############################## | UsbFix V 7.127 | [Research]

User: Kasia (Administrator) # -
Updated 05/06/2013 by El Desaparecido
Started at 10:50:11 | 22/06/2013

Website: http://sosvirus.org/
Upload Malware: http://upload.sosvirus.org/
Contact: contact@sosvirus.org

PC: Hewlett-Packard (HP Compaq 6720s) (X86-based PC)
CPU: Intel(R) Celeron(R) M CPU        530  @ 1.73GHz (1729)
RAM -> [Total : 1015 | Free : 579]
BIOS: KBC Version 83.0C
BOOT: Normal boot

OS: Microsoft Windows XP Professional (5.1.2600 32-Bit) # Dodatek Service Pack 2
WB: Windows Internet Explorer 6.0.2900.2180

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Fixed drive # 29 Gb (10 Mb free - 36%) [] # NTFS
D:\ -> Fixed drive # 20 Gb (3 Mb free - 13%) [TWARDY] # FAT32
E:\ -> Fixed drive # 15 Gb (1 Mb free - 9%) [FILM] # FAT32
F:\ -> Fixed drive # 11 Gb (6 Mb free - 52%) [MUZYKA] # FAT32
G:\ -> Removable drive # 4 Gb (428 Mb free - 11%) [] # FAT32
H:\ -> CD-ROM
J:\ -> Removable drive # 7 Gb (3 Mb free - 43%) [] # FAT32

################## | Active Processes |

C:\WINDOWS\System32\smss.exe (780)
C:\WINDOWS\system32\winlogon.exe (1128)
C:\WINDOWS\system32\services.exe (1172)
C:\WINDOWS\system32\lsass.exe (1184)
C:\WINDOWS\system32\svchost.exe (1332)
C:\WINDOWS\System32\svchost.exe (1448)
C:\WINDOWS\system32\svchost.exe (1488)
C:\WINDOWS\System32\WLTRYSVC.EXE (1852)
C:\WINDOWS\System32\bcmwltry.exe (1864)
C:\WINDOWS\system32\spoolsv.exe (1908)
C:\WINDOWS\system32\agrsmsvc.exe (2020)
C:\Program Files\AVG\AVG2013\avgidsagent.exe (2032)
C:\Program Files\AVG\AVG2013\avgwdsvc.exe (152)
C:\Program Files\Bonjour\mDNSResponder.exe (200)
C:\Program Files\Java\jre7\bin\jqs.exe (388)
C:\Program Files\Common Files\LightScribe\LSSrvc.exe (516)
C:\WINDOWS\system32\PSIService.exe (632)
C:\WINDOWS\system32\svchost.exe (728)
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe (832)
C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe (1616)
C:\WINDOWS\system32\wscntfy.exe (2808)
C:\WINDOWS\Explorer.EXE (2912)
C:\WINDOWS\system32\igfxtray.exe (3028)
C:\WINDOWS\system32\hkcmd.exe (3036)
C:\WINDOWS\system32\igfxpers.exe (3044)
C:\Program Files\Analog Devices\Core\smax4pnp.exe (3056)
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe (3080)
C:\WINDOWS\system32\igfxsrvc.exe (3100)
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (3104)
C:\WINDOWS\system32\WLTRAY.exe (3144)
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (3228)
C:\Program Files\AVG\AVG2013\avgui.exe (3248)
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (3268)
C:\Program Files\Common Files\Java\Java Update\jusched.exe (3276)
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (3380)
C:\Program Files\Messenger\msmsgs.exe (3488)
C:\Program Files\BitComet\BitComet.exe (3500)
C:\Documents and Settings\Kasia\Dane aplikacji\Spotify\Data\SpotifyWebHelper.exe (3604)
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe (3616)
C:\Program Files\Common Files\Java\Java Update\jucheck.exe (1568)
C:\UsbFix\Go.exe (3680)

