############################## | UsbFix V 7.133 | [Research]

User: Wojtek (Administrator) # MATEUSZ--PC
Updated 27/08/2013 by El Desaparecido
Started at 20:55:22 | 30/08/2013

Website: http://sosvirus.net/
Upload Malware: http://sosvirus.net/viewtopic.php?f=6&t=489
Contact: eldesaparecido@sosvirus.net

PC: Gigabyte Technology Co., Ltd. (X58A-UD3R) (x64-based PC)
CPU: Intel(R) Core(TM) i7 CPU         950  @ 3.07GHz (3059)
RAM -> [Total : 6142 | Free : 3737]
BIOS: Award Modular BIOS v6.00PG
BOOT: Normal boot

OS: Microsoft Windows 7 Home Premium  (6.1.7601 64-Bit) # Service Pack 1
WB: Windows Internet Explorer 10.0.9200.16660

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Norton 360 [(!) Disabled | Updated]
FW: Windows FireWall Service [(!) Disabled]

C:\ (%systemdrive%) -> Fixed drive # 100 Gb (2 Mb free - 2%) [DYSK 1] # NTFS
D:\ -> Fixed drive # 200 Gb (3 Mb free - 2%) [GRY] # NTFS
E:\ -> Fixed drive # 100 Gb (3 Mb free - 3%) [PROGRAMY] # NTFS
F:\ -> Fixed drive # 66 Gb (1 Mb free - 2%) [FILMY, OBRAZY] # NTFS
G:\ -> Fixed drive # 149 Gb (3 Mb free - 2%) [INSTALKI] # NTFS
I:\ -> CD-ROM
L:\ -> CD-ROM
M:\ -> Fixed drive # 932 Gb (76 Mb free - 8%) [SAMSUNG] # NTFS
N:\ -> CD-ROM

################## | Active Processes |

C:\Windows\system32\csrss.exe (556)
C:\Windows\system32\csrss.exe (640)
C:\Windows\system32\wininit.exe (648)
C:\Windows\system32\winlogon.exe (696)
C:\Windows\system32\services.exe (744)
C:\Windows\system32\lsass.exe (752)
C:\Windows\system32\lsm.exe (760)
C:\Windows\system32\svchost.exe (856)
C:\Windows\system32\nvvsvc.exe (920)
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (944)
C:\Windows\system32\svchost.exe (992)
C:\Windows\System32\svchost.exe (544)
C:\Windows\System32\svchost.exe (636)
C:\Windows\system32\svchost.exe (392)
C:\Windows\system32\svchost.exe (1008)
C:\Windows\system32\svchost.exe (1132)
C:\Windows\system32\svchost.exe (1244)
C:\Windows\System32\spoolsv.exe (1388)
C:\Windows\system32\svchost.exe (1424)
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (1524)
C:\Windows\system32\nvvsvc.exe (1532)
C:\Program Files (x86)\cFosSpeed\spd.exe (1568)
E:\Program Files (x86)\CyberLink\PowerDVD11\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe (1596)
E:\Program Files (x86)\CyberLink\PowerDVD11\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe (1644)
E:\Program Files (x86)\CyberLink\PowerDVD11\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe (1712)
C:\Windows\system32\taskhost.exe (1804)
C:\Windows\system32\Dwm.exe (1876)
C:\Windows\Explorer.EXE (1936)
C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe (1996)
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (1316)
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (1824)
C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccSvcHst.exe (2168)
C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (2248)
C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccSvcHst.exe (2468)
C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe (2580)
C:\Windows\SysWOW64\PnkBstrA.exe (2840)
C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe (2936)
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (2972)
C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe (3020)
E:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (3036)
C:\Windows\system32\svchost.exe (2120)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (1848)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (2496)
C:\Windows\System32\WUDFHost.exe (3244)
C:\Program Files (x86)\GIGABYTE\smart6\dbios\SDBMSG.exe (3412)
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe (3560)
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (3596)
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (3648)
C:\Windows\system32\svchost.exe (3832)
C:\Windows\system32\svchost.exe (1188)
C:\Windows\system32\wuauclt.exe (1588)
C:\Windows\system32\svchost.exe (2028)
C:\Windows\WindowsMobile\wmdcBase.exe (5092)
c:\program files (x86)\common files\java\java update\jusched.exe (4820)
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (1220)
C:\Program Files (x86)\Mozilla Firefox\firefox.exe (4984)
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (880)
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe (4428)
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe (4424)
C:\UsbFix\Go.exe (4596)
C:\Windows\system32\wbem\wmiprvse.exe (5244)

