############################## | UsbFix V 7.081 | [Research]

User: Jan (Administrator) # 9BB44B59
Updated 05/02/2012 by El Desaparecido
Started at 08:55:55 | 11/02/2012

Website: http://eldesaparecido.com
Suspicious file ? : http://eldesaparecido.com/upload.html
Contact: contact@eldesaparecido.com

PC: ASUSTeK Computer Inc.         (K50IJ               ) (X86-based PC) # Notebook
CPU: Intel(R) Core(TM)2 Duo CPU     T5870  @ 2.00GHz (2000)
RAM -> [ Total : 3037 | Free : 1932 ]
BIOS: Default System BIOS
BOOT: Normal boot

OS: Microsoft Windows XP Professional (5.1.2600 32-Bit) # Dodatek Service Pack 3
WB: Windows Internet Explorer 6.0.2900.5512

SC: Security Center Service [ Enabled ]
WU: Windows Update Service [ Enabled ]
FW: Windows FireWall Service [ Enabled ]

C:\ (%systemdrive%) -> Fixed drive # 146 Gb (8 Mb free - 5%) [] # NTFS
D:\ -> CD-ROM
E:\ -> Fixed drive # 152 Gb (3 Mb free - 2%) [] # NTFS
F:\ -> Removable drive # 970 Mb (970 Mb free - 100%) [] # FAT32
H:\ -> Fixed drive # 466 Gb (465 Mb free - 100%) [LG External HDD] # NTFS

################## | Active Processes |

C:\WINDOWS\System32\smss.exe (800)
C:\WINDOWS\system32\winlogon.exe (888)
C:\WINDOWS\system32\services.exe (932)
C:\WINDOWS\system32\lsass.exe (944)
C:\WINDOWS\system32\svchost.exe (1092)
C:\WINDOWS\System32\svchost.exe (1216)
C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe (1520)
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (1532)
C:\Program Files\AVAST Software\Avast\AvastSvc.exe (1596)
C:\WINDOWS\Explorer.EXE (1956)
C:\WINDOWS\system32\svchost.exe (2036)
C:\WINDOWS\system32\spoolsv.exe (600)
C:\Program Files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe (1280)
C:\WINDOWS\System32\svchost.exe (1260)
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (1324)
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (1624)
C:\Program Files\Java\jre6\bin\jqs.exe (1656)
C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe (1724)
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe (1780)
C:\WINDOWS\system32\IoctlSvc.exe (1880)
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (1932)
C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe (2076)
C:\Program Files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe (2120)
C:\WINDOWS\system32\svchost.exe (2136)
C:\WINDOWS\system32\wscntfy.exe (2584)
C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe (3224)
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe (3472)
C:\Program Files\ASUS\ATK Hotkey\MsgTranAgt.exe (3508)
C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe (3528)
C:\Program Files\ASUS\ATK Hotkey\HControl.exe (3564)
C:\Program Files\ASUS\ATK Media\DMedia.exe (3580)
C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe (3636)
C:\Program Files\ASUS\ASUS Live Update\ALU.exe (3652)
C:\Program Files\ASUS\Net4Switch\Net4Switch.exe (3680)
C:\Program Files\ASUS\Wireless Console 3\wcourier.exe (3708)
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe (3716)
C:\WINDOWS\AsScrPro.exe (3760)
C:\Program Files\ASUS\Splendid\ACMON.exe (3780)
C:\Program Files\Elantech\ETDCtrl.exe (3796)
C:\Program Files\Winamp\winampa.exe (3804)
C:\Program Files\Java\jre6\bin\jusched.exe (3824)
C:\Program Files\Common Files\Real\Update_OB\realsched.exe (3840)
C:\WINDOWS\system32\ACEngSvr.exe (3884)
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe (3916)
C:\Program Files\AVAST Software\Avast\avastUI.exe (4012)
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (172)
C:\WINDOWS\system32\hkcmd.exe (492)
C:\WINDOWS\system32\igfxpers.exe (780)
C:\Program Files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe (2012)
C:\Program Files\Messenger\msmsgs.exe (2072)
C:\Program Files\Mozilla Firefox\firefox.exe (592)
C:\Program Files\Skype\Phone\Skype.exe (2484)
C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe (2788)
C:\Documents and Settings\Jan\Ustawienia lokalne\Dane aplikacji\Akamai\netsession_win.exe (2296)
C:\Documents and Settings\Jan\Ustawienia lokalne\Dane aplikacji\Akamai\netsession_win.exe (2840)
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe (584)
C:\Program Files\OpenOffice.ux.pl 3\program\soffice.exe (3228)
C:\Program Files\OpenOffice.ux.pl 3\program\soffice.bin (2868)
C:\Program Files\Java\jre6\bin\jucheck.exe (2712)
C:\WINDOWS\system32\wbem\wmiapsrv.exe (1980)
C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (1800)
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe (2020)
C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe (3244)
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (1424)
C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe (3820)
C:\Program Files\ASUS\ATK Hotkey\WDC.exe (3812)
C:\UsbFix\Go.exe (2188)

################## | Files # Infected Folders |

Found ! C:\DOCUME~1\Jan\USTAWI~1\Temp\161.exe
Found ! C:\DOCUME~1\Jan\USTAWI~1\Temp\292335.exe
Found ! C:\DOCUME~1\Jan\USTAWI~1\Temp\458181.exe
Found ! C:\DOCUME~1\Jan\USTAWI~1\Temp\496261.exe
Found ! C:\DOCUME~1\Jan\USTAWI~1\Temp\833523.exe
Found ! C:\DOCUME~1\Jan\USTAWI~1\Temp\88909.exe
Found ! C:\DOCUME~1\Jan\USTAWI~1\Temp\911939.exe
Found ! C:\DOCUME~1\Jan\USTAWI~1\Temp\926254.exe
Found ! C:\DOCUME~1\Jan\USTAWI~1\Temp\94725.exe
Found ! C:\DOCUME~1\Jan\USTAWI~1\Temp\AutoRun.exe
Found ! E:\MUZYKA
Found ! F:\autorun.inf
Found ! H:\autorun.inf

################## | Registry |


################## | Mountpoints2 |

HKCU\.\.\.\.\Explorer\MountPoints2\{95001783-4f39-11e0-80ad-0022439c1caa}
Shell\AutoRun\Command = sonics/game.exe
Shell\Explore\Command = sonics/game.exe
Shell\Open\Command = sonics/game.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{c6a67e9c-9c9f-11df-bef9-0022439c1caa}
Shell\AutoRun\Command = F:\LaunchU3.exe -a

HKCU\.\.\.\.\Explorer\MountPoints2\{cbe4fbf0-1f3a-11df-bd63-0022439c1caa}
Shell\AutoRun\Command = HITTIDOGI///puyto.exe
Shell\open\Command = HITTIDOGI///puyto.exe



################## | Vaccin |

(!) This computer is not vaccinated!

################## | E.O.F |