############################## | UsbFix V 7.152 | [Research] User: asiaarek (Administrator) # MASZYNA Updated 20/11/2013 by El Desaparecido - Team SosVirus Started at 18:52:16 | 02/12/2013 Website : http://www.en.usbfix.net Forum : http://www.sosvirus.net/ Upload Malware : http://www.sosvirus.net/upload_malware.php Contact : http://www.en.usbfix.net/contact/ PC: ASUSTeK Computer INC. (P5G41T-M LX2/GB) CPU: Pentium(R) Dual-Core CPU E6700 @ 3.20GHz RAM -> [Total : 1789 | Free : 756] Bios: American Megatrends Inc. Boot: Normal boot OS: Microsoft Windows 7 Home Premium (6.1.7601 32-Bit) Service Pack 1 WB: Windows Internet Explorer : 10.0.9200.16736 WB: Google Chrome : 31.0.1650.57 WB: Mozilla Firefox : 25.0.1 SC: Security Center Service [Enabled] WU: Windows Update Service [Enabled] AV: AVG Internet Security 2012 [(!) Disabled | Updated] AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255) FW: Windows FireWall Service [Enabled] C:\ (%systemdrive%) -> Fixed drive # 78 Gb (34 Mb free - 43%) [] # NTFS D:\ -> Fixed drive # 98 Gb (15 Mb free - 16%) [media] # NTFS E:\ -> Fixed drive # 51 Gb (18 Mb free - 35%) [dane] # NTFS F:\ -> Fixed drive # 388 Gb (278 Mb free - 72%) [rozne] # NTFS G:\ -> CD-ROM K:\ -> Fixed drive # 1863 Gb (1412 Mb free - 76%) [Dysk Przenosny] # NTFS ################## | Active Processes | C:\Windows\system32\csrss.exe (ID: 620 |ParentID: 608) C:\Windows\system32\wininit.exe (ID: 676 |ParentID: 608) C:\Windows\system32\csrss.exe (ID: 684 |ParentID: 668) C:\Windows\system32\winlogon.exe (ID: 740 |ParentID: 668) C:\Windows\system32\services.exe (ID: 760 |ParentID: 676) C:\Windows\system32\lsass.exe (ID: 784 |ParentID: 676) C:\Windows\system32\lsm.exe (ID: 800 |ParentID: 676) C:\Windows\system32\svchost.exe (ID: 908 |ParentID: 760) C:\Windows\system32\svchost.exe (ID: 988 |ParentID: 760) C:\Windows\System32\svchost.exe (ID: 1072 |ParentID: 760) C:\Windows\System32\svchost.exe (ID: 1132 |ParentID: 760) C:\Windows\system32\svchost.exe (ID: 1172 |ParentID: 760) C:\Windows\system32\svchost.exe (ID: 1200 |ParentID: 760) C:\Windows\system32\svchost.exe (ID: 1324 |ParentID: 760) C:\Windows\system32\svchost.exe (ID: 1512 |ParentID: 760) C:\Windows\system32\svchost.exe (ID: 1744 |ParentID: 760) C:\Program Files\AVG\AVG2012\avgwdsvc.exe (ID: 1976 |ParentID: 760) C:\Windows\system32\svchost.exe (ID: 2040 |ParentID: 760) C:\Windows\system32\svchost.exe (ID: 312 |ParentID: 760) C:\Windows\System32\svchost.exe (ID: 336 |ParentID: 760) C:\Windows\System32\svchost.exe (ID: 640 |ParentID: 760) C:\Windows\system32\svchost.exe (ID: 564 |ParentID: 760) C:\Windows\system32\Pen_Tablet.exe (ID: 844 |ParentID: 760) C:\Windows\system32\svchost.exe (ID: 2716 |ParentID: 760) C:\Windows\System32\WUDFHost.exe (ID: 3272 |ParentID: 1132) C:\Windows\system32\taskhost.exe (ID: 3488 |ParentID: 760) C:\Windows\system32\Dwm.exe (ID: 3652 |ParentID: 1132) C:\Windows\Explorer.EXE (ID: 3680 |ParentID: 3636) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe (ID: 3776 |ParentID: 1412) C:\Program Files\Tablet\Pen\WacomHost.exe (ID: 3812 |ParentID: 1412) C:\Program Files\Tablet\Pen\Pen_Tablet.exe (ID: 3832 |ParentID: 3812) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe (ID: 3900 |ParentID: 1412) C:\Windows\System32\igfxtray.exe (ID: 3192 |ParentID: 3680) C:\Windows\System32\hkcmd.exe (ID: 3236 |ParentID: 3680) C:\Windows\System32\igfxpers.exe (ID: 3188 |ParentID: 