############################## | UsbFix V 7.164 | [Deletion]

User: NETCOM (Administrator) # NETCOM-KOMPUTER
Updated05/02/2014 by El Desaparecido - Team SosVirus
Started at 22:04:41 | 12/02/2014

Website : http://www.en.usbfix.net/
Changelog : http://www.usbfix.net/maj/
Support : http://www.sosvirus.net/
Upload Malware : http://www.sosvirus.net/upload_malware.php
Contact : http://www.en.usbfix.net/contact/

PC: LENOVO (6458Y6X)
CPU: Intel(R) Core(TM)2 Duo CPU     T7500  @ 2.20GHz
RAM -> [Total : 2014 Mo| Free : 951 Mo]
Bios: LENOVO
Boot: Normal boot

OS: Microsoft Windows 7 Ultimate  (6.1.7601 32-Bit) Service Pack 1
WB: Windows Internet Explorer : 11.0.9600.16476
WB: Google Chrome : 32.0.1700.107
WB: Mozilla Firefox : 26.0

SC: Security Center [Enabled]
WU: Windows Update [Enabled]
AS: Windows Defender [Enabled | Updated]
FW: Windows FireWall [Enabled]

C:\ (%systemdrive%) -> Fixed drive # 98 Gb (30 Mb free - 31%) [] # NTFS
D:\ -> Fixed drive # 367 Gb (201 Mb free - 55%) [] # NTFS
E:\ -> CD-ROM
F:\ -> Fixed drive # 12 Gb (7 Mb free - 56%) [RECOVERY] # FAT32
G:\ -> Fixed drive # 116 Gb (97 Mb free - 83%) [] # NTFS
H:\ -> Fixed drive # 105 Gb (44 Mb free - 42%) [Dane] # NTFS
I:\ -> CD-ROM
J:\ -> Fixed drive # 56 Gb (6 Mb free - 10%) [ZALMAN] # NTFS

################## | Active Processes |

C:\Windows\system32\csrss.exe (ID: 412 |ParentID: 380)
C:\Windows\system32\wininit.exe (ID: 476 |ParentID: 380)
C:\Windows\system32\csrss.exe (ID: 484 |ParentID: 468)
C:\Windows\system32\services.exe (ID: 536 |ParentID: 476)
C:\Windows\system32\lsass.exe (ID: 544 |ParentID: 476)
C:\Windows\system32\lsm.exe (ID: 552 |ParentID: 476)
C:\Windows\system32\winlogon.exe (ID: 584 |ParentID: 468)
C:\Windows\system32\svchost.exe (ID: 692 |ParentID: 536)
C:\Windows\system32\ibmpmsvc.exe (ID: 756 |ParentID: 536)
C:\Windows\system32\nvvsvc.exe (ID: 800 |ParentID: 536)
C:\Windows\system32\svchost.exe (ID: 840 |ParentID: 536)
C:\Windows\System32\svchost.exe (ID: 904 |ParentID: 536)
C:\Windows\System32\svchost.exe (ID: 988 |ParentID: 536)
C:\Windows\system32\svchost.exe (ID: 1020 |ParentID: 536)
C:\Windows\system32\svchost.exe (ID: 1072 |ParentID: 536)
C:\Windows\system32\svchost.exe (ID: 1332 |ParentID: 536)
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (ID: 1464 |ParentID: 800)
C:\Windows\system32\nvvsvc.exe (ID: 1476 |ParentID: 800)
C:\Windows\System32\spoolsv.exe (ID: 1604 |ParentID: 536)
C:\Windows\system32\svchost.exe (ID: 1652 |ParentID: 536)
C:\Windows\system32\svchost.exe (ID: 1680 |ParentID: 536)
C:\Windows\system32\AEADISRV.EXE (ID: 1748 |ParentID: 536)
C:\PROGRA~1\APC\POWERC~1\agent\pbeagent.exe (ID: 1788 |ParentID: 536)
C:\PROGRA~1\APC\POWERC~1\server\PBESER~1.EXE (ID: 1808 |ParentID: 536)
C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe (ID: 1848 |ParentID: 536)
C:\Windows\system32\svchost.exe (ID: 336 |ParentID: 536)
C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe (ID: 404 |ParentID: 536)
C:\Program Files\Tembria\Server Monitor\TembriaServerMonSvc.exe (ID: 856 |ParentID: 536)
C:\Windows\System32\svchost.exe (ID: 2004 |ParentID: 536)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (ID: 2116 |ParentID: 536)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (ID: 2388 |ParentID: 2116)
C:\Windows\system32\taskhost.exe (ID: 2620 |ParentID: 536)
C:\Windows\system32\taskeng.exe (ID: 3008 |ParentID: 1072)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 3024 |ParentID: 692)
C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe (ID: 3076 |ParentID: 536)
C:\Windows\System32\snmptrap.exe (ID: 3276 |ParentID: 536)
C:\Windows\system32\svchost.exe (ID: 3340 |ParentID: 536)
C:\Windows\system32\svchost.exe (ID: 3396 |ParentID: 536)
C:\Program Files\Google\Update\1.3.22.3\GoogleCrashHandler.exe (ID: 3580 |ParentID: 3540)
C:\Windows\System32\WUDFHost.exe (ID: 3620 |ParentID: 988)
C:\Program Files\TeamViewer\Version8\TeamViewer.exe (ID: 3748 |ParentID: 404)
C:\Windows\System32\rundll32.exe (ID: 3852 |ParentID: 692)
C:\Program Files\TeamViewer\Version8\tv_w32.exe (ID: 3948 |ParentID: 404)
C:\Windows\system32\Dwm.exe (ID: 4092 |ParentID: 988)
C:\Windows\Explorer.EXE (ID: 1420 |ParentID: 4084)
C:\Windows\system32\runonce.exe (ID: 2420 |ParentID: 1420)

