mozilla Firefox\firefox.exe (ID: 484 |ParentID: 1920)
C:\Program Files\Mozilla Firefox\plugin-container.exe (ID: 3612 |ParentID: 484)
C:\UsbFix\Go.exe (ID: 4020 |ParentID: 3476)
C:\WINDOWS\system32\wbem\wmiprvse.exe (ID: 1416 |ParentID: 1088)
################## | Regedit Run |
04 - HKLM\SOFTWARE | Run : [IgfxTray] - C:\WINDOWS\system32\igfxtray.exe
04 - HKLM\SOFTWARE | Run : [HotKeysCmds] - C:\WINDOWS\system32\hkcmd.exe
04 - HKLM\SOFTWARE | Run : [Persistence] - C:\WINDOWS\system32\igfxpers.exe
04 - HKLM\SOFTWARE | Run : [RTHDCPL] - RTHDCPL.EXE
04 - HKLM\SOFTWARE | Run : [Alcmtr] - ALCMTR.EXE
04 - HKLM\SOFTWARE | Run : [KernelFaultCheck] - %systemroot%\system32\dumprep 0 -k
04 - HKLM\SOFTWARE | Run : [AvastUI.exe] - "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
04 - HKLM\SOFTWARE | RunOnce : [] -
04 - HKU\S-1-5-20\SOFTWARE | RunOnce : [JkDefrag] - rundll32 advpack.dll,LaunchINFSection JKDEFRAG.INF,RunOnce,1,N
04 - HKU\S-1-5-20\SOFTWARE | RunOnce : [SweetRegistry] - rundll32 advpack.dll,LaunchINFSection SweetReg.inf,PerUserStub
04 - HKU\S-1-5-21-2000478354-1085031214-1417001333-500\SOFTWARE | RunOnce : [FlashPlayerUpdate] - C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_4_402_278_Plugin.exe -update plugin
04 - HKU\S-1-5-18\SOFTWARE | RunOnce : [JkDefrag] - rundll32 advpack.dll,LaunchINFSection JKDEFRAG.INF,RunOnce,1,N
04 - HKU\S-1-5-18\SOFTWARE | RunOnce : [SweetRegistry] - rundll32 advpack.dll,LaunchINFSection SweetReg.inf,PerUserStub
################## | Generic Search |
Present! E:\Recycler\S-2-1-86-6246867346-0718475762-658438130-7110\vIesVdMS.exe
Present! E:\Recycler\S-2-1-86-6246867346-0718475762-658438130-7110\UgWBCBrL.exe
Present! E:\Recycler\S-2-1-86-6246867346-0718475762-658438130-7110\OufirAdX.exe
Present! E:\Recycler\S-2-1-86-6246867346-0718475762-658438130-7110\FxAsFGvm.exe
Present! E:\Recycler\S-2-1-86-6246867346-0718475762-658438130-7110\cNtTUFSg.exe
Present! E:\Recycler\S-2-1-86-6246867346-0718475762-658438130-7110\SNxMADaL.exe
Present! E:\Recycler\S-2-1-86-6246867346-0718475762-658438130-7110\avKPFpMM.exe
Present! E:\Recycler\S-2-1-86-6246867346-0718475762-658438130-7110\GrMkTKBE.exe
Present! E:\Recycler\S-2-1-86-6246867346-0718475762-658438130-7110\BBJpRsrT.exe
Present! E:\Recycler\S-2-1-86-6246867346-0718475762-658438130-7110\xUscjVLe.cpl
Present! E:\Recycler\S-2-1-86-6246867346-0718475762-658438130-7110\pShlopdk.cpl
Present! E:\Recycler\S-2-1-86-6246867346-0718475762-658438130-7110\RVLTQsQd.cpl
Present! E:\Recycler\S-2-1-86-6246867346-0718475762-658438130-7110\DRwjVrha.cpl
Present! E:\Recycler\S-2-1-86-6246867346-0718475762-658438130-7110\SRkRGUeq.cpl
Present! E:\Recycler\S-2-1-86-6246867346-0718475762-658438130-7110\QoKWCXHq.cpl
Present! E:\Recycler\S-2-1-86-6246867346-0718475762-658438130-7110\SCncGRSH.cpl
Present! E:\Recycler\S-2-1-86-6246867346-0718475762-658438130-7110\QMwiAUtw.cpl
Present! E:\Recycler\S-2-1-86-6246867346-0718475762-658438130-7110\ITaapBpv.cpl
Present! E:\Recycler\S-3-7-50-3156644850-5882143624-416182206-0620\NZEBvUNo.exe
Present! E:\Recycler\S-3-7-50-3156644850-5882143624-416182206-0620\AGeWpyue.exe
Present! E:\Recycler\S-3-7-50-3156644850-5882143624-416182206-0620\oIjnmVVk.exe
Present! E:\Recycler\S-3-7-50-3156644850-5882143624-416182206-0620\tMGsVZuS.cpl
Present! E:\Recycler\S-3-7-50-3156644850-5882143624-416182206-0620\ByrstVoV.cpl
Present! E:\Recycler\S-3-7-50-3156644850-5882143624-416182206-0620\yxlftWWV.cpl
Present! E:\Recycler\S-1-8-24-2688600773-7634887358-415447285-4157\wHtIlsNE.cpl
Present! E:\Recycler\S-1-8-24-2688600773-7634887358-415447285-4157\PFTDMDFV.cpl
Present! E:\Recycler\S-1-8-24-2688600773-7634887358-415447285-4157\HIvJRlig.cpl
Present! E:\Recycler\S-1-8-24-2688600773-7634887358-415447285-4157\myvEScqt.cpl
Present! E:\Recycler\S-1-8-24-2688600773-7634887358-415447285-4157\gAJyevdh.cpl
Present! E:\Recycler\S-1-8-24-2688600773-7634887358-415447285-4157\OasWwcNh.cpl
Present! E:\Recycler\S-5-2-52-2367025265-1770374155-063754886-5765\OflKeYxU.exe
Present! E:\Recycler\S-5-2-52-2367025265-1770374155-063754886-5765\aJSFtjFL.exe
Present! E:\Recycler\S-5-2-52-2367025265-1770374155-063754886-5765\TpfYmywM.exe
Present! E:\Recycler\S-5-2-52-2367025265-1770374155-063754886-5765\fDGHewbq.exe
Present! E:\Recycler\S-5-2-52-2367025265-1770374155-063754886-5765\BovsxDZr.exe
Present! E:\Recycler\S-5-2-52-2367025265-1770374155-063754886-5765\cJNsJCDu.cpl
Present! E:\Recycler\S-5-2-52-2367025265-1770374155-063754886-5765\elPSaNMp.cpl
Present! E:\Recycler\S-5-2-52-2367025265-1770374155-063754886-5765\tFTgeuYG.cpl
Present! E:\Recycler\S-5-2-52-2367025265-1770374155-063754886-5765\vHWtLqea.cpl
Present! E:\Recycler\S-3-2-65-3431855032-1852778662-306082063-0508\RWbncZXc.exe
Present! E:\Recycler\S-3-2-65-3431855032-1852778662-306082063-0508\yZsBXCAD.exe
Present! E:\Recycler\S-3-2-65-3431855032-1852778662-306082063-0508\gZJbGsDm.exe
