############################## | UsbFix V 7.096 | [Deletion]

User: Luk (Administrator) # LUK-PC
Updated 15/08/2012 by El Desaparecido
Started at 19:34:12 | 16/05/2013

Website: http://eldesaparecido.com
Forum: http://forum.eldesaparecido.com
Suspicious file ? : http://eldesaparecido.com/upload.php
Contact: contact@eldesaparecido.com

PC: Gigabyte Technology Co., Ltd. (To be filled by O.E.M.) (x64-based PC) # Desktop Computer
CPU: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz (4401)
RAM -> [Total : 8152 | Free : 5837]
BIOS: BIOS Date: 10/24/12 09:45:15 Ver: 04.06.05
BOOT: Normal boot

OS: Microsoft Windows 7 Ultimate  (6.1.7601 64-Bit) # Service Pack 1
WB: Windows Internet Explorer 9.0.8112.16421

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [Enabled | Updated]
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Fixed drive # 56 Gb (13 Mb free - 24%) [Systm] # NTFS
D:\ -> CD-ROM
E:\ -> Fixed drive # 1807 Gb (841 Mb free - 47%) [Data] # NTFS
F:\ -> Fixed drive # 298 Gb (34 Mb free - 11%) [EXTERNAK] # NTFS
G:\ -> Removable drive # 2 Gb (325 Mb free - 17%) [KARTA] # FAT

################## | Active Processes |

C:\Windows\system32\csrss.exe (588)
C:\Windows\system32\wininit.exe (648)
C:\Windows\system32\csrss.exe (672)
C:\Windows\system32\services.exe (740)
C:\Windows\system32\winlogon.exe (748)
C:\Windows\system32\lsass.exe (776)
C:\Windows\system32\lsm.exe (788)
C:\Windows\system32\svchost.exe (888)
C:\Windows\system32\nvvsvc.exe (964)
C:\Windows\system32\svchost.exe (1004)
C:\Windows\System32\svchost.exe (592)
C:\Windows\System32\svchost.exe (844)
C:\Windows\system32\svchost.exe (1040)
C:\Windows\system32\svchost.exe (1208)
C:\Windows\system32\svchost.exe (1260)
C:\Windows\system32\svchost.exe (1344)
C:\Program Files\AVAST Software\Avast\AvastSvc.exe (1400)
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (1560)
C:\Windows\system32\nvvsvc.exe (1568)
C:\Windows\System32\spoolsv.exe (1800)
C:\Windows\system32\svchost.exe (1872)
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (1984)
C:\xampp\apache\bin\httpd.exe (2008)
C:\Windows\system32\svchost.exe (2036)
C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE (1360)
C:\Program Files\Intel\iCLS Client\HeciServer.exe (1424)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (1812)
C:\Program Files\Microsoft LifeCam\MSCamS64.exe (2056)
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (2100)
C:\xampp\apache\bin\httpd.exe (2484)
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (2532)
C:\Windows\SysWOW64\PnkBstrA.exe (3172)
C:\Windows\system32\sppsvc.exe (3236)
C:\Windows\system32\svchost.exe (3296)
C:\Windows\system32\viakaraokesrv.exe (3368)
C:\Windows\system32\svchost.exe (3392)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (3420)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (3556)
C:\Program Files (x86)\Hide My IP\HideMyIpSrv.exe (3988)
C:\Windows\system32\svchost.exe (4056)
C:\Windows\system32\svchost.exe (3100)
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (760)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (5052)
C:\Windows\System32\svchost.exe (5096)
C:\Windows\system32\SearchIndexer.exe (4984)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (3272)
C:\Windows\system32\wbem\wmiprvse.exe (4068)
C:\Windows\system32\taskhost.exe (4720)
C:\Windows\system32\taskeng.exe (3324)
C:\Windows\system32\Dwm.exe (1100)
C:\Windows\Explorer.EXE (3836)
C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSS.exe (4392)
C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe (3876)
C:\VIA_XHCI\usb3Monitor.exe (4944)
C:\Windows\system32\AUDIODG.EXE (4044)
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe (3868)
C:\Program Files\Windows Sidebar\sidebar.exe (5184)
E:\Program Files\Zoner\Photo Studio 15\Program32\ZPSTray.exe (5248)
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (5388)
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (5428)
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (5444)
C:\Program Files\AVAST Software\Avast\AvastUI.exe (5452)
C:\Windows\Inf\MSASGui.exe (5848)
C:\Windows\system32\conhost.exe (5860)
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (5376)
C:\Program Files\Windows Media Player\wmpnetwk.exe (6336)
C:\Windows\system32\wbem\wmiprvse.exe (6628)
C:\Windows\system32\wuauclt.exe (6828)
C:\Program Files (x86)\Mozilla Firefox\firefox.exe (7016)
C:\Users\Luk\Desktop\Programy Nov\Core temp\Core Temp.exe (6564)
C:\Windows\system32\SearchProtocolHost.exe (6604)
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (6668)
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (5636)
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe (3920)
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe (5948)
C:\Windows\system32\wbem\wmiprvse.exe (6676)
C:\UsbFix\Go.exe (5112)
C:\Windows\system32\SearchFilterHost.exe (1036)
\\?\C:\Windows\system32\wbem\WMIADAP.EXE (6892)
C:\Windows\System32\WUDFHost.exe (4892)
C:\Windows\system32\rundll32.exe (5808)
C:\Windows\servicing\TrustedInstaller.exe (1304)
C:\Windows\system32\rundll32.exe (6180)