################## | Regedit Run |

04 - HKCU\..\Run : [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup
04 - HKCU\..\Run : [ALLUpdate] "C:\Program Files\ALLPlayer\ALLUpdate.exe" "sleep"
04 - HKCU\..\Run : [BackupUtility] "C:\Program Files\ZALMAN\ZM-VE300\APP_Run.exe" 
04 - HKCU\..\Run : [Google+ Auto Backup] "C:\Users\NETCOM\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart
04 - HKLM\..\Run : [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
04 - HKLM\..\Run : [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
04 - HKLM\..\Run : [TpShocks] TpShocks.exe
04 - HKLM\..\Run : [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
04 - HKLM\..\Run : [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
04 - HKLM\..\Run : [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\..\Run : [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
04 - HKLM\..\Run : [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
04 - HKLM\..\Run : [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\..\Policies\Explorer\run : [56644] C:\PROGRA~2\LOCALS~1\Temp\ccraruspo.pif
04 - HKU\S-1-5-21-664208472-112400879-1218495600-1000\..\Run : [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup
04 - HKU\S-1-5-21-664208472-112400879-1218495600-1000\..\Run : [ALLUpdate] "C:\Program Files\ALLPlayer\ALLUpdate.exe" "sleep"
04 - HKU\S-1-5-21-664208472-112400879-1218495600-1000\..\Run : [BackupUtility] "C:\Program Files\ZALMAN\ZM-VE300\APP_Run.exe" 
04 - HKU\S-1-5-21-664208472-112400879-1218495600-1000\..\Run : [Google+ Auto Backup] "C:\Users\NETCOM\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart
04 - HKU\S-1-5-18\..\RunOnce : [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601

################## | Generic Research |

Deleted ! C:\Users\NETCOM\LOCALS~1\Temp\ccmuyqay.scr
Deleted ! F:\RECOVERY (12GB).lnk
Deleted ! J:\ZALMAN (56GB).lnk
Deleted ! F:\4#KOQSVNLLUWPBOJWXSUI.ini
Deleted ! J:\4#CWGKRRHCFQMQ.ini

(!) Temporary files deleted.

################## | Registry |

Repaired ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|EnableLUA -> 1
Repaired ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|ConsentPromptBehaviorAdmin -> 5

