############################## | UsbFix V 7.101 | [Research] User: Iglo (Administrator) # IGLO-LAPTOP Updated 05/12/2012 by El Desaparecido Started at 22:16:17 | 10/12/2012 Website: http://sosvirus.org Contact: contact@eldesaparecido.com PC: Dell Inc. (Studio 1558) (x64-based PC CPU: Intel(R) Core(TM) i7 CPU Q 720 @ 1.60GHz (1596) RAM -> [Total : 4029 | Free : 2466] BIOS: Ver 1.00 BIOS A12 PARTTBLr BOOT: Normal boot OS: Microsoft Windows 7 Home Premium (6.1.7601 64-Bit) # Service Pack 1 WB: Windows Internet Explorer 8.0.7601.17514 SC: Security Center Service [Enabled] WU: Windows Update Service [Enabled] AV: Microsoft Security Essentials [(!) Disabled | Updated] FW: Windows FireWall Service [Enabled] C:\ (%systemdrive%) -> Fixed drive # 98 Gb (31 Mb free - 31%) [] # NTFS D:\ -> Fixed drive # 100 Gb (16 Mb free - 16%) [Projekty] # NTFS E:\ -> Fixed drive # 100 Gb (11 Mb free - 11%) [Private] # NTFS F:\ -> CD-ROM G:\ -> CD-ROM H:\ -> CD-ROM J:\ -> Fixed drive # 466 Gb (13 Mb free - 3%) [] # NTFS ################## | Active Processes | C:\Windows\system32\csrss.exe (460) C:\Windows\system32\wininit.exe (536) C:\Windows\system32\csrss.exe (548) C:\Windows\system32\services.exe (592) C:\Windows\system32\lsass.exe (608) C:\Windows\system32\lsm.exe (616) C:\Windows\system32\winlogon.exe (676) C:\Windows\system32\svchost.exe (748) C:\Windows\system32\svchost.exe (832) C:\Program Files\Microsoft Security Client\MsMpEng.exe (888) C:\Windows\system32\atiesrxx.exe (1016) C:\Windows\System32\svchost.exe (376) C:\Windows\System32\svchost.exe (480) C:\Windows\system32\svchost.exe (396) C:\Windows\system32\svchost.exe (1068) C:\Windows\system32\svchost.exe (1144) C:\Windows\system32\atieclxx.exe (1212) C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE (1296) C:\Windows\system32\WLANExt.exe (1304) C:\Windows\system32\conhost.exe (1312) C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe (1384) C:\Windows\System32\spoolsv.exe (1444) C:\Windows\system32\svchost.exe (1588) C:\Windows\SysWOW64\svchost.exe (1700) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (1720) C:\Windows\system32\svchost.exe (1760) C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe (1860) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (1904) C:\Windows\SysWOW64\PnkBstrA.exe (2004) c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (2044) C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kDell.exe (528) C:\Windows\system32\svchost.exe (1960) C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe (2140) C:\Windows\system32\svchost.exe (2676) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (3000) C:\Windows\system32\svchost.exe (872) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (2560) C:\Program Files\Windows Media Player\wmpnetwk.exe (1088) C:\Windows\system32\SearchIndexer.exe (2440) C:\Windows\system32\wbem\wmiprvse.exe (560) C:\Windows\system32\taskhost.exe (2884) C:\Windows\system32\Dwm.exe (716) C:\Windows\Explorer.EXE (1640) C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (3092) C:\Program Files\Dell\QuickSet\quickset.exe (3112) C:\Program Files\Microsoft Security Client\msseces.exe (3132) C:\Windows\WindowsMobile\wmdc.exe (3240) C:\Windows\System32\StikyNot.exe (3248) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (3292) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (3428) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (3672) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (3724) C:\Program Files (x86)\Browsers Protector\regmon32.exe (3768) C:\Windows\System32\svchost.exe (960) C:\Windows\system32\wbem\wmiprvse.exe (3388) C:\Windows\system32\SearchProtocolHost.exe (4572) C:\Windows\system32\SearchFilterHost.exe (924) C:\UsbFix\Go.exe (5044) ################## | Files # Infected Folders | Found ! F:\bin\prezentacja.exe Found ! E:\muza Found ! F:\Autorun.inf Found ! J:\muza ################## | Registry | ################## | Mountpoints2 | HKCU\.\.\.\.\Explorer\MountPoints2\{0f9a4225-1476-11e2-b377-b8ac6f683839} Shell\AutoRun\Command = I:\AutoRun.exe HKCU\.\.\.\.\Explorer\MountPoints2\{0f9a4231-1476-11e2-b377-b8ac6f683839} Shell\AutoRun\Command = I:\AutoRun.exe HKCU\.\.\.\.\Explorer\MountPoints2\{15ff6c46-ddee-11df-be5a-b8ac6f577cf4} Shell\AutoRun\Command = G:\AutoRun.exe HKCU\.\.\.\.\Explorer\MountPoints2\{15ff6c4c-ddee-11df-be5a-b8ac6f577cf4} Shell\AutoRun\Command = G:\AutoRun.exe HKCU\.\.\.\.\Explorer\MountPoints2\{15ff6c4e-ddee-11df-be5a-b8ac6f577cf4} Shell\AutoRun\Command = G:\AutoRun.exe HKCU\.\.\.\.\Explorer\MountPoints2\{15ff6c4f-ddee-11df-be5a-b8ac6f577cf4} Shell\AutoRun\Command = G:\AutoRun.exe HKCU\.\.\.\.\Explorer\MountPoints2\{42421fd6-07e7-11e2-8c17-b8ac6f683839} Shell\AutoRun\Command = J:\AutoRun.exe HKCU\.\.\.\.\Explorer\MountPoints2\{42421fdc-07e7-11e2-8c17-b8ac6f683839} Shell\AutoRun\Command = J:\AutoRun.exe HKCU\.\.\.\.\Explorer\MountPoints2\{9311c6b2-d24b-11df-964c-b8ac6f577cf4} Shell\AutoRun\Command = H:\setup.exe HKCU\.\.\.\.\Explorer\MountPoints2\{9a042ef9-259f-11e0-8e24-b8ac6f577cf4} Shell\AutoRun\Command = G:\AutoRunCardDetector.exe HKCU\.\.\.\.\Explorer\MountPoints2\{ba1fe262-d218-11df-a2d6-806e6f6e6963} Shell\AutoRun\Command = F:\bin\prezentacja.exe ################## | Vaccin | (!) This computer is not vaccinated! ################## | E.O.F |