############################## | UsbFix V 7.129 | [Research]

User: Corri (Administrator) # CORRI-F0A27FF43
Updated 24/06/2013 by El Desaparecido
Started at 14:04:45 | 20/07/2013

Website: http://sosvirus.net/
Upload Malware: http://www.sosvirus.net/upload-malware-pour-analyse-t489.html
Contact: contact@sosvirus.net

PC: System manufacturer (System Product Name) (X86-based PC)
CPU: AMD Athlon(tm) 64 Processor 3500+ (2194)
RAM -> [Total : 2047 | Free : 1299]
BIOS: BIOS Date: 05/21/07 23:44:23 Ver: 08.00.12
BOOT: Normal boot

OS: Microsoft Windows XP Home Edition (5.1.2600 32-Bit) # Dodatek Service Pack 3
WB: Windows Internet Explorer 8.0.6001.18702

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Fixed drive # 39 Gb (18 Mb free - 46%) [] # NTFS
D:\ -> Fixed drive # 49 Gb (42 Mb free - 86%) [] # NTFS
E:\ -> Fixed drive # 61 Gb (29 Mb free - 47%) [] # NTFS
F:\ -> CD-ROM
G:\ -> Removable drive # 944 Mb (813 Mb free - 86%) [ZEN STONE] # FAT32
H:\ -> Removable drive # 7 Gb (4 Mb free - 54%) [] # FAT32

################## | Active Processes |

C:\WINDOWS\System32\smss.exe (856)
C:\WINDOWS\system32\csrss.exe (908)
C:\WINDOWS\system32\winlogon.exe (932)
C:\WINDOWS\system32\services.exe (976)
C:\WINDOWS\system32\lsass.exe (988)
C:\WINDOWS\system32\svchost.exe (1140)
C:\WINDOWS\system32\svchost.exe (1252)
C:\WINDOWS\System32\svchost.exe (1396)
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (1560)
C:\WINDOWS\Explorer.EXE (1692)
C:\WINDOWS\system32\svchost.exe (1776)
C:\WINDOWS\system32\svchost.exe (1876)
C:\WINDOWS\system32\ZoneLabs\vsmon.exe (2024)
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (848)
C:\WINDOWS\system32\spoolsv.exe (1628)
C:\WINDOWS\RTHDCPL.EXE (224)
C:\Program Files\Common Files\Symantec Shared\ccApp.exe (1480)
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (1036)
C:\Program Files\Microsoft IntelliPoint\ipoint.exe (200)
C:\WINDOWS\system32\RunDLL32.exe (1908)
C:\WINDOWS\system32\ctfmon.exe (824)
C:\WINDOWS\system32\nvsvc32.exe (2120)
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (2228)
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (2568)
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (3384)
C:\WINDOWS\System32\alg.exe (1844)
C:\WINDOWS\system32\wscntfy.exe (1424)
C:\Program Files\Opera\opera.exe (3208)
C:\UsbFix\Go.exe (3432)
C:\WINDOWS\system32\wbem\wmiprvse.exe (3416)

################## | El Desaparecido Section |

HKLM\SOFTWARE | Run : [RTHDCPL] - RTHDCPL.EXE
HKLM\SOFTWARE | Run : [SkyTel] - SkyTel.EXE
HKLM\SOFTWARE | Run : [ccApp] - "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
HKLM\SOFTWARE | Run : [ZoneAlarm Client] - "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE | Run : [IntelliPoint] - "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
HKLM\SOFTWARE | Run : [Bonus.SSR.FR11] - "C:\Program Files\ABBYY FineReader 11\Bonus.ScreenshotReader.exe" /autorun
HKLM\SOFTWARE | Run : [NvCplDaemon] - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\SOFTWARE | Run : [NvMediaCenter] - RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
HKLM\SOFTWARE | RunOnce : [] - 
HKU\S-1-5-21-1606980848-413027322-725345543-1004\SOFTWARE | Run : [DAEMON Tools Lite] - "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
HKU\S-1-5-21-1606980848-413027322-725345543-1004\SOFTWARE | Run : [ctfmon.exe] - C:\WINDOWS\system32\ctfmon.exe
HKU\S-1-5-21-1606980848-413027322-725345543-1009\SOFTWARE | Run : [CTFMON.EXE] - C:\WINDOWS\system32\CTFMON.EXE
HKU\S-1-5-18\SOFTWARE | Run : [CTFMON.EXE] - C:\WINDOWS\system32\CTFMON.EXE

################## | Files # Infected Folders |

Found ! H:\Ringtones.lnk
Found ! H:\media.lnk
Found ! H:\Alarms.lnk
Found ! H:\Pictures.lnk
Found ! H:\Movies.lnk
Found ! H:\Download.lnk
Found ! H:\.showme.lnk
Found ! H:\eBooks.lnk
Found ! H:\Digital Editions.lnk
Found ! H:\.cr3.lnk
Found ! H:\Books.lnk
Found ! H:\.com.mobisystems.office.lnk
Found ! H:\bugreports.lnk
Found ! H:\soundhound.lnk
Found ! H:\downloads.lnk
Found ! H:\.com.mobisystems.editor.office_registered.lnk
Found ! H:\tjcache.lnk
Found ! H:\data.lnk
Found ! H:\.rhmsoft.lnk
Found ! H:\ProgramData.lnk
Found ! H:\LOST.DIR.lnk
Found ! H:\.android_secure.lnk
Found ! H:\.data.lnk
Found ! H:\My Documents.lnk
Found ! H:\Android.lnk
Found ! H:\tmp.lnk
Found ! H:\.adobe-digital-editions.lnk
Found ! H:\Notifications.lnk
Found ! H:\dcim.lnk
Found ! H:\Music.lnk
Found ! H:\Podcasts.lnk
Found ! H:\ideal.lnk
Found ! G:\Recycler\e621ca05.exe
Found ! H:\Recycler\e621ca05.exe
Found ! G:\Recycler\desktop.ini
Found ! H:\Recycler\desktop.ini

################## | Registry |


################## | Mountpoints2 |



################## | Vaccin |

C:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
D:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
E:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
G:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
H:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)

################## | E.O.F | http://sosvirus.net |