############################## | UsbFix V 7.087 | [Research] User: ADMIN (Administrator) # ADMIN Updated 05/04/2012 by El Desaparecido Started at 20:55:16 | 07/04/2012 Website: http://eldesaparecido.com Suspicious file ? : http://eldesaparecido.com/upload.html Contact: contact@eldesaparecido.com PC: Dell Computer Corporation (OptiPlex GX260 ) (X86-based PC) # Desktop Computer CPU: Intel(R) Pentium(R) 4 CPU 2.00GHz (2001) RAM -> [ Total : 1023 | Free : 535 ] BIOS: Default System BIOS BOOT: Normal boot OS: Microsoft Windows XP Professional (5.1.2600 32-Bit) # Dodatek Service Pack 3 WB: Windows Internet Explorer 8.0.6001.18702 SC: Security Center Service [ Enabled ] WU: Windows Update Service [ Enabled ] FW: Windows FireWall Service [ Enabled ] C:\ (%systemdrive%) -> Fixed drive # 20 Gb (16 Mb free - 80%) [] # NTFS D:\ -> Fixed drive # 18 Gb (15 Mb free - 86%) [] # NTFS E:\ -> CD-ROM F:\ -> Removable drive # 4 Gb (378 Mb free - 10%) [] # FAT32 ################## | Active Processes | C:\WINDOWS\System32\smss.exe (372) C:\WINDOWS\system32\csrss.exe (800) C:\WINDOWS\system32\winlogon.exe (824) C:\WINDOWS\system32\services.exe (868) C:\WINDOWS\system32\lsass.exe (880) C:\WINDOWS\system32\svchost.exe (1032) C:\WINDOWS\system32\svchost.exe (1168) C:\WINDOWS\System32\svchost.exe (1208) C:\WINDOWS\system32\svchost.exe (1248) C:\WINDOWS\system32\svchost.exe (1300) C:\WINDOWS\Explorer.EXE (1668) C:\WINDOWS\system32\spoolsv.exe (1772) C:\WINDOWS\system32\acs.exe (1812) C:\WINDOWS\system32\svchost.exe (1864) C:\WINDOWS\System32\alg.exe (468) C:\Program Files\TP-LINK\TP-LINK Wireless Client Utility\TWCU.exe (608) C:\WINDOWS\system32\ctfmon.exe (628) C:\WINDOWS\system32\wscntfy.exe (728) C:\Program Files\Windows Media Player\wmplayer.exe (1432) C:\WINDOWS\System32\svchost.exe (2544) C:\Documents and Settings\ADMIN\Dane aplikacji\AE.exe (1384) C:\Documents and Settings\ADMIN\Dane aplikacji\AE.exe (3644) C:\Program Files\Opera\Opera.exe (1412) C:\WINDOWS\notepad.exe (3512) C:\WINDOWS\notepad.exe (1992) C:\UsbFix\Go.exe (1440) C:\WINDOWS\system32\wbem\wmiprvse.exe (2912) ################## | Files # Infected Folders | Found ! F:\PSP.lnk Found ! F:\SEPLUGINS.lnk Found ! F:\ISO.lnk Found ! F:\MP_ROOT.lnk Found ! F:\MUSIC.lnk Found ! F:\PICTURE.lnk Found ! F:\VIDEO.lnk Found ! F:\UMDEMULATOR.lnk Found ! E:\Setup.exe Found ! F:\RECYCLER\bfbd401b.exe Found ! E:\Autorun.inf Found ! F:\autorun.inf Found ! F:\Recycler\desktop.ini ################## | Registry | ################## | Mountpoints2 | HKCU\.\.\.\.\Explorer\MountPoints2\{593dfdb7-8047-11e1-a3e2-806d6172696f} Shell\AutoRun\Command = E:\Setup.exe ################## | Vaccin | (!) This computer is not vaccinated! ################## | E.O.F |