############################## | UsbFix V 7.169 | [Research] User: sofian (Administrator) # SOFIAN Updated 31/03/2014 by El Desaparecido - Team SosVirus Started at 20:54:38 | 15/04/2014 Website : http://www.en.usbfix.net/ Changelog : http://www.en.usbfix.net/changelog/ Support : http://en.kioskea.net/forum/viruses-security-7 Upload Malware : http://www.sosvirus.net/upload_malware.php Contact : http://www.en.usbfix.net/contact/ PC: Gateway (EG50_HC_CR) CPU: Intel(R) Core(TM) i3-3110M CPU @ 2.40GHz RAM -> [Total : 3911 Mo| Free : 2185 Mo] Bios: Insyde Corp. Boot: Normal boot OS: Microsoft Windows 8 (6.2.9200 64-Bit) WB: Windows Internet Explorer : 10.0.9200.16635 WB: Google Chrome : 33.0.1750.154 WB: Mozilla Firefox : 28.0 SC: Security Center [Enabled] WU: Windows Update [Enabled] AV: Windows Defender [Enabled | (!) Outdated] AS: Windows Defender [Enabled | (!) Outdated] FW: Windows FireWall [Enabled] C:\ (%systemdrive%) -> Fixed drive # 233 Gb (130 Mb free - 56%) [Gateway] # NTFS D:\ -> CD-ROM E:\ -> Fixed drive # 217 Gb (200 Mb free - 92%) [sofiane] # NTFS F:\ -> CD-ROM ################## | Active Processes | C:\Windows\system32\csrss.exe (ID: 468 |ParentID: 456) C:\Windows\system32\wininit.exe (ID: 524 |ParentID: 456) C:\Windows\system32\services.exe (ID: 624 |ParentID: 524) C:\Windows\system32\lsass.exe (ID: 632 |ParentID: 524) C:\Windows\system32\svchost.exe (ID: 740 |ParentID: 624) C:\Windows\system32\svchost.exe (ID: 784 |ParentID: 624) C:\Windows\System32\svchost.exe (ID: 844 |ParentID: 624) C:\Windows\system32\svchost.exe (ID: 908 |ParentID: 624) C:\Windows\system32\svchost.exe (ID: 936 |ParentID: 624) C:\Windows\System32\svchost.exe (ID: 332 |ParentID: 624) C:\Windows\system32\svchost.exe (ID: 956 |ParentID: 624) C:\Windows\system32\svchost.exe (ID: 756 |ParentID: 624) C:\Windows\system32\WLANExt.exe (ID: 1180 |ParentID: 332) C:\Windows\system32\conhost.exe (ID: 1192 |ParentID: 1180) C:\Windows\System32\spoolsv.exe (ID: 1292 |ParentID: 624) C:\Windows\system32\svchost.exe (ID: 1624 |ParentID: 624) C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe (ID: 1644 |ParentID: 624) C:\Windows\system32\dashost.exe (ID: 1768 |ParentID: 332) C:\Program Files (x86)\Launch Manager\dsiwmis.exe (ID: 1780 |ParentID: 624) C:\Program Files\Elantech\ETDService.exe (ID: 1804 |ParentID: 624) C:\Program Files\Intel\iCLS Client\HeciServer.exe (ID: 1852 |ParentID: 624) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (ID: 1880 |ParentID: 624) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (ID: 1936 |ParentID: 624) C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe (ID: 2000 |ParentID: 624) C:\Windows\SysWOW64\PnkBstrA.exe (ID: 2040 |ParentID: 624) C:\Windows\RfBtnSvc64.exe (ID: 1196 |ParentID: 624) C:\Program Files\KMSpico\Service_KMS.exe (ID: 1528 |ParentID: 624) C:\Windows\system32\svchost.exe (ID: 1620 |ParentID: 624) C:\Windows\system32\svchost.exe (ID: 348 |ParentID: 624) C:\Program Files\Windows Defender\MsMpEng.exe (ID: 2088 |ParentID: 624) C:\ProgramData\ZDSupport\ZDServ\ZDServ.exe (ID: 2184 |ParentID: 624) C:\Program Files (x86)\Connectify\ConnectifyService.exe (ID: 2228 |ParentID: 624) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe (ID: 2336 |ParentID: 624) C:\Program Files (x86)\Connectify\ConnectifyD.exe (ID: 2344 |ParentID: 2228) C:\Windows\system32\conhost.exe (ID: 2352 |ParentID: 2344) C:\Windows\system32\taskeng.exe (ID: 2780 |ParentID: 908) c:\programdata\greenapp\sw-booster\SW-Booster.exe (ID: 2872 |ParentID: 2780) c:\programdata\superbapp\sn.booster\SN.Booster.exe (ID: 2880 |ParentID: 2780) C:\Windows\system32\wbem\unsecapp.exe (ID: 2912 |ParentID: 740) C:\Windows\system32\wbem\wmiprvse.exe (ID: 2276 |ParentID: 740) C:\Windows\system32\wbem\wmiprvse.exe (ID: 2248 |ParentID: 740) C:\Windows\system32\SearchIndexer.exe (ID: 3188 |ParentID: 624) C:\Windows\system32\svchost.exe (ID: 3348 |ParentID: 624) C:\Windows\System32\svchost.exe (ID: 4852 |ParentID: 624) C:\Windows\system32\DllHost.exe (ID: 5344 |ParentID: 740) C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe (ID: 5680 |ParentID: 624) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (ID: 1264 |ParentID: 624) C:\Program Files (x86)\Nero\Update\NASvc.exe (ID: 4192 |ParentID: 624) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (ID: 4120 |ParentID: 624) C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 5796 |ParentID: 624) C:\Windows\system32\taskhost.exe (ID: 4324 |ParentID: 624) C:\Windows\system32\svchost.exe (ID: 6180 |ParentID: 624) C:\Windows\system32\csrss.exe (ID: 1464 |ParentID: 4880) C:\Windows\System32\WinLogon.exe (ID: 5296 |ParentID: 4880) C:\Windows\System32\dwm.exe (ID: 1252 |ParentID: 5296) C:\Windows\System32\WUDFHost.exe (ID: 3516 |ParentID: 332) C:\Windows\system32\taskhostex.exe (ID: 6972 |ParentID: 624) C:\Program Files\Elantech\ETDCtrl.exe (ID: 6596 |ParentID: 1804) C:\Program Files (x86)\Launch Manager\LMutilps32.exe (ID: 5580 |ParentID: 1780) C:\Windows\Explorer.EXE (ID: 1128 |ParentID: 5016) C:\Program Files (x86)\Launch Manager\LManager.exe (ID: 1480 |ParentID: 1172) C:\Windows\system32\wbem\unsecapp.exe (ID: 5340 |ParentID: 740) C:\Program Files\Elantech\ETDCtrlHelper.exe (ID: 3704 |ParentID: 6596) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe (ID: 5404 |ParentID: 1480) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe (ID: 6736 |ParentID: 740) C:\Windows\system32\igfxext.exe (ID: 5780 |ParentID: 740) C:\Windows\System32\RuntimeBroker.exe (ID: 6556 |ParentID: 740) C:\Windows\syswow64\wwahost.exe (ID: 6912 |ParentID: 740) C:\Windows\syswow64\svchost.exe (ID: 600 |ParentID: 6016) C:\Windows\System32\igfxpers.exe (ID: 5672 |ParentID: 1128) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (ID: 1872 |ParentID: 1128) C:\Program Files (x86)\Connectify\Connectify.exe (ID: 3216 |ParentID: 1128) C:\Program Files (x86)\Connectify\DispatchUI.exe (ID: 4948 |ParentID: 1128) C:\Program Files (x86)\Larousse\Petit Larousse 2009\bin\Hyperappel.exe (ID: 2716 |ParentID: 1128) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (ID: 4676 |ParentID: 3988) C:\Program Files (x86)\USB Disk Security\USBGuard.exe (ID: 6172 |ParentID: 3988) C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe (ID: 6188 |ParentID: 624) C:\Windows\system32\wbem\unsecapp.exe (ID: 5316 |ParentID: 740) C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe (ID: 5604 |ParentID: 5680) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe (ID: 7088 |ParentID: 624) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe (ID: 5904 |ParentID: 2344) C:\Windows\system32\conhost.exe (ID: 6124 |ParentID: 5904) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (ID: 1416 |ParentID: 1128) C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (ID: 2488 |ParentID: 1416) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe (ID: 3544 |ParentID: 2488) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe (ID: 3484 |ParentID: 3544) C:\Program Files (x86)\Internet Download Manager\IDMan.exe (ID: 1016 |ParentID: 740) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe (ID: 2416 |ParentID: 1016) C:\Program Files (x86)\Internet Explorer\IELowutil.exe (ID: 5244 |ParentID: 1016) C:\Windows\system32\SearchProtocolHost.exe (ID: 2608 |ParentID: 3188) C:\Windows\system32\SearchFilterHost.exe (ID: 5684 |ParentID: 3188) C:\Windows\explorer.exe (ID: 5704 |ParentID: 740) ################## | Regedit Run | F2 - HKLM\..\Winlogon : [Shell] explorer.exe F2 - [x64] HKLM\..\Winlogon : [Shell] explorer.exe F2 - HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe, F2 - [x64] HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe, F3 - HKCU\..\Windows : [Load] C:\Users\madjid\LOCALS~1\Temp\ccyzxc.cmd 04 - HKCU\..\Run : [] 04 - HKCU\..\Run : [Spotify Web Helper] "C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe" 04 - HKCU\..\Run : [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload 04 - HKCU\..\Run : [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray 04 - HKCU\..\Run : [Virtual WiFi Router] "C:\Program Files (x86)\Virtual WiFi Router\Virtual WiFi Router.exe" 04 - HKCU\..\Run : [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot 04 - HKLM\..\Run : [LManager] 04 - HKLM\..\Run : [RadioController] "C:\Program Files (x86)\RadioController\RfBtnHelper.exe" Start_Run 04 - HKLM\..\Run : [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" 04 - HKLM\..\Run : [USB Security] C:\Program Files (x86)\USB Disk Security\USBGuard.exe 04 - HKLM\..\Run : [HSPALauncher] C:\PROGRA~2\HSPAUS~1\HSPALA~1.EXE 04 - HKLM\..\Run : [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe 04 - HKLM\..\RunOnce : [] 04 - [x64] HKLM\..\Run : [IgfxTray] C:\Windows\system32\igfxtray.exe 04 - [x64] HKLM\..\Run : [HotKeysCmds] C:\Windows\system32\hkcmd.exe 04 - [x64] HKLM\..\Run : [Persistence] C:\Windows\system32\igfxpers.exe 04 - [x64] HKLM\..\Run : [ETDCtrl] %ProgramFiles%\Elantech\ETDCtrl.exe 04 - [x64] HKLM\..\Run : [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s 04 - [x64] HKLM\..\Run : [Connectify Hotspot] C:\Program Files (x86)\Connectify\Connectify.exe 04 - [x64] HKLM\..\Run : [Connectify Dispatch] C:\Program Files (x86)\Connectify\DispatchUI.exe 04 - HKU\S-1-5-21-926088027-647142875-2328680235-1001\..\Run : [] 04 - HKU\S-1-5-21-926088027-647142875-2328680235-1001\..\Run : [Spotify Web Helper] "C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe" 04 - HKU\S-1-5-21-926088027-647142875-2328680235-1001\..\Run : [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload 04 - HKU\S-1-5-21-926088027-647142875-2328680235-1001\..\Run : [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray 04 - HKU\S-1-5-21-926088027-647142875-2328680235-1001\..\Run : [Virtual WiFi Router] "C:\Program Files (x86)\Virtual WiFi Router\Virtual WiFi Router.exe" 04 - HKU\S-1-5-21-926088027-647142875-2328680235-1001\..\Run : [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot ################## | Generic Research | Found ! C:\Users\madjid\LOCALS~1\Temp\ccyzxc.cmd ################## | Registry | Found ! HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows|load (C:\Users\madjid\LOCALS~1\Temp\ccyzxc.cmd) Found ! HKCU|njq8 ################## | E.O.F | http://www.en.usbfix.net/ - http://www.sosvirus.net |