############################## | UsbFix V 7.076 | [Research] User: Klient (Administrator) # KLIENT-KOMPUTER Updated 21/12/2011 by El Desaparecido Started at 23:39:16 | 18/01/2012 Website: http://eldesaparecido.com Suspicious file ? : http://eldesaparecido.com/support.php Contact: contact@eldesaparecido.com PC: ASUSTeK Computer Inc. (K72Dr) (x64-based PC) # Notebook CPU: AMD Athlon(tm) II P320 Dual-Core Processor (2100) RAM -> [ Total : 2046 | Free : 1107 ] BIOS: BIOS Date: 05/03/10 19:12:09 Ver: 08.00.10 BOOT: Normal boot OS: Microsoft Windows 7 Home Premium (6.1.7601 64-Bit) # Service Pack 1 WB: Windows Internet Explorer 9.0.8112.16421 SC: Security Center Service [ Enabled ] WU: Windows Update Service [ Enabled ] AV: avast! Antivirus [ (!) Disabled | Updated ] FW: Windows FireWall Service [ Enabled ] C:\ (%systemdrive%) -> Fixed drive # 75 Gb (30 Mb free - 40%) [OS] # NTFS D:\ -> Fixed drive # 204 Gb (157 Mb free - 77%) [DATA] # NTFS E:\ -> CD-ROM F:\ -> Removable drive # 7 Gb (3 Mb free - 48%) [] # FAT32 G:\ -> Removable drive # 7 Gb (6 Mb free - 78%) [KINGSTON] # NTFS ################## | Active Processes | C:\Windows\system32\csrss.exe (416) C:\Windows\system32\wininit.exe (468) C:\Windows\system32\csrss.exe (492) C:\Windows\system32\services.exe (536) C:\Windows\system32\lsass.exe (548) C:\Windows\system32\lsm.exe (556) C:\Windows\system32\winlogon.exe (668) C:\Windows\system32\svchost.exe (696) C:\Windows\system32\svchost.exe (784) C:\Windows\system32\atiesrxx.exe (828) C:\Windows\System32\svchost.exe (908) C:\Windows\System32\svchost.exe (952) C:\Windows\system32\svchost.exe (984) C:\Windows\system32\svchost.exe (652) C:\Windows\system32\atieclxx.exe (1048) C:\Windows\system32\svchost.exe (1092) C:\Windows\system32\FBAgent.exe (1176) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (1200) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (1240) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (1272) C:\Windows\system32\Dwm.exe (1692) C:\Windows\Explorer.EXE (1716) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (1884) C:\Program Files\Elantech\ETDCtrl.exe (2012) C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe (1012) C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe (1044) C:\Windows\System32\spoolsv.exe (2056) C:\Windows\system32\svchost.exe (2088) C:\Windows\system32\taskhost.exe (2188) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (2492) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (2624) C:\Windows\system32\taskeng.exe (2640) C:\Windows\system32\svchost.exe (2704) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (2744) C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (2856) C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe (2864) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (2872) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (2980) C:\Program Files\P4G\BatteryLife.exe (2992) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe (3000) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (3008) C:\Program Files\Alwil Software\Avast5\AvastUI.exe (3016) C:\Windows\system32\SearchIndexer.exe (1952) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (3092) C:\Windows\system32\svchost.exe (3284) C:\Windows\AsScrPro.exe (3416) C:\Program Files\Elantech\ETDCtrlHelper.exe (3492) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (3536) C:\Windows\SysWOW64\ACEngSvr.exe (3668) C:\Windows\system32\wbem\wmiprvse.exe (3844) C:\Windows\system32\wbem\wmiprvse.exe (3852) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (1136) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (1644) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe (1372) C:\Users\Klient\AppData\Local\Google\Chrome\Application\chrome.exe (308) C:\Users\Klient\AppData\Local\Google\Chrome\Application\chrome.exe (4060) C:\Windows\system32\svchost.exe (4004) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (1280) C:\Windows\System32\svchost.exe (2924) C:\Program Files\Windows Media Player\wmpnetwk.exe (2960) C:\Windows\SysWOW64\rundll32.exe (3956) C:\Users\Klient\AppData\Local\Google\Chrome\Application\chrome.exe (2112) C:\Windows\system32\WUDFHost.exe (5104) C:\UsbFix\UsbFix.exe (1364) ################## | Files # Infected Folders | Found ! D:\muza Found ! F:\MUZYKA ################## | Registry | ################## | Mountpoints2 | HKCU\.\.\.\.\Explorer\MountPoints2\{ebcf2575-1b7e-11e1-ae1b-001fd0a31e4d} Shell\AutoRun\Command = G:\HPLauncher.exe ################## | Vaccin | C:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido) D:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido) F:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido) G:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido) ################## | E.O.F |