############################## | UsbFix V 7.129 | [Research] User: R3101 (Administrator) # R3101-KOMPUTER Updated 24/06/2013 by El Desaparecido Started at 19:05:39 | 05/07/2013 Website: http://sosvirus.net/ Upload Malware: http://www.sosvirus.net/upload-malware-pour-analyse-t489.html Contact: contact@sosvirus.net PC: FUJITSU (ESPRIMO P2560 ) (X86-based PC) CPU: Pentium(R) Dual-Core CPU E5800 @ 3.20GHz (3200) RAM -> [Total : 1920 | Free : 422] BIOS: Version 6.00 R1.02.3041.A1 BOOT: Normal boot OS: Microsoft Windows 7 Professional (6.1.7601 32-Bit) # Service Pack 1 WB: Windows Internet Explorer 10.0.9200.16618 SC: Security Center Service [Enabled] WU: Windows Update Service [Enabled] AV: Panda Cloud Antivirus [(!) Disabled | Updated] FW: Windows FireWall Service [(!) Disabled] C:\ (%systemdrive%) -> Fixed drive # 464 Gb (405 Mb free - 87%) [System] # NTFS D:\ -> Fixed drive # 190 Gb (63 Mb free - 33%) [BACKUP] # NTFS E:\ -> CD-ROM F:\ -> Removable drive # 7 Gb (2 Mb free - 23%) [TOSHIBA] # FAT32 ################## | Active Processes | C:\Windows\system32\csrss.exe (1372) C:\Windows\system32\wininit.exe (1424) C:\Windows\system32\csrss.exe (1440) C:\Windows\system32\winlogon.exe (1472) C:\Windows\system32\services.exe (1532) C:\Windows\system32\lsass.exe (1540) C:\Windows\system32\lsm.exe (1552) C:\Windows\system32\svchost.exe (1660) C:\Windows\system32\svchost.exe (1740) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (1788) C:\Windows\system32\svchost.exe (1872) C:\Windows\System32\svchost.exe (1924) C:\Windows\System32\svchost.exe (1968) C:\Windows\system32\svchost.exe (2004) C:\Windows\system32\svchost.exe (408) C:\Windows\system32\svchost.exe (492) C:\Windows\System32\spoolsv.exe (868) C:\Windows\system32\svchost.exe (948) C:\Windows\system32\taskhost.exe (992) C:\Windows\system32\Dwm.exe (1080) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (1156) C:\Program Files\cFosSpeed\spd.exe (1240) C:\Windows\system32\svchost.exe (1388) C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe (1416) C:\Windows\Explorer.EXE (1520) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (2052) C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (2068) C:\Windows\System32\hkcmd.exe (2084) C:\Windows\System32\igfxpers.exe (2108) C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe (2116) C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe (2140) C:\Program Files\cFosSpeed\cfosspeed.exe (2560) C:\Program Files\Secunia\PSI\psi_tray.exe (2608) C:\Users\R3101\AppData\Roaming\Dropbox\bin\Dropbox.exe (2624) C:\Windows\system32\svchost.exe (2796) C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe (2820) C:\Windows\System32\svchost.exe (2876) C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe (2908) C:\Windows\System32\svchost.exe (2944) C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe (2964) C:\Program Files\Secunia\PSI\PSIA.exe (2996) C:\Windows\system32\SearchIndexer.exe (2660) C:\Windows\system32\svchost.exe (2684) C:\Program Files\Google\Update\GoogleUpdate.exe (188) C:\Windows\system32\svchost.exe (3216) C:\Windows\System32\svchost.exe (860) C:\Windows\system32\svchost.exe (2700) C:\Windows\system32\PrintIsolationHost.exe (172) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (972) C:\Program Files\Mozilla Thunderbird\thunderbird.exe (1248) C:\Program Files\Google\Chrome\Application\chrome.exe (5920) C:\Program Files\Google\Chrome\Application\chrome.exe (2988) C:\Program Files\Google\Chrome\Application\chrome.exe (5008) C:\Program Files\Google\Chrome\Application\chrome.exe (4352) C:\Program Files\Google\Chrome\Application\chrome.exe (2200) C:\Program Files\Google\Chrome\Application\chrome.exe (4312) C:\Program Files\Google\Chrome\Application\chrome.exe (4308) C:\Windows\system32\wbem\wmiprvse.exe (5760) C:\Program Files\Google\Chrome\Application\chrome.exe (5448) C:\Windows\System32\WUDFHost.exe (3520) C:\UsbFix\Go.exe (4296) C:\Program Files\Internet Explorer\iexplore.exe (1624) C:\Program Files\Internet Explorer\iexplore.exe (5296) C:\Windows\system32\SearchProtocolHost.exe (4784) C:\Windows\system32\SearchFilterHost.exe (5528) ################## | El Desaparecido Section | HKLM\SOFTWARE | Run : [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s HKLM\SOFTWARE | Run : [COMODO Internet Security] - "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h HKLM\SOFTWARE | Run : [IgfxTray] - C:\Windows\system32\igfxtray.exe HKLM\SOFTWARE | Run : [HotKeysCmds] - C:\Windows\system32\hkcmd.exe HKLM\SOFTWARE | Run : [Persistence] - C:\Windows\system32\igfxpers.exe HKLM\SOFTWARE | Run : [ToolBoxFX] - "C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on HKLM\SOFTWARE | Run : [PSUAMain] - "C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" /LaunchSysTray HKLM\SOFTWARE | Run : [cFosSpeed] - C:\Program Files\cFosSpeed\cFosSpeed.exe HKLM\SOFTWARE | RunOnce : [] - HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe ################## | Files # Infected Folders | Found ! F:\TOSHIBA (8GB).lnk Found ! C:\0x0304A000.sfl Found ! F:\autorun.inf Found ! F:\desktop.ini Found ! F:\Thumbs.db ################## | Registry | ################## | Mountpoints2 | ################## | Vaccin | (!) This computer is not vaccinated! ################## | E.O.F | http://sosvirus.net |