############################## | UsbFix V 7.069 | [Research] User: aga (Administrator) # AGA-KOMPUTER Updated 20/11/2011 by El Desaparecido Started at 00:29:01 | 22/11/2011 Website: http://eldesaparecido.com Suspicious file ? : http://eldesaparecido.com/support.php Contact: contact@eldesaparecido.com PC: Hewlett-Packard (HP Pavilion dv7 Notebook PC) (x64-based PC) # Notebook CPU: Intel(R) Core(TM)2 Duo CPU T9400 @ 2.53GHz (2534) RAM -> [ Total : 4063 | Free : 2318 ] BIOS: Default System BIOS BOOT: Normal boot OS: Microsoft Windows 7 Home Premium (6.1.7601 64-Bit) # Service Pack 1 WB: Windows Internet Explorer 8.0.7601.17514 SC: Security Center Service [ Enabled ] WU: Windows Update Service [ Enabled ] AV: Microsoft Security Essentials [ Enabled | Updated ] FW: Windows FireWall Service [ Enabled ] C:\ (%systemdrive%) -> Fixed drive # 146 Gb (44 Mb free - 30%) [] # NTFS D:\ -> Fixed drive # 142 Gb (19 Mb free - 13%) [] # NTFS E:\ -> CD-ROM F:\ -> Fixed drive # 932 Gb (295 Mb free - 32%) [Expansion Drive] # NTFS G:\ -> CD-ROM H:\ -> CD-ROM I:\ -> CD-ROM J:\ -> Removable drive # 4 Gb (3 Mb free - 67%) [AGAKAMINSKA] # FAT32 ################## | Active Processes | C:\Windows\system32\csrss.exe (408) C:\Windows\system32\wininit.exe (468) C:\Windows\system32\csrss.exe (488) C:\Windows\system32\services.exe (524) C:\Windows\system32\lsass.exe (548) C:\Windows\system32\lsm.exe (556) C:\Windows\system32\svchost.exe (668) C:\Windows\system32\nvvsvc.exe (744) C:\Windows\system32\svchost.exe (780) C:\Windows\System32\svchost.exe (828) C:\Windows\system32\svchost.exe (864) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1dd7c6fad1048e9e\STacSV64.exe (888) C:\Windows\System32\svchost.exe (972) C:\Windows\system32\winlogon.exe (404) C:\Windows\system32\svchost.exe (352) C:\Windows\system32\rundll32.exe (1120) C:\Windows\system32\svchost.exe (1156) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (1224) C:\Windows\system32\Dwm.exe (1376) C:\Windows\Explorer.EXE (1400) C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe (1716) C:\Windows\System32\rundll32.exe (1880) C:\Program Files\IDT\WDM\sttray64.exe (1896) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe (1908) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (1932) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (2004) C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (1348) C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (1508) C:\Program Files (x86)\Gadu-Gadu 10\gg.exe (1472) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (1444) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe (1428) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (1436) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (2120) C:\Windows\System32\spoolsv.exe (2952) C:\Windows\system32\svchost.exe (3024) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (2216) C:\Windows\system32\svchost.exe (2252) C:\Windows\system32\svchost.exe (2644) C:\Windows\system32\SearchIndexer.exe (2456) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe (3244) C:\Windows\system32\svchost.exe (3320) C:\Windows\system32\svchost.exe (3372) C:\Windows\system32\wbem\wmiprvse.exe (3556) C:\Windows\System32\svchost.exe (3720) C:\Program Files\Windows Media Player\wmpnetwk.exe (3872) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe (2736) C:\Program Files (x86)\Adobe\Adobe Illustrator CS5\Support Files\Contents\Windows\Illustrator.exe (3836) C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (3084) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (1012) C:\Program Files\Microsoft Security Client\msseces.exe (5012) c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (1148) C:\Windows\system32\WUDFHost.exe (2612) C:\Windows\system32\wuauclt.exe (3860) C:\Users\aga\AppData\Local\Google\Chrome\Application\chrome.exe (4568) C:\Users\aga\AppData\Local\Google\Chrome\Application\chrome.exe (4508) C:\Users\aga\AppData\Local\Google\Chrome\Application\chrome.exe (3640) C:\Users\aga\AppData\Local\Google\Chrome\Application\chrome.exe (3212) C:\Users\aga\AppData\Local\Google\Chrome\Application\chrome.exe (988) C:\Users\aga\AppData\Local\Google\Chrome\Application\chrome.exe (3968) C:\Users\aga\AppData\Local\Google\Chrome\Application\chrome.exe (2996) C:\Users\aga\AppData\Local\Google\Chrome\Application\chrome.exe (3548) C:\Users\aga\AppData\Local\Google\Chrome\Application\chrome.exe (4588) C:\Users\aga\AppData\Local\Google\Chrome\Application\chrome.exe (3760) C:\Users\aga\AppData\Local\Google\Chrome\Application\chrome.exe (4720) C:\Windows\system32\wbengine.exe (1172) C:\Windows\System32\svchost.exe (196) C:\Windows\System32\vds.exe (424) C:\Users\aga\AppData\Local\Google\Chrome\Application\chrome.exe (4556) C:\Windows\system32\SearchProtocolHost.exe (3440) C:\Windows\system32\SearchFilterHost.exe (5016) C:\UsbFix\UsbFix.exe (4616) C:\Windows\system32\wbem\wmiprvse.exe (5108) ################## | Stopped processes | Stopped! C:\Windows\system32\nvvsvc.exe (744) Stopped! C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1dd7c6fad1048e9e\STacSV64.exe (888) Stopped! C:\Windows\system32\rundll32.exe (1120) Stopped! C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (1224) Stopped! C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe (1716) Stopped! C:\Windows\System32\rundll32.exe (1880) Stopped! C:\Program Files\IDT\WDM\sttray64.exe (1896) Stopped! C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe (1908) Stopped! C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (1932) Stopped! C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (2004) Stopped! C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (1348) Stopped! C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (1508) Stopped! C:\Program Files (x86)\Gadu-Gadu 10\gg.exe (1472) Stopped! C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (1444) Stopped! C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe (1428) Stopped! C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (1436) Stopped! C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (2120) Stopped! C:\Windows\System32\spoolsv.exe (2952) Stopped! C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (2216) Stopped! C:\Windows\system32\SearchIndexer.exe (2456) Stopped! C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe (3244) Stopped! C:\Program Files\Windows Media Player\wmpnetwk.exe (3872) Stopped! C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe (2736) Stopped! C:\Program Files (x86)\Adobe\Adobe Illustrator CS5\Support Files\Contents\Windows\Illustrator.exe (3836) Stopped! C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (3084) Stopped! c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (1012) Stopped! C:\Program Files\Microsoft Security Client\msseces.exe (5012) Stopped! c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (1148) Stopped! C:\Windows\system32\WUDFHost.exe (2612) Stopped! C:\Windows\system32\wuauclt.exe (3860) Stopped! C:\Users\aga\AppData\Local\Google\Chrome\Application\chrome.exe (4568) Stopped! C:\Users\aga\AppData\Local\Google\Chrome\Application\chrome.exe (4508) Stopped! C:\Users\aga\AppData\Local\Google\Chrome\Application\chrome.exe (3640) Stopped! C:\Users\aga\AppData\Local\Google\Chrome\Application\chrome.exe (3212) Stopped! C:\Users\aga\AppData\Local\Google\Chrome\Application\chrome.exe (988) Stopped! C:\Users\aga\AppData\Local\Google\Chrome\Application\chrome.exe (3968) Stopped! C:\Users\aga\AppData\Local\Google\Chrome\Application\chrome.exe (2996) Stopped! C:\Users\aga\AppData\Local\Google\Chrome\Application\chrome.exe (3548) Stopped! C:\Users\aga\AppData\Local\Google\Chrome\Application\chrome.exe (4588) Stopped! C:\Users\aga\AppData\Local\Google\Chrome\Application\chrome.exe (3760) Stopped! C:\Users\aga\AppData\Local\Google\Chrome\Application\chrome.exe (4720) Stopped! C:\Windows\system32\wbengine.exe (1172) Stopped! C:\Windows\System32\vds.exe (424) Stopped! C:\Users\aga\AppData\Local\Google\Chrome\Application\chrome.exe (4556) Stopped! C:\Windows\system32\SearchProtocolHost.exe (3440) ################## | Files # Infected Folders | Found ! G:\Autorun.exe Found ! F:\Recycler\desktop.ini Found ! G:\Autorun.inf Found ! J:\Recycler\desktop.ini ################## | Registry | ################## | Mountpoints2 | HKCU\.\.\.\.\Explorer\MountPoints2\{f5d7262f-fcde-11e0-9812-0021868b7add} Shell\AutoRun\Command = G:\Autorun.exe ################## | Vaccin | (!) This computer is not vaccinated! ################## | E.O.F |