############################## | UsbFix V 7.145 | [Deletion] User: Jacek (Administrator) # JACEK-FBA7BE56D Updated 17/10/2013 by El Desaparecido - Team SosVirus Started at 12:24:54 | 27/10/2013 Website: http://www.usbfix.net/ Forum : http://www.sosvirus.net/ Upload Malware: http://www.sosvirus.net/upload_malware.php Contact: http://www.usbfix.net/contact/ PC: Acer (Columbia ) CPU: Procesor Intel Pentium II RAM -> [Total : 2038 | Free : 1736] Bios: Phoenix Technologies LTD Boot: Normal boot OS: Microsoft Windows XP Home Edition (5.1.2600 32-Bit) # Dodatek Service Pack 2 WB: Windows Internet Explorer 6.0.2900.2180 SC: Security Center Service [(!) Disabled] WU: Windows Update Service [Enabled] FW: Windows FireWall Service [(!) Disabled] C:\ (%systemdrive%) -> Fixed drive # 24 Gb (21 Mb free - 86%) [Systemowy] # NTFS D:\ -> Fixed drive # 87 Gb (87 Mb free - 100%) [Filmy] # NTFS E:\ -> CD-ROM F:\ -> Removable drive # 8 Gb (4 Mb free - 57%) [KINGSTON] # NTFS ################## | Regedit Run | HKLM\SOFTWARE | RunOnce : [] - HKU\S-1-5-19\SOFTWARE | Run : [CTFMON.EXE] - C:\WINDOWS\system32\CTFMON.EXE HKU\S-1-5-20\SOFTWARE | Run : [CTFMON.EXE] - C:\WINDOWS\system32\CTFMON.EXE HKU\S-1-5-21-776561741-842925246-839522115-1004\SOFTWARE | Run : [CTFMON.EXE] - C:\WINDOWS\system32\ctfmon.exe HKU\S-1-5-18\SOFTWARE | Run : [CTFMON.EXE] - C:\WINDOWS\system32\CTFMON.EXE ################## | Stopped processes | Stopped! C:\WINDOWS\system32\spoolsv.exe (ID 1256 |ParentID 540) Stopped! C:\WINDOWS\Explorer.EXE (ID 220 |ParentID 184) Stopped! C:\WINDOWS\system32\msiexec.exe (ID 1096 |ParentID 540) Stopped! C:\WINDOWS\system32\CTFMON.EXE (ID 332 |ParentID 220) Stopped! C:\WINDOWS\system32\wpabaln.exe (ID 1728 |ParentID 492) Stopped! F:\iuqxj.pif (ID 1868 |ParentID 220) ################## | Files # Infected Folders | Service deleted ! amsint32 Deleted ! C:\vdjdf.pif Not deleted ! C:\autorun.inf Deleted ! D:\qpcdtn.pif Not deleted ! D:\autorun.inf Not deleted ! E:\AUTORUN.INF (!) Temporary files deleted. ################## | Registry | Deleted ! HKLM\SYSTEM\CurrentControlSet\Services\amsint32 Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{4a4b3653-3ef9-11e3-93fb-d583592ce8e5} Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{63e85541-3eff-11e3-93f9-806d6172696f} Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{d68ca981-3efd-11e3-8c94-806d6172696f} ################## | Listing | [27/10/2013 - 12:12:46 | N | 0] C:\AUTOEXEC.BAT [27/10/2013 - 12:19:35 | N | 381] C:\autorun.inf [27/10/2013 - 12:06:45 | N | 211] C:\boot.ini [02/03/2006 - 13:00:00 | N | 4952] C:\Bootfont.bin [27/10/2013 - 12:12:46 | N | 0] C:\CONFIG.SYS [27/10/2013 - 12:16:54 | D ] C:\Documents and Settings [27/10/2013 - 12:12:46 | N | 0] C:\IO.SYS [27/10/2013 - 12:12:46 | N | 0] C:\MSDOS.SYS [02/03/2006 - 13:00:00 | N | 47564] C:\NTDETECT.COM [02/03/2006 - 13:00:00 | N | 250624] C:\ntldr [27/10/2013 - 12:15:55 | ASH | 2145386496] C:\pagefile.sys [27/10/2013 - 12:17:00 | D ] C:\Program Files [27/10/2013 - 12:26:02 | SHD ] C:\RECYCLER [27/10/2013 - 12:16:21 | SHD ] C:\System Volume Information [27/10/2013 - 12:26:02 | D ] C:\UsbFix [27/10/2013 - 12:31:34 | A | 3261] C:\UsbFix [Clean 1] JACEK-FBA7BE56D.txt [27/10/2013 - 12:26:13 | A | 103140] C:\vdjdf.pif [27/10/2013 - 12:16:21 | D ] C:\WINDOWS [27/10/2013 - 12:19:35 | N | 278] D:\autorun.inf [27/10/2013 - 12:26:13 | A | 103140] D:\qpcdtn.pif [27/10/2013 - 12:26:02 | SHD ] D:\RECYCLER [27/10/2013 - 12:17:49 | SHD ] D:\System Volume Information [02/03/2006 - 13:00:00 | R | 112] E:\AUTORUN.INF [02/03/2006 - 13:00:00 | R | 4952] E:\BOOTFONT.BIN [02/03/2006 - 13:00:00 | RD ] E:\DOCS [02/03/2006 - 13:00:00 | RD ] E:\DOTNETFX [02/03/2006 - 13:00:00 | RD ] E:\I386 [02/03/2006 - 13:00:00 | R | 38019] E:\README.HTM [02/03/2006 - 13:00:00 | R | 2584576] E:\SETUP.EXE [02/03/2006 - 13:00:00 | R | 99995] E:\SETUPXP.HTM [02/03/2006 - 13:00:00 | RD ] E:\SUPPORT [02/03/2006 - 13:00:00 | RD ] E:\VALUEADD [02/03/2006 - 13:00:00 | R | 10] E:\WIN51 [02/03/2006 - 13:00:00 | R | 10] E:\WIN51IC [02/03/2006 - 13:00:00 | R | 10] E:\WIN51IC.SP2 ################## | Vaccin | (!) This computer is not vaccinated! ################## | E.O.F | http://www.usbfix.net - http://www.sosvirus.net |