############################## | UsbFix V 7.126 | [Research] User: Asia (Administrator) # ASIA-KOMPUTER Updated 13/05/2013 by El Desaparecido Started at 21:27:27 | 14/05/2013 Website: http://sosvirus.org/ Upload Malware: http://upload.sosvirus.org/ Contact: contact@sosvirus.org PC: TOSHIBA (Satellite A300) (x64-based PC) CPU: Intel(R) Core(TM)2 Duo CPU T5800 @ 2.00GHz (2000) RAM -> [Total : 4094 | Free : 2490] BIOS: InsydeH2O Version 2.20 BOOT: Normal boot OS: Microsoft Windows 7 Home Premium (6.1.7601 64-Bit) # Service Pack 1 WB: Windows Internet Explorer 10.0.9200.16540 SC: Security Center Service [Enabled] WU: Windows Update Service [Enabled] AV: avast! Antivirus [(!) Disabled | Updated] FW: Windows FireWall Service [Enabled] C:\ (%systemdrive%) -> Fixed drive # 298 Gb (154 Mb free - 52%) [] # NTFS D:\ -> CD-ROM E:\ -> CD-ROM F:\ -> CD-ROM H:\ -> Removable drive # 7 Gb (3 Mb free - 37%) [] # FAT32 ################## | Active Processes | C:\Windows\system32\csrss.exe (632) C:\Windows\system32\wininit.exe (796) C:\Windows\system32\csrss.exe (808) C:\Windows\system32\services.exe (852) C:\Windows\system32\lsass.exe (868) C:\Windows\system32\lsm.exe (876) C:\Windows\system32\svchost.exe (988) C:\Windows\system32\winlogon.exe (636) C:\Windows\system32\svchost.exe (1004) C:\Windows\system32\atiesrxx.exe (1052) C:\Windows\System32\svchost.exe (1128) C:\Windows\System32\svchost.exe (1160) C:\Windows\system32\svchost.exe (1188) C:\Windows\system32\svchost.exe (1212) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (1300) C:\Windows\system32\svchost.exe (1432) C:\Windows\system32\svchost.exe (1532) C:\Windows\system32\atieclxx.exe (1580) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (1648) C:\Windows\system32\Dwm.exe (1764) C:\Windows\Explorer.EXE (1776) C:\Windows\System32\spoolsv.exe (1956) C:\Windows\system32\taskhost.exe (1972) C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe (1368) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (1452) C:\Program Files\Windows Sidebar\sidebar.exe (2056) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (2100) C:\Program Files\LSI SoftModem\agr64svc.exe (2164) C:\Windows\system32\svchost.exe (2196) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (2364) C:\ProgramData\DatacardService\HWDeviceService64.exe (2396) C:\Windows\System32\svchost.exe (2428) C:\ProgramData\DatacardService\DCSHelper.exe (2448) C:\ProgramData\PLAY ONLINE\OnlineUpdate\ouc.exe (2532) C:\Windows\System32\svchost.exe (2540) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (2572) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (3148) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (3212) C:\Windows\system32\SearchIndexer.exe (3264) C:\Program Files (x86)\Ask.com\Updater\Updater.exe (3292) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (3356) C:\Program Files\AVAST Software\Avast\AvastUI.exe (3396) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (3420) C:\Program Files\Windows Media Player\wmpnetwk.exe (3496) C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe (3628) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (3916) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (2812) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (2068) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe (3816) C:\Windows\System32\svchost.exe (3820) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe (4076) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe (2648) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe (4336) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (4732) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (3308) C:\Windows\System32\svchost.exe (4596) C:\Windows\system32\taskeng.exe (4772) C:\Windows\system32\taskhost.exe (4592) C:\UsbFix\Go.exe (2836) C:\Windows\system32\wbem\wmiprvse.exe (4444) C:\Windows\system32\DllHost.exe (2344) ################## | El Desaparecido Section | HKLM\SOFTWARE | Run : [ITSecMng] - %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START HKLM\SOFTWARE | Run : [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun HKLM\SOFTWARE | Run : [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" HKLM\SOFTWARE | Run : [PWRISOVM.EXE] - C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup HKLM\SOFTWARE | Run : [] - HKLM\SOFTWARE | Run : [ApnUpdater] - "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" HKLM\SOFTWARE | Run : [avast] - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui HKLM\SOFTWARE | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" HKLM\SOFTWARE | Run : [Camera Assistant Software] - "C:\Program Files (x86)\Camera Assistant Software for Toshiba\traybar.exe" /start HKLM\SOFTWARE\wow6432Node | Run : [ITSecMng] - %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START HKLM\SOFTWARE\wow6432Node | Run : [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun HKLM\SOFTWARE\wow6432Node | Run : [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe HKLM\SOFTWARE\wow6432Node | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" HKLM\SOFTWARE\wow6432Node | Run : [PWRISOVM.EXE] - C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup HKLM\SOFTWARE\wow6432Node | Run : [] - HKLM\SOFTWARE\wow6432Node | Run : [ApnUpdater] - "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" HKLM\SOFTWARE\wow6432Node | Run : [avast] - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui HKLM\SOFTWARE\wow6432Node | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" HKLM\SOFTWARE\wow6432Node | Run : [Camera Assistant Software] - "C:\Program Files (x86)\Camera Assistant Software for Toshiba\traybar.exe" /start HKLM\SOFTWARE | RunOnce : [] - HKLM\SOFTWARE\wow6432Node | RunOnce : [] - HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-21-845661584-2312701738-3435311148-1001\SOFTWARE | Run : [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe /autoRun HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe ################## | Files # Infected Folders | Found ! E:\CriticalRebuild.exe Found ! E:\autorun.exe Found ! E:\autorun.exe Found ! E:\autorun.inf Found ! F:\AUTORUN.INF Found ! F:\autorun.exe Found ! F:\data.cab ################## | Registry | ################## | Mountpoints2 | HKCU\.\.\.\.\Explorer\MountPoints2\E Shell\AutoRun\Command = E:\autorun.exe HKCU\.\.\.\.\Explorer\MountPoints2\F Shell\AutoRun\Command = F:\autorun.EXE HKCU\.\.\.\.\Explorer\MountPoints2\{6760a950-e0d1-11e1-9716-806e6f6e6963} Shell\AutoRun\Command = E:\AutoRun.exe HKCU\.\.\.\.\Explorer\MountPoints2\{6760a98d-e0d1-11e1-9716-00216b27843c} Shell\AutoRun\Command = E:\AutoRun.exe ################## | Vaccin | (!) This computer is not vaccinated! ################## | E.O.F | http://sosvirus.org |