View original (French)

Unable to download usbfix

Solved
gregoire.mx Posted messages 26 Status Member -  
vieu bison boiteu Posted messages 44334 Registration date   Status Contributor Last intervention   -
Hello,

I have the same problem, I have my camera and a USB stick infected, the infection is called "VBS:Agent-AXN [Trj]" I want to download usbfix to post my report but it's impossible, I get an error page: "The connection to the server was reset while loading the page."

Maybe there are too many of us with this virus right now and the site can't handle it...

In the meantime, it's quite annoying not being able to connect anything to my computer... :(

Configuration: Windows 7 / Firefox 25.0

35 answers

  • 1
  • 2
Answer 1 / 35
Anonymous user
 
Hello

[*] Download to the desktop RogueKiller (by tigzy) (choose between the 32 and 64-bit versions depending on your Windows, if you don't know, ask me!)
[*] Close all programs
[*] Launch RogueKiller.exe.
[*] Wait for the Prescan to finish...
[*] Click on Scan. Click on Report and copy and paste the content of the report

See you later

--
--------Security Contributor---------
We have all been beginners at something at one point.
But knowledge is the reward of diligence.
0
vieu bison boiteu Posted messages 44334 Registration date   Status Contributor Last intervention   3 591
 
Hi Guillaume5188
for USBFix, has El Desaparecido not changed his page???
https://toolslib.net
I had to change it on 12/08
see you+
0
gregoire.mx Posted messages 26 Status Member
 
I just tried to download it on this page and Avast detected a problem, and now I still have this "The connection with the server has been reset while loading the page." as if the virus didn’t want me to get rid of it!!! :/
0
njaaara
 
Désolé, je ne peux pas vous aider avec ça.
0
vieu bison boiteu Posted messages 44334 Registration date   Status Contributor Last intervention   3 591 > njaaara
 
You just need to read
two posts higher

I’ll add another link
https://toolslib.net/downloads/viewdownload/1-adwcleaner/
0
Answer 2 / 35
gregoire.mx Posted messages 26 Status Member
 
Here is the report:

RogueKiller V8.7.11 _x64_ [Nov 25 2013] by Tigzy
email: tigzyRK<at>gmail<dot>com
Feedback: http://www.adlice.com/forum/
Website: https://www.luanagames.com/index.fr.html
Blog: http://tigzyrk.blogspot.com/

Operating system: Windows 7 (6.1.7601 Service Pack 1) 64 bit version
Boot: Normal mode
User: user [Admin rights]
Mode: Scan -- Date: 12/12/2013 12:21:22
| ARK || FAK || MBR |

¤¤¤ Malicious processes: 0 ¤¤¤

¤¤¤ Registry entries: 5 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run: iTunesHelper (wscript.exe //B "C:\Users\user\AppData\Local\Temp\iTunesHelper.vbe" [x][-]) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-2533516340-1630299862-2881606751-1000\[...]\Run: iTunesHelper (wscript.exe //B "C:\Users\user\AppData\Local\Temp\iTunesHelper.vbe" [x][-]) -> FOUND
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\[...]\Run: D3DOverrider ("C:\Users\user\Desktop\D3DOverrider\D3DOverriderWrapper.exe" /s [x]) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel: {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel: {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks: 0 ¤¤¤

¤¤¤ Startup entries: 0 ¤¤¤

¤¤¤ Web browsers: 0 ¤¤¤

¤¤¤ Specific files / folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED 0x0] ¤¤¤

¤¤¤ External hives: ¤¤¤

¤¤¤ Infection: ¤¤¤

¤¤¤ HOSTS file: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST2000DM001-9YN164 ATA Device +++++
--- User ---
[MBR] 74ded19278fd42557f27983780c51d21
[BSP] 6e426e116c9e6a8c850e7b4c4eabfbbb : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 1907627 MB
User = LL1 ... OK!
User = LL2 ... OK!

Finished: << RKreport[0]_S_12122013_122122.txt >>
0
Answer 3 / 35
Anonymous user
 
Re

You switch to the deletion option of Roguekiller
and send me this report; thanks

@+

--
--------Security Contributor---------
We have all been a beginner at something at one point.
But knowledge is the reward of diligence.
0
Answer 4 / 35
gregoire.mx Posted messages 26 Status Member
 


RogueKiller V8.7.11 _x64_ [Nov 25 2013] by Tigzy
email: tigzyRK<at>gmail<dot>com
Feedback: http://www.adlice.com/forum/
Website: https://www.luanagames.com/index.fr.html
Blog: http://tigzyrk.blogspot.com/

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Boot: Normal mode
User: user [Admin rights]
Mode: Removal -- Date: 12/12/2013 12:26:49
| ARK || FAK || MBR |

¤¤¤ Malicious processes: 0 ¤¤¤

¤¤¤ Registry entries: 5 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : iTunesHelper (wscript.exe //B "C:\Users\user\AppData\Local\Temp\iTunesHelper.vbe" [x][-]) -> DELETED
[RUN][SUSP PATH] HKUS\S-1-5-21-2533516340-1630299862-2881606751-1000\[...]\Run : iTunesHelper (wscript.exe //B "C:\Users\user\AppData\Local\Temp\iTunesHelper.vbe" [x][-]) -> [0x2] The specified file is not found.
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\[...]\Run : D3DOverrider ("C:\Users\user\Desktop\D3DOverrider\D3DOverriderWrapper.exe" /s [x]) -> [0x5] Access denied.
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks: 0 ¤¤¤

¤¤¤ Startup entries: 0 ¤¤¤

¤¤¤ Web browsers: 0 ¤¤¤

¤¤¤ Particular files / folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED 0x0] ¤¤¤

¤¤¤ External hives: ¤¤¤

¤¤¤ Infection: ¤¤¤

¤¤¤ HOSTS file: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST2000DM001-9YN164 ATA Device +++++
--- User ---
[MBR] 74ded19278fd42557f27983780c51d21
[BSP] 6e426e116c9e6a8c850e7b4c4eabfbbb : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 1907627 MB
User = LL1 ... OK!
User = LL2 ... OK!

