Scribd Logo
Upload

Welcome to Scribd!

  • UsbFix Report

    Uploaded by

    Malik A
    20 views5 pages

    Original Title

    UsbFix_Report.txt

    Copyright

    © © All Rights Reserved

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as txt, pdf, or txt
    20 views5 pages

    UsbFix Report

    Uploaded by

    Malik A

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as txt, pdf, or txt
    of 5

    ############################## | UsbFix V 7.

    169 | [Deletion]

    User: Malik (Administrator) # LAPTOP-S8AVA7M8


    Updated 31/03/2014 by El Desaparecido - Team SosVirus
    Started at 16:25:29 | 07/12/2019

    Website : http://www.en.usbfix.net/
    Changelog : http://www.en.usbfix.net/changelog/
    Support : http://en.kioskea.net/forum/viruses-security-7
    Upload Malware : http://www.sosvirus.net/upload_malware.php
    Contact : http://www.en.usbfix.net/contact/

    PC: HP (81EB)
    CPU: Intel(R) Core(TM) i5-6200U CPU @ 2.30GHz
    RAM -> [Total : 8083 Mo| Free : 5844 Mo]
    Bios: Insyde
    Boot: Normal boot

    OS: Microsoft Windows 10 Home (6.3.18363 64-Bit)


    WB: Windows Internet Explorer : 11.476.18362.0
    WB: Google Chrome : 78.0.3904.108

    SC: Security Center [Enabled]


    WU: Windows Update [Enabled]
    AV: Windows Defender [(!) Disabled | Updated]
    AV: Bitdefender Antivirus [Enabled | Updated]
    AS: Windows Defender [(!) Disabled | Updated]
    AS: Bitdefender Antispyware [Enabled | Updated]
    FW: Bitdefender Firewall [Enabled]
    FW: Windows FireWall [Enabled]

    C:\ (%systemdrive%) -> Fixed drive # 914 Gb (592 Mb free - 65%) [WINDOWS] # NTFS
    D:\ -> Fixed drive # 16 Gb (2 Mb free - 11%) [RECOVERY] # NTFS
    E:\ -> CD-ROM

    ################## | Active Processes |

    C:\WINDOWS\system32\winlogon.exe (ID: 980 |ParentID: 896)