################## | El Desaparecido Section |

HKLM\SOFTWARE | Run : [IgfxTray] - C:\WINDOWS\system32\igfxtray.exe
HKLM\SOFTWARE | Run : [HotKeysCmds] - C:\WINDOWS\system32\hkcmd.exe
HKLM\SOFTWARE | Run : [Persistence] - C:\WINDOWS\system32\igfxpers.exe
HKLM\SOFTWARE | Run : [SoundMAXPnP] - C:\Program Files\Analog Devices\Core\smax4pnp.exe
HKLM\SOFTWARE | Run : [SoundMAX] - C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
HKLM\SOFTWARE | Run : [QlbCtrl] - %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
HKLM\SOFTWARE | Run : [hpWirelessAssistant] - %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
HKLM\SOFTWARE | Run : [Broadcom Wireless Manager UI] - C:\WINDOWS\system32\WLTRAY.exe
HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE | Run : [AVG_UI] - "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY
HKLM\SOFTWARE | Run : [SunJavaUpdateSched] - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
HKLM\SOFTWARE | RunOnce : [] - 
HKLM\SOFTWARE | Policies\Explorer\run : [28466] - C:\DOCUME~1\ALLUSE~1\LOCALS~1\Temp\ccyaoigz.com
HKU\S-1-5-19\SOFTWARE | Run : [CTFMON.EXE] - C:\WINDOWS\system32\CTFMON.EXE
HKU\S-1-5-20\SOFTWARE | Run : [CTFMON.EXE] - C:\WINDOWS\system32\CTFMON.EXE
HKU\S-1-5-21-842925246-1614895754-839522115-1003\SOFTWARE | Run : [Google Update] - "C:\Documents and Settings\Kasia\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe" /c
HKU\S-1-5-21-842925246-1614895754-839522115-1003\SOFTWARE | Run : [RocketDock] - "D:\RocketDock\RocketDock.exe"
HKU\S-1-5-21-842925246-1614895754-839522115-1003\SOFTWARE | Run : [ALLUpdate] - "C:\Program Files\ALLPlayer\ALLUpdate.exe" "sleep"
HKU\S-1-5-21-842925246-1614895754-839522115-1003\SOFTWARE | Run : [LightScribe Control Panel] - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
HKU\S-1-5-21-842925246-1614895754-839522115-1003\SOFTWARE | Run : [MSMSGS] - "C:\Program Files\Messenger\msmsgs.exe" /background
HKU\S-1-5-21-842925246-1614895754-839522115-1003\SOFTWARE | Run : [BitComet] - "C:\Program Files\BitComet\BitComet.exe" /tray
HKU\S-1-5-21-842925246-1614895754-839522115-1003\SOFTWARE | Run : [Time Organizer] - C:\Program Files\Time Organizer\Time Organizer.exe
HKU\S-1-5-21-842925246-1614895754-839522115-1003\SOFTWARE | Run : [ChomikBox] - C:\Program Files\ChomikBox\ChomikBox.exe
HKU\S-1-5-21-842925246-1614895754-839522115-1003\SOFTWARE | Run : [Spotify Web Helper] - "C:\Documents and Settings\Kasia\Dane aplikacji\Spotify\Data\SpotifyWebHelper.exe"
HKU\S-1-5-18\SOFTWARE | Run : [CTFMON.EXE] - C:\WINDOWS\system32\CTFMON.EXE

################## | Files # Infected Folders |

Found ! G:\Removable Disk (4GB).lnk
Found ! J:\Removable Disk (8GB).lnk
Found ! C:\DOCUME~1\Kasia\USTAWI~1\Temp\Bit359.tmp.exe
Found ! C:\DOCUME~1\Kasia\USTAWI~1\Temp\Bit3A5.tmp.exe
Found ! C:\DOCUME~1\Kasia\USTAWI~1\Temp\Bit3AD.tmp.exe
Found ! C:\DOCUME~1\Kasia\USTAWI~1\Temp\Bit426.tmp.exe
Found ! C:\DOCUME~1\Kasia\USTAWI~1\Temp\Bit430.tmp.exe
Found ! C:\DOCUME~1\Kasia\USTAWI~1\Temp\Bit45D.tmp.exe
Found ! C:\DOCUME~1\Kasia\USTAWI~1\Temp\Bit46F.tmp.exe
Found ! C:\DOCUME~1\Kasia\USTAWI~1\Temp\Bit474.tmp.exe
Found ! C:\DOCUME~1\Kasia\USTAWI~1\Temp\Bit482.tmp.exe
Found ! C:\DOCUME~1\Kasia\USTAWI~1\Temp\Bit50C.tmp.exe
Found ! C:\DOCUME~1\Kasia\USTAWI~1\Temp\Bit5A4.tmp.exe
Found ! C:\DOCUME~1\Kasia\USTAWI~1\Temp\Bit866.tmp.exe
Found ! C:\DOCUME~1\Kasia\USTAWI~1\Temp\Bit911.tmp.exe
Found ! C:\DOCUME~1\Kasia\USTAWI~1\Temp\Bit98C.tmp.exe
Found ! C:\DOCUME~1\Kasia\USTAWI~1\Temp\BitAA7.tmp.exe
Found ! D:\Thumbs.db
Found ! E:\Thumbs.db
Found ! G:\autorun.inf
Found ! G:\desktop.ini
Found ! G:\Thumbs.db
Found ! J:\autorun.inf
Found ! J:\desktop.ini
Found ! J:\Thumbs.db

################## | Registry |


################## | Mountpoints2 |

HKCU\.\.\.\.\Explorer\MountPoints2\{70e1f441-d9ae-11e1-b0ae-001a739224a0}
Shell\AutoRun\Command = G:\NokiaPCIA_Autorun.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{70e1f44d-d9ae-11e1-b0ae-001a739224a0}
Shell\AutoRun\Command = J:\Nokia_Suite_webinstaller_ALL.exe



################## | Vaccin |

D:\autorun.inf -> Vaccine created by Flash_Disinfector (sUBs)
E:\autorun.inf -> Vaccine created by Flash_Disinfector (sUBs)
F:\autorun.inf -> Vaccine created by Flash_Disinfector (sUBs)

################## | E.O.F | http://sosvirus.org |