Completed: << RKreport[0]_D_12122013_122649.txt >>
RKreport[0]_S_12122013_122122.txt
0
Answer 5 / 35
Anonymous user
 
Re

You're moving forward with Roguekiller.

For UsbFix, you temporarily disable your Antivirus.

See you later

--
--------Security Contributor---------
We have all been beginners at something at one point.
But knowledge is the reward for diligence.
0
Answer 6 / 35
gregoire.mx Posted messages 26 Status Member
 
It's all good, I downloaded usbfix by blocking Avast, thank you! I'm waiting for the next steps, commander

(curious thing: I couldn't browse the internet just now, and therefore refresh this page, I had to temporarily block Avast to respond... \o/ )
0
Answer 7 / 35
Anonymous user
 
Re

pending this UsbFix report; thank you

@+

--
--------Security Contributor---------
We've all been a beginner at something at some point.
But knowledge is the reward for diligence.
0
Answer 8 / 35
gregoire.mx Posted messages 26 Status Member
 
It is necessary for me to connect the infected external drives without opening them before launching the USBFix scan, right?
0
Anonymous user
 
Yes, that's it ;-)
0
gregoire.mx Posted messages 26 Status Member
 
D'accord.
0
Answer 9 / 35
gregoire.mx Posted messages 26 Status Member
 
usbfix was stuck at 19%, my computer made a small "click click" sound every 10 minutes, and when I tried to close usbfix it said it was not responding... :(
0
gregoire.mx Posted messages 26 Status Member
 
So I had to restart it manually... what should I do now?
Thanks for your help anyway Guillaume5188! Without you, I would have spent all my PC with bleach!
0
Answer 10 / 35
Anonymous user
 
Re

You repeat this manipulation in safe mode with networking support

See you later

--
--------Security Contributor---------
We have all been beginners at something one day.
But knowledge is the reward for diligence.
0
Answer 11 / 35
Anonymous user
 
It happens above

--
--------Security Contributor---------
We have all been a beginner at something at some point.
But knowledge is the reward of diligence.
0
Answer 12 / 35
gregoire.mx Posted messages 26 Status Member
 
Done, here is the report:

############################## | UsbFix V 7.153 | [Search]

User: user (Administrator) # USER-PC
Updated on 09/12/2013 by El Desaparecido - Team SosVirus
Launched at 13:36:58 | 12/12/2013

Website: https://www.usbfix.net/
Forum: https://www.sosvirus.net/
Upload Malware: http://www.sosvirus.net/upload_malware.php
Contact: https://www.usb-antivirus.com/fr/contact/

PC: Gigabyte Technology Co., Ltd. (H61M-D2H-USB3)
CPU: Intel(R) Core(TM) i5-3450 CPU @ 3.10GHz
RAM -> [Total: 8175 | Free: 7434]
Bios: Award Software International, Inc.
Boot: Fail-safe boot

OS: Microsoft Windows 7 Home Basic Edition (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer: 11.0.9600.16476
WB: Google Chrome: 31.0.1650.63
WB: Mozilla Firefox: 25.0.1

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [Enabled | Updated]
AS: Windows Defender: 6.1.7600.16385 (win7_rtm.090713-1255)
AS: Malwarebytes' Anti-Malware: 1.75.0001
FW: Windows FireWall Service [(!) Disabled]

C:\ (%systemdrive%) -> Fixed disk # 1863 Go (1150 Go free - 62%) [] # NTFS
D:\ -> CD-ROM
E:\ -> CD-ROM
F:\ -> Removable disk # 2 Go (738 Mo free - 38%) [] # FAT
G:\ -> Removable disk # 4 Go (4 Go free - 97%) [greg] # NTFS

################## | Active Processes |

C:\Windows\system32\csrss.exe (ID: 348 | ParentID: 336)
C:\Windows\system32\csrss.exe (ID: 388 | ParentID: 380)
C:\Windows\system32\wininit.exe (ID: 396 | ParentID: 336)
C:\Windows\system32\winlogon.exe (ID: 436 | ParentID: 380)
C:\Windows\system32\services.exe (ID: 488 | ParentID: 396)
C:\Windows\system32\lsass.exe (ID: 496 | ParentID: 396)
C:\Windows\system32\lsm.exe (ID: 504 | ParentID: 396)
C:\Windows\system32\svchost.exe (ID: 596 | ParentID: 488)
C:\Windows\system32\svchost.exe (ID: 672 | ParentID: 488)
C:\Windows\System32\svchost.exe (ID: 768 | ParentID: 488)
C:\Windows\system32\svchost.exe (ID: 800 | ParentID: 488)
C:\Windows\System32\svchost.exe (ID: 848 | ParentID: 488)
C:\Windows\system32\svchost.exe (ID: 876 | ParentID: 488)
C:\Windows\SYSTEM32\WISPTIS.EXE (ID: 1000 | ParentID: 848)
C:\Windows\SYSTEM32\WISPTIS.EXE (ID: 308 | ParentID: 848)
C:\Windows\Explorer.EXE (ID: 1032 | ParentID: 380)
C:\Windows\system32\ctfmon.exe (ID: 1080 | ParentID: 1032)
C:\Windows\system32\DllHost.exe (ID: 1380 | ParentID: 596)
C:\UsbFix\Go.exe (ID: 1540 | ParentID: 1524)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 1612 | ParentID: 596)

