Scribd
Upload
110 views

UsbFix Report

This document is a system report from UsbFix V8.174 malware removal software. It summarizes the system configuration, installed software, startup programs and detects various issues. The system scanned has multiple suspicious or unwanted programs in the startup, including zpmwoautpp.vbscript, and shortcuts placed on removable drives by malware. The report provides links to online resources about removing shortcut virus and technical support.

Uploaded by

Gamma
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
110 views

UsbFix Report

This document is a system report from UsbFix V8.174 malware removal software. It summarizes the system configuration, installed software, startup programs and detects various issues. The system scanned has multiple suspicious or unwanted programs in the startup, including zpmwoautpp.vbscript, and shortcuts placed on removable drives by malware. The report provides links to online resources about removing shortcut virus and technical support.

Uploaded by

Gamma
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 3

[b]############################## | UsbFix V 8.

174 | [Research][/b]
User: Administrator (Administrator) # ADMIN-PC
Updated 26/12/2015 by SosVirus
Started at 00:40:25 | 28/12/2015
Website : [url=http://www.en.usbfix.net/]http://www.en.usbfix.net/[/url]
Tutorial : [url=http://www.pt.usbfix.net/2014/03/tutorial-do-usbfix-scan/]http:/
/www.pt.usbfix.net/2014/03/tutorial-do-usbfix-scan/[/url]
Support : [url=http://www.sos-virus.net/]http://www.sos-virus.net/[/url]
Live detection : [url=http://how-to-remove.us/]http://how-to-remove.us/[/url]
Contact : [url=http://www.en.usbfix.net/contact/]http://www.en.usbfix.net/contac
t/[/url]
[b]################## | System information |[/b]
MB: ASUSTeK Computer INC. (P5KPL-AM IN)
CPU: Pentium(R) Dual-Core CPU
E5400 @ 2.70GHz
GC: Intel(R) G33/G31 Express Chipset Family
RAM -> [Total : 2038 Mo | Free : 1060 Mo]
Bios: American Megatrends Inc.
Boot: Normal boot
OS:
WB:
WB:
WB:

Microsoft Windows 7 Ultimate (6.1.7601 32-Bit) Service Pack 1


Internet Explorer : 11.00.9600.16428
Google Chrome : 47.0.2526.106
Mozilla Firefox : 38.0.1

[b]################## | Security Information |[/b]


AV:
AS:
AS:
FW:
SC:
WU:

AVG AntiVirus Free Edition 2015 [Enabled |Updated]


AVG AntiVirus Free Edition 2015 [Enabled |Updated]
Malwarebytes Anti-Malware : 2.2.0.1024
Windows Firewall [Enabled]
Security Center [Enabled]
Windows Update [Enabled]

[b]################## | Disk Information |[/b]


C:\
D:\
E:\
G:\

(%SystemDrive%)
-> Fixed disk #
-> Fixed disk #
-> Fixed disk #

-> Fixed disk # 98 Gb (871 Mb free - 1%) [] # NTFS


195 Gb (260 Mb free - 0%) [] # NTFS
173 Gb (54 Gb free - 32%) [] # NTFS
931 Gb (527 Gb free - 57%) [My Passport] # NTFS

[b]################## | Startup |[/b]


F2 - HKLM\..\Winlogon : [Shell] Explorer.exe
F2 - HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe,
04 - HKCU\..\Run : [zpmwoautpp] wscript.exe //B "C:\Users\ADMINI~1\AppData\Local
\Temp\zpmwoautpp..vbs"
04 - HKCU\..\Run : [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe
/onboot
04 - HKCU\..\Run : [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe
" /MONITOR
04 - HKCU\..\Run : [Spotify Web Helper] "C:\Users\Administrator\AppData\Roaming\
Spotify\SpotifyWebHelper.exe"
04 - HKCU\..\Run : [uTorrent] "C:\Users\Administrator\AppData\Roaming\uTorrent\u
Torrent.exe" /MINIMIZED
04 - HKCU\..\Run : [GoogleChromeAutoLaunch_361C1DD22E1256C6B68316A32E8B1949] "C:
\Program Files\Google\Chrome\Application\chrome.exe" --no-startup-window