################## | Stopped processes |

Stopped! C:\Windows\system32\nvvsvc.exe (964)
Stopped! C:\Program Files\AVAST Software\Avast\AvastSvc.exe (1400)
Stopped! C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (1560)
Stopped! C:\Windows\system32\nvvsvc.exe (1568)
Stopped! C:\Windows\System32\spoolsv.exe (1800)
Stopped! C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (1984)
Stopped! C:\xampp\apache\bin\httpd.exe (2008)
Stopped! C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE (1360)
Stopped! C:\Program Files\Intel\iCLS Client\HeciServer.exe (1424)
Stopped! C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (1812)
Stopped! C:\Program Files\Microsoft LifeCam\MSCamS64.exe (2056)
Stopped! C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (2100)
Stopped! C:\xampp\apache\bin\httpd.exe (2484)
Stopped! C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (2532)
Stopped! C:\Windows\SysWOW64\PnkBstrA.exe (3172)
Stopped! C:\Windows\system32\sppsvc.exe (3236)
Stopped! C:\Windows\system32\viakaraokesrv.exe (3368)
Stopped! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (3420)
Stopped! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (3556)
Stopped! C:\Program Files (x86)\Hide My IP\HideMyIpSrv.exe (3988)
Stopped! C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (760)
Stopped! C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (5052)
Stopped! C:\Windows\system32\SearchIndexer.exe (4984)
Stopped! C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (3272)
Stopped! C:\Windows\system32\taskhost.exe (4720)
Stopped! C:\Windows\system32\taskeng.exe (3324)
Stopped! C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSS.exe (4392)
Stopped! C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe (3876)
Stopped! C:\VIA_XHCI\usb3Monitor.exe (4944)
Stopped! C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe (3868)
Stopped! C:\Program Files\Windows Sidebar\sidebar.exe (5184)
Stopped! E:\Program Files\Zoner\Photo Studio 15\Program32\ZPSTray.exe (5248)
Stopped! C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (5388)
Stopped! C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (5428)
Stopped! C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (5444)
Stopped! C:\Program Files\AVAST Software\Avast\AvastUI.exe (5452)
Stopped! C:\Windows\Inf\MSASGui.exe (5848)
Stopped! C:\Windows\system32\conhost.exe (5860)
Stopped! C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (5376)
Stopped! C:\Program Files\Windows Media Player\wmpnetwk.exe (6336)
Stopped! C:\Windows\system32\wuauclt.exe (6828)
Stopped! C:\Program Files (x86)\Mozilla Firefox\firefox.exe (7016)
Stopped! C:\Users\Luk\Desktop\Programy Nov\Core temp\Core Temp.exe (6564)
Stopped! C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (6668)
Stopped! C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (5636)
Stopped! C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe (3920)
Stopped! C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe (5948)
Stopped! \\?\C:\Windows\system32\wbem\WMIADAP.EXE (6892)
Stopped! C:\Windows\System32\WUDFHost.exe (4892)
Stopped! C:\Windows\servicing\TrustedInstaller.exe (1304)

################## | Files # Infected Folders |

Deleted ! C:\Windows\SysWOW64\temp
Deleted ! C:\$RECYCLE.BIN\S-1-5-21-2585186565-4164070737-2460129291-1000
Deleted ! E:\$RECYCLE.BIN\S-1-5-21-2585186565-4164070737-2460129291-1000

(!) Temporary files deleted.