################## | Listing |

[10/02/2014 - 20:28:01 | SHD] - C:\$RECYCLE.BIN
[15/12/2013 - 21:46:44 | D] - C:\$WINDOWS.~BT
[07/04/2013 - 14:55:01 | N | 196 Ko] - C:\1020.log
[24/10/2013 - 21:13:29 | D] - C:\Archiwum budżetu
[10/06/2009 - 22:42:20 | A | 0 Ko] - C:\autoexec.bat
[10/02/2014 - 20:27:53 | N | 17 Ko | 4E66923D2E16B3F2F9D901BF9219EE21] - C:\ComboFix.txt
[22/01/2014 - 16:55:59 | D] - C:\Config.Msi
[10/06/2009 - 22:42:20 | N | 0 Ko] - C:\config.sys
[06/09/2013 - 08:04:06 | N | 0 Ko] - C:\config.xml
[24/10/2013 - 21:13:30 | D] - C:\Delfin
[14/07/2009 - 05:53:55 | SHD] - C:\Documents and Settings
[19/09/2013 - 07:46:13 | D] - C:\Download
[30/03/2013 - 18:36:20 | D] - C:\DRIVERS
[11/12/2007 - 12:08:01 | N | 1254 Ko | 76EC91E224B445BFF1E09D0921D4B885] - C:\F4Viewer.exe
[16/09/2013 - 08:07:22 | D] - C:\GrandeDevice
[12/02/2014 - 22:03:18 | ASH | 1546980 Ko] - C:\hiberfil.sys
[16/08/2013 - 08:44:34 | D] - C:\hp_CLJ_1600_Full_Solution
[30/03/2013 - 18:27:37 | D] - C:\Intel
[22/10/2013 - 09:04:32 | RASH | 0 Ko] - C:\IO.SYS
[05/09/2013 - 20:04:28 | D] - C:\Konwerter
[22/10/2013 - 09:04:32 | RASH | 0 Ko] - C:\MSDOS.SYS
[10/02/2014 - 19:57:02 | D] - C:\MSI
[29/03/2013 - 14:29:17 | RD] - C:\MSOCache
[14/12/2013 - 21:12:43 | N | 20 Ko] - C:\NET_admin.log
[30/03/2013 - 15:00:50 | D] - C:\NVIDIA
[12/02/2014 - 22:03:23 | ASH | 2062640 Ko] - C:\pagefile.sys
[02/10/2013 - 13:31:15 | N | 13 Ko] - C:\PDOXUSRS.NET
[14/07/2009 - 03:37:05 | D] - C:\PerfLogs
[30/09/2013 - 15:17:07 | D] - C:\Player_Cut
[04/02/2014 - 20:10:34 | D] - C:\Program Files
[09/02/2014 - 19:32:34 | D] - C:\ProgramData
[06/09/2013 - 08:04:01 | D] - C:\Programy
[10/02/2014 - 20:27:55 | D] - C:\Qoobox
[14/12/2013 - 21:03:56 | D] - C:\Record
[29/03/2013 - 12:47:50 | D] - C:\Recovery
[28/10/2013 - 08:32:31 | D] - C:\Spacekace
[16/09/2013 - 08:10:32 | N | 0 Ko] - C:\sparkraw.log
[30/03/2013 - 18:55:26 | D] - C:\SWTOOLS
[05/09/2013 - 20:05:52 | D] - C:\Symfonia
[11/02/2014 - 16:30:31 | SHD] - C:\System Volume Information
[29/03/2013 - 14:24:29 | D] - C:\totalcmd
[09/02/2014 - 19:59:33 | D] - C:\UsbFix
[09/02/2014 - 19:57:43 | N | 12 Ko | 1BAC95B3EF77628F0853B32F36CD32F2] - C:\UsbFix [Clean 2] NETCOM-KOMPUTER.txt
[12/02/2014 - 22:17:33 | A | 9 Ko | F1384484F81491BE6C1F9030E3F65754] - C:\UsbFix [Clean 4] NETCOM-KOMPUTER.txt
[09/02/2014 - 19:59:47 | N | 5 Ko | 81D8E0F8640356BF87B25DF153294DBD] - C:\UsbFix [Listing 1] NETCOM-KOMPUTER.txt
[12/02/2014 - 22:01:48 | N | 7 Ko | DFF1537B827EB6581BD0DC070443BD03] - C:\UsbFix [Listing 2] NETCOM-KOMPUTER.txt
[02/12/2013 - 21:33:13 | D] - C:\Users
[22/12/2013 - 22:18:17 | D] - C:\WhatsUp
[10/02/2014 - 20:25:30 | D] - C:\Windows
[16/09/2013 - 08:03:29 | D] - C:\Xerox
[04/01/2014 - 20:24:27 | D] - D:\$RECYCLE.BIN
[30/09/2013 - 22:24:06 | D] - D:\AVI
[15/12/2013 - 21:39:14 | D] - D:\chomik
[30/09/2013 - 21:51:49 | N | 0 Ko] - D:\ch_0.avi
[12/10/2013 - 22:11:40 | D] - D:\CRACK UPDATE FIFA 14
[04/01/2014 - 21:41:15 | D] - D:\Dokumenty
[27/09/2013 - 09:00:32 | D] - D:\Dominów 2013 płyta01
[14/01/2014 - 19:30:56 | D] - D:\dysk 250
[30/09/2013 - 18:31:12 | D] - D:\dysk markiewicz
