Previous Topic Next Topic

This is my problem .. could u help me plz?

Closed
khalesii Posts 1 Registration date Wednesday March 26, 2014 Status Member Last seen March 26, 2014 - Mar 26, 2014 at 04:15 PM
Ambucias Posts 47356 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 - Mar 26, 2014 at 04:29 PM
Hello,




############################## | UsbFix V 7.167 | [Research]

User: User (Administrator) # USER2
Updated 13/03/2014 by El Desaparecido - Team SosVirus
Started at 23:09:53 | 26/03/2014

Website : http://www.en.usbfix.net/
Changelog : http://www.en.usbfix.net/changelog/
Support : https://ccm.net/forum/viruses-security-7
Upload Malware : http://www.sosvirus.net/upload_malware.php
Contact : http://www.en.usbfix.net/contact/

PC: Intel Corporation (DH67CL)
CPU: Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz
RAM -> [Total : 16361 Mo| Free : 13509 Mo]
Bios: Intel Corp.
Boot: Normal boot

OS: Microsoft Windows 7 Professional (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 8.0.7601.17514

SC: Security Center [Enabled]
WU: Windows Update [Enabled]
AV: AVG AntiVirus Free Edition 2013 [(!) Disabled | Updated]
AS: Windows Defender [(!) Disabled | (!) Outdated]
AS: AVG AntiVirus Free Edition 2013 [(!) Disabled | Updated]
FW: Windows FireWall [Enabled]

C:\ (%systemdrive%) -> Fixed drive # 976 Gb (836 Mb free - 86%) [] # NTFS
D:\ -> Fixed drive # 886 Gb (886 Mb free - 100%) [] # NTFS
E:\ -> CD-ROM
G:\ -> Removable drive # 7 Gb (7 Mb free - 95%) [SHAMSAN] # FAT32