Present! E:\Recycler\S-3-2-65-3431855032-1852778662-306082063-0508\FFQFZGkK.exe
Present! E:\Recycler\S-3-2-65-3431855032-1852778662-306082063-0508\AarqrNQT.cpl
Present! E:\Recycler\S-3-2-65-3431855032-1852778662-306082063-0508\yUwhEAcK.cpl
Present! E:\Recycler\S-3-2-65-3431855032-1852778662-306082063-0508\SPnoOYRC.cpl
Present! E:\Recycler\S-3-2-65-3431855032-1852778662-306082063-0508\TtepTgFe.cpl
Present! E:\Recycler\S-8-5-43-1440201214-0365033747-076246472-1417\hBeJxMeU.exe
Present! E:\Recycler\S-8-5-43-1440201214-0365033747-076246472-1417\KOgYJWpW.exe
Present! E:\Recycler\S-8-5-43-1440201214-0365033747-076246472-1417\wUaYtPNX.exe
Present! E:\Recycler\S-8-5-43-1440201214-0365033747-076246472-1417\ahmJpePJ.exe
Present! E:\Recycler\S-8-5-43-1440201214-0365033747-076246472-1417\hxCJZWvk.exe
Present! E:\Recycler\S-8-5-43-1440201214-0365033747-076246472-1417\bAkBwwYp.exe
Present! E:\Recycler\S-8-5-43-1440201214-0365033747-076246472-1417\NOaCgxlu.exe
Present! E:\Recycler\S-8-5-43-1440201214-0365033747-076246472-1417\LmbmgxQU.exe
Present! E:\Recycler\S-8-5-43-1440201214-0365033747-076246472-1417\LtVHpiyB.exe
Present! E:\Recycler\S-8-5-43-1440201214-0365033747-076246472-1417\vQHVnkWg.cpl
Present! E:\Recycler\S-8-5-43-1440201214-0365033747-076246472-1417\NyjKXpxW.cpl
Present! E:\Recycler\S-8-5-43-1440201214-0365033747-076246472-1417\NWunbUhZ.cpl
Present! E:\Recycler\S-8-5-43-1440201214-0365033747-076246472-1417\GUcdJpGE.cpl
Present! E:\Recycler\S-8-5-43-1440201214-0365033747-076246472-1417\CXJgsqtx.cpl
Present! E:\Recycler\S-8-5-43-1440201214-0365033747-076246472-1417\raRBCaOJ.cpl
Present! E:\Recycler\S-8-5-43-1440201214-0365033747-076246472-1417\FAcXqMCn.cpl
Present! E:\Recycler\S-8-5-43-1440201214-0365033747-076246472-1417\QAyQcemX.cpl
Present! E:\Recycler\S-3-3-67-1237452015-2053762868-353826062-5255\mXICcdgT.cpl
Present! E:\Recycler\S-3-3-67-1237452015-2053762868-353826062-5255\NhDFtVLF.cpl
Present! E:\Recycler\S-3-3-67-1237452015-2053762868-353826062-5255\cJWlUhfP.cpl
Present! E:\Recycler\S-3-3-67-1237452015-2053762868-353826062-5255\reehXLSp.cpl
Present! E:\Recycler\S-3-3-67-1237452015-2053762868-353826062-5255\apgbOeFP.cpl
Present! E:\Recycler\S-2-7-07-6272712608-7371385572-844634353-7128\jdBxLiFY.exe
Present! E:\Recycler\S-2-7-07-6272712608-7371385572-844634353-7128\vidbOZQb.exe
Present! E:\Recycler\S-2-7-07-6272712608-7371385572-844634353-7128\AitFlHNP.exe
Present! E:\Recycler\S-2-7-07-6272712608-7371385572-844634353-7128\ruaEwchx.exe
Present! E:\Recycler\S-2-7-07-6272712608-7371385572-844634353-7128\PMjZRcPj.cpl
Present! E:\Recycler\S-2-7-07-6272712608-7371385572-844634353-7128\HLvdPKum.cpl
Present! E:\Recycler\S-2-7-07-6272712608-7371385572-844634353-7128\oTfHoZfx.cpl
Present! E:\Recycler\S-2-7-07-6272712608-7371385572-844634353-7128\UATknBsR.cpl
Present! E:\Recycler\S-2-7-07-6272712608-7371385572-844634353-7128\voyeSHJZ.cpl
Present! E:\Recycler\S-8-8-72-3248157706-6885418246-412240145-3088\mSRxKHeB.exe
Present! E:\Recycler\S-8-8-72-3248157706-6885418246-412240145-3088\LjuHnFmB.exe
Present! E:\Recycler\S-8-8-72-3248157706-6885418246-412240145-3088\jcUoHTYe.exe
Present! E:\Recycler\S-8-8-72-3248157706-6885418246-412240145-3088\ndFUdCcK.exe
Present! E:\Recycler\S-8-8-72-3248157706-6885418246-412240145-3088\AmnlKlaF.exe
Present! E:\Recycler\S-8-8-72-3248157706-6885418246-412240145-3088\gksQCXZQ.exe
Present! E:\Recycler\S-8-8-72-3248157706-6885418246-412240145-3088\URNORbPb.exe
Present! E:\Recycler\S-8-8-72-3248157706-6885418246-412240145-3088\HCorxGrx.cpl
Present! E:\Recycler\S-8-8-72-3248157706-6885418246-412240145-3088\IEXGxguE.cpl
Present! E:\Recycler\S-8-8-72-3248157706-6885418246-412240145-3088\ywVZNpOM.cpl
Present! E:\Recycler\S-8-8-72-3248157706-6885418246-412240145-3088\OoNoCxcj.cpl
Present! E:\Recycler\S-8-8-72-3248157706-6885418246-412240145-3088\VMoMOBkw.cpl
Present! E:\Recycler\S-8-8-72-3248157706-6885418246-412240145-3088\AqTGPBNY.cpl
Present! E:\Recycler\S-6-0-46-3021005858-1643841473-653543430-3334\APFtQEVX.exe
Present! E:\Recycler\S-6-0-46-3021005858-1643841473-653543430-3334\bxMYffQx.exe
Present! E:\Recycler\S-6-0-46-3021005858-1643841473-653543430-3334\kLUMrusY.exe
Present! E:\Recycler\S-6-0-46-3021005858-1643841473-653543430-3334\eVxGTAVS.exe
Present! E:\Recycler\S-6-0-46-3021005858-1643841473-653543430-3334\oLdKHmfy.cpl
Present! E:\Recycler\S-6-0-46-3021005858-1643841473-653543430-3334\yUwsKjFE.cpl
Present! E:\Recycler\S-6-0-46-3021005858-1643841473-653543430-3334\RnfuHlaW.cpl
Present! E:\Recycler\S-6-0-46-3021005858-1643841473-653543430-3334\plYlCOmn.cpl
Present! E:\Recycler\S-5-5-45-0164451731-5103383270-683423423-2812\pqKuKxiJ.exe
Present! E:\Recycler\S-5-5-45-0164451731-5103383270-683423423-2812\yiikBSQU.exe
Present! E:\Recycler\S-5-5-45-0164451731-5103383270-683423423-2812\wDLkmWPr.exe
Present! E:\Recycler\S-5-5-45-0164451731-5103383270-683423423-2812\KBMMTXiZ.exe
Present! E:\Recycler\S-5-5-45-0164451731-5103383270-683423423-2812\iQmDMshr.exe
Present! E:\Recycler\S-5-5-45-0164451731-5103383270-683423423-2812\PFtxDhVV.cpl
Present! E:\Recycler\S-5-5-45-0164451731-5103383270-683423423-2812\mVwXUWuI.cpl
Present! E:\Recycler\S-5-5-45-0164451731-5103383270-683423423-2812\CCeLlymh.cpl
Present! E:\Recycler\S-5-5-45-0164451731-5103383270-683423423-2812\kPMdPLVD.cpl
Present! E:\Recycler\S-5-5-45-0164451731-5103383270-683423423-2812\CMscrtWg.cpl
Present! E:\Recycler\S-5-5-45-0164451731-5103383270-683423423-2812\hVPRrqud.cpl
Present! E:\Recycler\S-2-5-30-5761824647-4504408711-747404153-0880\AMIAnNas.exe
Present! E:\Recycler\S-2-5-30-5761824647-4504408711-747404153-0880\qWjKmQpm.exe
Present! E:\Recycler\S-2-5-30-5761824647-4504408711-747404153-0880\wdSjvIdO.exe
Present! E:\Recycler\S-2-5-30-5761824647-4504408711-747404153-0880\ainkGfWM.exe
Present! E:\Recycler\S-2-5-30-5761824647-4504408711-747404153-0880\YgNygkOC.exe
Present! E:\Recycler\S-2-5-30-5761824647-4504408711-747404153-0880\svunpbKQ.exe
Present! E:\Recycler\S-2-5-30-5761824647-4504408711-747404153-0880\IUaaWdKB.exe
Present! E:\Recycler\S-2-5-30-5761824647-4504408711-747404153-0880\ttAJHbbs.exe
Present! E:\Recycler\S-2-5-30-5761824647-4504408711-747404153-0880\oUuabCfb.exe
Present! E:\Recycler\S-2-5-30-5761824647-4504408711-747404153-0880\CLRfUAHo.cpl
Present! E:\Recycler\S-2-5-30-5761824647-4504408711-747404153-0880\QXmJnsLN.cpl
Present! E:\Recycler\S-2-5-30-5761824647-4504408711-747404153-0880\LCqKOaYC.cpl
Present! E:\Recycler\S-2-5-30-5761824647-4504408711-747404153-0880\ZnkrNcbl.cpl
Present! E:\Recycler\S-2-5-30-5761824647-4504408711-747404153-0880\PcBgcKWY.cpl
Present! E:\Recycler\S-2-5-30-5761824647-4504408711-747404153-0880\hdUOdDBh.cpl
Present! E:\Recycler\S-2-5-30-5761824647-4504408711-747404153-0880\rJEbqSLm.cpl
Present! E:\Recycler\S-2-5-30-5761824647-4504408711-747404153-0880\SpsQiegI.cpl
Present! E:\Recycler\S-2-5-30-5761824647-4504408711-747404153-0880\tYubFoFl.cpl
Present! E:\Recycler\S-2-8-03-7156847618-7753008384-663088705-7560\hTxAVFfl.exe
Present! E:\Recycler\S-2-8-03-7156847618-7753008384-663088705-7560\hXaMTLxU.exe
Present! E:\Recycler\S-2-8-03-7156847618-7753008384-663088705-7560\mqrCQkTM.exe
Present! E:\Recycler\S-2-8-03-7156847618-7753008384-663088705-7560\OJhxVaOt.exe
Present! E:\Recycler\S-2-8-03-7156847618-7753008384-663088705-7560\sRSRksDR.exe
Present! E:\Recycler\S-2-8-03-7156847618-7753008384-663088705-7560\AMZSYlRq.exe
Present! E:\Recycler\S-2-8-03-7156847618-7753008384-663088705-7560\TCCMAinh.exe
Present! E:\Recycler\S-2-8-03-7156847618-7753008384-663088705-7560\lWyxdkGE.exe
Present! E:\Recycler\S-2-8-03-7156847618-7753008384-663088705-7560\KhcOGltO.exe
Present! E:\Recycler\S-2-8-03-7156847618-7753008384-663088705-7560\aubpyupf.cpl
Present! E:\Recycler\S-2-8-03-7156847618-7753008384-663088705-7560\WmgMcOJO.cpl
Present! E:\Recycler\S-2-8-03-7156847618-7753008384-663088705-7560\AumAQJKt.cpl
Present! E:\Recycler\S-2-8-03-7156847618-7753008384-663088705-7560\BmbctLbQ.cpl
Present! E:\Recycler\S-2-8-03-7156847618-7753008384-663088705-7560\HLwqrfYo.cpl
Present! E:\Recycler\S-2-8-03-7156847618-7753008384-663088705-7560\gfNQJVGb.cpl
Present! E:\Recycler\S-2-8-03-7156847618-7753008384-663088705-7560\WZRJwDbv.cpl
Present! E:\Recycler\S-2-8-03-7156847618-7753008384-663088705-7560\ZItLhGiI.cpl
Present! E:\Recycler\S-2-8-03-7156847618-7753008384-663088705-7560\bHwhRZei.cpl
Present! E:\Recycler\S-0-0-05-8240366045-3745121821-567716234-6844\ZgHYcJcq.exe
Present! E:\Recycler\S-0-0-05-8240366045-3745121821-567716234-6844\JRSesOuO.exe
Present! E:\Recycler\S-0-0-05-8240366045-3745121821-567716234-6844\qLWZrOWf.exe
Present! E:\Recycler\S-0-0-05-8240366045-3745121821-567716234-6844\vLuDfirL.exe
Present! E:\Recycler\S-0-0-05-8240366045-3745121821-567716234-6844\YrrEpoxp.exe
Present! E:\Recycler\S-0-0-05-8240366045-3745121821-567716234-6844\iemsQfdu.exe
Present! E:\Recycler\S-0-0-05-8240366045-3745121821-567716234-6844\JhDNXnpB.exe
Present! E:\Recycler\S-0-0-05-8240366045-3745121821-567716234-6844\RpPtPWxD.exe
Present! E:\Recycler\S-0-0-05-8240366045-3745121821-567716234-6844\ylRNxnny.exe
Present! E:\Recycler\S-0-0-05-8240366045-3745121821-567716234-6844\CpNMHaRl.exe
Present! E:\Recycler\S-0-0-05-8240366045-3745121821-567716234-6844\UuVejZlF.exe
Present! E:\Recycler\S-0-0-05-8240366045-3745121821-567716234-6844\tsAaLKTv.exe
Present! E:\Recycler\S-0-0-05-8240366045-3745121821-567716234-6844\AWJbNpLd.exe
Present! E:\Recycler\S-0-0-05-8240366045-3745121821-567716234-6844\WWTafdgX.exe
Present! E:\Recycler\S-0-0-05-8240366045-3745121821-567716234-6844\lFRQhyAO.exe
Present! E:\Recycler\S-0-0-05-8240366045-3745121821-567716234-6844\RnnIkygv.exe
Present! E:\Recycler\S-0-0-05-8240366045-3745121821-567716234-6844\WFphDlil.exe
Present! E:\Recycler\S-0-0-05-8240366045-3745121821-567716234-6844\vbqdVRul.cpl
