############################## | UsbFix V 7.100 | [Research] User: USER (Administrator) # USER-6CC3E65A32 Updated 11/11/2012 by El Desaparecido Started at 20:01:01 | 14/11/2012 Website: http://sosvirus.org Contact: contact@eldesaparecido.com PC: Gigabyte Technology Co., Ltd. (G31M-ES2L) (X86-based PC CPU: Procesor Intel Pentium III Xeon (2500) CPU: Procesor Intel Pentium III Xeon (2500) RAM -> [Total : 2037 | Free : 1673] BIOS: Award Modular BIOS v6.00PG BOOT: Normal boot OS: Microsoft Windows XP Professional (5.1.2600 32-Bit) # Dodatek Service Pack 2 WB: Windows Internet Explorer 6.0.2900.2180 SC: Security Center Service [Enabled] WU: Windows Update Service [Enabled] FW: Windows FireWall Service [Enabled] C:\ (%systemdrive%) -> Fixed drive # 19 Gb (3 Mb free - 15%) [] # NTFS D:\ -> Fixed drive # 19 Gb (16 Mb free - 86%) [Dane] # NTFS E:\ -> CD-ROM F:\ -> Removable drive # 4 Gb (4 Mb free - 96%) [KINGSTON] # FAT32 ################## | Active Processes | C:\WINDOWS\System32\smss.exe (456) C:\WINDOWS\system32\winlogon.exe (896) C:\WINDOWS\system32\services.exe (940) C:\WINDOWS\system32\savedump.exe (952) C:\WINDOWS\system32\lsass.exe (960) C:\WINDOWS\system32\svchost.exe (1112) C:\WINDOWS\System32\svchost.exe (1236) C:\WINDOWS\system32\spoolsv.exe (1740) C:\WINDOWS\Explorer.EXE (236) C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe (572) C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE (592) C:\WINDOWS\system32\FsUsbExService.Exe (616) C:\WINDOWS\system32\svchost.exe (668) C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe (852) C:\WINDOWS\system32\igfxtray.exe (868) C:\WINDOWS\system32\hkcmd.exe (876) C:\WINDOWS\system32\igfxpers.exe (844) C:\WINDOWS\RTHDCPL.EXE (1140) C:\WINDOWS\system32\igfxsrvc.exe (1296) C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (1320) C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (1348) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (1376) C:\Program Files\Messenger\msmsgs.exe (1460) C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (1576) C:\Documents and Settings\USER\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe (1592) C:\Program Files\Ralink_RT2460\RaConfig.exe (1848) C:\WINDOWS\system32\WISPTIS.EXE (2388) C:\UsbFix\Go.exe (2600) C:\WINDOWS\system32\wuauclt.exe (2724) ################## | Files # Infected Folders | Found ! C:\DOCUME~1\USER\USTAWI~1\Temp\InstallerMessageBox.exe Found ! C:\DOCUME~1\USER\USTAWI~1\Temp\NPSInstallerProxy.exe Found ! C:\DOCUME~1\USER\USTAWI~1\Temp\nodqq.exe Found ! C:\DOCUME~1\USER\USTAWI~1\Temp\nodqq0.dll Found ! C:\DOCUME~1\USER\USTAWI~1\Temp\nodqq1.dll Found ! C:\12gn6id2.exe Found ! C:\autorun.inf Found ! D:\12gn6id2.exe Found ! D:\autorun.inf Found ! F:\12gn6id2.exe Found ! F:\autorun.inf Found ! C:\Documents and Settings\USER\Ustawienia lokalne\Temp\nodqq.exe Found ! F:\_OTL\MovedFiles\11142012_192858\D_\12gn6id2.exe Found ! F:\_OTL\MovedFiles\11142012_192858\C_\12gn6id2.exe Found ! F:\_OTL\MovedFiles\11142012_192858\F_\12gn6id2.exe ################## | Registry | Found ! HKLM\Software\Classes\CLSID\MADOWN Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|nod32 ################## | Mountpoints2 | HKCU\.