############################## | UsbFix V 7.145 | [Research] User: zby (Administrator) # ZBY-PC Updated 17/10/2013 by El Desaparecido - Team SosVirus Started at 13:54:46 | 19/10/2013 Website: http://www.usbfix.net/ Forum : http://www.sosvirus.net/ Upload Malware: http://www.sosvirus.net/upload_malware.php Contact: http://www.usbfix.net/contact/ PC: ASUSTeK Computer INC. (P5VD2-MX) CPU: Intel(R) Pentium(R) D CPU 2.80GHz RAM -> [Total : 3006 | Free : 1340] Bios: Phoenix Technologies, LTD Boot: Normal boot OS: Microsoft® Windows Vista™ Home Basic (6.0.6002 32-Bit) # Service Pack 2 WB: Windows Internet Explorer 7.0.6002.18005 SC: Security Center Service [(!) Disabled] WU: Windows Update Service [Enabled] AS: Avira Desktop [Enabled | (!) Outdated] FW: Windows FireWall Service [Enabled] C:\ (%systemdrive%) -> Fixed drive # 33 Gb (5 Mb free - 15%) [] # NTFS D:\ -> Fixed drive # 120 Gb (39 Mb free - 32%) [] # NTFS E:\ -> CD-ROM F:\ -> CD-ROM G:\ -> CD-ROM J:\ -> Removable drive # 7 Gb (7 Mb free - 99%) [VANISHPL PN] # NTFS ################## | Active Processes | C:\Windows\system32\csrss.exe (ID 464 |ParentID 452) C:\Windows\system32\csrss.exe (ID 516 |ParentID 508) C:\Windows\system32\wininit.exe (ID 524 |ParentID 452) C:\Windows\system32\services.exe (ID 560 |ParentID 524) C:\Windows\system32\lsass.exe (ID 576 |ParentID 524) C:\Windows\system32\lsm.exe (ID 584 |ParentID 524) C:\Windows\system32\winlogon.exe (ID 620 |ParentID 508) C:\Windows\system32\svchost.exe (ID 772 |ParentID 560) C:\Windows\system32\nvvsvc.exe (ID 816 |ParentID 560) C:\Windows\system32\svchost.exe (ID 844 |ParentID 560) C:\Windows\System32\svchost.exe (ID 880 |ParentID 560) C:\Windows\System32\svchost.exe (ID 964 |ParentID 560) C:\Windows\system32\svchost.exe (ID 984 |ParentID 560) C:\Windows\system32\AUDIODG.EXE (ID 1100 |ParentID 880) C:\Windows\system32\SLsvc.exe (ID 1136 |ParentID 560) C:\Windows\system32\svchost.exe (ID 1176 |ParentID 560) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (ID 1320 |ParentID 816) C:\Windows\system32\nvvsvc.exe (ID 1328 |ParentID 816) C:\Windows\system32\svchost.exe (ID 1380 |ParentID 560) C:\Windows\System32\spoolsv.exe (ID 1528 |ParentID 560) C:\Windows\system32\svchost.exe (ID 1612 |ParentID 560) C:\Windows\system32\Dwm.exe (ID 2000 |ParentID 964) C:\Windows\Explorer.EXE (ID 2032 |ParentID 1984) C:\Program Files\Analog Devices\Core\smax4pnp.exe (ID 436 |ParentID 2032) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe (ID 428 |ParentID 2032) C:\Program Files\Common Files\Java\Java Update\jusched.exe (ID 780 |ParentID 2032) C:\Users\zby\AppData\Local\Facebook\Update\FacebookUpdate.exe (ID 1536 |ParentID 2032) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (ID 224 |ParentID 1320) C:\Program Files\Google\Chrome\Application\chrome.exe (ID 756 |ParentID 2032) C:\Windows\system32\AEADISRV.EXE (ID 1168 |ParentID 560) C:\Program Files\Google\Chrome\Application\chrome.exe (ID 1844 |ParentID 756) C:\Program Files\Google\Chrome\Application\chrome.exe (ID 2144 |ParentID 756) C:\Program Files\Google\Chrome\Application\chrome.exe (ID 2224 |ParentID 756) C:\Program Files\Google\Chrome\Application\chrome.exe (ID 2440 |ParentID 756) C:\Program Files\Google\Chrome\Application\chrome.exe (ID 2456 |ParentID 756) C:\Program Files\Google\Chrome\Application\chrome.exe (ID 2688 |ParentID 756) C:\Program Files\Dokan\DokanLibrary\mounter.exe (ID 2864 |ParentID 560) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (ID 3152 |ParentID 560) C:\Windows\system32\PnkBstrA.exe (ID 3172 |ParentID 560) C:\Windows\system32\svchost.exe (ID 3188 |ParentID 560) C:\Program Files\Google\Chrome\Application\chrome.exe (ID 3344 |ParentID 756) C:\Program Files\Internet Explorer\iexplore.exe (ID 3496 |ParentID 3200) C:\Windows\system32\svchost.exe (ID 3736 |ParentID 560) C:\Windows\System32\svchost.exe (ID 3772 |ParentID 560) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (ID 3864 |ParentID 560) C:\Windows\system32\SearchIndexer.exe (ID 3904 |ParentID 560) D:\Hamachi\hamachi-2.exe (ID 4004 |ParentID 560) D:\Hamachi\LMIGuardianSvc.exe (ID 4016 |ParentID 4004) C:\Windows\system32\svchost.exe (ID 2428 |ParentID 560) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (ID 2780 |ParentID 3864) C:\Program Files\Google\Update\GoogleUpdate.exe (ID 2784 |ParentID 1252) C:\Program Files\Windows Media Player\wmpnetwk.exe (ID 3588 |ParentID 560) C:\Program Files\Google\Chrome\Application\chrome.exe (ID 3516 |ParentID 756) D:\9rvdfb2j.exe (ID 1952 |ParentID 756) C:\Program Files\Google\Chrome\Application\chrome.exe (ID 2636 |ParentID 756) D:\Steam\Steam.exe (ID 1888 |ParentID 2032) C:\Program Files\Common Files\Steam\SteamService.exe (ID 2296 |ParentID 560) C:\Program Files\Google\Chrome\Application\chrome.exe (ID 1620 |ParentID 756) C:\Windows\system32\WUDFHost.exe (ID 3072 |ParentID 964) \\?\C:\Windows\system32\wbem\WMIADAP.EXE (ID 1916 |ParentID 984) C:\Windows\system32\wbem\wmiprvse.exe (ID 3444 |ParentID 772) C:\Windows\system32\wbem\wmiprvse.exe (ID 3980 |ParentID 772) C:\Program Files\Google\Chrome\Application\chrome.exe (ID 4124 |ParentID 756) C:\UsbFix\Go.exe (ID 4472 |ParentID 4416) ################## | Regedit Run | HKLM\SOFTWARE | Run : [SoundMAXPnP] - C:\Program Files\Analog Devices\Core\smax4pnp.exe HKLM\SOFTWARE | Run : [Nvtmru] - "C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" HKLM\SOFTWARE | Run : [SunJavaUpdateSched] - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" HKLM\SOFTWARE | Run : [LogMeIn Hamachi Ui] - "D:\Hamachi\hamachi-2-ui.exe" --auto-start HKLM\SOFTWARE | RunOnce : [] - HKU\S-1-5-21-4279762936-2041923811-3607526187-1000\SOFTWARE | Run : [Facebook Update] - "C:\Users\zby\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver HKU\S-1-5-21-4279762936-2041923811-3607526187-1000\SOFTWARE | Run : [uTorrent] - "C:\Program Files\uTorrent\uTorrent.exe" HKU\S-1-5-21-4279762936-2041923811-3607526187-1000\SOFTWARE | Run : [AshSnap] - D:\Ashampoo Snap 5\ashsnap.exe HKU\S-1-5-21-4279762936-2041923811-3607526187-1000\SOFTWARE | Run : [DAEMON Tools Lite] - "D:\Daemon\DAEMON Tools Lite\DTLite.exe" -autorun HKU\S-1-5-21-4279762936-2041923811-3607526187-1000\SOFTWARE | Run : [AlcoholAutomount] - "D:\Alcohol 120\AxAutoMntSrv.exe" -automount HKU\S-1-5-21-4279762936-2041923811-3607526187-1000\SOFTWARE | Run : [GG] - "C:\Users\zby\AppData\Local\GG\Application\gghub.exe" HKU\S-1-5-21-4279762936-2041923811-3607526187-1006\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem HKU\S-1-5-21-4279762936-2041923811-3607526187-1006\SOFTWARE | Run : [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-21-4279762936-2041923811-3607526187-1006\SOFTWARE | Run : [EADM] - "D:\Origin\Origin.exe" -AutoStart HKU\S-1-5-21-4279762936-2041923811-3607526187-1006\SOFTWARE | Run : [GoogleChromeAutoLaunch_A41B3BF45427D2672ABF49D240D980A1] - "C:\Program Files\Google\Chrome\Application\chrome.exe" --no-startup-window HKU\S-1-5-21-4279762936-2041923811-3607526187-1006\SOFTWARE | Run : [AshSnap] - D:\Ashampoo Snap 5\ashsnap.exe ################## | Files # Infected Folders | Found ! D:\uTorrent.exe Found ! J:\Documents.lnk Found ! J:\Music.lnk Found ! J:\New Folder.lnk Found ! J:\Passwords.lnk Found ! J:\Pictures.lnk Found ! J:\Video.lnk Found ! C:\sury.pif Found ! J:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx Found ! C:\autorun.inf Found ! D:\ownng.pif Found ! D:\Doom_2.exe Found ! D:\autorun.inf Found ! J:\autorun.inf Found ! J:\ktPeR.EXe Found ! J:\Recycler\S-5-3-42-2819952290-8240758988-879315005-3665 Found ! J:\ktper.scr ################## | Registry | Found ! HKCU\Software\VB and VBA Program Settings\INSTALL Found ! HKU\S-1-5-21-4279762936-2041923811-3607526187-1000\Software\Microsoft\Windows\CurrentVersion\Run|uTorrent Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|uTorrent ################## | Vaccin | (!) This computer is not vaccinated! ################## | E.O.F | http://www.usbfix.net - http://www.sosvirus.net |