############################## | UsbFix V 7.113 | [Research] User: Igor (Administrator) # IGOR-KOMPUTER Updated 05/03/2013 by El Desaparecido Started at 16:52:26 | 07/03/2013 Website: http://sosvirus.org/index.php Contact: contact@sosvirus.org PC: Gigabyte Technology Co., Ltd. (P67A-D3-B3) (x64-based PC) CPU: Intel(R) Core(TM) i5-2500K CPU @ 3.30GHz (3601) RAM -> [Total : 16367 | Free : 11955] BIOS: Award Modular BIOS v6.00PG BOOT: Normal boot OS: Microsoft Windows 7 Home Premium (6.1.7601 64-Bit) # Service Pack 1 WB: Windows Internet Explorer 9.0.8112.16421 SC: Security Center Service [Enabled] WU: Windows Update Service [Enabled] AV: COMODO Antivirus [(!) Disabled | Updated] FW: Windows FireWall Service [Enabled] C:\ (%systemdrive%) -> Fixed drive # 112 Gb (56 Mb free - 50%) [] # NTFS D:\ -> CD-ROM E:\ -> Fixed drive # 195 Gb (98 Mb free - 50%) [] # NTFS F:\ -> Fixed drive # 442 Gb (149 Mb free - 34%) [f2] # NTFS G:\ -> Fixed drive # 294 Gb (36 Mb free - 12%) [] # NTFS H:\ -> Removable drive # 4 Gb (85 Mb free - 2%) [PENDRIVE] # FAT32 I:\ -> CD-ROM Q:\ -> Fixed drive # 1863 Gb (669 Mb free - 36%) [Elements] # NTFS ################## | Active Processes | C:\Windows\system32\csrss.exe (608) C:\Windows\system32\wininit.exe (680) C:\Windows\system32\csrss.exe (696) C:\Windows\system32\services.exe (744) C:\Windows\system32\lsass.exe (768) C:\Windows\system32\lsm.exe (776) C:\Windows\system32\winlogon.exe (852) C:\Windows\system32\svchost.exe (920) C:\Windows\system32\nvvsvc.exe (988) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (1012) C:\Windows\system32\svchost.exe (556) F:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (824) C:\Windows\system32\svchost.exe (1060) c:\Program Files\Microsoft Security Client\MsMpEng.exe (1088) C:\Windows\System32\svchost.exe (1152) C:\Windows\System32\svchost.exe (1184) C:\Windows\system32\svchost.exe (1232) C:\Windows\system32\svchost.exe (1264) F:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (1648) C:\Windows\system32\nvvsvc.exe (1660) C:\Windows\SYSTEM32\WISPTIS.EXE (1700) C:\Windows\System32\spoolsv.exe (1780) C:\Windows\system32\svchost.exe (1808) C:\Windows\system32\taskhost.exe (1416) C:\Windows\SYSTEM32\WISPTIS.EXE (1636) F:\Program Files\Common Files\microsoft shared\ink\TabTip.exe (1956) C:\Windows\system32\Dwm.exe (1216) C:\Windows\Explorer.EXE (2108) F:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe (2216) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (2316) C:\Program Files\Microsoft Security Client\msseces.exe (2324) F:\Program Files\OO Software\Defrag\oodtray.exe (2420) C:\Windows\System32\WTMKM.exe (2428) C:\Windows\WindowsMobile\wmdc.exe (2436) C:\Program Files (x86)\Skype\Phone\Skype.exe (2472) C:\Users\Igor\AppData\Roaming\Dropbox\bin\Dropbox.exe (2524) F:\Program Files (x86)\PowerISO\PWRISOVM.EXE (2996) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (3020) F:\Program Files\NVIDIA Corporation\Display\nvtray.exe (2960) F:\Program Files\OO Software\Defrag\oodag.exe (2880) C:\Program Files (x86)\Realtek\RTL8185 Wireless LAN Utility\RtlService.exe (1428) C:\Program Files (x86)\Secunia\PSI\PSIA.exe (2540) C:\Program Files (x86)\Realtek\RTL8185 Wireless LAN Utility\RtWlan.exe (2556) C:\Windows\system32\svchost.exe (2172) C:\Windows\system32\atwtusb.exe (3152) C:\Windows\system32\atwtusb.exe (3456) C:\Windows\System32\alg.exe (3700) C:\Windows\system32\svchost.exe (3736) C:\Windows\system32\SearchIndexer.exe (3824) C:\Windows\system32\svchost.exe (4040) C:\Windows\system32\svchost.exe (4164) C:\Windows\System32\WUDFHost.exe (4516) C:\Program Files (x86)\Secunia\PSI\sua.exe (4876) C:\Users\Igor\AppData\Local\Google\Chrome\Application\chrome.exe (5556) C:\Users\Igor\AppData\Local\Google\Chrome\Application\chrome.exe (4904) C:\Users\Igor\AppData\Local\Google\Chrome\Application\chrome.exe (5260) C:\Users\Igor\AppData\Local\Google\Chrome\Application\chrome.exe (5300) C:\Users\Igor\AppData\Local\Google\Chrome\Application\chrome.exe (3204) C:\Users\Igor\AppData\Local\Google\Chrome\Application\chrome.exe (4736) C:\Users\Igor\AppData\Local\Google\Chrome\Application\chrome.exe (5624) C:\Users\Igor\AppData\Local\Google\Chrome\Application\chrome.exe (5492) C:\Users\Igor\AppData\Local\Google\Chrome\Application\chrome.exe (5484) C:\Users\Igor\AppData\Local\Google\Chrome\Application\chrome.exe (3360) C:\Users\Igor\AppData\Local\Google\Chrome\Application\chrome.exe (3388) C:\Users\Igor\AppData\Local\Google\Chrome\Application\chrome.exe (4596) C:\Users\Igor\AppData\Local\Google\Chrome\Application\chrome.exe (4712) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (4760) F:\Program Files\Windows Media Player\wmpnetwk.exe (4156) F:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe (5932) C:\Users\Igor\AppData\Local\Google\Chrome\Application\chrome.exe (4688) C:\Windows\system32\svchost.exe (2136) C:\Users\Igor\AppData\Local\Google\Chrome\Application\chrome.exe (3808) C:\Users\Igor\AppData\Local\Google\Chrome\Application\chrome.exe (2652) C:\Users\Igor\AppData\Local\Google\Chrome\Application\chrome.exe (5368) C:\Users\Igor\AppData\Local\Google\Chrome\Application\chrome.exe (3420) C:\Users\Igor\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe (2296) C:\Users\Igor\AppData\Local\Google\Chrome\Application\chrome.exe (1044) C:\Users\Igor\AppData\Local\Google\Chrome\Application\chrome.exe (1048) C:\Windows\system32\notepad.exe (3788) F:\Dokumenty\Downloads\OTL.exe (6064) F:\Program Files\COMODO\COMODO Internet Security\cfp.exe (4704) C:\Users\Igor\AppData\Local\Google\Chrome\Application\chrome.exe (2752) C:\Users\Igor\AppData\Local\Google\Chrome\Application\chrome.exe (2972) C:\UsbFix\Go.exe (1252) C:\Windows\system32\wbem\wmiprvse.exe (1756) ################## | Files # Infected Folders | Found ! H:\wubi.exe Found ! H:\autorun.inf Found ! H:\AUTORUN_.INF ################## | Registry | Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools ################## | Mountpoints2 | ################## | Vaccin | G:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido) Q:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido) ################## | E.O.F | http://sosvirus.org |