    C:\WINDOWS\system32\lsass.exe (ID: 328 |ParentID: 932)
    C:\WINDOWS\system32\svchost.exe (ID: 764 |ParentID: 308)
    C:\WINDOWS\system32\svchost.exe (ID: 896 |ParentID: 308)
    C:\Windows\System32\WUDFHost.exe (ID: 344 |ParentID: 308)
    C:\WINDOWS\system32\fontdrvhost.exe (ID: 1056 |ParentID: 932)
    C:\WINDOWS\system32\fontdrvhost.exe (ID: 1060 |ParentID: 980)
    C:\WINDOWS\system32\svchost.exe (ID: 1148 |ParentID: 308)
    C:\WINDOWS\system32\svchost.exe (ID: 1204 |ParentID: 308)
    C:\WINDOWS\system32\dwm.exe (ID: 1284 |ParentID: 980)
    C:\WINDOWS\system32\svchost.exe (ID: 1408 |ParentID: 308)
    C:\WINDOWS\System32\svchost.exe (ID: 1420 |ParentID: 308)
    C:\WINDOWS\System32\svchost.exe (ID: 1440 |ParentID: 308)
    C:\WINDOWS\system32\svchost.exe (ID: 1456 |ParentID: 308)
    C:\WINDOWS\system32\svchost.exe (ID: 1584 |ParentID: 308)
    C:\WINDOWS\system32\svchost.exe (ID: 1600 |ParentID: 308)
    C:\WINDOWS\system32\svchost.exe (ID: 1632 |ParentID: 308)
    C:\WINDOWS\system32\svchost.exe (ID: 1688 |ParentID: 308)
    C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe (ID: 1748 |
    ParentID: 308)
    C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe (ID: 1772 |
    ParentID: 308)
    C:\WINDOWS\system32\svchost.exe (ID: 1812 |ParentID: 308)
    C:\WINDOWS\System32\svchost.exe (ID: 1884 |ParentID: 308)
    C:\Windows\System32\WUDFHost.exe (ID: 1908 |ParentID: 308)
    C:\WINDOWS\system32\svchost.exe (ID: 1948 |ParentID: 308)
    C:\WINDOWS\system32\svchost.exe (ID: 2028 |ParentID: 308)
    C:\WINDOWS\system32\svchost.exe (ID: 2068 |ParentID: 308)
    C:\WINDOWS\system32\svchost.exe (ID: 2096 |ParentID: 308)
    C:\WINDOWS\system32\svchost.exe (ID: 2292 |ParentID: 308)
    C:\WINDOWS\system32\svchost.exe (ID: 2324 |ParentID: 308)
    C:\WINDOWS\system32\svchost.exe (ID: 2332 |ParentID: 308)
    C:\WINDOWS\system32\svchost.exe (ID: 2460 |ParentID: 308)
    C:\WINDOWS\System32\svchost.exe (ID: 2500 |ParentID: 308)
    C:\WINDOWS\system32\svchost.exe (ID: 2540 |ParentID: 308)
    C:\WINDOWS\System32\svchost.exe (ID: 2788 |ParentID: 308)
    C:\WINDOWS\System32\svchost.exe (ID: 2904 |ParentID: 308)
    C:\WINDOWS\system32\svchost.exe (ID: 2924 |ParentID: 308)
    C:\WINDOWS\system32\svchost.exe (ID: 2976 |ParentID: 308)
    C:\WINDOWS\system32\svchost.exe (ID: 3012 |ParentID: 308)
    C:\WINDOWS\system32\svchost.exe (ID: 2244 |ParentID: 308)
    C:\WINDOWS\system32\svchost.exe (ID: 2808 |ParentID: 308)
    C:\WINDOWS\system32\svchost.exe (ID: 3168 |ParentID: 308)
    C:\WINDOWS\system32\svchost.exe (ID: 3296 |ParentID: 308)
    C:\WINDOWS\system32\svchost.exe (ID: 3436 |ParentID: 308)
    C:\WINDOWS\system32\dashost.exe (ID: 3476 |ParentID: 3436)
    C:\WINDOWS\system32\svchost.exe (ID: 3516 |ParentID: 308)
    C:\Program Files (x86)\IObit\Advanced SystemCare\Suo12_StartupManager.exe (ID: 3616
    |ParentID: 1772)
    C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe (ID: 3712 |
    ParentID: 308)
    C:\Program Files\Bitdefender\Bitdefender Device Management\DevMgmtService.exe (ID:
    3720 |ParentID: 308)
    C:\WINDOWS\system32\svchost.exe (ID: 3784 |ParentID: 308)
    C:\WINDOWS\system32\svchost.exe (ID: 3800 |ParentID: 308)
    C:\WINDOWS\System32\svchost.exe (ID: 3808 |ParentID: 308)
    C:\WINDOWS\System32\DriverStore\FileRepository\119748.inf_amd64_8e3972f5c88264c0\ig
    fxCUIService.exe (ID: 3988 |ParentID: 308)
    C:\WINDOWS\system32\svchost.exe (ID: 4024 |ParentID: 308)
    C:\WINDOWS\System32\svchost.exe (ID: 2836 |ParentID: 308)
    C:\WINDOWS\system32\wbem\unsecapp.exe (ID: 2572 |ParentID: 896)
    C:\WINDOWS\system32\wbem\wmiprvse.exe (ID: 4168 |ParentID: 896)
    C:\WINDOWS\System32\svchost.exe (ID: 4328 |ParentID: 308)
    C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (ID: 4576 |ParentID: 308)
    C:\WINDOWS\system32\AUDIODG.EXE (ID: 4632 |ParentID: 4328)
    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (ID: 4664 |ParentID: 4576)
    C:\WINDOWS\System32\svchost.exe (ID: 4748 |ParentID: 308)
    C:\WINDOWS\system32\svchost.exe (ID: 4756 |ParentID: 308)
    C:\WINDOWS\system32\svchost.exe (ID: 4984 |ParentID: 308)
    C:\WINDOWS\System32\svchost.exe (ID: 5064 |ParentID: 308)
    C:\WINDOWS\System32\spoolsv.exe (ID: 5196 |ParentID: 308)
    C:\WINDOWS\system32\svchost.exe (ID: 5232 |ParentID: 308)
    C:\WINDOWS\system32\svchost.exe (ID: 5284 |ParentID: 308)
    C:\WINDOWS\System32\svchost.exe (ID: 5436 |ParentID: 308)
    C:\Program Files\Bonjour\mDNSResponder.exe (ID: 5680 |ParentID: 308)
    C:\WINDOWS\system32\svchost.exe (ID: 5688 |ParentID: 308)
    C:\WINDOWS\System32\svchost.exe (ID: 5696 |ParentID: 308)
