############################## | UsbFix V 7.129 | [Research] User: zby (Administrator) # ZBY-PC Updated 24/06/2013 by El Desaparecido Started at 10:59:06 | 20/07/2013 Website: http://sosvirus.net/ Upload Malware: http://www.sosvirus.net/upload-malware-pour-analyse-t489.html Contact: contact@sosvirus.net PC: PC-Factory (System Product Name) (X86-based PC) CPU: Intel(R) Pentium(R) D CPU 2.80GHz (2800) RAM -> [Total : 3006 | Free : 1780] BIOS: Phoenix - AwardBIOS v6.00PG BOOT: Normal boot OS: Microsoft® Windows Vista™ Home Basic (6.0.6002 32-Bit) # Service Pack 2 WB: Windows Internet Explorer 7.0.6002.18005 SC: Security Center Service [(!) Disabled] WU: Windows Update Service [Enabled] AS: Avira Desktop [Enabled | (!) Outdated] FW: Windows FireWall Service [Enabled] C:\ (%systemdrive%) -> Fixed drive # 33 Gb (5 Mb free - 15%) [] # NTFS D:\ -> Fixed drive # 120 Gb (34 Mb free - 29%) [] # NTFS E:\ -> CD-ROM F:\ -> CD-ROM J:\ -> Removable drive # 7 Gb (1 Mb free - 17%) [VANISHPL PN] # NTFS ################## | Active Processes | C:\Windows\system32\csrss.exe (444) C:\Windows\system32\wininit.exe (496) C:\Windows\system32\csrss.exe (508) C:\Windows\system32\services.exe (540) C:\Windows\system32\lsass.exe (556) C:\Windows\system32\lsm.exe (572) C:\Windows\system32\winlogon.exe (600) C:\Windows\system32\svchost.exe (748) C:\Windows\system32\nvvsvc.exe (792) C:\Windows\system32\svchost.exe (820) C:\Windows\System32\svchost.exe (856) C:\Windows\System32\svchost.exe (940) C:\Windows\system32\svchost.exe (980) C:\Windows\system32\AUDIODG.EXE (1080) C:\Windows\system32\SLsvc.exe (1116) C:\Windows\system32\svchost.exe (1156) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (1256) C:\Windows\system32\nvvsvc.exe (1264) C:\Windows\system32\svchost.exe (1328) C:\Windows\System32\spoolsv.exe (1520) C:\Windows\system32\svchost.exe (1556) C:\Windows\system32\AEADISRV.EXE (1888) C:\Windows\System32\svchost.exe (1924) D:\Hamachi\hamachi-2.exe (1960) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (368) C:\Windows\system32\PnkBstrA.exe (756) C:\Windows\system32\svchost.exe (1068) C:\Windows\system32\svchost.exe (1312) C:\Windows\System32\svchost.exe (1664) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (1864) C:\Windows\system32\SearchIndexer.exe (1868) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (2468) C:\Windows\system32\Dwm.exe (2940) C:\Windows\Explorer.EXE (2980) C:\Program Files\Analog Devices\Core\smax4pnp.exe (3284) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe (3356) C:\Users\zby\AppData\Local\Facebook\Update\FacebookUpdate.exe (3392) C:\Program Files\Google\Update\GoogleUpdate.exe (2752) C:\Windows\system32\svchost.exe (2576) C:\Program Files\Windows Media Player\wmpnetwk.exe (1808) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (1756) D:\OTL.exe (2796) C:\Program Files\Google\Chrome\Application\chrome.exe (3828) C:\Program Files\Google\Chrome\Application\chrome.exe (3344) C:\Program Files\Google\Chrome\Application\chrome.exe (2076) C:\Program Files\Google\Chrome\Application\chrome.exe (3320) C:\Program Files\Google\Chrome\Application\chrome.exe (1212) C:\Program Files\Google\Chrome\Application\chrome.exe (2780) C:\Program Files\Google\Chrome\Application\chrome.exe (1576) C:\Windows\system32\WUDFHost.exe (544) C:\Windows\system32\wbem\wmiprvse.exe (2104) C:\UsbFix\Go.exe (2760) ################## | El Desaparecido Section | HKLM\SOFTWARE | Run : [SoundMAXPnP] - C:\Program Files\Analog Devices\Core\smax4pnp.exe HKLM\SOFTWARE | Run : [LogMeIn Hamachi Ui] - "D:\Hamachi\hamachi-2-ui.exe" --auto-start HKLM\SOFTWARE | Run : [Nvtmru] - "C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" HKLM\SOFTWARE | RunOnce : [] - HKU\S-1-5-21-4279762936-2041923811-3607526187-1000\SOFTWARE | Run : [Facebook Update] - "C:\Users\zby\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver HKU\S-1-5-21-4279762936-2041923811-3607526187-1000\SOFTWARE | Run : [uTorrent] - "C:\Program Files\uTorrent\uTorrent.exe" HKU\S-1-5-21-4279762936-2041923811-3607526187-1000\SOFTWARE | Run : [GG] - "C:\Users\zby\AppData\Local\GG\Application\gghub.exe" HKU\S-1-5-21-4279762936-2041923811-3607526187-1000\SOFTWARE | Run : [AshSnap] - D:\Ashampoo Snap 5\ashsnap.exe HKU\S-1-5-21-4279762936-2041923811-3607526187-1006\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem HKU\S-1-5-21-4279762936-2041923811-3607526187-1006\SOFTWARE | Run : [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-21-4279762936-2041923811-3607526187-1006\SOFTWARE | Run : [AVG-Secure-Search-Update_JUNE2013_TB] - "C:\Program Files\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe" /PROMPT /CMPID=JUNE2013_TB HKU\S-1-5-21-4279762936-2041923811-3607526187-1006\SOFTWARE | Run : [EADM] - "D:\Origin\Origin.exe" -AutoStart HKU\S-1-5-21-4279762936-2041923811-3607526187-1006\SOFTWARE | Run : [DriverMax] - "D:\DriverMax\drivermax.exe" -agent HKU\S-1-5-21-4279762936-2041923811-3607526187-1006\SOFTWARE | Run : [DriverMax_RESTART] - "D:\DriverMax\drivermax.exe" -RESTART HKU\S-1-5-21-4279762936-2041923811-3607526187-1006\SOFTWARE | Run : [GoogleChromeAutoLaunch_A41B3BF45427D2672ABF49D240D980A1] - "C:\Program Files\Google\Chrome\Application\chrome.exe" --no-startup-window HKU\S-1-5-21-4279762936-2041923811-3607526187-1006\SOFTWARE | Run : [AshSnap] - D:\Ashampoo Snap 5\ashsnap.exe ################## | Files # Infected Folders | Found ! D:\uTorrent.exe Found ! D:\dMC-R14.4-Ref-Trial.exe Found ! D:\GameRangerSetup.exe Found ! D:\metin2mod_2011sf_02012013.exe Found ! D:\Metin2Mod_KR_11012012.exe Found ! D:\PDF Reader\config.js Found ! D:\PDF Reader\startup.js Found ! D:\lnte.exe Found ! C:\abxx.pif Found ! C:\adroh.pif Found ! C:\afknp.pif Found ! C:\amqmpj.pif Found ! C:\baxfw.pif Found ! C:\cory.pif Found ! C:\diuv.pif Found ! C:\dqkqo.pif Found ! C:\ebdpq.pif Found ! C:\gcyblf.pif Found ! C:\hnkh.pif Found ! C:\ihxnv.pif Found ! C:\jhhi.pif Found ! C:\jmduet.pif Found ! C:\kcffd.pif Found ! C:\kxsv.pif Found ! C:\llsoe.pif Found ! C:\nqalb.pif Found ! C:\oavpos.pif Found ! C:\ohxa.pif Found ! C:\oylhia.pif Found ! C:\puww.pif Found ! C:\rmdhm.pif Found ! C:\twycd.pif Found ! D:\DownTango_Metin2Mod_KR_11012012.exe.exe Found ! D:\aqyair.pif Found ! D:\ccegue.pif Found ! D:\dbdnq.pif Found ! D:\dxdsb.pif Found ! D:\evmk.pif Found ! D:\fabi.pif Found ! D:\gjfr.pif Found ! D:\gttkfl.pif Found ! D:\hqyk.pif Found ! D:\iqshjg.pif Found ! D:\jnwkk.pif Found ! D:\jrhhn.pif Found ! D:\kihk.pif Found ! D:\kmchm.pif Found ! D:\ktfjwy.pif Found ! D:\kuphv.pif Found ! D:\mgkul.pif Found ! D:\osbj.pif Found ! D:\psyjck.pif Found ! D:\qmbgfj.pif Found ! D:\qrrq.pif Found ! D:\qvvyjp.pif Found ! D:\senidg.pif Found ! D:\sjsodx.pif Found ! D:\syotf.pif Found ! D:\tbpvdc.pif Found ! D:\vcru.pif Found ! D:\woyp.pif Found ! D:\wvgt.pif Found ! D:\xewci.pif Found ! D:\ynbxy.pif Found ! D:\Doom_2.exe Found ! D:\01-06-2012_www_ModBase_PL_First_Person_Mod.rar Found ! D:\03-08-2011_www_ModBase_PL_Gta_Sa_Spolszczenie.exe Found ! D:\autorun.inf Found ! D:\CONFIG.exe Found ! C:\atxx.exe Found ! C:\awree.exe Found ! C:\bafjdw.exe Found ! C:\bfmaja.exe Found ! C:\bktoo.exe Found ! C:\bpiv.exe Found ! C:\bttnea.exe Found ! C:\cbsa.exe Found ! C:\clwhii.exe Found ! C:\cmvkes.exe Found ! C:\cwhvc.exe Found ! C:\dbbs.exe Found ! C:\edqdn.exe Found ! C:\ehtwu.exe Found ! C:\epbcwf.exe Found ! C:\fmcxtk.exe Found ! C:\fucaib.exe Found ! C:\gsvmb.exe Found ! C:\gtqmj.exe Found ! C:\hlvbo.exe Found ! C:\ixow.exe Found ! C:\kauv.exe Found ! C:\kkjkw.exe Found ! C:\mefxvm.exe Found ! C:\nafa.exe Found ! C:\nmlfg.exe Found ! C:\nsdk.exe Found ! C:\ojgsi.exe Found ! C:\paif.exe Found ! C:\ppfxu.exe Found ! C:\psccj.exe Found ! C:\ptqbr.exe Found ! C:\qbfmqi.exe Found ! C:\qfmi.exe Found ! C:\qlsl.exe Found ! C:\slimr.exe Found ! C:\uflc.exe Found ! D:\atnsg.exe Found ! D:\cpmt.exe Found ! D:\dyta.exe Found ! D:\epmmum.exe Found ! D:\exyalb.exe Found ! D:\eyxid.exe Found ! D:\ghvc.exe Found ! D:\iqopp.exe Found ! D:\jhxmgn.exe Found ! D:\kudbbn.exe Found ! D:\kulexk.exe Found ! D:\kxyk.exe Found ! D:\sewc.exe Found ! D:\stoyqs.exe Found ! D:\sxeol.exe Found ! D:\umyabb.exe Found ! D:\uunqh.exe Found ! D:\vljbr.exe Found ! D:\vrab.exe Found ! D:\wawibk.exe Found ! D:\wpgyvs.exe Found ! D:\xqeuu.exe Found ! D:\yjltk.exe Found ! D:\_OTL\MovedFiles\07192013_190224\C_\usukb.exe Found ! D:\_OTL\MovedFiles\07192013_190224\C_\utmquc.pif Found ! D:\_OTL\MovedFiles\07192013_190224\C_\vjjnl.pif Found ! D:\_OTL\MovedFiles\07192013_190224\C_\wejdnh.pif Found ! D:\_OTL\MovedFiles\07192013_190224\C_\wpmtwp.pif Found ! D:\_OTL\MovedFiles\07192013_190224\C_\wqeper.exe Found ! D:\_OTL\MovedFiles\07192013_190224\C_\wskksd.pif Found ! D:\_OTL\MovedFiles\07192013_190224\C_\xnbex.exe Found ! D:\_OTL\MovedFiles\07192013_190224\C_\xyhp.pif Found ! D:\_OTL\MovedFiles\07192013_190224\C_\xykv.pif Found ! D:\_OTL\MovedFiles\07192013_190224\C_\yijc.pif ################## | Registry | Found ! HKCU\Software\VB and VBA Program Settings\INSTALL Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|uTorrent ################## | Mountpoints2 | ################## | Vaccin | (!) This computer is not vaccinated! ################## | E.O.F | http://sosvirus.net |