############################## | UsbFix V 7.076 | [Research] User: Kuba (Administrator) # 5DABC2EA8C244A8 Updated 21/12/2011 by El Desaparecido Started at 12:59:14 | 25/12/2011 Website: http://eldesaparecido.com Suspicious file ? : http://eldesaparecido.com/support.php Contact: contact@eldesaparecido.com PC: Gigabyte Technology Co., Ltd. (G31M-ES2L) (X86-based PC) # Desktop Computer CPU: Intel(R) Core(TM)2 Duo CPU E4600 @ 2.40GHz (2400) RAM -> [ Total : 2046 | Free : 1175 ] BIOS: Award Modular BIOS v6.00PG BOOT: Normal boot OS: Microsoft Windows XP Home Edition (5.1.2600 32-Bit) # Dodatek Service Pack 3 WB: Windows Internet Explorer 6.0.2900.5512 SC: Security Center Service [ Enabled ] WU: Windows Update Service [ Enabled ] FW: Windows FireWall Service [ Enabled ] C:\ (%systemdrive%) -> Fixed drive # 98 Gb (6 Mb free - 6%) [] # NTFS D:\ -> Fixed drive # 135 Gb (79 Mb free - 58%) [] # NTFS I:\ -> CD-ROM J:\ -> CD-ROM K:\ -> Fixed drive # 298 Gb (165 Mb free - 55%) [DYSK MATI] # FAT32 ################## | Active Processes | C:\WINDOWS\System32\smss.exe (604) C:\WINDOWS\system32\winlogon.exe (688) C:\WINDOWS\system32\services.exe (732) C:\WINDOWS\system32\lsass.exe (744) C:\WINDOWS\system32\Ati2evxx.exe (928) C:\WINDOWS\system32\svchost.exe (948) C:\WINDOWS\System32\svchost.exe (1124) C:\WINDOWS\system32\Ati2evxx.exe (1416) C:\WINDOWS\system32\spoolsv.exe (1500) C:\Program Files\Avira\AntiVir Desktop\sched.exe (1584) C:\WINDOWS\Explorer.EXE (364) C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe (1472) C:\WINDOWS\RTHDCPL.EXE (1524) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (788) C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (1596) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (1636) C:\Program Files\Common Files\Java\Java Update\jusched.exe (1544) C:\WINDOWS\system32\ctfmon.exe (1684) C:\Program Files\Gadu-Gadu 10\gg.exe (1788) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (1796) C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (1812) C:\Program Files\DAEMON Tools Lite\DTLite.exe (1820) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (1996) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (1064) C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe (1076) C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE (1312) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (1928) C:\WINDOWS\system32\svchost.exe (2008) C:\Program Files\Java\jre6\bin\jqs.exe (2036) C:\Program Files\Common Files\LightScribe\LSSrvc.exe (2088) C:\WINDOWS\System32\svchost.exe (2220) C:\WINDOWS\System32\svchost.exe (2360) C:\WINDOWS\system32\svchost.exe (2412) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (2600) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (2752) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (3200) C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (3532) C:\WINDOWS\system32\wbem\wmiapsrv.exe (4028) C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe (1512) C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe (3580) C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe (1724) C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe (3832) C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe (3856) C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe (648) C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe (108) C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe (2676) C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe (3900) C:\Documents and Settings\Kuba\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe (2404) C:\UsbFix\Go.exe (3756) ################## | Files # Infected Folders | Found ! K:\SamsungSoftware.lnk Found ! K:\kartra.lnk Found ! K:\System Volume Information.lnk Found ! K:\FormatFactory.lnk Found ! K:\karta telll.lnk Found ! K:\Jawor.lnk Found ! K:\Recycled.lnk Found ! K:\jhgjhgjhggyguiyru.lnk Found ! K:\Symulator Demolki Demo.lnk Found ! K:\Symulator Farmy 2011.lnk Found ! K:\Mati.lnk Found ! K:\Filmy.lnk Found ! K:\Echo.lnk Found ! K:\kus.lnk Found ! K:\Warblade.lnk Found ! K:\PhotoFiltre.lnk Found ! K:\$RECYCLE.BIN.lnk Found ! K:\Config.Msi.lnk Found ! K:\temp.lnk Found ! K:\Chada.lnk Found ! C:\DOCUME~1\Kuba\USTAWI~1\Temp\cci.exe Found ! K:\Recycler\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx Found ! K:\biriprg.exe Found ! K:\explorer.exe Found ! K:\Recycler\desktop.ini Found ! K:\Recycler\S-5-3-42-2819952290-8240758988-879315005-3665 Found ! K:\System Volume Information\_restore{3898CEF0-6FAF-4B2B-A94B-E9D814507B4D}\RP8\A0007338.EXE ################## | Registry | ################## | Mountpoints2 | ################## | Vaccin | (!) This computer is not vaccinated! ################## | E.O.F |