    C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe (ID:
    5704 |ParentID: 308)
    C:\WINDOWS\System32\svchost.exe (ID: 5712 |ParentID: 308)
    C:\Program Files\Everything\Everything.exe (ID: 5728 |ParentID: 308)
    C:\WINDOWS\SysWOW64\esif_uf.exe (ID: 5736 |ParentID: 308)
    c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe (ID: 5796 |ParentID: 308)
    C:\WINDOWS\system32\svchost.exe (ID: 5804 |ParentID: 308)
    C:\WINDOWS\System32\svchost.exe (ID: 5828 |ParentID: 308)
    C:\Program Files\Private Internet Access\pia-service.exe (ID: 5904 |ParentID: 308)
    C:\Program Files\Bitdefender Agent\ProductAgentService.exe (ID: 5920 |ParentID:
    308)
    C:\Program Files\CyberLink\Shared files\RichVideo64.exe (ID: 5972 |ParentID: 308)
    C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe (ID: 5980 |ParentID: 308)
    C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (ID: 5988 |ParentID:
    308)
    C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe (ID: 5996 |
    ParentID: 308)
    C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe (ID: 6008
    |ParentID: 308)
    C:\WINDOWS\system32\svchost.exe (ID: 6084 |ParentID: 308)
    C:\WINDOWS\system32\svchost.exe (ID: 6112 |ParentID: 308)
    C:\WINDOWS\System32\svchost.exe (ID: 6140 |ParentID: 308)
    C:\WINDOWS\System32\svchost.exe (ID: 6240 |ParentID: 308)
    C:\WINDOWS\System32\svchost.exe (ID: 6416 |ParentID: 308)
    C:\WINDOWS\System32\svchost.exe (ID: 6832 |ParentID: 308)
    C:\WINDOWS\system32\wbem\wmiprvse.exe (ID: 5520 |ParentID: 896)
    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (ID: 7200 |ParentID:
    5872)
    C:\Program Files\Common Files\McAfee\VSCore_19_7\McApExe.exe (ID: 7396 |ParentID:
    308)
    C:\WINDOWS\system32\svchost.exe (ID: 7924 |ParentID: 308)
    C:\WINDOWS\system32\DllHost.exe (ID: 8060 |ParentID: 896)
    C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe (ID: 7612 |
    ParentID: 1948)
    C:\WINDOWS\system32\conhost.exe (ID: 7624 |ParentID: 7612)
    C:\WINDOWS\system32\svchost.exe (ID: 1920 |ParentID: 308)
    C:\WINDOWS\system32\sihost.exe (ID: 5352 |ParentID: 2028)
    C:\WINDOWS\TEMP\DPTF\esif_assist_64.exe (ID: 3488 |ParentID: 5736)
    C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (ID: 3524 |ParentID: 5852)
    C:\WINDOWS\system32\svchost.exe (ID: 4036 |ParentID: 308)
    C:\WINDOWS\system32\svchost.exe (ID: 4180 |ParentID: 308)
    C:\WINDOWS\system32\taskhostw.exe (ID: 4592 |ParentID: 1948)
    C:\WINDOWS\system32\taskhostw.exe (ID: 4764 |ParentID: 1948)
    C:\WINDOWS\System32\WScript.exe (ID: 992 |ParentID: 1948)
    C:\WINDOWS\system32\MDMAgent.exe (ID: 996 |ParentID: 1948)
    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (ID: 5444 |ParentID: 1948)
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (ID: 6072 |ParentID: 5980)
    C:\WINDOWS\System32\svchost.exe (ID: 6276 |ParentID: 308)
    C:\WINDOWS\system32\svchost.exe (ID: 6520 |ParentID: 308)
    C:\WINDOWS\system32\ctfmon.exe (ID: 5464 |ParentID: 6276)
    C:\WINDOWS\System32\svchost.exe (ID: 2576 |ParentID: 308)
    C:\WINDOWS\system32\svchost.exe (ID: 5760 |ParentID: 308)
    C:\WINDOWS\system32\svchost.exe (ID: 4176 |ParentID: 308)
    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE (ID: 1780 |ParentID: 7936)
    C:\WINDOWS\Explorer.EXE (ID: 8308 |ParentID: 8276)
    C:\Program Files\Bitdefender Agent\DiscoverySrv.exe (ID: 8316 |ParentID: 5920)
    C:\WINDOWS\system32\svchost.exe (ID: 8360 |ParentID: 308)
    C:\Program Files (x86)\IObit\Advanced SystemCare\Suo12_StartupManager.exe (ID: 8412
    |ParentID: 1772)
    C:\WINDOWS\System32\svchost.exe (ID: 8600 |ParentID: 308)
    C:\WINDOWS\System32\svchost.exe (ID: 9140 |ParentID: 308)
    C:\WINDOWS\System32\svchost.exe (ID: 9164 |ParentID: 308)
    C:\WINDOWS\system32\svchost.exe (ID: 9172 |ParentID: 308)
    C:\WINDOWS\system32\runonce.exe (ID: 6040 |ParentID: 8308)
    C:\WINDOWS\SysWOW64\runonce.exe (ID: 2084 |ParentID: 6040)
    C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (ID: 8528 |
    ParentID: 308)
    C:\WINDOWS\system32\svchost.exe (ID: 8728 |ParentID: 308)
    C:\WINDOWS\System32\DriverStore\FileRepository\119748.inf_amd64_8e3972f5c88264c0\ig
    fxEM.exe (ID: 8196 |ParentID: 1280)
    C:\WINDOWS\system32\svchost.exe (ID: 1704 |ParentID: 308)
    C:\WINDOWS\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\Start
    MenuExperienceHost.exe (ID: 2968 |ParentID: 896)
    C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender
    RedLine\bdredline.exe (ID: 9212 |ParentID: 308)
    C:\Windows\System32\RuntimeBroker.exe (ID: 2352 |ParentID: 896)