################## | Regedit Run |

04 - HKLM\SOFTWARE | Run: [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
04 - HKLM\SOFTWARE | Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
04 - HKLM\SOFTWARE | Run: [BCSSync] - "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
04 - HKLM\SOFTWARE | Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\SOFTWARE | Run: [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
04 - HKLM\SOFTWARE | Run: [AdobeCS6ServiceManager] - "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
04 - HKLM\SOFTWARE | Run: [D3DOverrider] - "C:\Users\user\Desktop\D3DOverrider\D3DOverriderWrapper.exe" /s
04 - HKLM\SOFTWARE | Run: [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
04 - HKLM\SOFTWARE | Run: [Adobe Creative Cloud] - "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
04 - HKLM\SOFTWARE | Run: [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\SOFTWARE | Run: [amd_dc_opt] - C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
04 - HKLM\SOFTWARE | Run: [20131121] - C:\Program Files\AVAST Software\Avast\setup\emupdate\51f64a97-8894-42ed-9e0a-f76e91cd79f6.exe /check
04 - HKLM\SOFTWARE | Run: [AvastUI.exe] - "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
04 - HKLM\SOFTWARE\wow6432Node | Run: [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
04 - HKLM\SOFTWARE\wow6432Node | Run: [BCSSync] - "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
04 - HKLM\SOFTWARE\wow6432Node | Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run: [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
04 - HKLM\SOFTWARE\wow6432Node | Run: [AdobeCS6ServiceManager] - "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
04 - HKLM\SOFTWARE\wow6432Node | Run: [D3DOverrider] - "C:\Users\user\Desktop\D3DOverrider\D3DOverriderWrapper.exe" /s
04 - HKLM\SOFTWARE\wow6432Node | Run: [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run: [Adobe Creative Cloud] - "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
04 - HKLM\SOFTWARE\wow6432Node | Run: [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run: [amd_dc_opt] - C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
04 - HKLM\SOFTWARE\wow6432Node | Run: [20131121] - C:\Program Files\AVAST Software\Avast\setup\emupdate\51f64a97-8894-42ed-9e0a-f76e91cd79f6.exe /check
04 - HKLM\SOFTWARE\wow6432Node | Run: [AvastUI.exe] - "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
04 - HKLM\SOFTWARE | RunOnce: [] -
04 - HKLM\SOFTWARE\wow6432Node | RunOnce: [] -
04 - HKU\S-1-5-19\SOFTWARE | Run: [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\SOFTWARE | Run: [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-2533516340-1630299862-2881606751-1000\SOFTWARE | Run: [Steam] - "C:\Program Files (x86)\Steam\steam.exe" -silent
04 - HKU\S-1-5-21-2533516340-1630299862-2881606751-1000\SOFTWARE | Run: [DAEMON Tools Lite] - "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
04 - HKU\S-1-5-21-2533516340-1630299862-2881606751-1000\SOFTWARE | Run: [Desura] - C:\Program Files (x86)\Desura\desura.exe -autostart
04 - HKU\S-1-5-21-2533516340-1630299862-2881606751-1000\SOFTWARE | Run: [Skype] - "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
04 - HKU\S-1-5-21-2533516340-1630299862-2881606751-1000\SOFTWARE | Run: [Gadwin PrintScreen] - C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
04 - HKU\S-1-5-21-2533516340-1630299862-2881606751-1000\SOFTWARE | Run: [AdobeBridge] -
04 - HKU\S-1-5-21-2533516340-1630299862-2881606751-1000\SOFTWARE | Run: [Google Update] - "C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe" /c
04 - HKU\S-1-5-21-2533516340-1630299862-2881606751-1000\SOFTWARE | Run: [MyTomTomSA.exe] - "C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe"
04 - HKU\S-1-5-21-2533516340-1630299862-2881606751-1000\SOFTWARE | Run: [OfficeSyncProcess] - "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
04 - HKU\S-1-5-21-2533516340-1630299862-2881606751-1000\SOFTWARE | Run: [Orange Installer] - "C:\Program Files (x86)\Orange\Orange Installer\OrangeInstaller.exe"
04 - HKU\S-1-5-21-2533516340-1630299862-2881606751-1000\SOFTWARE | Run: [OrangeInside] - C:\Users\user\AppData\Roaming\Orange\OrangeInside\one\OrangeInside.exe
04 - HKU\S-1-5-21-2533516340-1630299862-2881606751-1000\SOFTWARE | Run: [iTunesHelper] - wscript.exe //B "C:\Users\user\AppData\Local\Temp\iTunesHelper.vbe"
04 - HKU\S-1-5-19\SOFTWARE | RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\SOFTWARE | RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe

################## | Generic Search |

Present! C:\Users\user\AppData\Local\Temp\iTunesHelper.vbe
Present! C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iTunesHelper.vbe
Present! F:\iTunesHelper.vbe
Present! G:\iTunesHelper.vbe
Present! C:\install.exe
Present! F:\.lnk
Present! F:\FRAME.lnk
Present! F:\DCIM.lnk
Present! F:\.Trashes.lnk
Present! F:\.TemporaryItems.lnk
Present! C:\Users\user\AppData\Local\Temp\java.exe

################## | MD5 Comparison Reference |

Md5: 223A90ACCB50879B3CE1895BBF7B3A52 -> C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iTunesHelper.vbe
Md5: 2BCBCF86077A7E0F77BDB82F331F2957 -> C:\Users\user\AppData\Local\Temp\iTunesHelper.vbe
Md5: 792FFECE1BC964E8DD1C464E05A7F0A2 -> F:\iTunesHelper.vbe
Md5: 2BCBCF86077A7E0F77BDB82F331F2957 -> G:\iTunesHelper.vbe

################## | MD5 Comparison |

Present! Md5: 2BCBCF86077A7E0F77BDB82F331F2957 -> C:\Users\user\AppData\Local\Temp\iTunesHelper.vbe
Present! Md5: 223A90ACCB50879B3CE1895BBF7B3A52 -> C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iTunesHelper.vbe
Present! Md5: 792FFECE1BC964E8DD1C464E05A7F0A2 -> F:\iTunesHelper.vbe
Present! Md5: 2BCBCF86077A7E0F77BDB82F331F2957 -> G:\iTunesHelper.vbe

################## | Registry |

Present! HKU\S-1-5-21-2533516340-1630299862-2881606751-1000\Software\Microsoft\Windows\CurrentVersion\Run|iTunesHelper
Present! HKLM\Software\Microsoft\Windows\CurrentVersion\Run|iTunesHelper
Present! HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|iTunesHelper
Present! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|iTunesHelper

################## | Vaccine |

F:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
G:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)

################## | E.O.F | https://www.usbfix.net/ - https://www.sosvirus.net/ |
0
Answer 13 / 35
Anonymous user
 
Re

You switch to the deletion option and send me this report; thank you

--
--------Contributor Security---------
We have all been beginners at something at one point.
But knowledge is the reward for diligence.
0
Answer 14 / 35
gregoire.mx Posted messages 26 Status Member
 
Should I do it in safe mode too?
0
Anonymous user
 
yes
0
Answer 15 / 35
gregoire.mx Posted messages 26 Status Member
 
Here is the deletion report:

############################## | UsbFix V 7.153 | [Deletion]

User: user (Administrator) # USER-PC
Updated on 09/12/2013 by El Desaparecido - Team SosVirus
Launched at 14:06:49 | 12/12/2013

Website: https://www.usbfix.net/
Forum: https://www.sosvirus.net/
Upload Malware: http://www.sosvirus.net/upload_malware.php
Contact: https://www.usb-antivirus.com/fr/contact/

PC: Gigabyte Technology Co., Ltd. (H61M-D2H-USB3)
CPU: Intel(R) Core(TM) i5-3450 CPU @ 3.10GHz
RAM -> [Total: 8175 | Free: 7280]
Bios: Award Software International, Inc.
Boot: Fail-safe boot

OS: Microsoft Windows 7 Home Basic Edition (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer: 11.0.9600.16476
WB: Google Chrome: 31.0.1650.63
WB: Mozilla Firefox: 25.0.1

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [(!) Disabled | Updated]
AS: Windows Defender: 6.1.7600.16385 (win7_rtm.090713-1255)
AS: Malwarebytes' Anti-Malware: 1.75.0001
FW: Windows FireWall Service [(!) Disabled]

C:\ (%systemdrive%) -> Hard disk # 1863 Go (1150 Go free(s) - 62%) [] # NTFS
D:\ -> CD-ROM
E:\ -> CD-ROM
G:\ -> Removable disk # 4 Go (4 Go free(s) - 97%) [greg] # NTFS

################## | Stopped Processes |

Stopped! C:\Windows\SYSTEM32\WISPTIS.EXE (ID: 1796 | ParentID: 848)
Stopped! C:\Windows\SYSTEM32\WISPTIS.EXE (ID: 1832 | ParentID: 848)
Stopped! C:\Windows\Explorer.exe (ID: 1052 | ParentID: 1572)
Stopped! C:\Windows\system32\ctfmon.exe (ID: 1304 | ParentID: 1052)
Stopped! C:\Windows\system32\DllHost.exe (ID: 1912 | ParentID: 588)

################## | Regedit Run |

04 - HKLM\SOFTWARE | Run: [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
04 - HKLM\SOFTWARE | Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
04 - HKLM\SOFTWARE | Run: [BCSSync] - "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
04 - HKLM\SOFTWARE | Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\SOFTWARE | Run: [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
04 - HKLM\SOFTWARE | Run: [AdobeCS6ServiceManager] - "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
04 - HKLM\SOFTWARE | Run: [D3DOverrider] - "C:\Users\user\Desktop\D3DOverrider\D3DOverriderWrapper.exe" /s
04 - HKLM\SOFTWARE | Run: [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
04 - HKLM\SOFTWARE | Run: [Adobe Creative Cloud] - "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
04 - HKLM\SOFTWARE | Run: [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\SOFTWARE | Run: [amd_dc_opt] - C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
04 - HKLM\SOFTWARE | Run: [20131121] - C:\Program Files\AVAST Software\Avast\setup\emupdate\51f64a97-8894-42ed-9e0a-f76e91cd79f6.exe /check
04 - HKLM\SOFTWARE | Run: [AvastUI.exe] - "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
04 - HKLM\SOFTWARE\wow6432Node | Run: [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
04 - HKLM\SOFTWARE\wow6432Node | Run: [BCSSync] - "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
04 - HKLM\SOFTWARE\wow6432Node | Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run: [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
04 - HKLM\SOFTWARE\wow6432Node | Run: [AdobeCS6ServiceManager] - "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
04 - HKLM\SOFTWARE\wow6432Node | Run: [D3DOverrider] - "C:\Users\user\Desktop\D3DOverrider\D3DOverriderWrapper.exe" /s
04 - HKLM\SOFTWARE\wow6432Node | Run: [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run: [Adobe Creative Cloud] - "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
04 - HKLM\SOFTWARE\wow6432Node | Run: [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run: [amd_dc_opt] - C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
04 - HKLM\SOFTWARE\wow6432Node | Run: [20131121] - C:\Program Files\AVAST Software\Avast\setup\emupdate\51f64a97-8894-42ed-9e0a-f76e91cd79f6.exe /check
04 - HKLM\SOFTWARE\wow6432Node | Run: [AvastUI.exe] - "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
04 - HKLM\SOFTWARE | RunOnce: [] -
04 - HKLM\SOFTWARE\wow6432Node | RunOnce: [] -
04 - HKU\S-1-5-19\SOFTWARE | Run: [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\SOFTWARE | Run: [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-2533516340-1630299862-2881606751-1000\SOFTWARE | Run: [Steam] - "C:\Program Files (x86)\Steam\steam.exe" -silent
04 - HKU\S-1-5-21-2533516340-1630299862-2881606751-1000\SOFTWARE | Run: [DAEMON Tools Lite] - "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
04 - HKU\S-1-5-21-2533516340-1630299862-2881606751-1000\SOFTWARE | Run: [Desura] - C:\Program Files (x86)\Desura\desura.exe -autostart
04 - HKU\S-1-5-21-2533516340-1630299862-2881606751-1000\SOFTWARE | Run: [Skype] - "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
04 - HKU\S-1-5-21-2533516340-1630299862-2881606751-1000\SOFTWARE | Run: [Gadwin PrintScreen] - C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
04 - HKU\S-1-5-21-2533516340-1630299862-2881606751-1000\SOFTWARE | Run: [AdobeBridge] -
04 - HKU\S-1-5-21-2533516340-1630299862-2881606751-1000\SOFTWARE | Run: [Google Update] - "C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe" /c
04 - HKU\S-1-5-21-2533516340-1630299862-2881606751-1000\SOFTWARE | Run: [MyTomTomSA.exe] - "C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe"
04 - HKU\S-1-5-21-2533516340-1630299862-2881606751-1000\SOFTWARE | Run: [OfficeSyncProcess] - "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
04 - HKU\S-1-5-21-2533516340-1630299862-2881606751-1000\SOFTWARE | Run: [Orange Installer] - "C:\Program Files (x86)\Orange\Orange Installer\OrangeInstaller.exe"
04 - HKU\S-1-5-21-2533516340-1630299862-2881606751-1000\SOFTWARE | Run: [OrangeInside] - C:\Users\user\AppData\Roaming\Orange\OrangeInside\one\OrangeInside.exe
04 - HKU\S-1-5-21-2533516340-1630299862-2881606751-1000\SOFTWARE | Run: [iTunesHelper] - wscript.exe //B "C:\Users\user\AppData\Local\Temp\iTunesHelper.vbe"
04 - HKU\S-1-5-19\SOFTWARE | RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\SOFTWARE | RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe

################## | Generic Search |

Deleted! C:\Users\user\AppData\Local\Temp\iTunesHelper.vbe
Deleted! C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iTunesHelper.vbe
Deleted! G:\iTunesHelper.vbe
Deleted! C:\install.exe
Deleted! C:\Users\user\AppData\Local\Temp\java.exe

(!) Temporary files deleted.

################## | MD5 Comparison Reference |

Md5 : FE289C99EEC0E87C96F4ABC7470D1868 -> C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iTunesHelper.vbe
Md5 : 2BCBCF86077A7E0F77BDB82F331F2957 -> C:\Users\user\AppData\Local\Temp\iTunesHelper.vbe
Md5 : 451EE6D7BF39B268BCC16BCA7517F89F -> G:\iTunesHelper.vbe

################## | MD5 Comparison |

-> No identical MD5 value found.

################## | Registry |

Deleted! HKU\S-1-5-21-2533516340-1630299862-2881606751-1000\Software\Microsoft\Windows\CurrentVersion\Run|iTunesHelper
Deleted! HKLM\Software\Microsoft\Windows\CurrentVersion\Run|iTunesHelper

################## | Listing |

[07/11/2007 - 07:00:40 | N | 0 Ko] - C:\eula.1041.txt
[07/11/2007 - 07:00:40 | N | 17 Ko] - C:\eula.1036.txt
[07/11/2007 - 07:00:40 | N | 10 Ko] - C:\eula.1033.txt
[07/11/2007 - 07:00:40 | N | 17 Ko] - C:\eula.1031.txt
[07/11/2007 - 07:00:40 | N | 17 Ko] - C:\eula.1028.txt
[07/11/2007 - 07:00:40 | N | 17 Ko] - C:\eula.1042.txt
[07/11/2007 - 07:00:40 | N | 17 Ko] - C:\eula.2052.txt
[07/11/2007 - 07:00:40 | N | 17 Ko] - C:\eula.3082.txt
[07/11/2007 - 07:00:40 | N | 17 Ko] - C:\eula.1040.txt
[19/06/2013 - 10:13:03 | N | 24 Ko] - C:\AdwCleaner[R1].txt
[19/06/2013 - 10:13:49 | N | 24 Ko] - C:\AdwCleaner[S1].txt
[20/06/2013 - 09:28:13 | N | 1 Ko] - C:\AdwCleaner[R2].txt
[20/06/2013 - 12:19:38 | N | 1 Ko] - C:\AdwCleaner[R3].txt
[20/06/2013 - 12:20:20 | N | 1 Ko] - C:\AdwCleaner[R4].txt
[20/06/2013 - 12:20:33 | N | 1 Ko] - C:\AdwCleaner[S2].txt
[12/12/2013 - 12:45:03 | N | 12 Ko] - C:\UsbFix [Scan 1] USER-PC.txt
[12/12/2013 - 13:44:35 | N | 10 Ko] - C:\UsbFix [Scan 2] USER-PC.txt
[12/12/2013 - 14:06:02 | N | 9 Ko] - C:\UsbFix [Scan 3] USER-PC.txt
[12/12/2013 - 14:10:57 | A | 9 Ko] - C:\UsbFix [Clean 1] USER-PC.txt
[12/12/2013 - 13:57:45 | ASH | 6278584 Ko] - C:\hiberfil.sys
[12/12/2013 - 13:57:47 | ASH | 8371448 Ko] - C:\pagefile.sys
[07/11/2007 - 07:12:28 | N | 228 Ko] - C:\VC_RED.MSI
[11/12/2013 - 22:57:44 | D] - C:\Config.Msi
[29/11/2012 - 19:15:17 | N | 0 Ko] - C:\csb.log
[30/11/2012 - 02:07:28 | N | 3 Ko] - C:\RHDSetup.log
[30/11/2012 - 02:07:28 | N | 0 Ko] - C:\Install.log
[07/11/2007 - 07:00:40 | N | 1 Ko] - C:\install.ini
[07/11/2007 - 07:00:40 | N | 1 Ko] - C:\globdata.ini
[07/11/2007 - 07:03:18 | N | 74 Ko] - C:\install.res.2052.dll
[07/11/2007 - 07:03:18 | N | 94 Ko] - C:\install.res.3082.dll
[07/11/2007 - 07:03:18 | N | 78 Ko] - C:\install.res.1042.dll
[07/11/2007 - 07:03:18 | N | 94 Ko] - C:\install.res.1031.dll
[07/11/2007 - 07:03:18 | N | 89 Ko] - C:\install.res.1033.dll
[07/11/2007 - 07:03:18 | N | 95 Ko] - C:\install.res.1036.dll
[07/11/2007 - 07:03:18 | N | 93 Ko] - C:\install.res.1040.dll
[07/11/2007 - 07:03:18 | N | 80 Ko] - C:\install.res.1041.dll
[07/11/2007 - 07:03:18 | N | 75 Ko] - C:\install.res.1028.dll
[12/12/2013 - 13:48:31 | N | 1 Ko] - C:\.dir
[07/11/2007 - 07:09:22 | N | 1409 Ko] - C:\VC_RED.cab
[07/11/2007 - 07:00:40 | N | 6 Ko] - C:\vcredist.bmp
[30/11/2012 - 02:02:36 | SHD] - C:\$Recycle.Bin
[14/07/2009 - 04:20:08 | D] - C:\PerfLogs
[14/07/2009 - 06:08:56 | SHD] - C:\Documents and Settings
[30/11/2012 - 02:02:21 | SHD] - C:\Recovery
[30/11/2012 - 02:02:26 | D] - C:\Users
[30/11/2012 - 02:06:02 | D] - C:\Intel
[06/12/2012 - 17:09:00 | RHD] - C:\MSOCache
[24/03/2013 - 20:24:37 | D] - C:\FFOutput
[26/03/2013 - 12:58:05 | D] - C:\AMD
[14/10/2013 - 18:55:52 | D] - C:\AdwCleaner
[17/10/2013 - 10:22:04 | D] - C:\Autodesk
[25/10/2013 - 22:07:58 | D] - C:\xampp
[26/11/2013 - 14:14:42 | D] - C:\Games
[26/11/2013 - 14:16:36 | N | 0 Ko] - C:\END
[03/12/2013 - 11:50:56 | HD] - C:\ProgramData
[04/12/2013 - 10:28:26 | D] - C:\Program Files
[09/12/2013 - 18:57:56 | D] - C:\Program Files (x86)
[11/12/2013 - 22:55:04 | SHD] - C:\System Volume Information
[12/12/2013 - 13:35:30 | D] - C:\Windows
[12/12/2013 - 14:10:36 | D] - C:\UsbFix
[12/12/2013 - 14:06:01 | RASHD] - G:\Autorun.inf

