[b]############################## | UsbFix V 7.181 | [Clean][/b]

User: bonapart (Administrator) # AAA
Updated 31/08/2014 by El Desaparecido - SosVirus
Started at 17:37:20 | 09/04/2015

Website : [url=http://www.en.usbfix.net/]http://www.en.usbfix.net/[/url]
Changelog : [url=http://www.en.usbfix.net/changelog/]http://www.en.usbfix.net/changelog/[/url]
Support : [url=http://www.sosvirus.net/]http://www.sosvirus.net/[/url]
Upload Malware : [url=http://www.sosvirus.net/upload_malware.php]http://www.sosvirus.net/upload_malware.php[/url]
Contact : [url=http://www.en.usbfix.net/contact/]http://www.en.usbfix.net/contact/[/url]

[b]################## | System information |[/b]

CPU:               Intel(R) Pentium(R) 4 CPU 2.40GHz
RAM -> [Total : 1791 Mo | Free : 735 Mo]
Boot: Normal boot

OS: Microsoft Windows XP (5.1.2600 32-Bit) Service Pack 3
WB: Internet Explorer : 8.00.6001.18702
WB: Google Chrome : 41.0.2272.118

[b]################## | Security Information |[/b]

FW: Windows Firewall [Enabled]
SC: Security Center [Enabled]
WU: Windows Update [Enabled]

[b]################## | Disk Information |[/b]

C:\ (%SystemDrive%) -> Fixed disk # 37 Gb (1 Gb free - 4%) [] # NTFS
E:\ -> Removable disk # 4 Gb (2 Gb free - 43%) [HP V165W] # FAT32

[b]################## | Generic Research |[/b]

Deleted! C:\Documents and Settings\bonapart\Data aplikac\svchostc.vbe
Deleted! C:\Documents and Settings\bonapart\Nabdka Start\Programy\Po sputn\svchostc.vbe
Deleted! E:\svchostc.vbe
Deleted! E:\.lnk
Deleted! E:\Univerzita-pro-pierky-CZ-dabing-(2013)-NOVINKA.lnk
Deleted! E:\Lovci-pokladu-(2004)-dvdrip-xvid-CZ.lnk
Deleted! E:\System Volume Information.lnk
Deleted! E:\Recycled.lnk
Deleted! E:\Autorun.inf.lnk
Deleted! C:\WINDOWS\regedit.com
Deleted! C:\WINDOWS\rundl132.exe
Deleted! C:\Documents and Settings\bonapart\Plocha\sd karta\svchostc.vbe
Deleted! C:\Program Files\IObit Driver Booster Pro\IObit Driver Booster Pro\svchostc.vbe

(!) Temporary files deleted. (1207.72721862793 MB)

[b]################## | Registry |[/b]

Deleted! HKLM\Software\svchostc
Deleted! HKU\S-1-5-21-1757981266-1957994488-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Run|svchostc
Deleted! HKLM\Software\Microsoft\Windows\CurrentVersion\Run|svchostc

[b]################## | Regedit Run |[/b]

F2 - HKLM\..\Winlogon : [Shell] Explorer.exe
F2 - HKLM\..\Winlogon : [Userinit] C:\WINDOWS\system32\userinit.exe,
04 - HKCU\..\Run : [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
04 - HKLM\..\Run : [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
04 - HKLM\..\Run : [nwiz] nwiz.exe /install
04 - HKLM\..\Run : [AudioDeck] C:\Program Files\VIA Technologies, Inc\Audio Deck\ADeck.exe
04 - HKLM\..\Run : [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
04 - HKLM\..\Run : [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
04 - HKLM\..\Run : [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
04 - HKLM\..\Run : [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
04 - HKLM\..\Run : [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
04 - HKU\S-1-5-19\..\Run : [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
04 - HKU\S-1-5-20\..\Run : [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
04 - HKU\S-1-5-21-1757981266-1957994488-854245398-1003\..\Run : [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
04 - HKU\S-1-5-18\..\Run : [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
04 - HKU\S-1-5-18\..\Run : [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog

[b]################## | UsbFix - Information |[/b]

UsbFix has detected on your computer, an infection which a Keylogger function.
After cleaning with UsbFix, please modify all your passwords.
If you made purchases on Internet,
please contact your bank to enviseager an opposition on your bank card.Info : [url=https://www.youtube.com/watch?v=vUZYYASd7FE]How to remove shortcut virus on flash disk (Video)[/url]
Info : [url=http://www.en.usbfix.net/2014/03/remove-shortcut-virus-usb/]Shortcut virus on flash disk, What is it ?[/url]

[b]################## | Hijack |[/b]