    ################## | Generic Research |

    (!) Temporary files deleted.

    ################## | Registry |

    ################## | Regedit Run |

    F2 - HKLM\..\Winlogon : [Shell] Explorer.exe


    F2 - [x64] HKLM\..\Winlogon : [Shell] explorer.exe
    F2 - [x64] HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe,
    04 - HKCU\..\Run : [Advanced SystemCare] "C:\Program Files (x86)\IObit\Advanced
    SystemCare\ASCTray.exe" /Auto
    04 - HKCU\..\Run : [SmartRAM] "C:\Program Files (x86)\IObit\Advanced
    SystemCare\Suo10_SmartRAM.exe" /m
    04 - HKCU\..\Run : [Private Internet Access] "C:\Program Files\Private Internet
    Access\pia-client.exe" --quiet
    04 - HKCU\..\Run : [GoogleDriveSync] "C:\Program
    Files\Google\Drive\googledrivesync.exe" /autostart
    04 - HKCU\..\Run : [Skype for Desktop] C:\Program Files (x86)\Microsoft\Skype for
    Desktop\Skype.exe
    04 - HKCU\..\Run : [Iris] "C:\Users\Malik\AppData\Local\Iris\Iris.exe"
    04 - HKLM\..\Run : [HPMessageService] C:\Program Files (x86)\HP\HP System
    Event\HPMSGSVC.exe
    04 - HKLM\..\Run : [Phantom_Sl] C:\Program Files (x86)\Foxit Software\Foxit
    PhantomPDF\phantom_sl.exe DefaultReader
    04 - HKLM\..\Run : [iSkysoft Helper Compact.exe] C:\Program Files (x86)\Common
    Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
    04 - [x64] HKLM\..\Run : [SecurityHealth] %windir
    %\system32\SecurityHealthSystray.exe
    04 - [x64] HKLM\..\Run : [RTHDVCPL] "C:\Program
    Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
    04 - [x64] HKLM\..\Run : [Everything] "C:\Program Files\Everything\Everything.exe"
    -startup
    04 - HKU\S-1-5-19\..\Run : [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe
    /thfirstsetup
    04 - HKU\S-1-5-20\..\Run : [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe
    /thfirstsetup
    04 - HKU\S-1-5-21-141759229-3618981646-4029125136-1001\..\Run : [Advanced
    SystemCare] "C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe" /Auto
    04 - HKU\S-1-5-21-141759229-3618981646-4029125136-1001\..\Run : [SmartRAM]
    "C:\Program Files (x86)\IObit\Advanced SystemCare\Suo10_SmartRAM.exe" /m
    04 - HKU\S-1-5-21-141759229-3618981646-4029125136-1001\..\Run : [Private Internet
    Access] "C:\Program Files\Private Internet Access\pia-client.exe" --quiet
    04 - HKU\S-1-5-21-141759229-3618981646-4029125136-1001\..\Run : [GoogleDriveSync]
    "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart
    04 - HKU\S-1-5-21-141759229-3618981646-4029125136-1001\..\Run : [Skype for Desktop]
    C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
    04 - HKU\S-1-5-21-141759229-3618981646-4029125136-1001\..\Run : [Iris]
    "C:\Users\Malik\AppData\Local\Iris\Iris.exe"