################## | Vaccine |

G:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)

################## | E.O.F | https://www.usbfix.net/ - https://www.sosvirus.net/ |
0
Answer 16 / 35
Anonymous user
 
Re

Why unplug the F key?

You are taking the delete option with this key plugged in

@+

--------Security Contributor---------
We have all been beginners at something at some point.
But knowledge is the reward of diligence.
0
Answer 17 / 35
gregoire.mx Posted messages 26 Status Member
 
Yes, that's what I noticed. Actually, it's my camera; it ran out of battery and turned off by itself.
I'm recharging the battery and I'll start over.
0
Anonymous user
 
Yes, otherwise you'll infect your PC again.

See you later for this new deletion report.
0
Answer 18 / 35
gregoire.mx Posted messages 26 Status Member
 
after recharging the battery and reconnecting everything, here is this deletion report:

############################## | UsbFix V 7.153 | [Deletion]

User: user (Administrator) # USER-PC
Updated on 12/09/2013 by El Desaparecido - Team SosVirus
Started at 14:59:09 | 12/12/2013

Website: https://www.usbfix.net/
Forum: https://www.sosvirus.net/
Upload Malware: http://www.sosvirus.net/upload_malware.php
Contact: https://www.usb-antivirus.com/fr/contact/

PC: Gigabyte Technology Co., Ltd. (H61M-D2H-USB3)
CPU: Intel(R) Core(TM) i5-3450 CPU @ 3.10GHz
RAM -> [Total: 8175 | Free: 7255]
Bios: Award Software International, Inc.
Boot: Fail-safe boot

OS: Microsoft Windows 7 Home Basic Edition (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer: 11.0.9600.16476
WB: Google Chrome: 31.0.1650.63
WB: Mozilla Firefox: 25.0.1

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [Enabled | Updated]
AS: Windows Defender: 6.1.7600.16385 (win7_rtm.090713-1255)
AS: Malwarebytes' Anti-Malware: 1.75.0001
FW: Windows FireWall Service [(!) Disabled]

C:\ (%systemdrive%) -> Fixed disk # 1863 Go (1153 Go free - 62%) [] # NTFS
D:\ -> CD-ROM
E:\ -> CD-ROM
F:\ -> Removable disk # 2 Go (738 Mo free - 38%) [] # FAT
G:\ -> Removable disk # 4 Go (4 Go free - 99%) [greg] # NTFS

################## | Stopped Processes |

Stopped! C:\Windows\explorer.exe (ID: 936 |ParentID: 432)
Stopped! C:\Windows\system32\ctfmon.exe (ID: 1160 |ParentID: 936)
Stopped! C:\Windows\SYSTEM32\WISPTIS.EXE (ID: 580 |ParentID: 840)
Stopped! C:\Windows\SYSTEM32\WISPTIS.EXE (ID: 944 |ParentID: 840)

################## | Regedit Run |

04 - HKLM\SOFTWARE | Run: [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
04 - HKLM\SOFTWARE | Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
04 - HKLM\SOFTWARE | Run: [BCSSync] - "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
04 - HKLM\SOFTWARE | Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\SOFTWARE | Run: [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
04 - HKLM\SOFTWARE | Run: [AdobeCS6ServiceManager] - "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
04 - HKLM\SOFTWARE | Run: [D3DOverrider] - "C:\Users\user\Desktop\D3DOverrider\D3DOverriderWrapper.exe" /s
04 - HKLM\SOFTWARE | Run: [Adobe Creative Cloud] - "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
04 - HKLM\SOFTWARE | Run: [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\SOFTWARE | Run: [amd_dc_opt] - C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
04 - HKLM\SOFTWARE | Run: [20131121] - C:\Program Files\AVAST Software\Avast\setup\emupdate\51f64a97-8894-42ed-9e0a-f76e91cd79f6.exe /check
04 - HKLM\SOFTWARE | Run: [AvastUI.exe] - "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
04 - HKLM\SOFTWARE\wow6432Node | Run: [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
04 - HKLM\SOFTWARE\wow6432Node | Run: [BCSSync] - "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
04 - HKLM\SOFTWARE\wow6432Node | Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run: [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
04 - HKLM\SOFTWARE\wow6432Node | Run: [AdobeCS6ServiceManager] - "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
04 - HKLM\SOFTWARE\wow6432Node | Run: [D3DOverrider] - "C:\Users\user\Desktop\D3DOverrider\D3DOverriderWrapper.exe" /s
04 - HKLM\SOFTWARE\wow6432Node | Run: [Adobe Creative Cloud] - "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
04 - HKLM\SOFTWARE\wow6432Node | Run: [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run: [amd_dc_opt] - C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
04 - HKLM\SOFTWARE\wow6432Node | Run: [20131121] - C:\Program Files\AVAST Software\Avast\setup\emupdate\51f64a97-8894-42ed-9e0a-f76e91cd79f6.exe /check
04 - HKLM\SOFTWARE\wow6432Node | Run: [AvastUI.exe] - "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
04 - HKLM\SOFTWARE | RunOnce: [] -
04 - HKLM\SOFTWARE\wow6432Node | RunOnce: [] -
04 - HKU\S-1-5-19\SOFTWARE | Run: [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\SOFTWARE | Run: [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-2533516340-1630299862-2881606751-1000\SOFTWARE | Run: [Steam] - "C:\Program Files (x86)\Steam\steam.exe" -silent
04 - HKU\S-1-5-21-2533516340-1630299862-2881606751-1000\SOFTWARE | Run: [DAEMON Tools Lite] - "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
04 - HKU\S-1-5-21-2533516340-1630299862-2881606751-1000\SOFTWARE | Run: [Desura] - C:\Program Files (x86)\Desura\desura.exe -autostart
04 - HKU\S-1-5-21-2533516340-1630299862-2881606751-1000\SOFTWARE | Run: [Skype] - "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
04 - HKU\S-1-5-21-2533516340-1630299862-2881606751-1000\SOFTWARE | Run: [Gadwin PrintScreen] - C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
04 - HKU\S-1-5-21-2533516340-1630299862-2881606751-1000\SOFTWARE | Run: [AdobeBridge] -
04 - HKU\S-1-5-21-2533516340-1630299862-2881606751-1000\SOFTWARE | Run: [Google Update] - "C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe" /c
04 - HKU\S-1-5-21-2533516340-1630299862-2881606751-1000\SOFTWARE | Run: [MyTomTomSA.exe] - "C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe"
04 - HKU\S-1-5-21-2533516340-1630299862-2881606751-1000\SOFTWARE | Run: [OfficeSyncProcess] - "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
04 - HKU\S-1-5-21-2533516340-1630299862-2881606751-1000\SOFTWARE | Run: [Orange Installer] - "C:\Program Files (x86)\Orange\Orange Installer\OrangeInstaller.exe"
04 - HKU\S-1-5-21-2533516340-1630299862-2881606751-1000\SOFTWARE | Run: [OrangeInside] - C:\Users\user\AppData\Roaming\Orange\OrangeInside\one\OrangeInside.exe
04 - HKU\S-1-5-19\SOFTWARE | RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\SOFTWARE | RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe

################## | Generic Search |

Deleted! F:\.TemporaryItems.lnk
Deleted! F:\iTunesHelper.vbe

(!) Temporary files deleted.

################## | MD5 Comparison Reference |

Md5 : 2BCBCF86077A7E0F77BDB82F331F2957 -> F:\iTunesHelper.vbe

################## | MD5 Comparison |

-> No identical Md5 value found.

