############################## | UsbFix V 7.167 | [Research] User: Kuba (Administrator) # KUBA-KOMPUTER Updated 13/03/2014 by El Desaparecido - Team SosVirus Started at 19:12:23 | 15/03/2014 Website : http://www.en.usbfix.net/ Changelog : http://www.en.usbfix.net/changelog/ Support : http://en.kioskea.net/forum/viruses-security-7 Upload Malware : http://www.sosvirus.net/upload_malware.php Contact : http://www.en.usbfix.net/contact/ PC: SAMSUNG ELECTRONICS CO., LTD. (RF511/RF411/RF711) CPU: Intel(R) Core(TM) i5-2410M CPU @ 2.30GHz RAM -> [Total : 8104 Mo| Free : 5957 Mo] Bios: American Megatrends Inc. Boot: Normal boot OS: Microsoft Windows 7 Home Premium (6.1.7601 64-Bit) Service Pack 1 WB: Windows Internet Explorer : 11.0.9600.16521 WB: Mozilla Firefox : 14.0.1 SC: Security Center [Enabled] WU: Windows Update [Enabled] AV: McAfee Anti-Virus i Anti-Spyware [Enabled | Updated] AS: McAfee Anti-Virus i Anti-Spyware [Enabled | Updated] AS: Windows Defender [(!) Disabled | Updated] FW: McAfee Firewall [Enabled] FW: Windows FireWall [Enabled] C:\ (%systemdrive%) -> Fixed drive # 230 Gb (12 Mb free - 5%) [] # NTFS D:\ -> Fixed drive # 344 Gb (239 Mb free - 69%) [] # NTFS E:\ -> CD-ROM G:\ -> Removable drive # 4 Gb (4 Mb free - 100%) [] # exFAT ################## | Active Processes | C:\windows\system32\csrss.exe (ID: 428 |ParentID: 376) C:\windows\system32\wininit.exe (ID: 536 |ParentID: 376) C:\windows\system32\csrss.exe (ID: 556 |ParentID: 544) C:\windows\system32\services.exe (ID: 600 |ParentID: 536) C:\windows\system32\lsass.exe (ID: 616 |ParentID: 536) C:\windows\system32\lsm.exe (ID: 624 |ParentID: 536) C:\windows\system32\svchost.exe (ID: 740 |ParentID: 600) C:\windows\system32\winlogon.exe (ID: 848 |ParentID: 544) C:\windows\system32\nvvsvc.exe (ID: 1000 |ParentID: 600) C:\windows\system32\svchost.exe (ID: 256 |ParentID: 600) C:\windows\System32\svchost.exe (ID: 476 |ParentID: 600) C:\windows\System32\svchost.exe (ID: 676 |ParentID: 600) C:\windows\system32\svchost.exe (ID: 548 |ParentID: 600) C:\windows\system32\svchost.exe (ID: 836 |ParentID: 600) C:\windows\system32\svchost.exe (ID: 1132 |ParentID: 600) C:\windows\system32\WLANExt.exe (ID: 1240 |ParentID: 676) C:\windows\system32\conhost.exe (ID: 1248 |ParentID: 428) C:\windows\System32\spoolsv.exe (ID: 1408 |ParentID: 600) C:\windows\system32\svchost.exe (ID: 1516 |ParentID: 600) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (ID: 1688 |ParentID: 600) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (ID: 1720 |ParentID: 600) C:\windows\system32\svchost.exe (ID: 1764 |ParentID: 600) C:\windows\SysWOW64\svchost.exe (ID: 1804 |ParentID: 600) C:\windows\system32\mfevtps.exe (ID: 1948 |ParentID: 600) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (ID: 1984 |ParentID: 600) C:\windows\system32\rundll32.exe (ID: 1628 |ParentID: 1836) C:\windows\system32\rundll32.exe (ID: 680 |ParentID: 1836) C:\windows\SysWOW64\rundll32.exe (ID: 1776 |ParentID: 1628) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe (ID: 2136 |ParentID: 600) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (ID: 2180 |ParentID: 600) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (ID: 2412 |ParentID: 1000) C:\windows\system32\nvvsvc.exe (ID: 2424 |ParentID: 1000) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (ID: 2820 |ParentID: 600) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (ID: 2868 |ParentID: 600) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (ID: 2916 |ParentID: 600) C:\Program Files\McAfee\MSC\McAPExe.exe (ID: 2996 |ParentID: 600) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe (ID: 3016 |ParentID: 600) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (ID: 2000 |ParentID: 600) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (ID: 