############################## | UsbFix V 7.129 | [Research] User: Martita (Administrator) # MARTA Updated 24/06/2013 by El Desaparecido Started at 16:51:11 | 12/07/2013 Website: http://sosvirus.net/ Upload Malware: http://www.sosvirus.net/upload-malware-pour-analyse-t489.html Contact: contact@sosvirus.net PC: Acer (Aspire 5750G) (x64-based PC) CPU: Intel(R) Core(TM) i3-2310M CPU @ 2.10GHz (2100) RAM -> [Total : 3948 | Free : 1453] BIOS: InsydeH2O Version V1.10 BOOT: Normal boot OS: Microsoft Windows 7 Home Premium (6.1.7601 64-Bit) # Service Pack 1 WB: Windows Internet Explorer 10.0.9200.16635 SC: Security Center Service [Enabled] WU: Windows Update Service [Enabled] AV: avast! Antivirus [Enabled | Updated] FW: Windows FireWall Service [Enabled] C:\ (%systemdrive%) -> Fixed drive # 118 Gb (17 Mb free - 14%) [Acer] # NTFS D:\ -> CD-ROM E:\ -> Fixed drive # 293 Gb (242 Mb free - 82%) [Dane] # NTFS F:\ -> Fixed drive # 39 Gb (4 Mb free - 11%) [Archiwum] # NTFS G:\ -> CD-ROM H:\ -> Removable drive # 4 Gb (750 Mb free - 20%) [] # FAT32 ################## | Active Processes | C:\Windows\system32\csrss.exe (492) C:\Windows\system32\csrss.exe (596) C:\Windows\system32\wininit.exe (604) C:\Windows\system32\winlogon.exe (652) C:\Windows\system32\services.exe (704) C:\Windows\system32\lsass.exe (712) C:\Windows\system32\lsm.exe (724) C:\Windows\system32\svchost.exe (824) C:\Windows\system32\nvvsvc.exe (912) C:\Windows\system32\svchost.exe (952) C:\Windows\System32\svchost.exe (348) C:\Windows\System32\svchost.exe (448) C:\Windows\system32\svchost.exe (528) C:\Windows\system32\svchost.exe (532) C:\Windows\system32\svchost.exe (1124) C:\Windows\system32\svchost.exe (1216) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (1284) C:\Windows\system32\WLANExt.exe (1292) C:\Windows\system32\conhost.exe (1304) C:\Windows\System32\spoolsv.exe (1808) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (1920) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe (1960) C:\Program Files (x86)\Launch Manager\dsiwmis.exe (1068) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (1408) C:\Program Files (x86)\Launch Manager\LMutilps32.exe (1764) C:\Windows\system32\svchost.exe (1728) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (760) C:\ProgramData\DatacardService\HWDeviceService64.exe (1904) C:\Program Files\Acer\Acer Updater\UpdaterService.exe (1040) C:\Program Files (x86)\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe (2064) C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe (2092) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (2144) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (2188) C:\Windows\system32\rundll32.exe (2228) C:\Windows\system32\rundll32.exe (2236) C:\Windows\SysWOW64\rundll32.exe (2272) C:\ProgramData\PLAY ONLINE\OnlineUpdate\ouc.exe (2360) C:\Program Files (x86)\Common Files\RbtProt\sgsrv.exe (2404) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (2436) C:\Windows\system32\svchost.exe (2512) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (2560) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (2596) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe (2728) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (2808) C:\Windows\system32\svchost.exe (2988) C:\Windows\system32\SearchIndexer.exe (3340) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (3756) C:\Windows\system32\taskhost.exe (3996) C:\Windows\system32\Dwm.exe (3084) C:\Windows\Explorer.EXE (2312) C:\ProgramData\DatacardService\DCSHelper.exe (3584) C:\Windows\system32\taskeng.exe (3260) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe (3480) C:\Windows\System32\igfxtray.exe (700) C:\Windows\System32\hkcmd.exe (3924) C:\Windows\System32\igfxpers.exe (4024) C:\Program Files\Elantech\ETDCtrl.exe (4148) C:\Program Files\Elantech\ETDCtrlHelper.exe (4232) C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe (4240) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (4248) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (4260) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (4340) C:\Windows\system32\igfxext.exe (4556) C:\Program Files (x86)\Skype\Phone\Skype.exe (4568) C:\Windows\system32\igfxsrvc.exe (4596) C:\Windows\system32\wbem\unsecapp.exe (4688) C:\Users\Martita\AppData\Local\GG\Application\gghub.exe (4772) C:\Windows\system32\wbem\wmiprvse.exe (4944) C:\Windows\System32\svchost.exe (4988) C:\Users\Martita\AppData\Local\GG\Application\ggapp.exe (4100) C:\Program Files\Windows Media Player\wmpnetwk.exe (1432) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (4608) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (4120) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe (4728) C:\Users\Martita\AppData\Roaming\Dropbox\bin\Dropbox.exe (4748) C:\Program Files (x86)\Launch Manager\LManager.exe (4676) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe (4132) C:\Program Files\AVAST Software\Avast\AvastUI.exe (4436) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (2832) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe (4548) C:\Program Files (x86)\Launch Manager\LMworker.exe (4896) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (2884) C:\Windows\system32\DllHost.exe (5288) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (4160) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (184) C:\Windows\System32\svchost.exe (4936) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (6112) C:\Users\Martita\AppData\Local\GG\Application\ggdrive\ggdrive.exe (4540) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (804) C:\Windows\servicing\TrustedInstaller.exe (8540) C:\Windows\system32\wuauclt.exe (5252) C:\Windows\System32\WUDFHost.exe (6664) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (8532) C:\Windows\notepad.exe (7416) C:\Windows\notepad.exe (6304) C:\UsbFix\Go.exe (4624) C:\Windows\system32\wbem\wmiprvse.exe (1472) ################## | El Desaparecido Section | HKLM\SOFTWARE | Run : [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe HKLM\SOFTWARE | Run : [EgisTecPMMUpdate] - "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe" HKLM\SOFTWARE | Run : [EgisUpdate] - "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d HKLM\SOFTWARE | Run : [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe HKLM\SOFTWARE | Run : [ArcadeMovieService] - "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" HKLM\SOFTWARE | Run : [avast] - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" HKLM\SOFTWARE | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" HKLM\SOFTWARE\wow6432Node | Run : [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe HKLM\SOFTWARE\wow6432Node | Run : [EgisTecPMMUpdate] - "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe" HKLM\SOFTWARE\wow6432Node | Run : [EgisUpdate] - "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d HKLM\SOFTWARE\wow6432Node | Run : [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe HKLM\SOFTWARE\wow6432Node | Run : [ArcadeMovieService] - "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" HKLM\SOFTWARE\wow6432Node | Run : [avast] - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui HKLM\SOFTWARE\wow6432Node | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" HKLM\SOFTWARE\wow6432Node | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" HKLM\SOFTWARE | RunOnce : [] - HKLM\SOFTWARE\wow6432Node | RunOnce : [] - HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-21-969439456-2313338805-3434874610-1001\SOFTWARE | Run : [AdobeBridge] - HKU\S-1-5-21-969439456-2313338805-3434874610-1001\SOFTWARE | Run : [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe HKU\S-1-5-21-969439456-2313338805-3434874610-1001\SOFTWARE | Run : [DAEMON Tools Lite] - "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun HKU\S-1-5-21-969439456-2313338805-3434874610-1001\SOFTWARE | Run : [Skype] - "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun HKU\S-1-5-21-969439456-2313338805-3434874610-1001\SOFTWARE | Run : [Google Update] - "C:\Users\Martita\AppData\Local\Google\Update\GoogleUpdate.exe" /c HKU\S-1-5-21-969439456-2313338805-3434874610-1001\SOFTWARE | Run : [GG] - "C:\Users\Martita\AppData\Local\GG\Application\gghub.exe" HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe HKU\S-1-5-19\SOFTWARE | RunOnce : [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid} HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe HKU\S-1-5-20\SOFTWARE | RunOnce : [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid} HKU\S-1-5-18\SOFTWARE | RunOnce : [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid} ################## | Files # Infected Folders | Found ! H:\Removable Disk (4GB).lnk Found ! C:\Users\Martita\AppData\Local\Temp\qt_temp.Hp1112.vbs Found ! C:\Users\Martita\AppData\Local\Temp\qt_temp.Hp3972.vbs Found ! C:\Users\Martita\AppData\Local\Temp\qt_temp.Hp5452.vbs Found ! C:\Users\Martita\AppData\Local\Temp\qt_temp.Hp5848.vbs Found ! C:\Users\Martita\AppData\Local\Temp\qt_temp.Hp7800.vbs Found ! C:\Users\Martita\AppData\Local\Temp\qt_temp.Hp7984.vbs Found ! C:\Users\Martita\AppData\Local\Temp\qt_temp.Hp8812.vbs Found ! C:\Users\Martita\AppData\Local\Temp\qt_temp.Hp9256.vbs Found ! C:\Users\Martita\AppData\Local\Temp\qt_temp.qHp516.vbs Found ! C:\Users\Martita\AppData\Local\Temp\qt_temp.Uh7800.vbs Found ! C:\Users\Martita\AppData\Local\Temp\qt_temp.Uh7984.vbs Found ! C:\Users\Martita\AppData\Local\Temp\qt_temp.Uh9256.vbs Found ! C:\Users\Martita\AppData\Local\Temp\AutoRun.exe Found ! G:\Setup.exe Found ! G:\autorun.inf Found ! H:\autorun.inf Found ! H:\desktop.ini Found ! H:\Thumbs.db ################## | Registry | ################## | Mountpoints2 | HKCU\.\.\.\.\Explorer\MountPoints2\{76dcc508-678f-11e2-bf24-b870f48c4885} Shell\AutoRun\Command = G:\Setup.exe HKCU\.\.\.\.\Explorer\MountPoints2\{d3029847-1f65-11e2-889a-b870f48c4885} Shell\AutoRun\Command = G:\AutoRun.exe HKCU\.\.\.\.\Explorer\MountPoints2\{d3029857-1f65-11e2-889a-b870f48c4885} Shell\AutoRun\Command = H:\AutoRun.exe ################## | Vaccin | (!) This computer is not vaccinated! ################## | E.O.F | http://sosvirus.net |