    ################## | Listing |

    [21/11/2019 - 11:52:47 | SHD] - C:\$RECYCLE.BIN


    [30/10/2015 - 02:18:34 | N | 0 Ko] - C:\BOOTNXT
    [02/12/2019 - 00:18:31 | D] - C:\cygwin64
    [21/11/2019 - 04:14:31 | SHD] - C:\Documents and Settings
    [07/12/2019 - 16:22:45 | ASH | 3310756 Ko] - C:\hiberfil.sys
    [21/11/2019 - 02:34:42 | D] - C:\hp
    [06/12/2019 - 19:50:01 | D] - C:\inetpub
    [22/11/2019 - 14:58:53 | D] - C:\Intel
    [30/11/2019 - 11:40:53 | D] - C:\iSkysoft Video Converter Ultimate
    [07/12/2019 - 16:22:45 | ASH | 1966080 Ko] - C:\pagefile.sys
    [18/03/2019 - 23:52:43 | D] - C:\PerfLogs
    [06/12/2019 - 20:03:46 | D] - C:\Program Files
    [06/12/2019 - 20:03:46 | D] - C:\Program Files (x86)
    [06/12/2019 - 17:50:07 | HD] - C:\ProgramData
    [06/12/2019 - 17:05:58 | SHD] - C:\Recovery
    [07/12/2019 - 16:22:45 | ASH | 262144 Ko] - C:\swapfile.sys
    [21/11/2019 - 03:59:29 | D] - C:\SWSetup
    [06/12/2019 - 19:42:00 | SHD] - C:\System Volume Information
    [21/11/2019 - 11:52:16 | D] - C:\SYSTEM.SAV
    [07/12/2019 - 16:21:16 | D] - C:\UsbFix
    [07/12/2019 - 16:19:08 | N | 15 Ko | E3F758DAAC4457FB395416215AA0982A] - C:\UsbFix
    [Clean 2] LAPTOP-S8AVA7M8.txt
    [07/12/2019 - 16:26:23 | A | 14 Ko | 9F1F22026BEC69BFCB6E8B8975C5960A] - C:\UsbFix
    [Clean 4] LAPTOP-S8AVA7M8.txt
    [06/12/2019 - 17:17:47 | D] - C:\Users
    [07/12/2019 - 15:59:51 | D] - C:\Windows
    [06/12/2019 - 17:29:51 | D] - C:\Windows.old
    [21/11/2019 - 11:54:29 | SHD] - D:\$RECYCLE.BIN
    [20/11/2019 - 21:51:07 | N | 28 Ko] - D:\bcdbackup
    [20/11/2019 - 21:51:07 | N | 32 Ko] - D:\bcdbackup.LOG
    [20/11/2019 - 21:51:07 | N | 0 Ko] - D:\bcdbackup.LOG1
    [20/11/2019 - 21:51:07 | N | 0 Ko] - D:\bcdbackup.LOG2
    [20/11/2019 - 21:39:56 | RASHD] - D:\Boot
    [30/10/2015 - 08:08:24 | RASH | 391 Ko] - D:\bootmgr
    [30/10/2015 - 07:33:14 | N | 1121 Ko] - D:\bootmgr.efi
    [18/05/2016 - 04:19:13 | D] - D:\EFI
    [18/05/2016 - 04:19:13 | RSHD] - D:\preload
    [21/11/2019 - 02:40:47 | RSD] - D:\Recovery
    [18/05/2016 - 04:10:24 | N | 0 Ko] - D:\RP.ini
    [18/05/2016 - 04:19:14 | RASHD] - D:\sources
    [30/07/2016 - 19:51:33 | SHD] - D:\System Volume Information
    [24/12/2018 - 16:05:45 | N | 1 Ko] - D:\Videos.lnk
    [22/09/2017 - 15:11:14 | N | 1 Ko] - D:\Windows (C) - Shortcut.lnk

    ################## | Vaccin |

    D:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)

    ################## | E.O.F | http://www.en.usbfix.net/ - http://www.sosvirus.net |

    You might also like