Present! E:\Recycler\S-0-0-05-8240366045-3745121821-567716234-6844\LEvtwuAu.cpl
Present! E:\Recycler\S-0-0-05-8240366045-3745121821-567716234-6844\ISpLCUqD.cpl
Present! E:\Recycler\S-0-0-05-8240366045-3745121821-567716234-6844\dTSylRPr.cpl
Present! E:\Recycler\S-0-0-05-8240366045-3745121821-567716234-6844\XZTpLpTB.cpl
Present! E:\Recycler\S-0-0-05-8240366045-3745121821-567716234-6844\RwFplPWu.cpl
Present! E:\Recycler\S-0-0-05-8240366045-3745121821-567716234-6844\TKMLrNbm.cpl
Present! E:\Recycler\S-0-0-05-8240366045-3745121821-567716234-6844\oIHFfscI.cpl
Present! E:\Recycler\S-0-0-05-8240366045-3745121821-567716234-6844\TdXNeosS.cpl
Present! E:\Recycler\S-0-0-05-8240366045-3745121821-567716234-6844\UoLRnJON.cpl
Present! E:\Recycler\S-0-0-05-8240366045-3745121821-567716234-6844\HUIDsNtR.cpl
Present! E:\Recycler\S-0-0-05-8240366045-3745121821-567716234-6844\CRTxMxHm.cpl
Present! E:\Recycler\S-0-0-05-8240366045-3745121821-567716234-6844\JwsHRtUe.cpl
Present! E:\Recycler\S-0-0-05-8240366045-3745121821-567716234-6844\fGNerqbY.cpl
Present! E:\Recycler\S-0-0-05-8240366045-3745121821-567716234-6844\LfTnsbHJ.cpl
Present! E:\Recycler\S-0-0-05-8240366045-3745121821-567716234-6844\PqVQLFAj.cpl
Present! E:\Recycler\S-0-0-05-8240366045-3745121821-567716234-6844\eCtxRcaY.cpl
Present! E:\Recycler\S-0-0-05-8240366045-3745121821-567716234-6844\NYedKPnF.cpl
Present! E:\Recycler\S-6-3-13-5787125450-7034633114-620840638-1147\QrPsuOlx.exe
Present! E:\Recycler\S-6-3-13-5787125450-7034633114-620840638-1147\Bqagilol.exe
Present! E:\Recycler\S-6-3-13-5787125450-7034633114-620840638-1147\pVxHqUaw.exe
Present! E:\Recycler\S-6-3-13-5787125450-7034633114-620840638-1147\CKOXaved.exe
Present! E:\Recycler\S-6-3-13-5787125450-7034633114-620840638-1147\cKFlxOmG.exe
Present! E:\Recycler\S-6-3-13-5787125450-7034633114-620840638-1147\TofySMgC.exe
Present! E:\Recycler\S-6-3-13-5787125450-7034633114-620840638-1147\swdbPpXm.exe
Present! E:\Recycler\S-6-3-13-5787125450-7034633114-620840638-1147\xNhslPCD.exe
Present! E:\Recycler\S-6-3-13-5787125450-7034633114-620840638-1147\owlxgRFl.cpl
Present! E:\Recycler\S-6-3-13-5787125450-7034633114-620840638-1147\ytcNGfQL.cpl
Present! E:\Recycler\S-6-3-13-5787125450-7034633114-620840638-1147\IStZtHYL.cpl
Present! E:\Recycler\S-6-3-13-5787125450-7034633114-620840638-1147\mBPBELeH.cpl
Present! E:\Recycler\S-6-3-13-5787125450-7034633114-620840638-1147\UpNUIsav.cpl
Present! E:\Recycler\S-6-3-13-5787125450-7034633114-620840638-1147\yuQHxsvm.cpl
Present! E:\Recycler\S-6-3-13-5787125450-7034633114-620840638-1147\YgHybUGc.cpl
Present! E:\Recycler\S-6-3-13-5787125450-7034633114-620840638-1147\ZxdCoyQw.cpl
Present! E:\Recycler\S-6-0-60-1706716824-5237180112-670167581-7487\oYBYsgSf.exe
Present! E:\Recycler\S-6-0-60-1706716824-5237180112-670167581-7487\enHKqbnD.exe
Present! E:\Recycler\S-6-0-60-1706716824-5237180112-670167581-7487\dVLmbJKH.exe
Present! E:\Recycler\S-6-0-60-1706716824-5237180112-670167581-7487\CtBCmeNs.exe
Present! E:\Recycler\S-6-0-60-1706716824-5237180112-670167581-7487\dLWVnYTT.exe
Present! E:\Recycler\S-6-0-60-1706716824-5237180112-670167581-7487\wwPZVxND.exe
Present! E:\Recycler\S-6-0-60-1706716824-5237180112-670167581-7487\jgpUsMEB.exe
Present! E:\Recycler\S-6-0-60-1706716824-5237180112-670167581-7487\UdDcKxJL.exe
Present! E:\Recycler\S-6-0-60-1706716824-5237180112-670167581-7487\qSHOGJUc.exe
Present! E:\Recycler\S-6-0-60-1706716824-5237180112-670167581-7487\iZHOtEZk.cpl
Present! E:\Recycler\S-6-0-60-1706716824-5237180112-670167581-7487\SKJvcRrP.cpl
Present! E:\Recycler\S-6-0-60-1706716824-5237180112-670167581-7487\yiLcScMh.cpl
Present! E:\Recycler\S-6-0-60-1706716824-5237180112-670167581-7487\jjNpmiZB.cpl
Present! E:\Recycler\S-6-0-60-1706716824-5237180112-670167581-7487\XpPVRQar.cpl
Present! E:\Recycler\S-6-0-60-1706716824-5237180112-670167581-7487\PgplGojZ.cpl
Present! E:\Recycler\S-6-0-60-1706716824-5237180112-670167581-7487\lotwLECm.cpl
Present! E:\Recycler\S-6-0-60-1706716824-5237180112-670167581-7487\ZPryMVul.cpl
Present! E:\Recycler\S-6-0-60-1706716824-5237180112-670167581-7487\fEygqlFL.cpl
Present! E:\Recycler\S-4-1-80-3764088046-2000083328-586407104-4422\xTdPSpIq.exe
Present! E:\Recycler\S-4-1-80-3764088046-2000083328-586407104-4422\QKmeVvss.exe
Present! E:\Recycler\S-4-1-80-3764088046-2000083328-586407104-4422\LnHZjEOD.exe
Present! E:\Recycler\S-4-1-80-3764088046-2000083328-586407104-4422\jQhiEOkR.exe
Present! E:\Recycler\S-4-1-80-3764088046-2000083328-586407104-4422\CQwFqnpD.exe
Present! E:\Recycler\S-4-1-80-3764088046-2000083328-586407104-4422\nEGxonuU.cpl
Present! E:\Recycler\S-4-1-80-3764088046-2000083328-586407104-4422\FxHGsKyj.cpl
Present! E:\Recycler\S-4-1-80-3764088046-2000083328-586407104-4422\AhywGnDy.cpl
Present! E:\Recycler\S-4-1-80-3764088046-2000083328-586407104-4422\LIuEwqNX.cpl
Present! E:\Recycler\S-4-1-80-3764088046-2000083328-586407104-4422\SvaVjcoP.cpl
