############################## | UsbFix V 7.127 | [Research] User: Hrabia (Administrator) # HRABIA-04B08AF9 Updated 05/06/2013 by El Desaparecido Started at 00:03:33 | 17/06/2013 Website: http://sosvirus.org/ Upload Malware: http://upload.sosvirus.org/ Contact: contact@sosvirus.org PC: K8T890 (AWRDACPI) (X86-based PC) CPU: AMD Athlon(tm) 64 Processor 3200+ (2043) RAM -> [Total : 1022 | Free : 240] BIOS: )Phoenix - Award WorkstationBIOS v6.00PG BOOT: Normal boot OS: Microsoft Windows XP Home Edition (5.1.2600 32-Bit) # Dodatek Service Pack 3 WB: Windows Internet Explorer 8.0.6001.18702 SC: Security Center Service [Enabled] WU: Windows Update Service [Enabled] FW: Windows FireWall Service [Enabled] C:\ (%systemdrive%) -> Fixed drive # 20 Gb (2 Mb free - 12%) [] # NTFS D:\ -> Fixed drive # 65 Gb (19 Mb free - 29%) [] # NTFS E:\ -> Fixed drive # 65 Gb (6 Mb free - 10%) [] # NTFS F:\ -> CD-ROM G:\ -> Removable drive # 954 Mb (953 Mb free - 100%) [KINGSTON] # FAT32 ################## | Active Processes | C:\windows\System32\smss.exe (1076) C:\windows\system32\winlogon.exe (1404) C:\windows\system32\services.exe (1464) C:\windows\system32\lsass.exe (1476) C:\windows\system32\svchost.exe (1668) C:\windows\System32\svchost.exe (1860) C:\windows\system32\svchost.exe (1904) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (572) C:\windows\system32\spoolsv.exe (696) C:\Program Files\Java\jre7\bin\jqs.exe (1308) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe (1360) C:\windows\Explorer.EXE (1952) D:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe (248) C:\windows\system32\nvsvc32.exe (440) C:\windows\system32\svchost.exe (1240) C:\windows\system32\UAService7.exe (1768) C:\windows\system32\RunDLL32.exe (828) C:\Program Files\AVAST Software\Avast\avastUI.exe (936) C:\Program Files\Common Files\Java\Java Update\jusched.exe (272) C:\windows\system32\ctfmon.exe (1004) C:\WINDOWS\system32\wbem\wmiapsrv.exe (3724) C:\windows\system32\wuauclt.exe (3984) D:\Program Files\Mozilla Firefox\firefox.exe (556) D:\Program Files\Mozilla Firefox\plugin-container.exe (2960) C:\UsbFix\Go.exe (412) ################## | El Desaparecido Section | HKLM\SOFTWARE | Run : [NvMediaCenter] - RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login HKLM\SOFTWARE | Run : [NvCplDaemon] - RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup HKLM\SOFTWARE | Run : [avast] - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui HKLM\SOFTWARE | Run : [SunJavaUpdateSched] - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" HKLM\SOFTWARE | RunOnce : [] - HKLM\SOFTWARE | Policies\Explorer\run : [20160] - C:\DOCUME~1\ALLUSE~1\LOCALS~1\Temp\cciauui.com HKU\S-1-5-19\SOFTWARE | Run : [CTFMON.EXE] - C:\WINDOWS\system32\CTFMON.EXE HKU\S-1-5-20\SOFTWARE | Run : [CTFMON.EXE] - C:\WINDOWS\system32\CTFMON.EXE HKU\S-1-5-21-1957994488-920026266-839522115-1004\SOFTWARE | Run : [ctfmon.exe] - C:\windows\system32\ctfmon.exe HKU\S-1-5-21-1957994488-920026266-839522115-1004\SOFTWARE | Run : [Hoolapp Android] - "C:\DOCUME~1\Hrabia\DANEAP~1\HOOLAP~1\Hoolapp.exe" /Minimized HKU\S-1-5-21-1957994488-920026266-839522115-1009\SOFTWARE | Run : [CTFMON.EXE] - C:\WINDOWS\system32\CTFMON.EXE HKU\S-1-5-18\SOFTWARE | Run : [CTFMON.EXE] - C:\WINDOWS\system32\CTFMON.EXE HKU\S-1-5-18\SOFTWARE | Run : [DWQueuedReporting] - "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t ################## | Files # Infected Folders | Found ! C:\Documents and Settings\Hrabia\Dane aplikacji\inst.exe Found ! G:\KINGSTON (1GB).lnk Found ! C:\windows\system32\secushr.dat Found ! E:\Thumbs.db Found ! G:\autorun.inf Found ! G:\desktop.ini Found ! G:\Thumbs.db ################## | Registry | ################## | Mountpoints2 | HKCU\.\.\.\.\Explorer\MountPoints2\{0a5ced3b-6cc4-11df-83c6-4d6564696130} Shell\AutoRun\Command = H:\.\Vado\Vado.exe ################## | Vaccin | (!) This computer is not vaccinated! ################## | E.O.F | http://sosvirus.org |