Scribd Logo
Upload

Welcome to Scribd!

  • UsbFix Report

    Uploaded by

    shawonscribd
    6 views4 pages

    Original Title

    UsbFix_Report.txt

    Copyright

    © © All Rights Reserved

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    6 views4 pages

    UsbFix Report

    Uploaded by

    shawonscribd

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 4

    [b]############################## | UsbFix V 7.

    178 | [Clean][/b]

    User: Agent 47 (Administrator) # HOME-PC


    Updated 08/08/2014 by El Desaparecido - SosVirus
    Started at 22:10:08 | 08/08/2016

    Website : [url=http://www.en.usbfix.net/]http://www.en.usbfix.net/[/url]
    Changelog :
    [url=http://www.en.usbfix.net/changelog/]http://www.en.usbfix.net/changelog/[/url]
    Support : [url=http://www.sosvirus.net/]http://www.sosvirus.net/[/url]
    Upload Malware :
    [url=http://www.sosvirus.net/upload_malware.php]http://www.sosvirus.net/upload_malw
    are.php[/url]
    Contact : [url=http://www.en.usbfix.net/contact/]http://www.en.usbfix.net/contact/
    [/url]

    [b]################## | System information |[/b]

    MB: Intel Corporation (DP45SG)


    CPU: Intel(R) Core(TM)2 Quad CPU Q8200 @ 2.33GHz
    GC: NVIDIA GeForce 210
    RAM -> [Total : 4085 Mo | Free : 2492 Mo]
    Bios: Intel Corp.
    Boot: Normal boot

    OS: Microsoft� Windows 8.1 Pro with Media Center (6.3.9600 64-Bit)
    WB: Internet Explorer : 11.00.9600.16384

    [b]################## | Security Information |[/b]

    AV: Webroot SecureAnywhere [[b](!) Disabled[/b] |Updated]


    AV: Windows Defender [[b](!) Disabled[/b] |Updated]
    AS: Webroot SecureAnywhere [[b](!) Disabled[/b] |Updated]
    AS: Windows Defender [[b](!) Disabled[/b] |Updated]
    FW: Windows Firewall [Enabled]
    SC: Security Center [Enabled]
    WU: Windows Update [Enabled]

    [b]################## | Disk Information |[/b]

    C:\ (%SystemDrive%) -> Fixed disk # 45 Gb (11 Gb free - 25%) [] # NTFS


    D:\ -> Fixed disk # 39 Gb (15 Gb free - 37%) [] # NTFS
    E:\ -> Fixed disk # 25 Gb (4 Gb free - 16%) [SOFTWARE] # NTFS
    F:\ -> Fixed disk # 25 Gb (2 Gb free - 9%) [AUDIO SONGS] # FAT32
    G:\ -> Fixed disk # 26 Gb (2 Gb free - 6%) [VIDEO SONGS] # FAT32
    H:\ -> Fixed disk # 26 Gb (2 Gb free - 9%) [STUDY] # FAT32
    I:\ -> Fixed disk # 39 Gb (21 Gb free - 55%) [] # NTFS
    J:\ -> Fixed disk # 59 Gb (38 Gb free - 65%) [] # NTFS
    K:\ -> Fixed disk # 50 Gb (30 Gb free - 60%) [] # NTFS
    M:\ -> Removable disk # 7 Gb (6 Gb free - 85%) [3p51L0n] # NTFS
    N:\ -> CD-ROM # 0 Mb (0 Mb free - 0%) [qubee_rndis_2_23] # CDFS

    [b]################## | Autorun |[/b]

    [b]################## | Generic Research |[/b]

    Deleted! C:\ProgramData\msqvermbo.exe
    Deleted! M:\3p51L0n (8GB).lnk
    Deleted! M:\System Volume Information.lnk
    Deleted! M:\�.lnk
    Deleted! C:\Windows\Tasks\update-sys.job
    Deleted! C:\Windows\Tasks\update-S-1-5-21-1105479315-3624122547-2426957860-1001.job

    (!) Temporary files deleted. (572.302536964417 MB)

    [b]################## | Registry |[/b]

    Not Repaired ! HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows|load


    (C:\ProgramData\msqvermbo.exe)
    Deleted! HKCU\Software\Hola
    Deleted! [x64] HKLM\Software\Hola
    Deleted! HKU\.DEFAULT\Software\Hola

    [b]################## | Regedit Run |[/b]