################## | El Desaparecido Section |

HKLM\SOFTWARE | Run : [NUSB3MON] - "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
HKLM\SOFTWARE | Run : [JMB36X IDE Setup] - C:\Windows\RaidTool\xInsIDE.exe
HKLM\SOFTWARE | Run : [Adobe Reader Speed Launcher] - "E:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE\wow6432Node | Run : [NUSB3MON] - "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
HKLM\SOFTWARE\wow6432Node | Run : [JMB36X IDE Setup] - C:\Windows\RaidTool\xInsIDE.exe
HKLM\SOFTWARE\wow6432Node | Run : [Adobe Reader Speed Launcher] - "E:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
HKLM\SOFTWARE\wow6432Node | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE | RunOnce : [SDBOK] - C:\Program Files (x86)\GIGABYTE\smart6\dbios\run.exe
HKLM\SOFTWARE | RunOnce : [] - 
HKLM\SOFTWARE\wow6432Node | RunOnce : [SDBOK] - C:\Program Files (x86)\GIGABYTE\smart6\dbios\run.exe
HKLM\SOFTWARE\wow6432Node | RunOnce : [] - 
HKLM\SOFTWARE | Policies\Explorer\run : [] - 1
HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-4233778675-1156193089-89653302-1000\SOFTWARE | Run : [] - 
HKU\S-1-5-21-4233778675-1156193089-89653302-1000\SOFTWARE | Run : [DAEMON Tools Lite] - "E:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
HKU\S-1-5-21-4233778675-1156193089-89653302-1000\SOFTWARE | Run : [ISUSPM] - "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-19\SOFTWARE | RunOnce : [] - 
HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-20\SOFTWARE | RunOnce : [] - 
HKU\S-1-5-18\SOFTWARE | RunOnce : [] - 

################## | Files # Infected Folders |

Found ! C:\Users\Wojtek\AppData\Roaming\BabMaint.exe
Found ! C:\Users\Wojtek\AppData\Roaming\ezpinst.exe
Found ! M:\$AVG.lnk
Found ! M:\$RECYCLE.BIN.lnk
Found ! M:\3298dbea183b5dd36749cd.lnk
Found ! M:\b4073d85a0d8d692373ab612b5.lnk
Found ! M:\dggfsdfdsfsdf.lnk
Found ! M:\Downloads.lnk
Found ! M:\Dźwięki.lnk
Found ! M:\f013e006dce5f141a7.lnk
Found ! M:\Filmy.lnk
Found ! M:\found.000.lnk
Found ! M:\Gry instalki.lnk
Found ! M:\Gry MMO.lnk
Found ! M:\Kart pamięci dane.lnk
Found ! M:\MATEUSZ--PC.lnk
Found ! M:\msdownld.tmp.lnk
Found ! M:\nawigacja Roberta.lnk
Found ! M:\nowa.lnk
Found ! M:\Nowy folder.lnk
Found ! M:\Obrazy.lnk
Found ! M:\Pamiętniki wampirów.lnk
Found ! M:\Programy.lnk
Found ! M:\Save daniel.lnk
Found ! M:\SteamLibrary.lnk
Found ! M:\System Volume Information.lnk
Found ! M:\SZKOŁA.lnk
Found ! M:\Wesele Edyta.lnk
Found ! M:\z folderu rozne szkola.lnk
Found ! C:\Users\Wojtek\WA.exe
Found ! M:\Recycler\desktop.ini
Found ! M:\syncguid.dat
Found ! M:\Thumbs.db

################## | Registry |

Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr

################## | Mountpoints2 |

HKCU\.\.\.\.\Explorer\MountPoints2\K
Shell\AutoRun\Command = K:\windows\Install\Install.exe

HKCU\.\.\.\.\Explorer\MountPoints2\R
Shell\AutoRun\Command = R:\LaunchU3.exe -a

HKCU\.\.\.\.\Explorer\MountPoints2\{23bf9c88-f0c8-11e0-8db0-1c6f653f903b}
Shell\AutoRun\Command = H:\Startme.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{29068d4d-71cf-11e2-9ee4-1c6f653f903b}
Shell\AutoRun\Command = K:\windows\Install\Install.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{317cf5fd-4d03-11e0-9510-1c6f653f903b}
Shell\AutoRun\Command = K:\LaunchU3.exe -a

HKCU\.\.\.\.\Explorer\MountPoints2\{3f4ddaab-e5ea-11e1-a789-1c6f653f903b}
Shell\AutoRun\Command = H:\Startme.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{5f6a8b3d-7815-11e2-82d9-1c6f653f903b}
Shell\AutoRun\Command = L:\autorun.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{74fd7cc0-537a-11e0-ba4a-806e6f6e6963}
Shell\AutoRun\Command = I:\Autorun.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{a180c215-5e71-11e0-9567-1c6f653f903b}
Shell\AutoRun\Command = H:\LGAutoRun.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{dcef2e40-4264-11e0-9582-1c6f653f903b}
Shell\AutoRun\Command = I:\LaunchU3.exe -a



################## | Vaccin |

(!) This computer is not vaccinated!

################## | E.O.F | http://sosvirus.net |