Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ############################## | UsbFix V 7.169 | [Research]
- User: PC (Administrator) # XEGANTHY
- Updated 31/03/2014 by El Desaparecido - Team SosVirus
- Started at 19:22:29 | 30/04/2014
- Website : http://www.en.usbfix.net/
- Changelog : http://www.en.usbfix.net/changelog/
- Support : http://en.kioskea.net/forum/viruses-security-7
- Upload Malware : http://www.sosvirus.net/upload_malware.php
- Contact : http://www.en.usbfix.net/contact/
- PC: ASRock (990FX Extreme3)
- CPU: AMD FX(tm)-6100 Six-Core Processor
- RAM -> [Total : 3046 Mo| Free : 1708 Mo]
- Bios: American Megatrends Inc.
- Boot: Normal boot
- OS: Microsoft Windows 7 Ultimate (6.1.7600 32-Bit)
- WB: Windows Internet Explorer : 8.0.7600.16385
- WB: Mozilla Firefox : 28.0
- SC: Security Center [Enabled]
- WU: Windows Update [(!) Disabled]
- AV: avast! Antivirus [Enabled | (!) Outdated]
- AS: avast! Antivirus [Enabled | (!) Outdated]
- AS: Windows Defender [Enabled | (!) Outdated]
- FW: Windows FireWall [(!) Disabled]
- C:\ (%systemdrive%) -> Fixed drive # 233 Gb (23 Mb free - 0%) [] # NTFS
- D:\ -> CD-ROM
- E:\ -> Fixed drive # 233 Gb (4 Mb free - 2%) [] # NTFS
- F:\ -> CD-ROM
- G:\ -> Removable drive # 4 Gb (591 Mb free - 16%) [IUSB] # FAT32
- Z:\ -> Fixed drive # 100 Mb (70 Mb free - 70%) [System Reserved] # NTFS
- ################## | Active Processes |
- C:\Windows\system32\csrss.exe (ID: 576 |ParentID: 444)
- C:\Windows\system32\wininit.exe (ID: 660 |ParentID: 444)
- C:\Windows\system32\csrss.exe (ID: 668 |ParentID: 652)
- C:\Windows\system32\services.exe (ID: 736 |ParentID: 660)
- C:\Windows\system32\lsass.exe (ID: 752 |ParentID: 660)
- C:\Windows\system32\lsm.exe (ID: 764 |ParentID: 660)
- C:\Windows\system32\winlogon.exe (ID: 808 |ParentID: 652)
- C:\Windows\system32\svchost.exe (ID: 892 |ParentID: 736)
- C:\Windows\system32\svchost.exe (ID: 984 |ParentID: 736)
- C:\Windows\System32\svchost.exe (ID: 1068 |ParentID: 736)
- C:\Windows\System32\svchost.exe (ID: 1124 |ParentID: 736)
- C:\Windows\system32\svchost.exe (ID: 1164 |ParentID: 736)
- C:\Windows\system32\svchost.exe (ID: 1324 |ParentID: 736)
- C:\Windows\system32\svchost.exe (ID: 1448 |ParentID: 736)
- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (ID: 1516 |ParentID: 736)
- C:\Windows\system32\Dwm.exe (ID: 1692 |ParentID: 1124)
- C:\Windows\Explorer.EXE (ID: 1716 |ParentID: 1684)
- C:\Windows\System32\spoolsv.exe (ID: 1740 |ParentID: 736)
- C:\Windows\system32\svchost.exe (ID: 1784 |ParentID: 736)
- C:\Windows\system32\taskhost.exe (ID: 1928 |ParentID: 736)
- C:\Windows\system32\taskeng.exe (ID: 128 |ParentID: 1164)
- C:\Program Files\ASRock\XFast LAN\spd.exe (ID: 384 |ParentID: 736)
- C:\Program Files\Garena Plus\ggdllhost.exe (ID: 672 |ParentID: 128)
- C:\Windows\system32\svchost.exe (ID: 1904 |ParentID: 736)
- C:\Windows\system32\svchost.exe (ID: 2548 |ParentID: 736)
- C:\Windows\system32\SearchIndexer.exe (ID: 2796 |ParentID: 736)
- C:\Program Files\ASRock\XFast LAN\cfosspeed.exe (ID: 2852 |ParentID: 1716)
- C:\Program Files\AVAST Software\Avast\AvastUI.exe (ID: 2876 |ParentID: 1716)
- C:\Program Files\Garena Plus\GarenaMessenger.exe (ID: 3124 |ParentID: 1716)
- C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe (ID: 3140 |ParentID: 1716)
- C:\Windows\System32\wscript.exe (ID: 3164 |ParentID: 1716)
- C:\Windows\system32\SearchProtocolHost.exe (ID: 3708 |ParentID: 2796)
- C:\Windows\system32\SearchFilterHost.exe (ID: 3728 |ParentID: 2796)
- C:\Windows\system32\svchost.exe (ID: 3884 |ParentID: 736)
- C:\Program Files\Mozilla Firefox\firefox.exe (ID: 4084 |ParentID: 1716)
- C:\Windows\system32\wbem\wmiprvse.exe (ID: 3064 |ParentID: 892)
- C:\Users\PC\AppData\Roaming\uTorrent\uTorrent.exe (ID: 3988 |ParentID: 3340)
- C:\Program Files\Steam\Steam.exe (ID: 3416 |ParentID: 3104)
- \\?\C:\Windows\system32\wbem\WMIADAP.EXE (ID: 1684 |ParentID: 1164)
- C:\Windows\system32\wbem\wmiprvse.exe (ID: 3948 |ParentID: 892)
- C:\Windows\system32\sppsvc.exe (ID: 1076 |ParentID: 736)