    F2 - HKLM\..\Winlogon : [Shell] explorer.exe


    F2 - [x64] HKLM\..\Winlogon : [Shell] explorer.exe
    F2 - HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe,
    F2 - [x64] HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe,
    F3 - HKCU\..\Windows : [Load] C:\ProgramData\msqvermbo.exe
    04 - HKCU\..\Run : [IDMan] C:\Program Files (x86)\Internet Download
    Manager\IDMan.exe /onboot
    04 - HKCU\..\Run : [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe"
    /MONITOR
    04 - HKCU\..\Run : [Autodesk Sync] C:\Program Files\Autodesk\Autodesk
    Sync\AdSync.exe
    04 - HKCU\..\Run : [OfficeSyncProcess] "E:\Program Files (x86)\Microsoft
    Office\Office14\MSOSYNC.EXE"
    04 - HKCU\..\Run : [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe"
    /minimized /regrun
    04 - HKCU\..\Run : [Upwork] C:\Program Files (x86)\Upwork\upwork.exe
    04 - HKCU\..\Run : [{2513E1FD-3F02-4D5D-B425-3A53B85C8605}]
    C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe -noprofile -windowstyle
    hidden -executionpolicy bypass iex
    ([Text.Encoding]::ASCII.GetString([Convert]::FromBase64String((gp
    'HKCU:\Software\Classes\LWHGH').YVDDRBKVZJV)));
    04 - HKLM\..\Run : [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul
    04 - HKLM\..\Run : [MiWiFi] C:\Program Files (x86)\XiaoMi\MiWiFi\MiWiFiMonitor.exe
    04 - HKLM\..\Run : [Lightshot] C:\Program Files
    (x86)\Skillbrains\lightshot\Lightshot.exe
    04 - HKLM\..\Run : [Bonus.SSR.FR12] "C:\Program Files (x86)\ABBYY FineReader
    12\Bonus.ScreenshotReader.exe" /autorun
    04 - [x64] HKLM\..\Run : [hola] C:\Program Files\Hola\app\hola.exe --silent
    04 - HKU\S-1-5-21-1105479315-3624122547-2426957860-1001\..\Run : [IDMan] C:\Program
    Files (x86)\Internet Download Manager\IDMan.exe /onboot
    04 - HKU\S-1-5-21-1105479315-3624122547-2426957860-1001\..\Run : [CCleaner
    Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
    04 - HKU\S-1-5-21-1105479315-3624122547-2426957860-1001\..\Run : [Autodesk Sync]
    C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
    04 - HKU\S-1-5-21-1105479315-3624122547-2426957860-1001\..\Run :
    [OfficeSyncProcess] "E:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
    04 - HKU\S-1-5-21-1105479315-3624122547-2426957860-1001\..\Run : [Skype]
    "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    04 - HKU\S-1-5-21-1105479315-3624122547-2426957860-1001\..\Run : [Upwork]
    C:\Program Files (x86)\Upwork\upwork.exe
    04 - HKU\S-1-5-21-1105479315-3624122547-2426957860-1001\..\Run : [{2513E1FD-3F02-
    4D5D-B425-3A53B85C8605}] C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
    -noprofile -windowstyle hidden -executionpolicy bypass iex
    ([Text.Encoding]::ASCII.GetString([Convert]::FromBase64String((gp
    'HKCU:\Software\Classes\LWHGH').YVDDRBKVZJV)));
    04 - HKU\S-1-5-18\..\Run : [Autodesk Sync] C:\Program Files\Autodesk\Autodesk
    Sync\AdSync.exe

    [b]################## | UsbFix - Information |[/b]

    Info : [url=https://www.youtube.com/watch?v=vUZYYASd7FE]How to remove shortcut


    virus on flash disk (Video)[/url]
    Info : [url=http://www.en.usbfix.net/2014/03/remove-shortcut-virus-usb/]Shortcut
    virus on flash disk, What is it ?[/url]

    [b]################## | Hijack |[/b]

    Restored! [D] M:\�

    [b]################## | C:\ %SystemDrive% - Fixed drive (NTFS) |[/b]

    [b]################## | D:\ - Fixed drive (NTFS) |[/b]

    [b]################## | E:\ - Fixed drive (NTFS) |[/b]

    [b]################## | F:\ - Fixed drive (FAT32) |[/b]

    [b]################## | G:\ - Fixed drive (FAT32) |[/b]

    [b]################## | H:\ - Fixed drive (FAT32) |[/b]

    [b]################## | I:\ - Fixed drive (NTFS) |[/b]

    [b]################## | J:\ - Fixed drive (NTFS) |[/b]

    [b]################## | K:\ - Fixed drive (NTFS) |[/b]

    [b]################## | M:\ - Removable drive (NTFS) |[/b]

    [b]################## | Vaccin |[/b]

    C:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)


    D:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
    E:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
    F:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
    G:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
    H:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
    I:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
    J:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
    K:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
    M:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
    [b]################## | E.O.F |
    [url=http://www.sosvirus.net/]http://www.sosvirus.net/[/url] |
    [url=http://www.en.usbfix.net/]http://www.en.usbfix.net/[/url] |[/b]

    You might also like