\.\.\.\Explorer\MountPoints2\C Shell\AutoRun\Command = C:\12gn6id2.exe Shell\open\Command = C:\12gn6id2.exe HKCU\.\.\.\.\Explorer\MountPoints2\D Shell\AutoRun\Command = D:\12gn6id2.exe Shell\open\Command = D:\12gn6id2.exe HKCU\.\.\.\.\Explorer\MountPoints2\{0f02cec4-deb9-11df-ad4b-0080c6e8ec4f} Shell\AutoRun\Command = F:\12gn6id2.exe Shell\open\Command = F:\12gn6id2.exe HKCU\.\.\.\.\Explorer\MountPoints2\{0f02cec5-deb9-11df-ad4b-0080c6e8ec4f} Shell\AutoRun\Command = G:\12gn6id2.exe Shell\open\Command = G:\12gn6id2.exe HKCU\.\.\.\.\Explorer\MountPoints2\{1886c520-6458-11e0-aebd-0080c6e8ec4f} Shell\AutoRun\Command = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn HKCU\.\.\.\.\Explorer\MountPoints2\{2bd77560-7f1b-11e0-af23-0080c6e8ec4f} Shell\AutoRun\Command = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn HKCU\.\.\.\.\Explorer\MountPoints2\{48249bb2-b530-11e0-b012-0080c6e8ec4f} Shell\AutoRun\Command = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn HKCU\.\.\.\.\Explorer\MountPoints2\{5c05cf58-80ae-11e1-b309-0080c6e8ec4f} Shell\AutoRun\Command = F:\12gn6id2.exe Shell\open\Command = F:\12gn6id2.exe HKCU\.\.\.\.\Explorer\MountPoints2\{69981d60-b3fd-11e1-b411-0080c6e8ec4f} Shell\AutoRun\Command = F:\12gn6id2.exe Shell\open\Command = F:\12gn6id2.exe HKCU\.\.\.\.\Explorer\MountPoints2\{a594a06e-c155-11e1-b449-0080c6e8ec4f} Shell\AutoRun\Command = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn HKCU\.\.\.\.\Explorer\MountPoints2\{a8f2ea3c-8ad0-11e0-af4d-0080c6e8ec4f} Shell\AutoRun\Command = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn HKCU\.\.\.\.\Explorer\MountPoints2\{b88395ed-7831-11e1-b2e6-0080c6e8ec4f} Shell\AutoRun\Command = F:\12gn6id2.exe Shell\open\Command = F:\12gn6id2.exe HKCU\.\.\.\.\Explorer\MountPoints2\{b937d6d4-7d81-11e0-af17-0080c6e8ec4f} Shell\AutoRun\Command = F:\12gn6id2.exe Shell\open\Command = F:\12gn6id2.exe HKCU\.\.\.\.\Explorer\MountPoints2\{d20b1bcc-e50a-11df-ad55-0080c6e8ec4f} Shell\AutoRun\Command = F:\12gn6id2.exe Shell\open\Command = F:\12gn6id2.exe HKCU\.\.\.\.\Explorer\MountPoints2\{dc191b84-26f3-11e0-adff-0080c6e8ec4f} Shell\AutoRun\Command = F:\12gn6id2.exe Shell\open\Command = F:\12gn6id2.exe HKCU\.\.\.\.\Explorer\MountPoints2\{ecba5078-e608-11e0-b0c4-0080c6e8ec4f} Shell\AutoRun\Command = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn HKCU\.\.\.\.\Explorer\MountPoints2\{ecba5079-e608-11e0-b0c4-0080c6e8ec4f} Shell\AutoRun\Command = F:\12gn6id2.exe Shell\open\Command = F:\12gn6id2.exe HKCU\.\.\.\.\Explorer\MountPoints2\{f1e39680-a3c3-11e1-b3b7-0080c6e8ec4f} Shell\AutoRun\Command = F:\12gn6id2.exe Shell\open\Command = F:\12gn6id2.exe ################## | Vaccin | (!) This computer is not vaccinated! ################## | E.O.F |