############################## | UsbFix V 7.167 | [Research] User: KonDziu (Administrator) # KONDZIU-PC Updated 13/03/2014 by El Desaparecido - Team SosVirus Started at 19:54:47 | 25/03/2014 Website : http://www.en.usbfix.net/ Changelog : http://www.en.usbfix.net/changelog/ Support : http://en.kioskea.net/forum/viruses-security-7 Upload Malware : http://www.sosvirus.net/upload_malware.php Contact : http://www.en.usbfix.net/contact/ PC: ASRock (Z77 Extreme4) CPU: Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz RAM -> [Total : 16084 Mo| Free : 11511 Mo] Bios: American Megatrends Inc. Boot: Normal boot OS: Microsoft Windows 7 Professional (6.1.7601 64-Bit) Service Pack 1 WB: Windows Internet Explorer : 11.0.9600.16521 WB: Mozilla Firefox : 17.0 SC: Security Center [Enabled] WU: Windows Update [Enabled] AV: ESET Smart Security 7.0 [Enabled | Updated] AS: Windows Defender [Enabled | Updated] AS: ESET Smart Security 7.0 [Enabled | Updated] FW: Zapora osobista ESET [Enabled] FW: Windows FireWall [Enabled] AS: Malwarebytes' Anti-Malware : 1.75.0001 C:\ (%systemdrive%) -> Fixed drive # 117 Gb (21 Mb free - 18%) [] # NTFS D:\ -> Fixed drive # 98 Gb (12 Mb free - 12%) [Dane] # NTFS E:\ -> CD-ROM F:\ -> Fixed drive # 244 Gb (28 Mb free - 11%) [Filmy] # NTFS G:\ -> CD-ROM I:\ -> Fixed drive # 101 Gb (20 Mb free - 20%) [Inne] # NTFS J:\ -> Removable drive # 483 Mb (177 Mb free - 37%) [] # FAT K:\ -> Removable drive # 15 Gb (3 Mb free - 17%) [KONDZIU] # FAT32 M:\ -> Fixed drive # 78 Gb (29 Mb free - 37%) [Muzyka] # NTFS Z:\ -> Fixed drive # 293 Gb (13 Mb free - 4%) [Zdjêcia] # NTFS ################## | Active Processes | C:\Windows\system32\csrss.exe (ID: 584 |ParentID: 532) C:\Windows\system32\csrss.exe (ID: 664 |ParentID: 656) C:\Windows\system32\wininit.exe (ID: 672 |ParentID: 532) C:\Windows\system32\winlogon.exe (ID: 720 |ParentID: 656) C:\Windows\system32\services.exe (ID: 768 |ParentID: 672) C:\Windows\system32\lsass.exe (ID: 792 |ParentID: 672) C:\Windows\system32\lsm.exe (ID: 800 |ParentID: 672) C:\Windows\system32\svchost.exe (ID: 904 |ParentID: 768) C:\Windows\system32\svchost.exe (ID: 984 |ParentID: 768) C:\Windows\System32\svchost.exe (ID: 392 |ParentID: 768) C:\Windows\System32\svchost.exe (ID: 424 |ParentID: 768) C:\Windows\system32\svchost.exe (ID: 620 |ParentID: 768) C:\Windows\system32\svchost.exe (ID: 532 |ParentID: 768) C:\Windows\system32\svchost.exe (ID: 1120 |ParentID: 768) C:\Windows\System32\spoolsv.exe (ID: 1312 |ParentID: 768) C:\Windows\system32\svchost.exe (ID: 1400 |ParentID: 768) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (ID: 1500 |ParentID: 768) C:\Windows\system32\taskhost.exe (ID: 1660 |ParentID: 768) C:\Windows\system32\Dwm.exe (ID: 1732 |ParentID: 424) C:\Windows\Explorer.EXE (ID: 1768 |ParentID: 1704) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe (ID: 1776 |ParentID: 768) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe (ID: 2044 |ParentID: 768) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe (ID: 1544 |ParentID: 768) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (ID: 1672 |ParentID: 1768) C:\Windows\System32\igfxtray.exe (ID: 1820 |ParentID: 1768) C:\Windows\System32\hkcmd.exe (ID: 1564 |ParentID: 1768) C:\Windows\System32\igfxpers.exe (ID: 1760 |ParentID: 1768) C:\Windows\SysWOW64\nlssrv32.exe (ID: 2116 |ParentID: 768) C:\Program Files\Logitech\SetPointP\SetPoint.exe (ID: 2224 |ParentID: 1768) c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (ID: 2256 |ParentID: 768) C:\Program Files\ESET\ESET Smart Security\egui.exe (ID: 2292 |ParentID: 1768) C:\Windows\system32\svchost.exe (ID: 2340 |ParentID: 768) C:\Windows\System32\svchost.exe (ID: 2360 |ParentID: 768) C:\Windows\system32\SearchIndexer.exe (ID: 2400 |ParentID: 768) C:\Program Files\Windows Sidebar\sidebar.exe (ID: 2560 |ParentID: 1768) C:\Users\KonDziu\AppData\Roaming\Stealth Software\HTC Home 2.4\HTCHome.exe (ID: 2592 |ParentID: 1768) C:\Users\KonDziu\AppData\Local\Akamai\netsession_win.exe (ID: 2808 |ParentID: 1768) C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe (ID: 2880 |ParentID: 1768) C:\Users\KonDziu\AppData\Local\Akamai\netsession_win.exe (ID: 2904 |ParentID: 2808) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE (ID: 2924 |ParentID: 2224) C:\Users\KonDziu\AppData\Roaming\Dropbox\bin\Dropbox.exe (ID: 3040 |ParentID: 1768) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (ID: 2912 |ParentID: 1876) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (ID: 368 |ParentID: 2912) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (ID: 3168 |ParentID: 2996) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (ID: 3308 |ParentID: 2996) C:\Windows\system32\wbem\wmiprvse.exe (ID: 3620 |ParentID: 904) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (ID: 4068 |ParentID: 768) C:\Windows\system32\svchost.exe (ID: 3376 |ParentID: 768) C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 3760 |ParentID: 1768) C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 2864 |ParentID: 3760) C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 3768 |ParentID: 3760) C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 1896 |ParentID: 3760) C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 4196 |ParentID: 3760) C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 4256 |ParentID: 3760) C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 4328 |ParentID: 3760) C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 4384 |ParentID: 3760) C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 4492 |ParentID: 3760) C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 4548 |ParentID: 3760) C:\Program Files (x86)\Nero\Update\NASvc.exe (ID: 4696 |ParentID: 768) C:\Windows\system32\svchost.exe (ID: 4808 |ParentID: 768) C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 4864 |ParentID: 3760) C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 5000 |ParentID: 3760) C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 5056 |ParentID: 3760) C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 4656 |ParentID: 3760) C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 3272 |ParentID: 3760) C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 1912 |ParentID: 3760) C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 5104 |ParentID: 3760) C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 3964 |ParentID: 3760) C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 1460 |ParentID: 3760) C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 4612 |ParentID: 3760) C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 5176 |ParentID: 3760) C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 5232 |ParentID: 3760) C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 5244 |ParentID: 3760) C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 5360 |ParentID: 3760) C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 5432 |ParentID: 3760) C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 4768 |ParentID: 3760) C:\Windows\explorer.exe (ID: 876 |ParentID: 904) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (ID: 5652 |ParentID: 5904) C:\Windows\system32\taskhost.exe (ID: 3716 |ParentID: 768) C:\Windows\System32\WUDFHost.exe (ID: 5620 |ParentID: 424) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (ID: 5800 |ParentID: 876) C:\Users\KonDziu\Downloads\OTL.exe (ID: 6160 |ParentID: 1768) C:\Users\KonDziu\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 732 |ParentID: 3760) C:\Windows\system32\SearchProtocolHost.exe (ID: 6340 |ParentID: 2400) C:\Windows\system32\SearchFilterHost.exe (ID: 6308 |ParentID: 2400) ################## | Regedit Run | F2 - HKLM\..\Winlogon : [Shell] explorer.exe F2 - [64bit] HKLM\..\Winlogon : [Shell] Explorer.exe F2 - HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe, F2 - [64bit] HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe, 04 - HKCU\..\Run : [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun 04 - HKCU\..\Run : [HTC Home] "C:\Users\KonDziu\AppData\Roaming\Stealth Software\HTC Home 2.4\HTCHome.exe" 04 - HKCU\..\Run : [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun 04 - HKCU\..\Run : [Google Update] "C:\Users\KonDziu\AppData\Local\Google\Update\GoogleUpdate.exe" /c 04 - HKCU\..\Run : [Akamai NetSession Interface] "C:\Users\KonDziu\AppData\Local\Akamai\netsession_win.exe" 04 - HKCU\..\Run : [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe 04 - HKLM\..\Run : [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" 04 - HKLM\..\Run : [NBAgent] "C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart 04 - HKLM\..\Run : [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" 04 - HKLM\..\Run : [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe 04 - HKLM\..\Run : [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin 04 - HKLM\..\Run : [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices 04 - HKLM\..\Run : [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" 04 - [64bit] HKLM\..\Run : [VIRTU MVP] C:\Program Files\Lucidlogix Technologies\VIRTU MVP\MVPControlPanel.Exe /hide 04 - [64bit] HKLM\..\Run : [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s 04 - [64bit] HKLM\..\Run : [IgfxTray] C:\Windows\system32\igfxtray.exe 04 - [64bit] HKLM\..\Run : [HotKeysCmds] C:\Windows\system32\hkcmd.exe 04 - [64bit] HKLM\..\Run : [Persistence] C:\Windows\system32\igfxpers.exe 04 - [64bit] HKLM\..\Run : [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" 04 - [64bit] HKLM\..\Run : [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming 04 - [64bit] HKLM\..\Run : [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" 04 - [64bit] HKLM\..\Run : [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice 04 - HKU\S-1-5-21-3980349703-1425558841-2649050802-1000\..\Run : [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun 04 - HKU\S-1-5-21-3980349703-1425558841-2649050802-1000\..\Run : [HTC Home] "C:\Users\KonDziu\AppData\Roaming\Stealth Software\HTC Home 2.4\HTCHome.exe" 04 - HKU\S-1-5-21-3980349703-1425558841-2649050802-1000\..\Run : [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun 04 - HKU\S-1-5-21-3980349703-1425558841-2649050802-1000\..\Run : [Google Update] "C:\Users\KonDziu\AppData\Local\Google\Update\GoogleUpdate.exe" /c 04 - HKU\S-1-5-21-3980349703-1425558841-2649050802-1000\..\Run : [Akamai NetSession Interface] "C:\Users\KonDziu\AppData\Local\Akamai\netsession_win.exe" 04 - HKU\S-1-5-21-3980349703-1425558841-2649050802-1000\..\Run : [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe 04 - HKU\S-1-5-18\..\Run : [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun 04 - HKU\S-1-5-18\..\Run : [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe ################## | Generic Research | Found ! C:\Users\KonDziu\dxwsetup.exe ################## | Registry | Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|EnableLUA -> 0 Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|ConsentPromptBehaviorAdmin -> 0 Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyGames -> 0 ################## | E.O.F | http://www.en.usbfix.net/ - http://www.sosvirus.net |