################## | Active Processes |

C:\PROGRA~2\AVG\AVG2013\avgrsa.exe (ID: 460 |ParentID: 444)
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe (ID: 516 |ParentID: 460)
C:\Windows\system32\csrss.exe (ID: 932 |ParentID: 920)
C:\Windows\system32\wininit.exe (ID: 1008 |ParentID: 920)
C:\Windows\system32\csrss.exe (ID: 148 |ParentID: 1016)
C:\Windows\system32\winlogon.exe (ID: 428 |ParentID: 1016)
C:\Windows\system32\services.exe (ID: 888 |ParentID: 1008)
C:\Windows\system32\lsass.exe (ID: 424 |ParentID: 1008)
C:\Windows\system32\lsm.exe (ID: 920 |ParentID: 1008)
C:\Windows\system32\svchost.exe (ID: 1100 |ParentID: 888)
C:\Windows\system32\nvvsvc.exe (ID: 1172 |ParentID: 888)
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (ID: 1196 |ParentID: 888)
C:\Windows\system32\svchost.exe (ID: 1240 |ParentID: 888)
C:\Windows\System32\svchost.exe (ID: 1328 |ParentID: 888)
C:\Windows\System32\svchost.exe (ID: 1380 |ParentID: 888)
C:\Windows\system32\svchost.exe (ID: 1420 |ParentID: 888)
C:\Windows\system32\svchost.exe (ID: 1588 |ParentID: 888)
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (ID: 1684 |ParentID: 1172)
C:\Windows\system32\nvvsvc.exe (ID: 1696 |ParentID: 1172)
C:\Windows\system32\svchost.exe (ID: 1812 |ParentID: 888)
C:\Windows\system32\WLANExt.exe (ID: 1920 |ParentID: 1380)
C:\Windows\system32\conhost.exe (ID: 1928 |ParentID: 932)
C:\Windows\System32\spoolsv.exe (ID: 896 |ParentID: 888)
C:\Windows\system32\svchost.exe (ID: 1436 |ParentID: 888)
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (ID: 1736 |ParentID: 888)
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (ID: 2096 |ParentID: 888)
C:\Windows\system32\taskhost.exe (ID: 2128 |ParentID: 888)
C:\Windows\system32\Dwm.exe (ID: 2208 |ParentID: 1380)
C:\Windows\Explorer.EXE (ID: 2252 |ParentID: 2192)
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (ID: 2292 |ParentID: 888)
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (ID: 2388 |ParentID: 888)
C:\Program Files\Bonjour\mDNSResponder.exe (ID: 2448 |ParentID: 888)
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (ID: 2476 |ParentID: 888)
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (ID: 2524 |ParentID: 888)
C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe (ID: 2576 |ParentID: 888)
C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe (ID: 2628 |ParentID: 888)
C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe (ID: 2696 |ParentID: 888)
C:\Windows\system32\IProsetMonitor.exe (ID: 2752 |ParentID: 888)
C:\Windows\SysWOW64\PnkBstrA.exe (ID: 2348 |ParentID: 888)
C:\Program Files (x86)\Tenda\Common\RaRegistry.exe (ID: 2764 |ParentID: 888)
C:\Program Files (x86)\Tenda\Common\RaRegistry64.exe (ID: 2948 |ParentID: 888)
C:\Windows\system32\svchost.exe (ID: 3112 |ParentID: 888)
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe (ID: 3160 |ParentID: 888)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (ID: 3216 |ParentID: 888)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (ID: 3340 |ParentID: 3216)
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe (ID: 3636 |ParentID: 2388)
C:\Program Files (x86)\AVG\AVG2013\avgemca.exe (ID: 3644 |ParentID: 2388)
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exe (ID: 4072 |ParentID: 3160)
C:\Windows\system32\conhost.exe (ID: 4048 |ParentID: 932)
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (ID: 2944 |ParentID: 2252)
C:\Users\User\AppData\Roaming\SkypEmoticons\SE.exe (ID: 2952 |ParentID: 2252)
C:\Windows\System32\wscript.exe (ID: 3312 |ParentID: 2252)
C:\Users\User\AppData\Local\iexplorer\Browsers Monitor\iexplorer_monitor.exe (ID: 4356 |ParentID: 2252)
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (ID: 4740 |ParentID: 2868)
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (ID: 4832 |ParentID: 2868)
C:\Program Files (x86)\AVG\AVG2013\avgui.exe (ID: 4992 |ParentID: 2868)
C:\Program Files (x86)\AVG Nation toolbar\vprot.exe (ID: 5092 |ParentID: 2868)
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (ID: 4144 |ParentID: 2868)
C:\Program Files (x86)\iTunes\iTunesHelper.exe (ID: 4408 |ParentID: 2868)
C:\Users\User\AppData\Local\Apps\2.0\3DJ9405Y.Q2Y\WQW4WGO6.3GH\curs..tion_9e9e83ddf3ed3ead_0005.0001_181b5e0542e9eb6c\CurseClient.exe (ID: 4952 |ParentID: 4448)
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (ID: 4148 |ParentID: 1684)
C:\Windows\system32\SearchIndexer.exe (ID: 5228 |ParentID: 888)
C:\Windows\system32\svchost.exe (ID: 5752 |ParentID: 888)
C:\Windows\system32\svchost.exe (ID: 5160 |ParentID: 888)
C:\Program Files\iPod\bin\iPodService.exe (ID: 5360 |ParentID: 888)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 5988 |ParentID: 1100)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (ID: 5304 |ParentID: 888)
C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 4348 |ParentID: 888)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (ID: 4580 |ParentID: 888)
C:\Users\User\Desktop\USB\AutoRunExterminator.exe (ID: 5960 |ParentID: 2252)
C:\Users\User\AppData\Roaming\BitTorrent\BitTorrent.exe (ID: 4124 |ParentID: 2252)
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 6576 |ParentID: 2252)
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 7092 |ParentID: 6576)
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 6764 |ParentID: 6576)
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 2276 |ParentID: 6576)
C:\Windows\SysWOW64\cmd.exe (ID: 6944 |ParentID: 6576)
C:\Windows\system32\conhost.exe (ID: 6564 |ParentID: 148)
C:\Users\User\AppData\Local\NativeMessaging\CT3225826\1_0_0_10\TBMessagingHost.exe (ID: 2056 |ParentID: 6944)
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 6788 |ParentID: 6576)
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 3916 |ParentID: 6576)
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 3060 |ParentID: 6576)
C:\Windows\system32\taskhost.exe (ID: 3504 |ParentID: 888)
C:\Windows\system32\WUDFHost.exe (ID: 6252 |ParentID: 1380)
\\?\C:\Windows\system32\wbem\WMIADAP.EXE (ID: 4728 |ParentID: 1420)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 1316 |ParentID: 1100)