Present! E:\Recycler\S-8-7-23-5538156611-7337886023-404258432-5062\BIxwCTCa.exe
Present! E:\Recycler\S-8-7-23-5538156611-7337886023-404258432-5062\PUJxPMAS.exe
Present! E:\Recycler\S-8-7-23-5538156611-7337886023-404258432-5062\YINmiorZ.exe
Present! E:\Recycler\S-8-7-23-5538156611-7337886023-404258432-5062\BwFYIyZp.exe
Present! E:\Recycler\S-8-7-23-5538156611-7337886023-404258432-5062\cNeMNGyf.exe
Present! E:\Recycler\S-8-7-23-5538156611-7337886023-404258432-5062\aOYjPvTc.exe
Present! E:\Recycler\S-8-7-23-5538156611-7337886023-404258432-5062\ZIPlOhaI.exe
Present! E:\Recycler\S-8-7-23-5538156611-7337886023-404258432-5062\owphEdVk.cpl
Present! E:\Recycler\S-8-7-23-5538156611-7337886023-404258432-5062\lCCHepPh.cpl
Present! E:\Recycler\S-8-7-23-5538156611-7337886023-404258432-5062\IlZtEXxn.cpl
Present! E:\Recycler\S-8-7-23-5538156611-7337886023-404258432-5062\oBdvhOmt.cpl
Present! E:\Recycler\S-8-7-23-5538156611-7337886023-404258432-5062\JJroMiQy.cpl
Present! E:\Recycler\S-8-7-23-5538156611-7337886023-404258432-5062\ZaNtTvcl.cpl
Present! E:\Recycler\S-8-7-23-5538156611-7337886023-404258432-5062\MyyOhcPO.cpl
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\lLtPadOf.exe
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\XGjHmyjN.exe
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\BUgGiMwS.exe
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\nXLxLHxT.exe
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\hDcpfIvV.exe
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\FKmOvAhu.exe
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\aniOoybI.exe
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\WpTZlsdI.exe
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\eqEcCUiB.exe
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\BrAvpxNr.exe
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\FvwvERgT.exe
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\LtgASWiF.exe
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\XGugBKVb.exe
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\icoQWfqX.exe
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\ULJiSCnb.exe
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\ebDtSyTZ.exe
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\jdiItCJf.exe
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\SUuQjuBC.exe
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\aLoYTDdl.exe
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\CnuljaGu.exe
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\pSwYvpMJ.exe
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\xJVMHTEG.exe
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\geahAQAN.exe
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\WyxVyuwp.exe
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\rUZRetAA.exe
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\auDrmOul.exe
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\dREhXguf.exe
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\rNvmdcHi.exe
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\uQsvntMi.exe
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\AdwRQDdI.exe
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\sTjqhitd.exe
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\rLWnVhOD.exe
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\GBnWnISi.exe
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\AIrfcgYP.exe
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\uFqdMdPq.exe
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\eEijZsms.exe
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\amblGssn.exe
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\nrwacmhX.exe
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\BvekDCTR.exe
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\MweHxoTx.exe
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\NCFjhWnP.exe
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\joACOLDi.exe
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\MDAyWsOl.exe
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\LHffpcNN.exe
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\vMIvjyIt.exe
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\GKoWsWDG.exe
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\TmsWGxrS.exe
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\xUXKxIrR.exe
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\jYwPaqQq.exe
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\cnRGpYcf.cpl
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\KSZAGDhs.cpl
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\unTYXdQq.cpl
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\OUNoYHtD.cpl
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\vWsgDAYG.cpl
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\MtxCSfvo.cpl
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\YgdCWwvr.cpl
