############################## | UsbFix V 7.127 | [Research] User: Kasia (Administrator) # KASIA-KOMPUTER Updated 05/06/2013 by El Desaparecido Started at 19:01:20 | 05/06/2013 Website: http://sosvirus.org/ Upload Malware: http://upload.sosvirus.org/ Contact: contact@sosvirus.org PC: ASUSTek Computer INC. (P5L-MX) (x64-based PC) CPU: Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz (1866) RAM -> [Total : 1527 | Free : 258] BIOS: BIOS Date: 07/27/06 16:48:19 Ver: 08.00.10 BOOT: Normal boot OS: Microsoft Windows 7 Ultimate (6.1.7601 64-Bit) # Service Pack 1 WB: Windows Internet Explorer 10.0.9200.16576 SC: Security Center Service [(!) Disabled] WU: Windows Update Service [Enabled] AV: AntiVir Desktop [Enabled | Updated] FW: Windows FireWall Service [Enabled] C:\ (%systemdrive%) -> Fixed drive # 49 Gb (21 Mb free - 43%) [] # NTFS D:\ -> Fixed drive # 100 Gb (80 Mb free - 80%) [] # NTFS E:\ -> CD-ROM F:\ -> Removable drive # 2 Gb (124 Mb free - 7%) [USB DISK] # FAT G:\ -> Removable drive # 7 Gb (6 Mb free - 87%) [KINGSTON] # FAT32 ################## | Active Processes | C:\Windows\system32\csrss.exe (324) C:\Windows\system32\wininit.exe (388) C:\Windows\system32\csrss.exe (404) C:\Windows\system32\winlogon.exe (460) C:\Windows\system32\services.exe (480) C:\Windows\system32\lsass.exe (504) C:\Windows\system32\lsm.exe (512) C:\Windows\system32\svchost.exe (632) C:\Windows\system32\svchost.exe (716) C:\Windows\System32\svchost.exe (792) C:\Windows\System32\svchost.exe (848) C:\Windows\system32\svchost.exe (872) C:\Windows\system32\svchost.exe (900) C:\Windows\system32\AUDIODG.EXE (108) C:\Windows\system32\svchost.exe (564) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (1124) C:\Windows\system32\svchost.exe (1176) C:\Windows\system32\Dwm.exe (1368) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (1552) C:\Windows\system32\svchost.exe (1696) C:\Windows\SysWOW64\svchost.exe (1504) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (800) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (2684) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (2712) C:\Windows\system32\svchost.exe (1844) C:\Windows\SysWOW64\mspaint.exe (1488) C:\Windows\system32\DllHost.exe (644) C:\Windows\System32\rundll32.exe (2424) C:\Windows\system32\WUDFHost.exe (3172) C:\Windows\system32\SearchIndexer.exe (1740) C:\Windows\System32\rundll32.exe (732) C:\Windows\System32\spoolsv.exe (2788) C:\Windows\Explorer.exe (2484) C:\Windows\system32\sppsvc.exe (892) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (1908) C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (3704) C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe (2524) C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (1292) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe (1100) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe (964) C:\Windows\system32\taskeng.exe (3276) C:\UsbFix\Go.exe (3208) C:\Windows\system32\wbem\wmiprvse.exe (2900) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe (1976) ################## | El Desaparecido Section | HKLM\SOFTWARE | Run : [adiras] - C:\Windows\adirasx64.exe HKLM\SOFTWARE | Run : [SoundMAXPnP] - C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe HKLM\SOFTWARE | Run : [VMonitorVMUVC] - "C:\Program Files (x86)\Vimicro Corporation\VMUVC\VMonitor.exe" VMUVC HKLM\SOFTWARE | Run : [Tutorials] - HKLM\SOFTWARE | Run : [] - HKLM\SOFTWARE | Run : [ApnUpdater] - "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" HKLM\SOFTWARE | Run : [avgnt] - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min HKLM\SOFTWARE | Run : [vProt] - "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe" HKLM\SOFTWARE\wow6432Node | Run : [adiras] - C:\Windows\adirasx64.exe HKLM\SOFTWARE\wow6432Node | Run : [SoundMAXPnP] - C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe HKLM\SOFTWARE\wow6432Node | Run : [VMonitorVMUVC] - "C:\Program Files (x86)\Vimicro Corporation\VMUVC\VMonitor.exe" VMUVC HKLM\SOFTWARE\wow6432Node | Run : [Tutorials] - HKLM\SOFTWARE\wow6432Node | Run : [] - HKLM\SOFTWARE\wow6432Node | Run : [ApnUpdater] - "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" HKLM\SOFTWARE\wow6432Node | Run : [avgnt] - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min HKLM\SOFTWARE\wow6432Node | Run : [vProt] - "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe" HKLM\SOFTWARE | RunOnce : [] - HKLM\SOFTWARE\wow6432Node | RunOnce : [] - HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-21-2554255177-2515159771-3444575261-1000\SOFTWARE | Run : [Sixyxq] - C:\Users\Kasia\AppData\Roaming\Microsoft\Sixyxq.exe HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe ################## | Files # Infected Folders | Found ! C:\Users\Kasia\AppData\Roaming\195C.exe Found ! F:\drkdruk.docx.lnk Found ! F:\sprawozdanie_2010.pdf.lnk Found ! F:\.Trashes.lnk Found ! F:\Praca_Licecncjacka.rar.lnk Found ! F:\AUTORUN.INF.lnk Found ! C:\Users\Kasia\AppData\Roaming\57E8.exe Found ! C:\Users\Kasia\AppData\Roaming\7B27.exe Found ! C:\Users\Kasia\AppData\Roaming\ScreenSaverPro.scr Found ! C:\Users\Kasia\AppData\Roaming\temp.bin Found ! F:\AUTORUN.INF Found ! F:\CEDuTBAmrOgPJLk.exe ################## | Registry | ################## | Mountpoints2 | ################## | Vaccin | C:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido) D:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido) ################## | E.O.F | http://sosvirus.org |