############################## | UsbFix V 7.130 | [Research] User: Administrateur (Administrator) # BE15B Updated 20/08/2013 by El Desaparecido Started at 14:42:40 | 24/04/2014 Website: http://sosvirus.net/ Upload Malware: http://sosvirus.net/viewtopic.php?f=6&t=489 Contact: eldesaparecido@sosvirus.net PC: System manufacturer (System Product Name) (x64-based PC) CPU: Processeur Intel(R) Pentium(R) III Xeon (3006) CPU: Processeur Intel(R) Pentium(R) III Xeon (3006) RAM -> [Total : 4095 | Free : 2891] BIOS: Default System BIOS BOOT: Normal boot OS: Microsoft(R) Windows(R) XP Professionnel Edition x64 (5.2.3790 64-Bit) # Service Pack 2 WB: Windows Internet Explorer 6.0.3790.1830 SC: Security Center Service [Enabled] WU: Windows Update Service [Enabled] FW: Windows FireWall Service [Enabled] C:\ (%systemdrive%) -> Fixed drive # 233 Gb (49 Mb free - 21%) [] # NTFS D:\ -> Removable drive # 2 Gb (1 Mb free - 55%) [KINGSTON] # FAT32 E:\ -> Removable drive # 7 Gb (3 Mb free - 41%) [] # FAT32 ################## | Active Processes | C:\WINDOWS\system32\winlogon.exe (360) C:\WINDOWS\system32\services.exe (408) C:\WINDOWS\system32\lsass.exe (420) C:\WINDOWS\system32\svchost.exe (648) C:\WINDOWS\System32\svchost.exe (752) C:\WINDOWS\System32\svchost.exe (1224) C:\WINDOWS\explorer.exe (2736) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (3688) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (2812) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (1524) C:\UsbFix\Go.exe (1700) ################## | El Desaparecido Section | HKLM\SOFTWARE | Run : [SwitchBoard] - "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" HKLM\SOFTWARE | Run : [AdobeCS6ServiceManager] - "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin HKLM\SOFTWARE | Run : [ControlCenter4] - "C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe" /autorun HKLM\SOFTWARE | Run : [BrStsMon00] - "C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe" /AUTORUN HKLM\SOFTWARE | Run : [Device Detector] - DevDetect.exe -autorun HKLM\SOFTWARE | Run : [BrStsMon01] - "C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe" /AUTORUN HKLM\SOFTWARE | Run : [avast] - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui HKLM\SOFTWARE\wow6432Node | Run : [SwitchBoard] - "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" HKLM\SOFTWARE\wow6432Node | Run : [AdobeCS6ServiceManager] - "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin HKLM\SOFTWARE\wow6432Node | Run : [ControlCenter4] - "C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe" /autorun HKLM\SOFTWARE\wow6432Node | Run : [BrStsMon00] - "C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe" /AUTORUN HKLM\SOFTWARE\wow6432Node | Run : [Device Detector] - DevDetect.exe -autorun HKLM\SOFTWARE\wow6432Node | Run : [BrStsMon01] - "C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe" /AUTORUN HKLM\SOFTWARE\wow6432Node | Run : [avast] - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui HKLM\SOFTWARE | RunOnce : [] - HKLM\SOFTWARE\wow6432Node | RunOnce : [] - HKU\S-1-5-19\SOFTWARE | Run : [CTFMON.EXE] - C:\WINDOWS\system32\CTFMON.EXE HKU\S-1-5-20\SOFTWARE | Run : [CTFMON.EXE] - C:\WINDOWS\system32\CTFMON.EXE HKU\S-1-5-18\SOFTWARE | Run : [CTFMON.EXE] - C:\WINDOWS\system32\CTFMON.EXE HKU\S-1-5-19\SOFTWARE | RunOnce : [tscuninstall] - %systemroot%\system32\tscupgrd.exe HKU\S-1-5-20\SOFTWARE | RunOnce : [tscuninstall] - %systemroot%\system32\tscupgrd.exe HKU\S-1-5-18\SOFTWARE | RunOnce : [tscuninstall] - %systemroot%\system32\tscupgrd.exe ################## | Files # Infected Folders | Found ! E:\snkb0pt Found ! X:\autorun.inf Found ! X:\snkb0pt\desktop.ini Found ! X:\snkb0pt\snkb0pt.exe Found ! X:\snkb0pt Found ! Y:\autorun.inf Found ! Y:\snkb0pt\desktop.ini Found ! Y:\snkb0pt\snkb0pt.exe Found ! Y:\snkb0pt Found ! Z:\autorun.inf Found ! Z:\snkb0pt\desktop.ini Found ! Z:\snkb0pt\snkb0pt.exe Found ! Z:\snkb0pt ################## | Registry | ################## | Mountpoints2 | ################## | Vaccin | C:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido) D:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido) E:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido) ################## | E.O.F | http://sosvirus.net |