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\WdFFRFcx.cpl
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\hNdkILNK.cpl
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\UupKgJtF.cpl
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\IaGNOxHS.cpl
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\FPFpPJQY.cpl
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\LlySCOXu.cpl
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\QupZETqy.cpl
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\ttKVnRnQ.cpl
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\fPpspEFU.cpl
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\jEsKnCio.cpl
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\qebDGXvg.cpl
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\pyaqmIoH.cpl
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\TbHAjoCd.cpl
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\yklkqByw.cpl
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\CLNNfKrN.cpl
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\yjcQNkCG.cpl
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\NJtbUPdM.cpl
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\tbmsTFah.cpl
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\nLejpMnh.cpl
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\aWdkYoFi.cpl
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\grnlsWYT.cpl
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\iWpeMSiS.cpl
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\KrcjLrdG.cpl
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\xruflHje.cpl
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\fdZQxmYG.cpl
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\sgFObUSg.cpl
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\icXxrmWW.cpl
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\RuitptqD.cpl
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\iABmRjKM.cpl
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\gPHhoiiH.cpl
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\KeFKOqiM.cpl
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\eTtbnmtC.cpl
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\FQxlBRYO.cpl
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\YJGrnjpb.cpl
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\XwWenEXG.cpl
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\SDYybjsc.cpl
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\VrpAZARI.cpl
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\ufuIVvhe.cpl
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\syycLWqh.cpl
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\gJIvsIhK.cpl
Present! E:\Recycler\S-3-0-71-7366550570-8001323684-245058773-3735\HdXporul.cpl
################## | Registry |
Present! HKLM\Software\Microsoft\Security Center|AntiVirusDisableNotify -> 1
Present! HKLM\Software\Microsoft\Security Center|FirewallDisableNotify -> 1
Present! HKLM\Software\Microsoft\Security Center|UpdatesDisableNotify -> 1
Present! HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyMusic -> 0
Present! HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyPics -> 0
Present! HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowRecentDocs -> 0
################## | Vaccine |
E:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
################## | E.O.F | https://www.usbfix.net/ - https://www.sosvirus.net/ |
############################## | UsbFix V 7.100 | [Search]
User: root (Administrator) # ROOT-PC
Updated on 11/11/2012 by El Desaparecido
Launched at 23:03:47 | 22/11/2012
Website: https://www.sosvirus.net/
Contact: contact@eldesaparecido.com
PC: Gigabyte Technology Co., Ltd. (P41-ES3G) (X86-based PC
CPU: Pentium(R) Dual-Core CPU E5400 @ 2.70GHz (2700)
RAM -> [Total: 2046 | Free: 664]
BIOS: Award Modular BIOS v6.00PG
BOOT: Normal boot
OS: Microsoft Windows 7 Ultimate Edition (6.1.7600 32-Bit) #
WB: Windows Internet Explorer 8.0.7600.16385
SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AS: Windows Defender [Enabled | Updated]
FW: Windows FireWall Service [Enabled]
C:\ (%systemdrive%) -> Fixed disk # 98 Go (61 Go free - 62%) [] # NTFS
D:\ -> Fixed disk # 200 Go (49 Go free - 25%) [Local disk] # NTFS
E:\ -> CD-ROM
G:\ -> Removable disk # 2 Go (2 Go free - 100%) [KFAT3] # FAT32
################## | Active Processes |
C:\Windows\system32\csrss.exe (396)
C:\Windows\system32\wininit.exe (460)
C:\Windows\system32\csrss.exe (472)
C:\Windows\system32\winlogon.exe (504)
C:\Windows\system32\services.exe (568)
C:\Windows\system32\lsass.exe (584)
C:\Windows\system32\lsm.exe (592)
C:\Windows\system32\svchost.exe (696)
C:\Windows\system32\nvvsvc.exe (756)
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (784)
C:\Windows\system32\svchost.exe (824)
C:\Windows\System32\svchost.exe (984)
C:\Windows\System32\svchost.exe (1020)