2100 |ParentID: 2916) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (ID: 2536 |ParentID: 600) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (ID: 3576 |ParentID: 600) C:\windows\system32\SearchIndexer.exe (ID: 3784 |ParentID: 600) C:\windows\system32\svchost.exe (ID: 4000 |ParentID: 600) C:\windows\system32\svchost.exe (ID: 4080 |ParentID: 600) C:\windows\system32\svchost.exe (ID: 3452 |ParentID: 600) C:\windows\system32\taskhost.exe (ID: 4528 |ParentID: 600) C:\windows\system32\Dwm.exe (ID: 4772 |ParentID: 676) C:\windows\Explorer.EXE (ID: 4804 |ParentID: 4760) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (ID: 4196 |ParentID: 4804) C:\Program Files\Elantech\ETDCtrl.exe (ID: 4400 |ParentID: 4804) C:\Windows\System32\hkcmd.exe (ID: 2736 |ParentID: 4804) C:\Windows\System32\igfxpers.exe (ID: 2788 |ParentID: 4804) C:\Program Files (x86)\HEXelon MAX 6\hexelon.exe (ID: 4564 |ParentID: 4804) C:\Program Files (x86)\Google\Drive\googledrivesync.exe (ID: 4424 |ParentID: 4804) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (ID: 4124 |ParentID: 4804) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (ID: 4220 |ParentID: 4804) C:\Program Files\Elantech\ETDCtrlHelper.exe (ID: 4724 |ParentID: 4400) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (ID: 252 |ParentID: 5032) C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe (ID: 164 |ParentID: 5032) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (ID: 5200 |ParentID: 5032) C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe (ID: 5208 |ParentID: 5032) C:\windows\SysWOW64\RunDll32.exe (ID: 5240 |ParentID: 4124) C:\windows\system32\taskeng.exe (ID: 5276 |ParentID: 836) C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe (ID: 5328 |ParentID: 740) C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 5404 |ParentID: 600) C:\windows\system32\taskeng.exe (ID: 5940 |ParentID: 836) C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\srspremiumpanel_64.exe (ID: 6020 |ParentID: 5940) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe (ID: 6028 |ParentID: 5328) C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe (ID: 6048 |ParentID: 5276) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe (ID: 6100 |ParentID: 5276) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (ID: 2696 |ParentID: 5940) C:\Program Files (x86)\Google\Drive\googledrivesync.exe (ID: 5388 |ParentID: 4424) C:\windows\system32\igfxext.exe (ID: 5964 |ParentID: 740) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe (ID: 3512 |ParentID: 5276) C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe (ID: 6016 |ParentID: 5276) C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe (ID: 7144 |ParentID: 5940) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe (ID: 5668 |ParentID: 5276) C:\Program Files\McAfee\MAT\McPvTray.exe (ID: 6492 |ParentID: 5828) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (ID: 1532 |ParentID: 600) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (ID: 6412 |ParentID: 600) C:\windows\system32\svchost.exe (ID: 6628 |ParentID: 600) C:\Program Files (x86)\Nero\Update\NASvc.exe (ID: 6376 |ParentID: 600) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (ID: 5320 |ParentID: 600) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (ID: 2276 |ParentID: 6140) C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe (ID: 3008 |ParentID: 6140) C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe (ID: 4024 |ParentID: 5276) C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe (ID: 1580 |ParentID: 5276) C:\windows\System32\WUDFHost.exe (ID: 5984 |ParentID: 676) C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe (ID: 7556 |ParentID: 6216) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (ID: 