Restored! [N] E:\.cm0013
Restored! [N] E:\Univerzita-pro-pierky-CZ-dabing-(2013)-NOVINKA.avi
Restored! [N] E:\Lovci-pokladu-(2004)-dvdrip-xvid-CZ.avi
Restored! [D] E:\Recycled

[b]################## | C:\ %SystemDrive% - Fixed drive (NTFS) |[/b]

[25/09/2010 - 15:19:46 | A | 0 Ko] - C:\CONFIG.SYS
[25/09/2010 - 15:19:46 | RASH | 0 Ko] - C:\MSDOS.SYS
[25/09/2010 - 15:19:46 | RASH | 0 Ko] - C:\IO.SYS
[09/04/2015 - 10:05:41 | ASH | 2095104 Ko] - C:\pagefile.sys
[09/04/2015 - 10:05:42 | ASH | 1834552 Ko] - C:\hiberfil.sys
[09/04/2015 - 11:19:27 | A | 0 Ko] - C:\DebugTraceNormal.log
[09/04/2015 - 12:55:56 | A | 1 Ko] - C:\winzip.log
[25/09/2010 - 15:14:26 | SH | 0 Ko] - [[url=https://www.virustotal.com/file/69c6eaa43ec6b89a61e0c6294be8ea88447efa011b3d266de9213e45336d6118/analysis/1428452128/]VirusTotal[/url] - (0/57)] - C:\boot.ini
[22/09/2013 - 15:25:42 | A | 17 Ko] - [[url=https://www.virustotal.com/file/18479a0a722d7346505ac27b20a8c4ea6ac8b087010a6ed02aeb5833c9d9e7ff/analysis/1425366387/]VirusTotal[/url] - (0/57)] - C:\psapi.dll
[03/08/2004 - 22:38:34 | N | 46 Ko] - [[url=https://www.virustotal.com/file/8f7186a71684dd114e89cc908ed9400192bc3a47fb288cce4c5c27d0f5d3afa4/analysis/1427364238/]VirusTotal[/url] - (0/57)] - C:\NTDETECT.COM
[25/10/2001 - 16:00:00 | N | 5 Ko] - C:\Bootfont.bin
[08/04/2015 - 18:27:07 | A | 1 Ko] - C:\PhysicalMBR.bin
[26/09/2010 - 14:38:34 | RASH | 245 Ko] - C:\ntldr
[26/09/2010 - 16:04:18 | D] - C:\5e380d908e59896040071e62fea57f
[30/09/2010 - 14:15:33 | D] - C:\TRANSLAT
[12/10/2010 - 16:32:17 | D] - C:\sdc203
[23/05/2011 - 14:33:50 | D] - C:\Program FilesFormatFactory
[09/08/2011 - 12:56:47 | D] - C:\CanoScan
[09/10/2012 - 17:58:13 | D] - C:\Documents and Settings
[09/10/2012 - 17:59:20 | SHD] - C:\RECYCLER
[10/07/2013 - 15:43:32 | D] - C:\4273a3bbcf413d4954d6d2
[19/09/2013 - 14:59:14 | D] - C:\ATI
[19/09/2013 - 16:00:10 | D] - C:\94ac1599f166b9182b243c7bbb
[31/10/2013 - 17:18:19 | SHD] - C:\System Volume Information
[24/01/2014 - 15:25:53 | D] - C:\Temp
[14/08/2014 - 12:59:53 | D] - C:\9cb2b6ff0a3f81a78e80e11224
[01/12/2014 - 15:22:29 | D] - C:\torent
[08/04/2015 - 12:36:09 | D] - C:\Program Files
[09/04/2015 - 17:18:59 | D] - C:\UsbFix
[09/04/2015 - 17:34:37 | D] - C:\QUARANTINE
[09/04/2015 - 17:39:06 | D] - C:\WINDOWS

[b]################## | E:\ - Removable drive (FAT32) |[/b]

[01/01/1980 - 00:00:00 | N | 0 Ko] - E:\.cm0013
[04/08/2013 - 21:34:40 | N | 825733 Ko] - E:\Univerzita-pro-pierky-CZ-dabing-(2013)-NOVINKA.avi
[11/03/2015 - 14:45:16 | N | 1434212 Ko] - E:\Lovci-pokladu-(2004)-dvdrip-xvid-CZ.avi
[22/02/2015 - 17:53:56 | SHD] - E:\System Volume Information
[09/04/2015 - 16:41:48 | D] - E:\Recycled

[b]################## | Vaccin |[/b]

C:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
E:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)

[b]################## | E.O.F | [url=http://www.sosvirus.net/]http://www.sosvirus.net/[/url] | [url=http://www.en.usbfix.net/]http://www.en.usbfix.net/[/url] |[/b]
