############################## | UsbFix V 7.078 | [Research] User: Tymek (Administrator) # TYMEK-KOMPUTER Updated 06/01/2012 by El Desaparecido Started at 16:10:48 | 09/01/2012 Website: http://eldesaparecido.com Suspicious file ? : http://eldesaparecido.com/upload.html Contact: contact@eldesaparecido.com PC: ASUSTeK Computer Inc. (U30Jc) (x64-based PC) # Notebook CPU: Intel(R) Core(TM) i5 CPU M 520 @ 2.40GHz (2400) RAM -> [ Total : 7980 | Free : 4757 ] BIOS: BIOS Date: 10/30/09 15:13:23 Ver: 08.00.10 BOOT: Normal boot OS: Microsoft Windows 7 Professional (6.1.7601 64-Bit) # Service Pack 1 WB: Windows Internet Explorer 9.0.8112.16421 SC: Security Center Service [ Enabled ] WU: Windows Update Service [ Enabled ] AV: Norton 360 [ Enabled | Updated ] FW: Windows FireWall Service [ Enabled ] C:\ (%systemdrive%) -> Fixed drive # 202 Gb (78 Mb free - 39%) [] # NTFS D:\ -> Fixed drive # 466 Gb (92 Mb free - 20%) [Dysk Przenośny] # NTFS ################## | Active Processes | C:\Windows\system32\csrss.exe (608) C:\Windows\system32\wininit.exe (696) C:\Windows\system32\csrss.exe (712) C:\Windows\system32\services.exe (772) C:\Windows\system32\winlogon.exe (796) C:\Windows\system32\lsass.exe (808) C:\Windows\system32\lsm.exe (816) C:\Windows\system32\svchost.exe (928) C:\Windows\system32\nvvsvc.exe (996) C:\Windows\system32\svchost.exe (116) C:\Windows\System32\svchost.exe (580) C:\Windows\System32\svchost.exe (1028) C:\Windows\system32\svchost.exe (1056) C:\Windows\system32\svchost.exe (1212) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (1396) C:\Windows\system32\nvvsvc.exe (1412) C:\Windows\system32\svchost.exe (1456) C:\Windows\system32\svchost.exe (1572) C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe (1612) C:\Program Files\ATKGFNEX\GFNEXSrv.exe (1768) C:\Windows\System32\spoolsv.exe (1868) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (1272) C:\Windows\system32\svchost.exe (1492) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (1840) C:\Windows\system32\lxeccoms.exe (2040) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe (2008) C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe (1980) C:\Windows\system32\svchost.exe (2104) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (2136) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (2192) C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe (2252) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (2280) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (2372) C:\Windows\system32\svchost.exe (2616) C:\Windows\system32\svchost.exe (2856) C:\Windows\system32\wbem\wmiprvse.exe (2964) C:\Windows\system32\SearchIndexer.exe (3060) C:\Windows\system32\wbem\wmiprvse.exe (3024) C:\Windows\system32\taskhost.exe (3532) C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe (3556) C:\Windows\system32\taskeng.exe (3588) C:\Windows\system32\Dwm.exe (3632) C:\Windows\Explorer.EXE (3700) C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesApp64.exe (3752) C:\Program Files\P4G\BatteryLife.exe (3912) C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe (3368) C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe (3396) C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe (3496) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (4224) C:\Windows\WindowsMobile\wmdc.exe (4232) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (4244) C:\Windows\system32\svchost.exe (4280) C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe (4288) C:\Windows\System32\hkcmd.exe (4316) C:\Windows\System32\igfxpers.exe (4356) C:\Program Files\TrueCrypt\TrueCrypt.exe (4400) C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe (4860) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (4908) C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (4972) C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (4984) C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (4992) C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (5004) C:\Windows\System32\svchost.exe (4112) C:\Program Files\Windows Media Player\wmpnetwk.exe (4820) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (4560) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (4660) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (4896) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (4588) C:\Windows\system32\svchost.exe (1852) C:\UsbFix\Go.exe (5976) ################## | Files # Infected Folders | Found ! D:\$RECYCLE.BIN.lnk Found ! D:\Filmy.lnk Found ! D:\Gry.lnk Found ! D:\Prace pisemne.lnk Found ! D:\Programy.lnk Found ! D:\System Volume Information.lnk Found ! D:\Zdjęcia.lnk Found ! D:\Recycler\desktop.ini Found ! D:\Recycler\S-5-3-42-2819952290-8240758988-879315005-3665 ################## | Registry | ################## | Mountpoints2 | HKCU\.\.\.\.\Explorer\MountPoints2\{02ac51b1-1faf-11e0-8af4-20cf3026f56f} Shell\AutoRun\Command = F:\autorun.exe HKCU\.\.\.\.\Explorer\MountPoints2\{05052467-bf26-11e0-97ae-1c4bd61a2cc6} Shell\AutoRun\Command = G:\AutoRun.exe HKCU\.\.\.\.\Explorer\MountPoints2\{08baa027-1e5f-11e1-9d5c-1c4bd61a2cc6} Shell\AutoRun\Command = G:\AutoRun.exe HKCU\.\.\.\.\Explorer\MountPoints2\{08baa029-1e5f-11e1-9d5c-1c4bd61a2cc6} Shell\AutoRun\Command = G:\AutoRun.exe HKCU\.\.\.\.\Explorer\MountPoints2\{08baa02c-1e5f-11e1-9d5c-1c4bd61a2cc6} Shell\AutoRun\Command = F:\AutoRun.exe HKCU\.\.\.\.\Explorer\MountPoints2\{52dc8644-7940-11df-ab60-806e6f6e6963} Shell\AutoRun\Command = D:\InstAll.exe HKCU\.\.\.\.\Explorer\MountPoints2\{6038e7d4-1328-11e0-9460-1c4bd61a2cc6} Shell\AutoRun\Command = "G:\WD SmartWare.exe" autoplay=true HKCU\.\.\.\.\Explorer\MountPoints2\{6d21dd6e-1aba-11e1-a38c-1c4bd61a2cc6} Shell\AutoRun\Command = G:\AutoRun.exe HKCU\.\.\.\.\Explorer\MountPoints2\{6d21dd75-1aba-11e1-a38c-1c4bd61a2cc6} Shell\AutoRun\Command = G:\AutoRun.exe HKCU\.\.\.\.\Explorer\MountPoints2\{cb36a3cd-1286-11e0-a5ec-20cf3026f56f} Shell\AutoRun\Command = F:\AutoRun.exe HKCU\.\.\.\.\Explorer\MountPoints2\{cb36a3d3-1286-11e0-a5ec-20cf3026f56f} Shell\AutoRun\Command = F:\AutoRun.exe HKCU\.\.\.\.\Explorer\MountPoints2\{d33aed33-7ac5-11df-938f-1c4bd60fcb55} Shell\AutoRun\Command = F:\MicroLauncher.exe HKCU\.\.\.\.\Explorer\MountPoints2\{dcf90bc0-009d-11e1-ab09-806e6f6e6963} Shell\AutoRun\Command = J:\AUTORUN.EXE HKCU\.\.\.\.\Explorer\MountPoints2\{eb740946-b6e9-11e0-9134-1c4bd61a2cc6} Shell\AutoRun\Command = G:\AutoRun.exe HKCU\.\.\.\.\Explorer\MountPoints2\{f4d07610-1f12-11e1-b1da-1c4bd61a2cc6} Shell\AutoRun\Command = F:\AutoRun.exe HKCU\.\.\.\.\Explorer\MountPoints2\{f4d07614-1f12-11e1-b1da-1c4bd61a2cc6} Shell\AutoRun\Command = F:\AutoRun.exe ################## | Vaccin | (!) This computer is not vaccinated! ################## | E.O.F |