############################## | UsbFix V 7.127 | [Research] User: Waldek (Administrator) # J-KELLY Updated 05/06/2013 by El Desaparecido Started at 16:55:09 | 16/06/2013 Website: http://sosvirus.org/ Upload Malware: http://upload.sosvirus.org/ Contact: contact@sosvirus.org PC: ASUSTeK Computer Inc. (X55SV ) (X86-based PC) CPU: Intel(R) Core(TM)2 Duo CPU T8300 @ 2.40GHz (2401) RAM -> [Total : 3070 | Free : 1195] BIOS: Default System BIOS BOOT: Normal boot OS: Microsoft® Windows Vista™ Home Premium (6.0.6001 32-Bit) # Service Pack 1 WB: Windows Internet Explorer 7.0.6001.18000 SC: Security Center Service [Enabled] WU: Windows Update Service [Enabled] AV: Kaspersky Anti-Virus [Enabled | (!) Outdated] FW: Windows FireWall Service [Enabled] C:\ (%systemdrive%) -> Fixed drive # 200 Gb (4 Mb free - 2%) [VistaOS] # NTFS D:\ -> CD-ROM E:\ -> CD-ROM H:\ -> Removable drive # 7 Gb (6 Mb free - 74%) [] # FAT32 ################## | Active Processes | C:\Windows\system32\csrss.exe (704) C:\Windows\system32\wininit.exe (756) C:\Windows\system32\csrss.exe (768) C:\Windows\system32\services.exe (808) C:\Windows\system32\lsass.exe (824) C:\Windows\system32\lsm.exe (840) C:\Windows\system32\winlogon.exe (856) C:\Windows\system32\svchost.exe (1048) C:\Windows\system32\svchost.exe (1116) C:\Windows\System32\svchost.exe (1168) C:\Windows\System32\svchost.exe (1232) C:\Windows\System32\svchost.exe (1272) C:\Windows\system32\svchost.exe (1296) C:\Windows\system32\SLsvc.exe (1412) C:\Windows\system32\svchost.exe (1452) C:\Windows\system32\svchost.exe (1680) C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe (1924) C:\Program Files\ATK Hotkey\ASLDRSrv.exe (1944) C:\Program Files\ATKGFNEX\GFNEXSrv.exe (1968) C:\Windows\system32\taskeng.exe (2032) C:\Windows\System32\spoolsv.exe (376) C:\Windows\system32\svchost.exe (644) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe (872) C:\Program Files\Bonjour\mDNSResponder.exe (904) C:\Windows\system32\svchost.exe (2068) C:\Program Files\Common Files\LightScribe\LSSrvc.exe (2132) C:\Windows\system32\svchost.exe (2248) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (2272) C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe (2360) C:\Windows\system32\svchost.exe (2404) C:\Windows\System32\svchost.exe (2472) C:\Windows\system32\SearchIndexer.exe (2500) C:\Windows\System32\alg.exe (3088) C:\Windows\system32\Dwm.exe (3712) C:\Windows\Explorer.EXE (3764) C:\Windows\system32\taskeng.exe (3804) C:\Windows\system32\taskeng.exe (3872) C:\Program Files\ASUS\ASUS Live Update\ALU.exe (4064) C:\Program Files\ASUS\SmartLogon\sensorsrv.exe (2356) C:\Program Files\Windows Defender\MSASCui.exe (1284) C:\Program Files\ATK Hotkey\Hcontrol.exe (1792) C:\Program Files\ATK Hotkey\MsgTranAgt.exe (1936) C:\Program Files\Wireless Console 2\wcourier.exe (1984) C:\Program Files\P4G\BatteryLife.exe (1988) C:\Program Files\ASUS\ASUS CopyProtect\aspg.exe (416) C:\Program Files\ASUS\Splendid\ACMON.exe (676) C:\Windows\System32\rundll32.exe (3268) C:\Windows\System32\rundll32.exe (1832) C:\Program Files\ATKOSD2\ATKOSD2.exe (3672) C:\Windows\RtHDVCpl.exe (3736) C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (1608) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (3988) C:\Program Files\ChkMail\ChkMail\ChkMail.exe (3748) C:\Program Files\ASUS\ATK Media\DMedia.exe (4036) C:\Windows\ASScrPro.exe (2712) C:\Windows\System32\ACEngSvr.exe (3980) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (1640) C:\Program Files\Real\RealPlayer\Update\realsched.exe (1772) C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (1880) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (3816) C:\Program Files\Common Files\Java\Java Update\jusched.exe (3792) C:\Program Files\Zune\ZuneLauncher.exe (3256) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe (3284) C:\Windows\ehome\ehtray.exe (748) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (4100) C:\Program Files\Windows Sidebar\sidebar.exe (4112) C:\Program Files\ATK Hotkey\ATKOSD.exe (4472) C:\Windows\ehome\ehmsas.exe (4548) C:\Program Files\ATK Hotkey\KBFiltr.exe (4832) C:\Program Files\ATK Hotkey\WDC.exe (4880) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (5712) C:\Program Files\Mozilla Firefox\firefox.exe (2924) C:\Program Files\Nowe Gadu-Gadu\gg.exe (6340) C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe (8100) C:\UsbFix\Go.exe (8512) C:\Windows\system32\wbem\wmiprvse.exe (9092) C:\Windows\system32\WUDFHost.exe (8696) C:\Windows\System32\mobsync.exe (8716) C:\Windows\system32\msfeedssync.exe (9396) ################## | El Desaparecido Section | HKLM\SOFTWARE | Run : [Windows Defender] - %ProgramFiles%\Windows Defender\MSASCui.exe -hide HKLM\SOFTWARE | Run : [NvSvc] - RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart HKLM\SOFTWARE | Run : [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup HKLM\SOFTWARE | Run : [NvMediaCenter] - RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit HKLM\SOFTWARE | Run : [ATKOSD2] - "C:\Program Files\ATKOSD2\ATKOSD2.exe" HKLM\SOFTWARE | Run : [RtHDVCpl] - RtHDVCpl.exe HKLM\SOFTWARE | Run : [SMSERIAL] - C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe HKLM\SOFTWARE | Run : [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe HKLM\SOFTWARE | Run : [ChkMail] - C:\Program Files\ChkMail\ChkMail\ChkMail.exe HKLM\SOFTWARE | Run : [ATKMEDIA] - C:\Program Files\ASUS\ATK Media\DMEDIA.EXE HKLM\SOFTWARE | Run : [ASUS Screen Saver Protector] - C:\Windows\ASScrPro.exe HKLM\SOFTWARE | Run : [BEWINTERNET-PL-IEWSessionManager] - C:\Program Files\OrangeBS\BEWInternet-PL-IEW\SessionManager\SessionManager.exe HKLM\SOFTWARE | Run : [Media Codec Update Service] - C:\Program Files\Essentials Codec Pack\update.exe -silent HKLM\SOFTWARE | Run : [QuickTime Task] - "C:\Program Files\QuickTime\QTTask.exe" -atboottime HKLM\SOFTWARE | Run : [avast5] - "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui HKLM\SOFTWARE | Run : [GrooveMonitor] - "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" HKLM\SOFTWARE | Run : [CloneCDTray] - "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s HKLM\SOFTWARE | Run : [AdobeCS4ServiceManager] - "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin HKLM\SOFTWARE | Run : [TkBellExe] - "C:\Program Files\Real\RealPlayer\Update\realsched.exe" -osboot HKLM\SOFTWARE | Run : [USBToolTip] - C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe HKLM\SOFTWARE | Run : [Adobe Reader Speed Launcher] - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" HKLM\SOFTWARE | Run : [SunJavaUpdateSched] - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" HKLM\SOFTWARE | Run : [] - HKLM\SOFTWARE | Run : [ApnUpdater] - "C:\Program Files\Ask.com\Updater\Updater.exe" HKLM\SOFTWARE | Run : [Zune Launcher] - "C:\Program Files\Zune\ZuneLauncher.exe" HKLM\SOFTWARE | Run : [AVP] - "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe" HKLM\SOFTWARE | RunOnce : [] - HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem HKU\S-1-5-19\SOFTWARE | Run : [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem HKU\S-1-5-20\SOFTWARE | Run : [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-21-1502954058-354130965-305815867-1000\SOFTWARE | Run : [ehTray.exe] - C:\Windows\ehome\ehTray.exe HKU\S-1-5-21-1502954058-354130965-305815867-1000\SOFTWARE | Run : [Power2GoExpress] - NA HKU\S-1-5-21-1502954058-354130965-305815867-1000\SOFTWARE | Run : [LightScribe Control Panel] - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden HKU\S-1-5-21-1502954058-354130965-305815867-1000\SOFTWARE | Run : [InternetCalls] - "C:\Program Files\InternetCalls.com\InternetCalls\InternetCalls.exe" -nosplash -minimized HKU\S-1-5-21-1502954058-354130965-305815867-1000\SOFTWARE | Run : [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe /autoRun HKU\S-1-5-21-1502954058-354130965-305815867-1000\SOFTWARE | Run : [ares] - "C:\Program Files\Ares\Ares.exe" -h HKU\S-1-5-21-1502954058-354130965-305815867-1000\SOFTWARE | Run : [Google Update] - "C:\Users\Waldek\AppData\Local\Google\Update\GoogleUpdate.exe" /c HKU\S-1-5-21-1502954058-354130965-305815867-1000\SOFTWARE | Run : [AdobeBridge] - ################## | Files # Infected Folders | Found ! H:\nhjAbfn.lnk Found ! H:\New Folder.lnk Found ! H:\Passwords.lnk Found ! H:\Documents.lnk Found ! H:\Pictures.lnk Found ! H:\Music.lnk Found ! H:\Video.lnk Found ! C:\Users\Waldek\AppData\Local\Temp\utt62DA.tmp.exe Found ! E:\autorun.inf Found ! H:\autorun.inf Found ! H:\84612796 ################## | Registry | ################## | Mountpoints2 | HKCU\.\.\.\.\Explorer\MountPoints2\F Shell\AutoRun\Command = F:\LaunchU3.exe -a HKCU\.\.\.\.\Explorer\MountPoints2\{34a148c0-4744-11e0-8f53-bfa0d978484d} Shell\AutoRun\Command = E:\AutoRun.exe HKCU\.\.\.\.\Explorer\MountPoints2\{34a148fa-4744-11e0-8f53-ecffa72c504c} Shell\AutoRun\Command = E:\AutoRun.exe HKCU\.\.\.\.\Explorer\MountPoints2\{34a148fb-4744-11e0-8f53-ecffa72c504c} Shell\AutoRun\Command = E:\AutoRun.exe HKCU\.\.\.\.\Explorer\MountPoints2\{34a148fc-4744-11e0-8f53-ecffa72c504c} Shell\AutoRun\Command = E:\AutoRun.exe HKCU\.\.\.\.\Explorer\MountPoints2\{3aa5528d-0210-11e0-ad49-e991a847fe84} Shell\AutoRun\Command = F:\Startme.exe HKCU\.\.\.\.\Explorer\MountPoints2\{aa5694f9-cfd2-11de-af19-001f3b59d805} Shell\AutoRun\Command = E:\AutoRunCardDetector.exe ################## | Vaccin | (!) This computer is not vaccinated! ################## | E.O.F | http://sosvirus.org |