- C:\Windows\System32\svchost.exe (ID: 4064 |ParentID: 736)
- C:\Windows\system32\WUDFHost.exe (ID: 5508 |ParentID: 1124)
- C:\Program Files\Mozilla Firefox\plugin-container.exe (ID: 3980 |ParentID: 4084)
- ################## | Regedit Run |
- F2 - HKLM\..\Winlogon : [Shell] explorer.exe
- F2 - [x64] HKLM\..\Winlogon : [Shell] explorer.exe
- F2 - HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe,
- F2 - [x64] HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe,
- F3 - HKCU\..\Winlogon : [Shell] explorer.exe
- 04 - HKCU\..\Run : [ASRockXTU]
- 04 - HKCU\..\Run : [zASRockInstantBoot]
- 04 - HKCU\..\Run : [Steam] "C:\Program Files\Steam\steam.exe" -silent
- 04 - HKCU\..\Run : [uTorrent] "C:\Users\PC\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
- 04 - HKCU\..\Run : [GarenaPlus] "C:\Program Files\Garena Plus\GarenaMessenger.exe" -autolaunch
- 04 - HKCU\..\Run : [HydraVisionDesktopManager] "C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe"
- 04 - HKCU\..\Run : [kpcgrhynko] wscript.exe //B "C:\Users\PC\AppData\Roaming\kpcgrhynko..vbs"
- 04 - HKLM\..\Run : [XFast LAN] C:\Program Files\ASRock\XFast LAN\cFosSpeed.exe
- 04 - HKLM\..\Run : [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
- 04 - HKLM\..\Run : [kpcgrhynko] wscript.exe //B "C:\Users\PC\AppData\Roaming\kpcgrhynko..vbs"
- 04 - HKLM\..\RunOnce : []
- 04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
- 04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
- 04 - HKU\S-1-5-21-3038131283-417028895-3252822844-1000\..\Run : [ASRockXTU]
- 04 - HKU\S-1-5-21-3038131283-417028895-3252822844-1000\..\Run : [zASRockInstantBoot]
- 04 - HKU\S-1-5-21-3038131283-417028895-3252822844-1000\..\Run : [Steam] "C:\Program Files\Steam\steam.exe" -silent
- 04 - HKU\S-1-5-21-3038131283-417028895-3252822844-1000\..\Run : [uTorrent] "C:\Users\PC\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
- 04 - HKU\S-1-5-21-3038131283-417028895-3252822844-1000\..\Run : [GarenaPlus] "C:\Program Files\Garena Plus\GarenaMessenger.exe" -autolaunch
- 04 - HKU\S-1-5-21-3038131283-417028895-3252822844-1000\..\Run : [HydraVisionDesktopManager] "C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe"
- 04 - HKU\S-1-5-21-3038131283-417028895-3252822844-1000\..\Run : [kpcgrhynko] wscript.exe //B "C:\Users\PC\AppData\Roaming\kpcgrhynko..vbs"
- 04 - HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
- 04 - HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
- ################## | Generic Research |
- Found ! C:\Users\PC\AppData\Roaming\kpcgrhynko..vbs
- Found ! C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kpcgrhynko..vbs
- Found ! G:\kpcgrhynko..vbs
- Found ! G:\[DeadFish] Fairy Tail (2014) - 03 [720p][AAC].lnk
- Found ! G:\[DeadFish] Black Bullet - 03v2 [720p][AAC].lnk
- Found ! G:\[DeadFish] Fairy Tail (2014) - 02 [720p][AAC].lnk
- Found ! G:\[DeadFish] Ping Pong The Animation - 03 [720p][AAC].lnk
- Found ! G:\[DeadFish] Sidonia no Kishi - 03 [720p][AAC].lnk
- Found ! G:\[DeadFish] Haikyuu!! - 03 [720p][AAC].lnk
- Found ! G:\[DeadFish] Soredemo Sekai wa Utsukushii - 03 [720p][AAC].lnk
- Found ! G:\[DeadFish] Haikyuu!! - 02 [720p][AAC].lnk
- Found ! G:\[DeadFish] Haikyuu!! - 01 [720p][AAC].lnk
- Found ! G:\[DeadFish] No Game No Life - 03 [720p][AAC].lnk
- Found ! G:\[DeadFish] Bokura wa Minna Kawaisou - 04 [720p][AAC].lnk
- Found ! G:\[DeadFish] Hitsugi no Chaika - 03 [720p][AAC].lnk
- Found ! G:\Ram Resume.lnk
- Found ! G:\letter.lnk
- Found ! G:\Increase credit limit.lnk
- Found ! G:\[DeadFish] Mangaka-san to Assistant-san to - 03 [720p][AAC].lnk
- ################## | Registry |
- Found ! HKU\S-1-5-21-3038131283-417028895-3252822844-1000\Software\Microsoft\Windows\CurrentVersion\Run|kpcgrhynko
- Found ! [x64] HKLM\Software\Microsoft\Windows\CurrentVersion\Run|kpcgrhynko
- Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run|kpcgrhynko
- Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|kpcgrhynko
- ################## | E.O.F | http://www.en.usbfix.net/ - http://www.sosvirus.net |
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement