############################## | UsbFix V 7.076 | [Research] User: Dominik Kossakowski (Administrator) # DOMINIK Updated 21/12/2011 by El Desaparecido Started at 23:19:20 | 21/12/2011 Website: http://eldesaparecido.com Suspicious file ? : http://eldesaparecido.com/support.php Contact: contact@eldesaparecido.com PC: GBT___ (AWRDACPI) (X86-based PC) # Desktop Computer CPU: AMD Athlon(tm) 64 Processor 3000+ (1807) RAM -> [ Total : 959 | Free : 532 ] BIOS: Award Modular BIOS v6.00PG BOOT: Normal boot OS: Microsoft Windows XP Professional (5.1.2600 32-Bit) # Dodatek Service Pack 2 WB: Windows Internet Explorer 8.0.6001.18702 SC: Security Center Service [ Enabled ] WU: Windows Update Service [ Enabled ] FW: Windows FireWall Service [ Enabled ] C:\ (%systemdrive%) -> Fixed drive # 19 Gb (197 Mb free - 1%) [] # NTFS E:\ -> CD-ROM F:\ -> Removable drive # 7 Gb (64 Mb free - 1%) [KINGSTON DK] # FAT32 H:\ -> Fixed drive # 298 Gb (74 Mb free - 25%) [My Passport] # FAT32 ################## | Active Processes | C:\WINDOWS\System32\smss.exe (740) C:\WINDOWS\system32\winlogon.exe (840) C:\WINDOWS\system32\services.exe (884) C:\WINDOWS\system32\lsass.exe (896) C:\WINDOWS\system32\svchost.exe (1048) C:\WINDOWS\System32\svchost.exe (1136) C:\WINDOWS\system32\svchost.exe (1184) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (1500) C:\WINDOWS\Explorer.EXE (1644) C:\WINDOWS\system32\spoolsv.exe (1984) C:\WINDOWS\system32\FsUsbExService.Exe (336) C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe (352) C:\WINDOWS\system32\svchost.exe (428) C:\WINDOWS\system32\svchost.exe (488) C:\Program Files\Java\jre6\bin\jqs.exe (552) C:\WINDOWS\System32\svchost.exe (600) C:\WINDOWS\System32\svchost.exe (712) C:\WINDOWS\system32\PnkBstrA.exe (820) C:\WINDOWS\system32\svchost.exe (1172) C:\WINDOWS\system32\RUNDLL32.EXE (1460) C:\WINDOWS\RTHDCPL.EXE (1564) C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe (1608) C:\Program Files\CardDetector\ICON225\CardDetector.exe (1616) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (1604) C:\Program Files\Unlocker\UnlockerAssistant.exe (1696) C:\Program Files\Alwil Software\Avast5\avastUI.exe (2064) C:\Program Files\Common Files\Java\Java Update\jusched.exe (2092) C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (2108) C:\WINDOWS\system32\ctfmon.exe (2168) C:\Program Files\Desktop Sidebar\dsidebar.exe (2180) C:\Program Files\OrangeBS\BEWInternet-PL\Launcher\Launcher.exe (2264) C:\Program Files\DAEMON Tools Lite\DTLite.exe (2312) C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe (2416) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (2476) C:\Program Files\Logitech\SetPoint\SetPoint.exe (2528) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE (2712) C:\Program Files\OrangeBS\BEWInternet-PL\systray\systrayapp.exe (3500) C:\Program Files\OrangeBS\BEWInternet-PL\connectivity\connectivitymanager.exe (3536) C:\Program Files\OrangeBS\BEWInternet-PL\PhoneTools\TextMessaging.exe (3548) C:\Program Files\OrangeBS\BEWInternet-PL\Deskboard\deskboard.exe (3564) C:\WINDOWS\system32\wbem\wmiapsrv.exe (3576) C:\Program Files\OrangeBS\BEWInternet-PL\connectivity\CoreCom\CoreCom.exe (3600) C:\WINDOWS\system32\wuauclt.exe (3616) C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe (3680) C:\Program Files\OrangeBS\BEWInternet-PL\connectivity\CoreCom\OraConfigRecover.exe (560) C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe (2252) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe (1624) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe (2272) C:\Program Files\WapSter\WapSter AQQ\AQQ.exe (2084) C:\Program Files\Opera\opera.exe (2876) C:\Program Files\AIMP2\AIMP2.exe (3036) C:\UsbFix\UsbFix.exe (1076) C:\WINDOWS\system32\wscntfy.exe (3480) ################## | Files # Infected Folders | Found ! C:\DOCUME~1\DOMINI~1\USTAWI~1\Temp\AutoRun.exe ################## | Registry | ################## | Mountpoints2 | HKCU\.\.\.\.\Explorer\MountPoints2\{78db02ca-f409-11df-bbcf-001485361ff2} Shell\AutoRun\Command = F:\i00dvoym.exe Shell\open\Command = F:\i00dvoym.exe ################## | Vaccin | C:\autorun.inf -> Vaccine created by Flash_Disinfector (sUBs) ################## | E.O.F |