############################## | UsbFix 7.058 | [Research] User: Piotr (Administrator) # KORAL [Hewlett-Packard HP 530 Notebook PC(KQ630AA#AKD)] Updated 24/08/2011 by El Desaparecido Started at 21:38:01 | 17/10/2011 Website: http://www.teamxscript.org Submit your sample: http://www.teamxscript.org/Upload.php Contact: TeamXscript.ElDesaparecido@gmail.com CPU: Intel(R) Celeron(R) M CPU 520 @ 1.60GHz Microsoft® Windows Vista™ Home Basic (6.0.6001 32-Bit) # Service Pack 1 Internet Explorer 7.0.6001.18000 Windows Firewall: Enabled RAM -> 3447 Mb C:\ (%systemdrive%) -> Fixed drive # 103 Gb (27 Mb free - 26%) [] # NTFS D:\ -> Fixed drive # 7 Gb (470 Mb free - 6%) [HP_RECOVERY] # NTFS E:\ -> Fixed drive # 2 Gb (1 Mb free - 84%) [OS_TOOLS] # NTFS F:\ -> CD-ROM G:\ -> CD-ROM H:\ -> Fixed drive # 466 Gb (386 Mb free - 83%) [ADATA SH93] # FAT32 ################## | Files # Infected Folders | Found ! C:\Users\Piotr\AppData\Roaming\5B3C.tmp Found ! C:\Users\Piotr\AppData\Roaming\9B88.tmp Found ! C:\Users\Piotr\AppData\Roaming\CDF2.tmp Found ! C:\Users\Piotr\AppData\Roaming\D1A8.tmp Found ! C:\Users\Piotr\AppData\Roaming\F8BA.tmp Found ! C:\Users\Piotr\AppData\Roaming\winvdia.exe Found ! H:\RECYCLER.lnk Found ! H:\od kamila.lnk Found ! H:\$RECYCLE.BIN.lnk Found ! H:\inventor.lnk Found ! H:\album.lnk Found ! H:\mama2.lnk Found ! H:\System Volume Information.lnk Found ! H:\zdjecia piotra.lnk Found ! H:\paralotnie.lnk Found ! H:\nananaa.lnk Found ! H:\nowe.lnk Found ! H:\sesja.lnk Found ! C:\Users\Piotr\AppData\Local\Temp\setup.exe Found ! D:\Autorun.inf ################## | Registry | ################## | Mountpoints2 | HKCU\.\.\.\.\Explorer\MountPoints2\{2efe9e0b-3415-11df-8896-001b38f65118} Shell\AutoRun\Command = G:\AutoExec.exe HKCU\.\.\.\.\Explorer\MountPoints2\{42253f0e-784d-11df-9ce5-001b38f65118} Shell\AutoRun\Command = H:\ZERAVICA\\\\\\\\\\LONDON.exe Shell\explore\Command = H:\ZERAVICA\\\\\\\\\\\\LONDON.exe Shell\open\Command = H:\ZERAVICA\\\\\\\\\\\\LONDON.exe HKCU\.\.\.\.\Explorer\MountPoints2\{4ddb6730-1ea2-11dd-8e57-001b38f65118} Shell\AutoRun\Command = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\copy.exe HKCU\.\.\.\.\Explorer\MountPoints2\{5037b5d4-b176-11dd-b7a4-001b38f65118} Shell\AutoRun\Command = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\copy.exe HKCU\.\.\.\.\Explorer\MountPoints2\{51329d23-14c1-11de-b704-001b38f65118} Shell\AutoRun\Command = G:\uo10sn.cmd Shell\open\Command = G:\uo10sn.cmd HKCU\.\.\.\.\Explorer\MountPoints2\{51952e67-5d9f-11dd-9305-001b38f65118} Shell\AutoRun\Command = G:\hwpcassistant.exe HKCU\.\.\.\.\Explorer\MountPoints2\{51952e6e-5d9f-11dd-9305-001b38f65118} Shell\AutoRun\Command = H:\hwpcassistant.exe HKCU\.\.\.\.\Explorer\MountPoints2\{733782a8-041f-11de-8463-001b38f65118} Shell\AutoRun\Command = G:\hifdmgt.com Shell\open\Command = G:\hifdmgt.com HKCU\.\.\.\.\Explorer\MountPoints2\{7cc39a8c-cdd0-11dd-b4be-001b38f65118} Shell\AutoRun\Command = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\copy.exe HKCU\.\.\.\.\Explorer\MountPoints2\{7cc39bcc-cdd0-11dd-b4be-001b38f65118} Shell\AutoRun\Command = xh319r9b.bat Shell\open\Command = xh319r9b.bat HKCU\.\.\.\.\Explorer\MountPoints2\{83593abd-2316-11dd-a6ac-001b38f65118} Shell\AutoRun\Command = gclwpivc.cmd Shell\open\Command = gclwpivc.cmd HKCU\.\.\.\.\Explorer\MountPoints2\{b17c761d-3dde-11dd-856c-001b38f65118} Shell\AutoRun\Command = G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe Shell\open\Command = G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe ################## | Vaccin | D:\Autorun.inf -> Vaccine created by Panda USB Vaccine ################## | E.O.F |