1############################## | UsbFix V 7.127 | [Research] User: Karol (Administrator) # KAROL-THINK Updated 05/06/2013 by El Desaparecido Started at 00:17:38 | 16/06/2013 Website: http://sosvirus.org/ Upload Malware: http://upload.sosvirus.org/ Contact: contact@sosvirus.org PC: LENOVO (12985XG) (x64-based PC) CPU: Intel(R) Core(TM) i3-2330M CPU @ 2.20GHz (2200) RAM -> [Total : 4010 | Free : 2633] BIOS: Default System BIOS BOOT: Normal boot OS: Microsoft Windows 7 Professional (6.1.7601 64-Bit) # Service Pack 1 WB: Windows Internet Explorer 9.0.8112.16421 SC: Security Center Service [Enabled] WU: Windows Update Service [Enabled] AV: AVG AntiVirus Free Edition 2013 [Enabled | Updated] FW: Windows FireWall Service [Enabled] C:\ (%systemdrive%) -> Fixed drive # 285 Gb (241 Mb free - 85%) [Windows7_OS] # NTFS E:\ -> Fixed drive # 466 Gb (259 Mb free - 56%) [KAROL] # FAT32 Q:\ -> Fixed drive # 12 Gb (3 Mb free - 24%) [Lenovo_Recovery] # NTFS ################## | Active Processes | C:\PROGRA~2\AVG\AVG2013\avgrsa.exe (464) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe (516) C:\Windows\system32\csrss.exe (788) C:\Windows\system32\wininit.exe (888) C:\Windows\system32\csrss.exe (908) C:\Windows\system32\services.exe (944) C:\Windows\system32\lsass.exe (968) C:\Windows\system32\lsm.exe (976) C:\Windows\system32\svchost.exe (452) C:\Windows\system32\ibmpmsvc.exe (120) C:\Windows\system32\svchost.exe (1056) C:\Windows\system32\atiesrxx.exe (1116) C:\Windows\system32\winlogon.exe (1164) C:\Windows\System32\svchost.exe (1204) C:\Windows\System32\svchost.exe (1248) C:\Windows\system32\svchost.exe (1292) C:\Windows\system32\svchost.exe (1448) C:\Windows\system32\svchost.exe (1540) C:\Windows\system32\atieclxx.exe (1564) C:\Windows\system32\WLANExt.exe (1676) C:\Windows\system32\conhost.exe (1688) C:\Windows\System32\spoolsv.exe (1836) C:\Windows\system32\svchost.exe (1900) C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe (2008) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe (1072) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (1508) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (1268) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (2092) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe (2140) C:\Windows\system32\CxAudMsg64.exe (2164) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (2216) C:\Windows\system32\svchost.exe (2260) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (2300) C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe (2332) C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe (2376) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe (2404) C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe (2428) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (2468) C:\Windows\SysWOW64\SAsrv.exe (2520) C:\Windows\system32\svchost.exe (2564) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe (2616) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (2684) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (2836) C:\Windows\system32\wbem\wmiprvse.exe (2160) C:\Windows\system32\wbem\unsecapp.exe (2176) C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe (3472) C:\Windows\system32\Dwm.exe (3500) C:\Windows\Explorer.EXE (3524) C:\Windows\system32\taskhost.exe (3564) C:\Windows\system32\rundll32.exe (3676) C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE (3744) C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe (3752) C:\Windows\system32\spool\DRIVERS\x64\3\HP1006MC.EXE (3812) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe (3900) C:\Windows\system32\svchost.exe (3196) C:\Windows\System32\rundll32.exe (1748) C:\Windows\system32\taskeng.exe (4268) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (4300) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (4320) C:\Windows\System32\TpShocks.exe (4328) C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SRORest.exe (4368) C:\Windows\system32\wbem\unsecapp.exe (4396) C:\Program Files\CONEXANT\ForteConfig\fmapp.exe (4444) C:\Windows\System32\hkcmd.exe (4496) C:\Windows\System32\igfxpers.exe (4516) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe (4536) C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe (4548) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (4620) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (4740) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe (4768) C:\Windows\SysWOW64\rundll32.exe (4944) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (4956) C:\Windows\system32\rundll32.exe (4964) C:\Program Files (x86)\AVG Secure Search\vprot.exe (4972) C:\Program Files (x86)\AVG\AVG2013\avgui.exe (4996) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (5024) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (5076) C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe (2508) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (1548) C:\Windows\SysWOW64\RunDll32.exe (5332) C:\Windows\system32\SearchIndexer.exe (5340) C:\Program Files\Windows Media Player\wmpnetwk.exe (5560) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (5040) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (3220) C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE (3052) C:\Windows\system32\wbem\wmiprvse.exe (576) C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe (3316) C:\Windows\system32\wbem\unsecapp.exe (3204) C:\Program Files (x86)\Lenovo\System Update\SUService.exe (6056) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe (5436) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (4828) C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe (5448) C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (6952) C:\UsbFix\Go.exe (3832) ################## | El Desaparecido Section | HKLM\SOFTWARE | Run : [RotateImage] - C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe HKLM\SOFTWARE | Run : [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun HKLM\SOFTWARE | Run : [PWMTRV] - rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor HKLM\SOFTWARE | Run : [vProt] - "C:\Program Files (x86)\AVG Secure Search\vprot.exe" HKLM\SOFTWARE | Run : [AVG_UI] - "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" HKLM\SOFTWARE | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" HKLM\SOFTWARE\wow6432Node | Run : [RotateImage] - C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe HKLM\SOFTWARE\wow6432Node | Run : [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun HKLM\SOFTWARE\wow6432Node | Run : [PWMTRV] - rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor HKLM\SOFTWARE\wow6432Node | Run : [vProt] - "C:\Program Files (x86)\AVG Secure Search\vprot.exe" HKLM\SOFTWARE\wow6432Node | Run : [AVG_UI] - "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY HKLM\SOFTWARE\wow6432Node | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" HKLM\SOFTWARE\wow6432Node | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" HKLM\SOFTWARE | RunOnce : [] - HKLM\SOFTWARE\wow6432Node | RunOnce : [] - HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe ################## | Files # Infected Folders | Found ! Q:\LenovoQDrive.exe Found ! Q:\AUTORUN.INF ################## | Registry | ################## | Mountpoints2 | ################## | Vaccin | (!) This computer is not vaccinated! ################## | E.O.F | http://sosvirus.org |