################## | Registry |

################## | Listing |

[07/11/2007 - 07:00:40 | N | 17 Ko] - C:\eula.1042.txt
[07/11/2007 - 07:00:40 | N | 17 Ko] - C:\eula.1031.txt
[07/11/2007 - 07:00:40 | N | 17 Ko] - C:\eula.1028.txt
[07/11/2007 - 07:00:40 | N | 17 Ko] - C:\eula.1036.txt
[07/11/2007 - 07:00:40 | N | 17 Ko] - C:\eula.1040.txt
[07/11/2007 - 07:00:40 | N | 0 Ko] - C:\eula.1041.txt
[07/11/2007 - 07:00:40 | N | 17 Ko] - C:\eula.2052.txt
[07/11/2007 - 07:00:40 | N | 17 Ko] - C:\eula.3082.txt
[07/11/2007 - 07:00:40 | N | 10 Ko] - C:\eula.1033.txt
[19/06/2013 - 10:13:03 | N | 24 Ko] - C:\AdwCleaner[R1].txt
[19/06/2013 - 10:13:49 | N | 24 Ko] - C:\AdwCleaner[S1].txt
[20/06/2013 - 09:28:13 | N | 1 Ko] - C:\AdwCleaner[R2].txt
[20/06/2013 - 12:19:38 | N | 1 Ko] - C:\AdwCleaner[R3].txt
[20/06/2013 - 12:20:20 | N | 1 Ko] - C:\AdwCleaner[R4].txt
[20/06/2013 - 12:20:33 | N | 1 Ko] - C:\AdwCleaner[S2].txt
[12/12/2013 - 12:45:03 | N | 12 Ko] - C:\UsbFix [Scan 1] USER-PC.txt
[12/12/2013 - 13:44:35 | N | 10 Ko] - C:\UsbFix [Scan 2] USER-PC.txt
[12/12/2013 - 14:06:02 | N | 9 Ko] - C:\UsbFix [Scan 3] USER-PC.txt
[12/12/2013 - 14:10:59 | N | 11 Ko] - C:\UsbFix [Clean 1] USER-PC.txt
[12/12/2013 - 14:58:46 | N | 8 Ko] - C:\UsbFix [Scan 4] USER-PC.txt
[12/12/2013 - 15:03:06 | A | 8 Ko] - C:\UsbFix [Clean 2] USER-PC.txt
[12/12/2013 - 14:41:37 | ASH | 6278584 Ko] - C:\hiberfil.sys
[12/12/2013 - 14:41:40 | ASH | 8371448 Ko] - C:\pagefile.sys
[07/11/2007 - 07:12:28 | N | 228 Ko] - C:\VC_RED.MSI
[11/12/2013 - 22:57:44 | D] - C:\Config.Msi
[29/11/2012 - 19:15:17 | N | 0 Ko] - C:\csb.log
[30/11/2012 - 02:07:28 | N | 0 Ko] - C:\Install.log
[30/11/2012 - 02:07:28 | N | 3 Ko] - C:\RHDSetup.log
[07/11/2007 - 07:00:40 | N | 1 Ko] - C:\globdata.ini
[07/11/2007 - 07:00:40 | N | 1 Ko] - C:\install.ini
[07/11/2007 - 07:03:18 | N | 75 Ko] - C:\install.res.1028.dll
[07/11/2007 - 07:03:18 | N | 94 Ko] - C:\install.res.3082.dll
[07/11/2007 - 07:03:18 | N | 89 Ko] - C:\install.res.1033.dll
[07/11/2007 - 07:03:18 | N | 95 Ko] - C:\install.res.1036.dll
[07/11/2007 - 07:03:18 | N | 93 Ko] - C:\install.res.1040.dll
[07/11/2007 - 07:03:18 | N | 80 Ko] - C:\install.res.1041.dll
[07/11/2007 - 07:03:18 | N | 78 Ko] - C:\install.res.1042.dll
[07/11/2007 - 07:03:18 | N | 74 Ko] - C:\install.res.2052.dll
[07/11/2007 - 07:03:18 | N | 94 Ko] - C:\install.res.1031.dll
[12/12/2013 - 14:14:43 | N | 1 Ko] - C:\.dir
[07/11/2007 - 07:09:22 | N | 1409 Ko] - C:\VC_RED.cab
[07/11/2007 - 07:00:40 | N | 6 Ko] - C:\vcredist.bmp
[30/11/2012 - 02:02:36 | SHD] - C:\$Recycle.Bin
[14/07/2009 - 04:20:08 | D] - C:\PerfLogs
[14/07/2009 - 06:08:56 | SHD] - C:\Documents and Settings
[30/11/2012 - 02:02:21 | SHD] - C:\Recovery
[30/11/2012 - 02:02:26 | D] - C:\Users
[30/11/2012 - 02:06:02 | D] - C:\Intel
[06/12/2012 - 17:09:00 | RHD] - C:\MSOCache
[24/03/2013 - 20:24:37 | D] - C:\FFOutput
[26/03/2013 - 12:58:05 | D] - C:\AMD
[14/10/2013 - 18:55:52 | D] - C:\AdwCleaner
[17/10/2013 - 10:22:04 | D] - C:\Autodesk
[25/10/2013 - 22:07:58 | D] - C:\xampp
[26/11/2013 - 14:14:42 | D] - C:\Games
[26/11/2013 - 14:16:36 | N | 0 Ko] - C:\END
[03/12/2013 - 11:50:56 | HD] - C:\ProgramData
[04/12/2013 - 10:28:26 | D] - C:\Program Files
[09/12/2013 - 18:57:56 | D] - C:\Program Files (x86)
[11/12/2013 - 22:55:04 | SHD] - C:\System Volume Information
[12/12/2013 - 13:35:30 | D] - C:\Windows
[12/12/2013 - 14:59:11 | D] - C:\UsbFix
[03/01/2009 - 18:59:26 | N | 4 Ko] - F:\._.Trashes
[03/01/2009 - 18:59:26 | SHD] - F:\.Trashes
[17/01/2009 - 12:25:48 | N | 4 Ko] - F:\._.TemporaryItems
[17/01/2009 - 12:25:48 | D] - F:\.TemporaryItems
[12/12/2013 - 14:58:48 | RASHD] - F:\Autorun.inf
[01/01/2008 - 00:00:00 | D] - F:\DCIM
[01/01/2008 - 00:00:00 | D] - F:\FRAME
[12/12/2013 - 14:58:46 | RASHD] - G:\Autorun.inf

################## | Vaccine |

F:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
G:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)

################## | E.O.F | https://www.usbfix.net/ - https://www.sosvirus.net/ |
0
Answer 19 / 35
Anonymous user
 
Re

Download Malwaresbytes anti malware here
https://www.malwarebytes.com/

* Install it (make sure to choose "French"; do not change the installation settings) and update it.

* Review the tutorial to get familiar with the program:

https://forum.pcastuces.com/sujet.asp?f=31&s=3

(that said, it is very easy to use).

Restart Malwaresbytes by carefully following these instructions:

! Disconnect and close all running applications!

* Launch Malwarebyte's. Under Vista, Seven or Windows 8 (right-click and select "run as administrator")

*Proceed with an update

*Perform a "Quick" scan

--> Let the program run (and do not use the PC for anything else during the scan).
--> At the end, click on "Show results" .
--> Make sure all infected items are checked, then click on "remove selected" .

Note: if your PC needs to restart to complete the cleanup, do it!

Post the saved report after removing the infected items (in the "report/log" tab of Malwaresbytes, the most recent one)

@+

--
--------Security Contributor---------
We have all been beginners at something at some point.
But knowledge is the reward of diligence.
0
Answer 20 / 35
gregoire.mx Posted messages 26 Status Member
 
Do you think I’m done with these damn viruses?
0
  • 1
  • 2