################## | Regedit Run |

F2 - HKLM\..\Winlogon : [Shell] explorer.exe
F2 - [64bit] HKLM\..\Winlogon : [Shell] explorer.exe
F2 - HKLM\..\Winlogon : [Userinit] userinit.exe,
F2 - [64bit] HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe,
04 - HKCU\..\Run : [msnmsgr] ~"C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
04 - HKCU\..\Run : [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
04 - HKCU\..\Run : [Google Update] "C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe" /c
04 - HKCU\..\Run : [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
04 - HKCU\..\Run : [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
04 - HKCU\..\Run : [se] "C:\Users\User\AppData\Roaming\SkypEmoticons\SE.exe" /minimized
04 - HKCU\..\Run : [AVG-Secure-Search-Update_0913b] C:\Users\User\AppData\Roaming\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid 6fa01b78fd1d47d3b7b7d389a88ee9eb-c078606681b6264626e8a36ea2a117af7edf932c --CMPID 0913b
04 - HKCU\..\Run : [wcadqjqgbm] wscript.exe //B "C:\Users\User\AppData\Local\Temp\wcadqjqgbm.vbe"
04 - HKLM\..\Run : [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
04 - HKLM\..\Run : [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
04 - HKLM\..\Run : [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\..\Run : [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
04 - HKLM\..\Run : [vProt] "C:\Program Files (x86)\AVG Nation toolbar\vprot.exe"
04 - HKLM\..\Run : [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\..\Run : [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
04 - HKLM\..\Run : [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
04 - HKLM\..\RunOnce : []
04 - [64bit] HKLM\..\Run : [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
04 - [64bit] HKLM\..\Run : [wcadqjqgbm] wscript.exe //B "C:\Users\User\AppData\Local\Temp\wcadqjqgbm.vbe"
04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-3237188171-874139246-548201172-1000\..\Run : [msnmsgr] ~"C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
04 - HKU\S-1-5-21-3237188171-874139246-548201172-1000\..\Run : [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
04 - HKU\S-1-5-21-3237188171-874139246-548201172-1000\..\Run : [Google Update] "C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe" /c
04 - HKU\S-1-5-21-3237188171-874139246-548201172-1000\..\Run : [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
04 - HKU\S-1-5-21-3237188171-874139246-548201172-1000\..\Run : [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
04 - HKU\S-1-5-21-3237188171-874139246-548201172-1000\..\Run : [se] "C:\Users\User\AppData\Roaming\SkypEmoticons\SE.exe" /minimized
04 - HKU\S-1-5-21-3237188171-874139246-548201172-1000\..\Run : [AVG-Secure-Search-Update_0913b] C:\Users\User\AppData\Roaming\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid 6fa01b78fd1d47d3b7b7d389a88ee9eb-c078606681b6264626e8a36ea2a117af7edf932c --CMPID 0913b
04 - HKU\S-1-5-21-3237188171-874139246-548201172-1000\..\Run : [wcadqjqgbm] wscript.exe //B "C:\Users\User\AppData\Local\Temp\wcadqjqgbm.vbe"
04 - HKU\S-1-5-18\..\Run : [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
04 - HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe

################## | Generic Research |

Found ! C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wcadqjqgbm.vbe
Found ! C:\Users\User\AppData\Local\Temp\wcadqjqgbm.vbe
Found ! G:\wcadqjqgbm.vbe
Found ! C:\Users\User\AppData\Local\Temp\LeagueofLegends.exe.log
Found ! G:\supernatural.lnk
Found ! G:\New.lnk

################## | Registry |

Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|EnableLUA -> 0
Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|ConsentPromptBehaviorAdmin -> 0
Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyGames -> 0
Found ! HKU\S-1-5-21-3237188171-874139246-548201172-1000\Software\Microsoft\Windows\CurrentVersion\Run|wcadqjqgbm
Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|wcadqjqgbm

################## | E.O.F | http://www.en.usbfix.net/ - https://www.sosvirus.net/ |

1 response

Answer 1 / 1
Ambucias Posts 47356 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,172
Mar 26, 2014 at 04:29 PM
Hi

Plug in your usb devices (Flash drive, pen drive. External HD etc...) don't open them.
Double click sur UsbFix.exe. to run it again

Click on deletion
.
Let the tool work.

Ambucias
Moderator/virus security contributor
0