############################## | UsbFix V 7.129 | [Research]

User: Alex (Administrator) # ASUS
Updated 24/06/2013 by El Desaparecido
Started at 12:59:52 | 02/07/2013

Website: http://sosvirus.net/
Upload Malware: http://www.sosvirus.net/upload-malware-pour-analyse-t489.html
Contact: contact@sosvirus.net

PC: ASUSTeK COMPUTER INC. (K55VM) (x64-based PC)
CPU: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz (2501)
RAM -> [Total : 8077 | Free : 5889]
BIOS: BIOS Date: 09/11/12 09:52:31 Ver: 04.06.05
BOOT: Normal boot

OS: Microsoft Windows 7 Ultimate  (6.1.7600 64-Bit) # 
WB: Windows Internet Explorer 8.0.7600.16385

SC: Security Center Service [Enabled]
WU: Windows Update Service [(!) Disabled]
AS: Windows Defender [Enabled | (!) Outdated]
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Fixed drive # 586 Gb (445 Mb free - 76%) [] # NTFS
D:\ -> Fixed drive # 113 Gb (84 Mb free - 75%) [] # NTFS
E:\ -> CD-ROM
F:\ -> Removable drive # 4 Gb (4 Mb free - 100%) [USB DISK] # FAT32
G:\ -> Removable drive # 7 Gb (7 Mb free - 100%) [TOSHIBA 8GB] # FAT32

################## | Active Processes |

C:\Windows\system32\csrss.exe (556)
C:\Windows\system32\wininit.exe (700)
C:\Windows\system32\csrss.exe (720)
C:\Windows\system32\services.exe (768)
C:\Windows\system32\lsass.exe (808)
C:\Windows\system32\lsm.exe (816)
C:\Windows\system32\svchost.exe (916)
C:\Windows\system32\nvvsvc.exe (972)
C:\Windows\system32\svchost.exe (1012)
C:\Windows\System32\svchost.exe (564)
C:\Windows\System32\svchost.exe (604)
C:\Windows\system32\svchost.exe (632)
C:\Windows\system32\winlogon.exe (408)
C:\Windows\system32\svchost.exe (1136)
C:\Windows\system32\svchost.exe (1268)
C:\Windows\system32\FBAgent.exe (1412)
C:\Windows\system32\WLANExt.exe (1420)
C:\Windows\system32\conhost.exe (1428)
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (1452)
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (1560)
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (1636)
C:\Windows\system32\nvvsvc.exe (1644)
C:\Windows\System32\spoolsv.exe (1752)
C:\Windows\system32\svchost.exe (1792)
C:\Windows\system32\taskhost.exe (2028)
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (1184)
C:\Windows\system32\Dwm.exe (1368)
C:\Windows\Explorer.EXE (1672)
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (1960)
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (2120)
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe (2128)
C:\Windows\system32\taskeng.exe (2272)
C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x86\QuickGesture.exe (2324)
C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x64\QuickGesture64.exe (2360)
C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler.exe (2376)
C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler64.exe (2384)
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (2440)
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe (2464)
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (2512)
C:\Windows\system32\svchost.exe (2548)
C:\Windows\System32\rundll32.exe (2672)
C:\Windows\System32\igfxtray.exe (2680)
C:\Windows\System32\hkcmd.exe (2688)
C:\Windows\System32\igfxpers.exe (2696)
C:\Program Files\Elantech\ETDCtrl.exe (2704)
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (2712)
C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (2720)
C:\Program Files\Windows Sidebar\sidebar.exe (2752)
C:\Program Files\Intel\iCLS Client\HeciServer.exe (2844)
C:\Windows\syswow64\svchost.exe (3180)
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (3252)
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (3272)
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (3284)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (3976)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (4004)
C:\Windows\System32\svchost.exe (4036)
C:\Windows\System32\svchost.exe (4084)
C:\Windows\system32\svchost.exe (3164)
C:\Windows\system32\svchost.exe (3096)
C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (3144)
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (3368)
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (4188)
C:\Windows\system32\SearchIndexer.exe (4504)
C:\Program Files\Windows Media Player\wmpnetwk.exe (4616)
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (5136)
C:\Program Files\Elantech\ETDCtrlHelper.exe (5144)
C:\Program Files\Elantech\ETDGesture.exe (5308)
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (5344)
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (5352)
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (5360)
C:\Windows\System32\svchost.exe (5864)
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe (6064)
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe (2192)
C:\Windows\system32\svchost.exe (1940)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (6048)
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (5976)
C:\Windows\System32\svchost.exe (3332)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (1660)
C:\Windows\system32\WUDFHost.exe (2556)
C:\Program Files (x86)\Mozilla Firefox\firefox.exe (6004)
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (5404)
C:\Windows\system32\wbem\wmiprvse.exe (5256)
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (4488)
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe (900)
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe (300)
C:\Windows\system32\SearchProtocolHost.exe (4304)
C:\Windows\system32\SearchFilterHost.exe (3300)
C:\UsbFix\Go.exe (3908)

################## | El Desaparecido Section |

HKLM\SOFTWARE | Run : [USB3MON] - "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
HKLM\SOFTWARE | Run : [Wireless Console 3] - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE | Run : [ATKOSD2] - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
HKLM\SOFTWARE | Run : [ATKMEDIA] - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
HKLM\SOFTWARE | Run : [HControlUser] - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
HKLM\SOFTWARE | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM\SOFTWARE\wow6432Node | Run : [USB3MON] - "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
HKLM\SOFTWARE\wow6432Node | Run : [Wireless Console 3] - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
HKLM\SOFTWARE\wow6432Node | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE\wow6432Node | Run : [ATKOSD2] - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
HKLM\SOFTWARE\wow6432Node | Run : [ATKMEDIA] - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
HKLM\SOFTWARE\wow6432Node | Run : [HControlUser] - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
HKLM\SOFTWARE\wow6432Node | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM\SOFTWARE | RunOnce : [] - 
HKLM\SOFTWARE\wow6432Node | RunOnce : [] - 
HKLM\SOFTWARE | Policies\Explorer\run : [59796] - C:\PROGRA~3\LOCALS~1\Temp\ccvkga.exe
HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-555250695-1294936238-951627053-1000\SOFTWARE | Run : [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
HKU\S-1-5-21-555250695-1294936238-951627053-1000\SOFTWARE | Run : [ALLUpdate] - "C:\Program Files (x86)\ALLPlayer\ALLUpdate.exe" "sleep"
HKU\S-1-5-21-555250695-1294936238-951627053-1003\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-21-555250695-1294936238-951627053-1003\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe

################## | Files # Infected Folders |

Found ! G:\TOSHIBA 8GB (8GB).lnk
Found ! G:\autorun.inf

################## | Registry |


################## | Mountpoints2 |

HKCU\.\.\.\.\Explorer\MountPoints2\{0f606896-c3b5-11e2-8ad9-dc85de066766}
Shell\AutoRun\Command = F:\Autorun.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{dbd13024-c3c7-11e2-a58a-806e6f6e6963}
Shell\AutoRun\Command = E:\InstAll.exe



################## | Vaccin |

(!) This computer is not vaccinated!

################## | E.O.F | http://sosvirus.net |