04 - HKCU\..\RunOnce : [Application Restart #2] C:\Program Files\Google\Chrome\A


pplication\chrome.exe --flag-switches-begin --enable-npapi --flag-switches-end
--restore-last-session http://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_camp
aign=eXQ&utm_content=sc&from=cor&uid=ST3500514NS_9WJ1593RXXXX9WJ1593R&ts=1379431
913
04 - HKCU\..\RunOnce : [Application Restart #1] C:\Program Files\Google\Chrome\A
pplication\chrome.exe --flag-switches-begin --enable-npapi --flag-switches-end
--restore-last-session http://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_camp
aign=eXQ&utm_content=sc&from=cor&uid=ST3500514NS_9WJ1593RXXXX9WJ1593R&ts=1379431
913
04 - HKLM\..\Run : [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe -r
04 - HKLM\..\Run : [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\G
rooveMonitor.exe"
04 - HKLM\..\Run : [zpmwoautpp] wscript.exe //B "C:\Users\ADMINI~1\AppData\Local
\Temp\zpmwoautpp..vbs"
04 - HKLM\..\Run : [AVG_UI] "C:\Program Files\AVG\AVG2015\avgui.exe" /TRAYONLY
04 - HKLM\..\Run : [IgfxTray] C:\Windows\system32\igfxtray.exe
04 - HKLM\..\Run : [HotKeysCmds] C:\Windows\system32\hkcmd.exe
04 - HKLM\..\Run : [Persistence] C:\Windows\system32\igfxpers.exe
04 - HKLM\..\Run : [AvgUi] "C:\Program Files\AVG\Framework\Common\avguix.exe" /f
mw.trayonly
04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe
/autoRun
04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe
/autoRun
04 - HKU\S-1-5-21-1874774099-2506090785-1779561781-1000\..\Run : [BgMonitor_{796
62E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMB
gMonitor.exe"
04 - HKU\S-1-5-21-1874774099-2506090785-1779561781-1000\..\Run : [Sidebar] C:\Pr
ogram Files\Windows Sidebar\sidebar.exe /autoRun
04 - HKU\S-1-5-21-1874774099-2506090785-1779561781-1000\..\Run : [googletalk] C:
\Users\admin\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
04 - HKU\S-1-5-21-1874774099-2506090785-1779561781-1000\..\Run : [Google Update]
"C:\Users\admin\AppData\Local\Google\Update\GoogleUpdate.exe" /c
04 - HKU\S-1-5-21-1874774099-2506090785-1779561781-1000\..\Run : [iCloudServices
] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
04 - HKU\S-1-5-21-1874774099-2506090785-1779561781-1000\..\Run : [ApplePhotoStre
ams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
04 - HKU\S-1-5-21-1874774099-2506090785-1779561781-1000\..\Run : [com.apple.dav.
bookmarks.daemon] C:\Program Files\Common Files\Apple\Internet Services\Bookmark
DAV_client.exe
04 - HKU\S-1-5-21-1874774099-2506090785-1779561781-1000\..\Run : [uTorrent] "C:\
Users\admin\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
04 - HKU\S-1-5-21-1874774099-2506090785-1779561781-1000\..\Run : [Facebook Updat
e] "C:\Users\admin\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrash
server
04 - HKU\S-1-5-21-1874774099-2506090785-1779561781-1000\..\Run : [Sony PC Compan
ion] "C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe" /Background
04 - HKU\S-1-5-21-1874774099-2506090785-1779561781-1001\..\Run : [Sony PC Compan
ion] "C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe" /Background
04 - HKU\S-1-5-21-1874774099-2506090785-1779561781-1002\..\Run : [zpmwoautpp] ws
cript.exe //B "C:\Users\Savita\AppData\Local\Temp\zpmwoautpp..vbs"
04 - HKU\S-1-5-21-1874774099-2506090785-1779561781-500\..\Run : [zpmwoautpp] wsc
ript.exe //B "C:\Users\ADMINI~1\AppData\Local\Temp\zpmwoautpp..vbs"
04 - HKU\S-1-5-21-1874774099-2506090785-1779561781-500\..\Run : [IDMan] C:\Progr
am Files\Internet Download Manager\IDMan.exe /onboot
04 - HKU\S-1-5-21-1874774099-2506090785-1779561781-500\..\Run : [CCleaner Monito
ring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
04 - HKU\S-1-5-21-1874774099-2506090785-1779561781-500\..\Run : [Spotify Web Hel
per] "C:\Users\Administrator\AppData\Roaming\Spotify\SpotifyWebHelper.exe"

04 - HKU\S-1-5-21-1874774099-2506090785-1779561781-500\..\Run : [uTorrent] "C:\U


sers\Administrator\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
04 - HKU\S-1-5-21-1874774099-2506090785-1779561781-500\..\Run : [GoogleChromeAut
oLaunch_361C1DD22E1256C6B68316A32E8B1949] "C:\Program Files\Google\Chrome\Applic
ation\chrome.exe" --no-startup-window
04 - HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-21-1874774099-2506090785-1779561781-500\..\RunOnce : [Application
Restart #2] C:\Program Files\Google\Chrome\Application\chrome.exe --flag-switc
hes-begin --enable-npapi --flag-switches-end --restore-last-session http://www.q
vo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=sc&from=cor&ui
d=ST3500514NS_9WJ1593RXXXX9WJ1593R&ts=1379431913
04 - HKU\S-1-5-21-1874774099-2506090785-1779561781-500\..\RunOnce : [Application
Restart #1] C:\Program Files\Google\Chrome\Application\chrome.exe --flag-switc
hes-begin --enable-npapi --flag-switches-end --restore-last-session http://www.q
vo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=sc&from=cor&ui
d=ST3500514NS_9WJ1593RXXXX9WJ1593R&ts=1379431913
04 - HKU\S-1-5-18\..\RunOnce : [SPReview] "C:\Windows\System32\SPReview\SPReview
.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:
7601
[b]################## | Generic Research |[/b]
Found! G:\Nero StartSmart.lnk
Found! C:\RECYCLER\X-1-5-21-1960408961-725345543-839522115-1003
Found! G:\falschyng
Found! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|zpmwoautpp
Found! HKU\S-1-5-21-1874774099-2506090785-1779561781-1002\Software\Microsoft\Win
dows\CurrentVersion\Run|zpmwoautpp
Found! HKU\S-1-5-21-1874774099-2506090785-1779561781-500\Software\Microsoft\Wind
ows\CurrentVersion\Run|zpmwoautpp
Found! HKLM\Software\Microsoft\Windows\CurrentVersion\Run|zpmwoautpp
[b]################## | UsbFix - Information |[/b]
Info : [url=https://www.youtube.com/watch?v=vUZYYASd7FE]How to remove shortcut v
irus on flash disk (Video)[/url]
Info : [url=http://www.en.usbfix.net/2014/03/remove-shortcut-virus-usb/]Shortcut
virus on flash disk, What is it ?[/url]
Live detection : [url=http://how-to-remove.us/]http://how-to-remove.us/[/url]
[b]Analysed in 8.323 seconds[/b]
[b]################## | E.O.F | [url=http://www.sosvirus.net/]http://www.sosviru
s.net/[/url] | [url=http://www.en.usbfix.net/]http://www.en.usbfix.net/[/url] |[
/b]

You might also like