C:\Windows\system32\svchost.exe (1056)
C:\Windows\system32\svchost.exe (1192)
C:\Windows\system32\svchost.exe (1344)
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (1436)
C:\Windows\system32\nvvsvc.exe (1448)
C:\Windows\System32\spoolsv.exe (1512)
C:\Windows\system32\svchost.exe (1648)
C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (1728)
C:\Program Files\Bonjour\mDNSResponder.exe (1772)
C:\Windows\system32\taskhost.exe (1948)
C:\Windows\system32\Dwm.exe (2036)
C:\Windows\Explorer.EXE (112)
C:\Program Files\Mozilla Firefox\firefox.exe (404)
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE (452)
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE (608)
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (716)
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe (1288)
C:\Program Files\Microsoft\BingBar\SeaPort.EXE (1384)
C:\Windows\system32\svchost.exe (2024)
C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe (2328)
C:\Program Files\Epson Software\Event Manager\EEventManager.exe (2492)
C:\Windows\FixCamera.exe (2504)
C:\Windows\tsnp325.exe (2540)
C:\Windows\vsnp325.exe (2552)
C:\Program Files\HSPA USB Modem\HSPALauncher.exe (2568)
C:\Program Files\AutorunRemover\AutorunRemover.exe (2580)
C:\Program Files\handyCafe\Filter Server\ipsrv.exe (2632)
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (2660)
C:\Program Files\Internet Download Manager\IDMan.exe (2860)
C:\Windows\system32\svchost.exe (2884)
C:\Program Files\Google\Drive\googledrivesync.exe (3204)
C:\Program Files\Internet Download Manager\IEMonitor.exe (3212)
C:\Windows\system32\SearchIndexer.exe (3364)
C:\Windows\system32\svchost.exe (3536)
C:\Windows\System32\svchost.exe (3736)
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (3792)
C:\Users\root\AppData\Local\Akamai\netsession_win.exe (3852)
C:\Users\root\AppData\Local\Akamai\netsession_win.exe (3884)
C:\Program Files\handyCafe\Filter Server\iplcln.exe (3896)
C:\Windows\System32\spool\drivers\w32x86\3\E_FATIHJE.EXE (3920)
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (3956)
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe (3964)
C:\Program Files\Windows Media Player\wmpnetwk.exe (2324)
C:\Program Files\handyCafe\Filter Server\clnfw.exe (1796)
C:\Program Files\Google\Drive\googledrivesync.exe (3028)
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (2436)
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (5692)
C:\Windows\System32\svchost.exe (5776)
C:\Program Files\handyCafe\Server\hndserver.exe (5864)
C:\Program Files\Google\Chrome\Application\chrome.exe (5072)
C:\Program Files\Google\Chrome\Application\chrome.exe (2856)
C:\Program Files\Google\Chrome\Application\chrome.exe (5140)
C:\Program Files\Google\Chrome\Application\chrome.exe (1940)
C:\Program Files\Google\Chrome\Application\chrome.exe (4652)
C:\Program Files\Google\Chrome\Application\chrome.exe (1248)
C:\Program Files\Google\Chrome\Application\chrome.exe (3664)
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (4844)
C:\Program Files\Google\Chrome\Application\chrome.exe (5364)
C:\Users\root\AppData\Local\Temp\Rar$EX00.945\AutoRunExterminator.exe (2188)
C:\Program Files\Google\Chrome\Application\chrome.exe (3864)
C:\Program Files\Google\Chrome\Application\chrome.exe (932)
C:\Program Files\Google\Chrome\Application\chrome.exe (2804)
C:\Program Files\Google\Chrome\Application\chrome.exe (864)
C:\Program Files\Google\Chrome\Application\chrome.exe (1904)
C:\Windows\system32\taskhost.exe (5944)
C:\Program Files\Unlocker\UnlockerAssistant.exe (4020)
C:\Program Files\Google\Chrome\Application\chrome.exe (3464)
C:\Program Files\Google\Chrome\Application\chrome.exe (6024)
C:\Windows\system32\WUDFHost.exe (2600)
C:\UsbFix\Go.exe (3520)
C:\Windows\system32\wbem\wmiprvse.exe (4672)
################## | Infectious Items |
Present! C:\Users\root\AppData\Local\Temp\_mdA987.tmp
Present! C:\Users\root\AppData\Local\Bron.tok-12-14
Present! C:\Users\root\AppData\Local\ListHost12.txt
Present! G:\Recycler\S-2-6-73-6471567841-2015484756-628076460-7036\*.cpl
################## | Registry |
Present! HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\policies\System|DisableRegistryTools
Present! HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\policies\System|DisableRegistryTools
Present! HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\policies\System|DisableTaskMgr
Present! HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\policies\System|DisableTaskMgr
Present! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr
################## | Mountpoints2 |
HKCU\.\.\.\.\Explorer\MountPoints2\{09beb098-2e8e-11e2-b4bd-6cf0497e0403}
Shell\AutoRun\Command = F:\autorun.exe
HKCU\.\.\.\.\Explorer\MountPoints2\{e1053c50-2e42-11e2-8c31-6cf0497e0403}
Shell\AutoRun\Command = F:\autorun.exe
################## | Vaccine |
(!) This computer is not vaccinated!