[22/12/2013 - 20:57:05 | D] - D:\dysk przenośny
[03/11/2013 - 20:29:55 | D] - D:\FIFA 14
[21/01/2014 - 21:46:35 | D] - D:\kinga
[04/01/2014 - 20:43:41 | D] - D:\Nowy folder
[04/01/2014 - 20:22:05 | D] - D:\Obrazki
[27/11/2013 - 16:20:39 | D] - D:\pendrive
[01/10/2013 - 07:09:08 | D] - D:\Program Files
[28/06/2013 - 14:47:57 | D] - D:\programowanie dtg 52_53
[14/12/2013 - 21:03:56 | D] - D:\Record
[24/10/2013 - 11:35:00 | SHD] - D:\System Volume Information
[04/01/2014 - 20:24:19 | D] - D:\Utracone
[04/01/2014 - 21:43:09 | D] - D:\Video
[12/02/2014 - 21:46:44 | RASH | 4 Ko] - F:\desktop.ini
[12/02/2014 - 22:17:16 | SHD] - F:\$RECYCLE.BIN
[12/02/2014 - 21:46:44 | RASH | 262 Ko] - F:\Thumbs.db
[12/02/2014 - 21:46:44 | N | 0 Ko] - F:\autorun.inf
[08/02/2014 - 22:27:46 | D] - F:\ 
[10/02/2014 - 20:19:10 | D] - G:\$Recycle.Bin
[10/06/2009 - 22:42:20 | A | 0 Ko] - G:\autoexec.bat
[10/06/2009 - 22:42:20 | N | 0 Ko] - G:\config.sys
[14/07/2009 - 05:53:55 | SHD] - G:\Documents and Settings
[27/11/2013 - 14:56:50 | ASH | 1375648 Ko] - G:\hiberfil.sys
[22/09/2013 - 19:51:56 | RD] - G:\MSOCache
[27/11/2013 - 14:56:50 | N | 1834200 Ko] - G:\pagefile.sys
[14/07/2009 - 03:37:05 | D] - G:\PerfLogs
[28/10/2013 - 20:23:47 | D] - G:\Program Files
[28/10/2013 - 20:24:42 | D] - G:\ProgramData
[22/09/2013 - 19:47:04 | D] - G:\Recovery
[29/10/2013 - 21:22:46 | SHD] - G:\System Volume Information
[22/09/2013 - 19:48:21 | D] - G:\Users
[24/10/2013 - 07:35:00 | D] - G:\Windows
[08/02/2014 - 22:40:15 | D] - H:\$RECYCLE.BIN
[12/02/2014 - 21:46:44 | N | 0 Ko] - H:\autorun.inf
[16/11/2012 - 10:39:56 | N | 60 Ko] - H:\cud fryzura.jpg
[09/08/2012 - 20:55:10 | N | 49 Ko] - H:\CV.doc
[08/02/2014 - 22:33:10 | N | 21321 Ko | 4ECE09B379E384C068C462E28E56624F] - H:\epm.exe
[08/02/2014 - 22:24:01 | N | 18172 Ko | 65027FD9BD53831A3795D8D57B32ECBF] - H:\epm_trial.exe
[13/02/2013 - 15:12:15 | D] - H:\FILM
[17/10/2012 - 10:55:05 | D] - H:\kabarety
[27/07/2012 - 20:56:09 | D] - H:\Microsoft Games
[08/03/2013 - 13:34:55 | D] - H:\MUzyka
[14/07/2012 - 18:45:40 | D] - H:\Program Files
[05/02/2014 - 14:09:32 | D] - H:\SKARBNIK
[20/09/2013 - 20:02:44 | SHD] - H:\System Volume Information
[08/02/2014 - 20:39:13 | D] - H:\TL-WN722N_V1_131113
[08/02/2014 - 20:38:14 | N | 12897 Ko] - H:\TL-WN722N_V1_131113.zip
[18/12/2012 - 15:41:07 | D] - H:\wesele edyty film
[26/10/2013 - 20:23:03 | D] - H:\ZDJecia
[12/02/2014 - 22:17:15 | D] - J:\$RECYCLE.BIN
[12/02/2014 - 21:46:34 | N | 0 Ko] - J:\autorun.inf
[12/02/2014 - 21:46:35 | RASH | 3 Ko] - J:\desktop.ini
[18/01/2014 - 22:07:29 | SHD] - J:\System Volume Information
[12/02/2014 - 21:46:35 | RASH | 262 Ko] - J:\Thumbs.db
[12/02/2014 - 21:46:35 | D] - J:\ 

################## | Vaccin |

D:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
F:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
G:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
H:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
J:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)

################## | E.O.F | http://www.en.usbfix.net/ - http://www.sosvirus.net |