700 |ParentID: 600) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (ID: 1928 |ParentID: 600) C:\Users\Kuba\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 7252 |ParentID: 4804) C:\Users\Kuba\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 5132 |ParentID: 7252) C:\Users\Kuba\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 7708 |ParentID: 7252) C:\Users\Kuba\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 6960 |ParentID: 7252) C:\windows\SysWOW64\cmd.exe (ID: 5572 |ParentID: 7252) C:\windows\system32\conhost.exe (ID: 7084 |ParentID: 556) C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe (ID: 812 |ParentID: 5572) c:\PROGRA~2\mcafee\SITEAD~1\saui.exe (ID: 7828 |ParentID: 740) C:\Users\Kuba\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 6928 |ParentID: 7252) C:\windows\system32\wbem\wmiprvse.exe (ID: 6936 |ParentID: 740) C:\windows\system32\SearchProtocolHost.exe (ID: 7924 |ParentID: 3784) C:\windows\system32\SearchFilterHost.exe (ID: 3516 |ParentID: 3784) ################## | Regedit Run | F2 - HKLM\..\Winlogon : [Shell] explorer.exe F2 - [64bit] HKLM\..\Winlogon : [Shell] explorer.exe F2 - HKLM\..\Winlogon : [Userinit] userinit.exe F2 - [64bit] HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe, 04 - HKCU\..\Run : [HEXelon MAX] "C:\Program Files (x86)\HEXelon MAX 6\hexelon.exe" /auto 04 - HKCU\..\Run : [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart 04 - HKCU\..\Run : [Google Update] "C:\Users\Kuba\AppData\Local\Google\Update\GoogleUpdate.exe" /c 04 - HKLM\..\Run : [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe 04 - HKLM\..\Run : [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW 04 - HKLM\..\Run : [OPSE reminder] "C:\Program Files (x86)\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files (x86)\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini" 04 - HKLM\..\Run : [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey 04 - HKLM\..\Run : [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" 04 - HKLM\..\Run : [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey 04 - HKLM\..\Run : [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" 04 - HKLM\..\Run : [CloneCDTray] "C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe" /s 04 - HKLM\..\RunOnce : [] 04 - [64bit] HKLM\..\Run : [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s 04 - [64bit] HKLM\..\Run : [ETDCtrl] %ProgramFiles%\Elantech\ETDCtrl.exe 04 - [64bit] HKLM\..\Run : [IgfxTray] C:\windows\system32\igfxtray.exe 04 - [64bit] HKLM\..\Run : [HotKeysCmds] C:\windows\system32\hkcmd.exe 04 - [64bit] HKLM\..\Run : [Persistence] C:\windows\system32\igfxpers.exe 04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun 04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun 04 - HKU\S-1-5-21-2069368038-4120700897-3865020589-1000\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun 04 - HKU\S-1-5-21-2069368038-4120700897-3865020589-1002\..\Run : [HEXelon MAX] "C:\Program Files (x86)\HEXelon MAX 6\hexelon.exe" /auto 04 - HKU\S-1-5-21-2069368038-4120700897-3865020589-1002\..\Run : [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart 04 - HKU\S-1-5-21-2069368038-4120700897-3865020589-1002\..\Run : [Google Update] "C:\Users\Kuba\AppData\Local\Google\Update\GoogleUpdate.exe" /c 04 - HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe 04 - HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe 04 - HKU\S-1-5-21-2069368038-4120700897-3865020589-1000\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe ################## | Generic Research | Found ! C:\Users\Kuba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\home.vbe ################## | Registry | ################## | E.O.F | http://www.en.usbfix.net/ - http://www.sosvirus.net |