3680) C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (ID: 3352 |ParentID: 3680) C:\Program Files\AVG\AVG2012\avgtray.exe (ID: 3384 |ParentID: 3680) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (ID: 2444 |ParentID: 3680) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (ID: 1956 |ParentID: 3680) C:\Windows\system32\SearchIndexer.exe (ID: 1152 |ParentID: 760) C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe (ID: 1952 |ParentID: 1956) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe (ID: 3700 |ParentID: 908) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe (ID: 3244 |ParentID: 908) C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 2224 |ParentID: 760) C:\Program Files\Mozilla Firefox\firefox.exe (ID: 5464 |ParentID: 3680) C:\Windows\system32\PrintIsolationHost.exe (ID: 5268 |ParentID: 908) C:\Windows\system32\Rundll32.exe (ID: 1764 |ParentID: 3680) C:\Windows\notepad.exe (ID: 1860 |ParentID: 1528) C:\Windows\system32\AUDIODG.EXE (ID: 5108 |ParentID: 1072) C:\Windows\system32\wbem\wmiprvse.exe (ID: 5676 |ParentID: 908) C:\UsbFix\Go.exe (ID: 2332 |ParentID: 2324) C:\Windows\System32\spoolsv.exe (ID: 5836 |ParentID: 760) ################## | Regedit Run | 04 - HKLM\SOFTWARE | Run : [IgfxTray] - C:\Windows\system32\igfxtray.exe 04 - HKLM\SOFTWARE | Run : [HotKeysCmds] - C:\Windows\system32\hkcmd.exe 04 - HKLM\SOFTWARE | Run : [Persistence] - C:\Windows\system32\igfxpers.exe 04 - HKLM\SOFTWARE | Run : [HDAudDeck] - C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe -r 04 - HKLM\SOFTWARE | Run : [AVG_TRAY] - "C:\Program Files\AVG\AVG2012\avgtray.exe" 04 - HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" 04 - HKLM\SOFTWARE | Run : [BCSSync] - "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices 04 - HKLM\SOFTWARE | Run : [APSDaemon] - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" 04 - HKLM\SOFTWARE | Run : [QuickTime Task] - "C:\Program Files\QuickTime\QTTask.exe" -atboottime 04 - HKLM\SOFTWARE | Run : [AdobeAAMUpdater-1.0] - "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" 04 - HKLM\SOFTWARE | Run : [Bonus.SSR.FR11] - "C:\Program Files\ABBYY FineReader 11\Bonus.ScreenshotReader.exe" /autorun 04 - HKLM\SOFTWARE | Run : [HP Software Update] - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe 04 - HKLM\SOFTWARE | Run : [hpqSRMon] - C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe 04 - HKLM\SOFTWARE | Run : [TrojanScanner] - C:\Program Files\Trojan Remover\Trjscan.exe /boot 04 - HKLM\SOFTWARE | RunOnce : [] - 04 - HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun 04 - HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun 04 - HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe 04 - HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe ################## | Generic Research | Found ! C:\Users\asiaarek\AppData\Local\dt.dat Found ! E:\Photo to Sketch Standard 3.5.exe Found ! C:\Recycler\S-1-5-21-0243556031-888888379-781863308-14196119 Found ! D:\RECYCLER\S-1-5-21-1202660629-2077806209-682003330-500 Found ! E:\RECYCLER\S-1-5-21-1202660629-2077806209-682003330-500 ################## | Registry | Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|EnableLUA -> 0 Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|ConsentPromptBehaviorAdmin -> 0 ################## | Vaccin | (!) This computer is not vaccinated! ################## | E.O.F | http://www.usbfix.net - http://www.sosvirus.net |