################## | E.O.F |
User: root (Administrator) # ROOT-PC
Updated on 11/11/2012 by El Desaparecido
Launched at 23:03:47 | 22/11/2012
Website: https://www.sosvirus.net/
Contact: contact@eldesaparecido.com
PC: Gigabyte Technology Co., Ltd. (P41-ES3G) (X86-based PC
CPU: Pentium(R) Dual-Core CPU E5400 @ 2.70GHz (2700)
RAM -> [Total: 2046 | Free: 664]
BIOS: Award Modular BIOS v6.00PG
BOOT: Normal boot
OS: Microsoft Windows 7 Ultimate Edition (6.1.7600 32-Bit) #
WB: Windows Internet Explorer 8.0.7600.16385
SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AS: Windows Defender [Enabled | Updated]
FW: Windows FireWall Service [Enabled]
C:\ (%systemdrive%) -> Fixed disk # 98 Go (61 Go free - 62%) [] # NTFS
D:\ -> Fixed disk # 200 Go (49 Go free - 25%) [Local disk] # NTFS
E:\ -> CD-ROM
G:\ -> Removable disk # 2 Go (2 Go free - 100%) [KFAT3] # FAT32
################## | Active Processes |
C:\Windows\system32\csrss.exe (396)
C:\Windows\system32\wininit.exe (460)
C:\Windows\system32\csrss.exe (472)
C:\Windows\system32\winlogon.exe (504)
C:\Windows\system32\services.exe (568)
C:\Windows\system32\lsass.exe (584)
C:\Windows\system32\lsm.exe (592)
C:\Windows\system32\svchost.exe (696)
C:\Windows\system32\nvvsvc.exe (756)
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (784)
C:\Windows\system32\svchost.exe (824)
C:\Windows\System32\svchost.exe (984)
C:\Windows\System32\svchost.exe (1020)
C:\Windows\system32\svchost.exe (1056)
C:\Windows\system32\svchost.exe (1192)
C:\Windows\system32\svchost.exe (1344)
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (1436)
C:\Windows\system32\nvvsvc.exe (1448)
C:\Windows\System32\spoolsv.exe (1512)
C:\Windows\system32\svchost.exe (1648)
C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (1728)
C:\Program Files\Bonjour\mDNSResponder.exe (1772)
C:\Windows\system32\taskhost.exe (1948)
C:\Windows\system32\Dwm.exe (2036)
C:\Windows\Explorer.EXE (112)
C:\Program Files\Mozilla Firefox\firefox.exe (404)
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE (452)
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE (608)
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (716)
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe (1288)
C:\Program Files\Microsoft\BingBar\SeaPort.EXE (1384)
C:\Windows\system32\svchost.exe (2024)
C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe (2328)
C:\Program Files\Epson Software\Event Manager\EEventManager.exe (2492)
C:\Windows\FixCamera.exe (2504)
C:\Windows\tsnp325.exe (2540)
C:\Windows\vsnp325.exe (2552)
C:\Program Files\HSPA USB Modem\HSPALauncher.exe (2568)
C:\Program Files\AutorunRemover\AutorunRemover.exe (2580)
C:\Program Files\handyCafe\Filter Server\ipsrv.exe (2632)
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (2660)
C:\Program Files\Internet Download Manager\IDMan.exe (2860)
C:\Windows\system32\svchost.exe (2884)
C:\Program Files\Google\Drive\googledrivesync.exe (3204)
C:\Program Files\Internet Download Manager\IEMonitor.exe (3212)
C:\Windows\system32\SearchIndexer.exe (3364)
C:\Windows\system32\svchost.exe (3536)
C:\Windows\System32\svchost.exe (3736)
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (3792)
C:\Users\root\AppData\Local\Akamai\netsession_win.exe (3852)
C:\Users\root\AppData\Local\Akamai\netsession_win.exe (3884)
C:\Program Files\handyCafe\Filter Server\iplcln.exe (3896)
C:\Windows\System32\spool\drivers\w32x86\3\E_FATIHJE.EXE (3920)
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (3956)
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe (3964)
C:\Program Files\Windows Media Player\wmpnetwk.exe (2324)
C:\Program Files\handyCafe\Filter Server\clnfw.exe (1796)
C:\Program Files\Google\Drive\googledrivesync.exe (3028)
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (2436)
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (5692)
C:\Windows\System32\svchost.exe (5776)
C:\Program Files\handyCafe\Server\hndserver.exe (5864)
C:\Program Files\Google\Chrome\Application\chrome.exe (5072)
C:\Program Files\Google\Chrome\Application\chrome.exe (2856)
C:\Program Files\Google\Chrome\Application\chrome.exe (5140)
C:\Program Files\Google\Chrome\Application\chrome.exe (1940)
C:\Program Files\Google\Chrome\Application\chrome.exe (4652)
C:\Program Files\Google\Chrome\Application\chrome.exe (1248)
C:\Program Files\Google\Chrome\Application\chrome.exe (3664)
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (4844)
C:\Program Files\Google\Chrome\Application\chrome.exe (5364)
C:\Users\root\AppData\Local\Temp\Rar$EX00.945\AutoRunExterminator.exe (2188)
C:\Program Files\Google\Chrome\Application\chrome.exe (3864)
C:\Program Files\Google\Chrome\Application\chrome.exe (932)
C:\Program Files\Google\Chrome\Application\chrome.exe (2804)
C:\Program Files\Google\Chrome\Application\chrome.exe (864)
C:\Program Files\Google\Chrome\Application\chrome.exe (1904)
C:\Windows\system32\taskhost.exe (5944)
C:\Program Files\Unlocker\UnlockerAssistant.exe (4020)
C:\Program Files\Google\Chrome\Application\chrome.exe (3464)
C:\Program Files\Google\Chrome\Application\chrome.exe (6024)
C:\Windows\system32\WUDFHost.exe (2600)
C:\UsbFix\Go.exe (3520)
C:\Windows\system32\wbem\wmiprvse.exe (4672)
################## | Infectious Items |
Present! C:\Users\root\AppData\Local\Temp\_mdA987.tmp
Present! C:\Users\root\AppData\Local\Bron.tok-12-14
Present! C:\Users\root\AppData\Local\ListHost12.txt
Present! G:\Recycler\S-2-6-73-6471567841-2015484756-628076460-7036\*.cpl
################## | Registry |
Present! HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\policies\System|DisableRegistryTools
Present! HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\policies\System|DisableRegistryTools
Present! HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\policies\System|DisableTaskMgr
Present! HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\policies\System|DisableTaskMgr
Present! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr
################## | Mountpoints2 |
HKCU\.\.\.\.\Explorer\MountPoints2\{09beb098-2e8e-11e2-b4bd-6cf0497e0403}
Shell\AutoRun\Command = F:\autorun.exe
HKCU\.\.\.\.\Explorer\MountPoints2\{e1053c50-2e42-11e2-8c31-6cf0497e0403}
Shell\AutoRun\Command = F:\autorun.exe
################## | Vaccine |
(!) This computer is not vaccinated!
################## | E.O.F |
- 1
- 2
Suivant
I can't get rid of the diskrun.exe virus, do you have any idea? Thank you.
What address should we send the report to?