################## | Registry |

Deleted ! HKCU\Software\{B2CB09FF-2453-4f85-9F40-21C05BE4CBA8}

################## | Mountpoints2 |

Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\D
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\G
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{c479a3cc-4cd4-11e2-9afb-806e6f6e6963}

################## | Listing |

[16/05/2013 - 19:35:41 | SHD ] 	C:\$Recycle.Bin
[26/12/2012 - 05:39:24 | SHD ] 	C:\Boot
[20/11/2010 - 05:40:08 | RASH | 383786] 	C:\bootmgr
[23/12/2012 - 18:45:01 | N | 8192] 	C:\BOOTSECT.BAK
[15/05/2013 - 20:29:20 | N | 3288] 	C:\bootsqm.dat
[23/12/2012 - 03:18:56 | N | 156] 	C:\csb.log
[01/02/2013 - 15:40:10 | N | 277] 	C:\debugInstaller.txt
[14/07/2009 - 07:08:56 | SHD ] 	C:\Documents and Settings
[25/12/2012 - 22:59:03 | D ] 	C:\found.000
[02/08/2009 - 10:59:51 | N | 171136] 	C:\grldr
[16/05/2013 - 16:57:26 | ASH | 6411063296] 	C:\hiberfil.sys
[31/12/2012 - 17:58:55 | D ] 	C:\inetpub
[23/12/2012 - 03:12:11 | D ] 	C:\Intel
[16/03/2013 - 22:48:54 | D ] 	C:\NVIDIA
[16/05/2013 - 16:57:26 | ASH | 419430400] 	C:\pagefile.sys
[14/07/2009 - 05:20:08 | D ] 	C:\PerfLogs
[16/05/2013 - 14:22:36 | D ] 	C:\Program Files
[16/05/2013 - 13:23:02 | D ] 	C:\Program Files (x86)
[15/05/2013 - 18:32:30 | HD ] 	C:\ProgramData
[23/12/2012 - 02:59:21 | SHD ] 	C:\Recovery
[16/05/2013 - 14:22:53 | D ] 	C:\rsit
[16/05/2013 - 01:27:11 | SHD ] 	C:\System Volume Information
[16/05/2013 - 19:35:41 | D ] 	C:\UsbFix
[16/05/2013 - 19:34:19 | A | 10911] 	C:\UsbFix.txt
[16/05/2013 - 19:34:19 | D ] 	C:\Users
[23/12/2012 - 03:16:01 | D ] 	C:\VIA_XHCI
[13/05/2013 - 20:00:27 | D ] 	C:\web
[16/05/2013 - 17:20:03 | D ] 	C:\Windows
[20/12/2009 - 01:00:00 | D ] 	C:\xampp
[16/05/2013 - 19:35:41 | SHD ] 	E:\$RECYCLE.BIN
[13/05/2013 - 13:35:39 | D ] 	E:\C programy
[16/05/2013 - 13:03:25 | D ] 	E:\Download
[15/05/2013 - 21:17:00 | D ] 	E:\Fraps
[01/04/2013 - 01:34:38 | D ] 	E:\Games
[16/05/2013 - 01:14:15 | D ] 	E:\GOG Games
[27/01/2013 - 21:44:14 | D ] 	E:\knihy
[11/02/2013 - 22:57:26 | D ] 	E:\msdownld.tmp
[02/01/2013 - 17:42:57 | RHD ] 	E:\MSOCache
[16/05/2013 - 16:57:27 | ASH | 8548085760] 	E:\pagefile.sys
[05/02/2013 - 21:14:18 | D ] 	E:\Program Files
[16/05/2013 - 01:26:15 | D ] 	E:\Program Files (x86)
[09/04/2013 - 17:55:23 | D ] 	E:\QtSDK
[10/04/2013 - 20:31:37 | D ] 	E:\QTT
[09/04/2013 - 15:54:35 | D ] 	E:\skola
[29/04/2013 - 03:14:50 | D ] 	E:\Sony vegas
[23/12/2012 - 03:22:56 | SHD ] 	E:\System Volume Information
[16/05/2013 - 13:00:15 | D ] 	E:\temp

################## | Vaccin |

C:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
E:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)

################## | Upload |

Please send the file: C:\UsbFix_Upload_Me_LUK-PC.zip
http://eldesaparecido.com/upload.php
Thank you for your contribution.

################## | E.O.F |
