############################## | UsbFix V 7.128 | [Research] User: sandra (Administrator) # SANDRA-VAIO Updated 20/06/2013 by El Desaparecido Started at 10:54:10 | 21/06/2013 Website: http://sosvirus.net/ Upload Malware: http://www.sosvirus.net/forum-virus-securite/upload-malware-pour-analyse-t489.html Contact: contact@sosvirus.net PC: Sony Corporation (VPCEH1M1E) (x64-based PC) CPU: Intel(R) Core(TM) i3-2310M CPU @ 2.10GHz (2100) RAM -> [Total : 4078 | Free : 2053] BIOS: InsydeH2O Version 03.60.51R0180Z9 BOOT: Normal boot OS: Microsoft Windows 7 Home Premium (6.1.7601 64-Bit) # Service Pack 1 WB: Windows Internet Explorer 8.0.7601.17514 SC: Security Center Service [Enabled] WU: Windows Update Service [Enabled] AV: AVG AntiVirus Free Edition 2013 [(!) Disabled | Updated] FW: Windows FireWall Service [Enabled] C:\ (%systemdrive%) -> Fixed drive # 451 Gb (41 Mb free - 9%) [] # NTFS D:\ -> CD-ROM E:\ -> CD-ROM F:\ -> CD-ROM G:\ -> Removable drive # 7 Gb (7 Mb free - 100%) [FLASH DRIVE] # FAT32 ################## | Active Processes | C:\Windows\system32\csrss.exe (788) C:\Windows\system32\wininit.exe (836) C:\Windows\system32\csrss.exe (860) C:\Windows\system32\services.exe (912) C:\Windows\system32\lsass.exe (928) C:\Windows\system32\lsm.exe (936) C:\Windows\system32\winlogon.exe (124) C:\Windows\system32\svchost.exe (760) C:\Windows\system32\nvvsvc.exe (852) C:\Windows\system32\svchost.exe (1044) C:\Windows\System32\svchost.exe (1116) C:\Windows\System32\svchost.exe (1184) C:\Windows\system32\svchost.exe (1248) C:\Windows\system32\svchost.exe (1296) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (1528) C:\Windows\system32\nvvsvc.exe (1540) C:\Windows\system32\svchost.exe (1600) C:\Windows\system32\svchost.exe (1772) C:\Windows\system32\WLANExt.exe (1820) C:\Windows\system32\conhost.exe (1836) C:\Windows\System32\spoolsv.exe (1988) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (2024) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (1864) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (1968) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (1232) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe (2060) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (2152) C:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe (2180) C:\Windows\SysWOW64\schtasks.exe (2240) C:\Windows\system32\conhost.exe (2264) C:\ProgramData\DatacardService\HWDeviceService64.exe (2308) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (2348) C:\Program Files (x86)\Mouse Driver\MAIN\KMWDSrv.exe (2400) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (2692) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (2712) C:\Windows\system32\svchost.exe (2752) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (2788) C:\Windows\system32\svchost.exe (2820) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (2868) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe (2928) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe (2952) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe (2960) C:\Windows\SysWOW64\DllHost.exe (3036) C:\Windows\SysWOW64\DllHost.exe (2372) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (3096) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (3192) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (3232) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (3296) C:\Windows\system32\wbem\wmiprvse.exe (3640) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (3960) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (2848) C:\Windows\system32\conhost.exe (2448) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (3488) C:\Windows\system32\taskhost.exe (4292) C:\Windows\system32\taskeng.exe (4348) C:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe (4444) C:\Windows\system32\Dwm.exe (4452) C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe (4612) C:\Windows\Explorer.EXE (4860) C:\ProgramData\DatacardService\DCSHelper.exe (5012) C:\Windows\system32\SearchIndexer.exe (1852) C:\Windows\system32\svchost.exe (4216) C:\Windows\system32\svchost.exe (1040) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe (5504) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe (5760) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (5864) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (5916) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (5936) C:\Program Files\Apoint\Apoint.exe (5944) C:\Program Files\Apoint\ApMsgFwd.exe (5284) C:\Program Files\Apoint\Apntex.exe (5236) C:\Program Files\Apoint\Apvfb.exe (5432) C:\Windows\system32\conhost.exe (4872) C:\Program Files (x86)\BitTorrent\BitTorrent.exe (5996) C:\Users\sandra\AppData\Roaming\PLAY ONLINE\ouc.exe (6048) C:\Program Files\Windows Sidebar\sidebar.exe (5408) C:\Program Files (x86)\ASUSTek Computer Inc\ASUS U3100MINI PLUS V2 Utilities\RTLRCtl.exe (1664) C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe (4244) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (5772) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (6152) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (6160) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe (6204) C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe (6244) C:\Program Files (x86)\Mouse Driver\MAIN\StartAutorun.exe (6284) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (6308) C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe (6344) C:\Program Files (x86)\Mouse Driver\MAIN\KMConfig.exe (6380) C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe (6408) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (6440) C:\Program Files (x86)\AVG\AVG2013\avgui.exe (6532) C:\Program Files (x86)\Mouse Driver\MAIN\KMProcess.exe (6888) C:\Program Files\Windows Media Player\wmpnetwk.exe (3796) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (6172) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (6560) C:\Program Files\Sony\VAIO Care\VCPerfService.exe (6692) C:\Program Files (x86)\Internet Explorer\IELowutil.exe (6044) C:\Program Files\Sony\VAIO Care\listener.exe (3732) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (1136) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (4108) C:\Program Files\Sony\VAIO Care\VCsystray.exe (2560) C:\Windows\system32\svchost.exe (5812) C:\Program Files\Sony\VAIO Care\VCService.exe (1448) C:\Program Files\Sony\VAIO Care\VCAgent.exe (5128) C:\Windows\System32\vds.exe (6544) C:\Program Files\Sony\VAIO Update Common\VUAgent.exe (6260) C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe (1228) C:\Program Files\WinRAR\WinRAR.exe (5088) C:\Windows\System32\WUDFHost.exe (3564) C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe (4960) C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe (7012) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (632) C:\Windows\SysWOW64\NOTEPAD.EXE (4972) C:\Windows\syswow64\svchost.exe (1688) C:\Users\sandra\Documents\OTL.exe (7480) C:\PROGRA~2\GRETECH\GOMPLA~1\GOM.EXE (2808) C:\Windows\notepad.exe (7900) C:\Windows\notepad.exe (3272) C:\Program Files\Sony\VAIO Care\Admload.exe (7476) C:\Windows\SysWOW64\NOTEPAD.EXE (8696) C:\UsbFix\Go.exe (7596) C:\Windows\system32\wbem\wmiprvse.exe (4788) ################## | El Desaparecido Section | HKLM\SOFTWARE | Run : [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe HKLM\SOFTWARE | Run : [ISBMgr.exe] - "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe" HKLM\SOFTWARE | Run : [avgnt] - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min HKLM\SOFTWARE | Run : [nmctxth] - "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" HKLM\SOFTWARE | Run : [nmapp] - "C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash HKLM\SOFTWARE | Run : [RiccoVPN] - HKLM\SOFTWARE | Run : [KMCONFIG] - C:\Program Files (x86)\Mouse Driver\MAIN\StartAutorun.exe KMConfig.exe HKLM\SOFTWARE | Run : [] - HKLM\SOFTWARE | Run : [ApnUpdater] - "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" HKLM\SOFTWARE | Run : [ArcSoft Connection Service] - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe HKLM\SOFTWARE | Run : [DATAMNGR] - C:\PROGRA~2\SEARCH~1\Datamngr\DATAMN~1.EXE HKLM\SOFTWARE | Run : [vProt] - "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe" HKLM\SOFTWARE | Run : [AVG_UI] - "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY HKLM\SOFTWARE\wow6432Node | Run : [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe HKLM\SOFTWARE\wow6432Node | Run : [ISBMgr.exe] - "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe" HKLM\SOFTWARE\wow6432Node | Run : [avgnt] - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min HKLM\SOFTWARE\wow6432Node | Run : [nmctxth] - "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" HKLM\SOFTWARE\wow6432Node | Run : [nmapp] - "C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash HKLM\SOFTWARE\wow6432Node | Run : [RiccoVPN] - HKLM\SOFTWARE\wow6432Node | Run : [KMCONFIG] - C:\Program Files (x86)\Mouse Driver\MAIN\StartAutorun.exe KMConfig.exe HKLM\SOFTWARE\wow6432Node | Run : [] - HKLM\SOFTWARE\wow6432Node | Run : [ApnUpdater] - "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" HKLM\SOFTWARE\wow6432Node | Run : [ArcSoft Connection Service] - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe HKLM\SOFTWARE\wow6432Node | Run : [DATAMNGR] - C:\PROGRA~2\SEARCH~1\Datamngr\DATAMN~1.EXE HKLM\SOFTWARE\wow6432Node | Run : [vProt] - "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe" HKLM\SOFTWARE\wow6432Node | Run : [AVG_UI] - "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY HKLM\SOFTWARE | RunOnce : [] - HKLM\SOFTWARE\wow6432Node | RunOnce : [] - HKLM\SOFTWARE | Policies\Explorer\run : [29803] - C:\PROGRA~3\LOCALS~1\Temp\ccigzcifa.pif HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-21-1798749556-42135512-3017293676-1000\SOFTWARE | Run : [BlazeServoTool] - "C:\Program Files (x86)\BlazeVideo\BlazeDTV 6.0\MediaDetector.exe" HKU\S-1-5-21-1798749556-42135512-3017293676-1000\SOFTWARE | Run : [HW_OPENEYE_OUC_PLAY ONLINE] - "C:\Program Files (x86)\PLAY ONLINE\UpdateDog\ouc.exe" HKU\S-1-5-21-1798749556-42135512-3017293676-1000\SOFTWARE | Run : [BitTorrent] - "C:\Program Files (x86)\BitTorrent\BitTorrent.exe" /MINIMIZED HKU\S-1-5-21-1798749556-42135512-3017293676-1000\SOFTWARE | Run : [SDP] - C:\Program Files (x86)\FilesFrog Update Checker\update_checker.exe /auto HKU\S-1-5-21-1798749556-42135512-3017293676-1000\SOFTWARE | Run : [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe /autoRun HKU\S-1-5-21-1798749556-42135512-3017293676-1000\SOFTWARE | Run : [DAEMON Tools Lite] - "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe ################## | Files # Infected Folders | Found ! G:\FLASH DRIVE (8GB).lnk Found ! G:\autorun.inf Found ! G:\desktop.ini Found ! G:\Thumbs.db ################## | Registry | ################## | Mountpoints2 | HKCU\.\.\.\.\Explorer\MountPoints2\F Shell\AutoRun\Command = F:\AutoRun.exe HKCU\.\.\.\.\Explorer\MountPoints2\{1b83ad01-dfaf-11e0-862e-78843ce2179b} Shell\AutoRun\Command = E:\AutoRun.exe HKCU\.\.\.\.\Explorer\MountPoints2\{33a31f75-2026-11e1-9433-78843ce2179b} Shell\AutoRun\Command = F:\AutoRun.exe HKCU\.\.\.\.\Explorer\MountPoints2\{33a31fc4-2026-11e1-9433-78843ce2179b} Shell\AutoRun\Command = F:\AutoRun.exe HKCU\.\.\.\.\Explorer\MountPoints2\{429fa24a-b897-11e1-8944-90004ecb5f70} Shell\AutoRun\Command = F:\autorun.exe HKCU\.\.\.\.\Explorer\MountPoints2\{429fa273-b897-11e1-8944-90004ecb5f70} Shell\AutoRun\Command = F:\autorun.exe HKCU\.\.\.\.\Explorer\MountPoints2\{51714d8a-d4f7-11e1-8272-90004ecb5f70} Shell\AutoRun\Command = F:\AutoRun.exe HKCU\.\.\.\.\Explorer\MountPoints2\{7d710067-99f9-11e2-bf1a-90004ecb5f70} Shell\AutoRun\Command = F:\AutoRun.exe HKCU\.\.\.\.\Explorer\MountPoints2\{af469198-e6b7-11e0-8670-78843ce2179b} Shell\AutoRun\Command = E:\Autorun.exe HKCU\.\.\.\.\Explorer\MountPoints2\{b6738b8a-df9d-11e0-8934-78843ce2179b} Shell\AutoRun\Command = E:\AutoRun.exe HKCU\.\.\.\.\Explorer\MountPoints2\{b6738b99-df9d-11e0-8934-78843ce2179b} Shell\AutoRun\Command = E:\AutoRun.exe HKCU\.\.\.\.\Explorer\MountPoints2\{f98ef251-bd78-11e2-a2a7-78843ce2179b} Shell\AutoRun\Command = F:\AutoRun.exe ################## | Vaccin | (!) This computer is not vaccinated! ################## | E.O.F | http://sosvirus.net |