############################## | UsbFix 7.025 | [Research] User: Marcin (Administrator) # D-F8F762F232DB4 [ ] Updated 15/09/10 by El Desaparecido / C_XX Started at 19:37:51 | 16/09/2010 Website: http://www.teamxscript.org Contact: FindyKill.Contact@gmail.com CPU: AMD Athlon(tm) 64 X2 Dual Core Processor 4800+ CPU 2: AMD Athlon(tm) 64 X2 Dual Core Processor 4800+ Microsoft Windows XP Professional (5.1.2600 32-Bit) # Dodatek Service Pack 2 Internet Explorer 6.0.2900.2180 Windows Firewall: Disabled /!\ Antivirus: Kaspersky Internet Security 9.0.0.736 [(!) Disabled | (!) Outdated] Firewall: Kaspersky Internet Security 9.0.0.736 [(!) Disabled] RAM -> 2046 Mb C:\ (%systemdrive%) -> Fixed drive # 54 Gb (11 Mb free - 20%) [] # NTFS D:\ -> Fixed drive # 319 Gb (277 Mb free - 87%) [] # NTFS E:\ -> CD-ROM F:\ -> Removable drive # 4 Gb (3 Mb free - 77%) [Lexar] # FAT32 G:\ -> Removable drive # 982 Mb (982 Mb free - 100%) [KINGSTON] # FAT32 H:\ -> Removable drive # 953 Mb (928 Mb free - 97%) [KINGSTON] # FAT ################## | Files # Infected Folders | Found ! C:\WINDOWS\system32\ckvo0.dll Found ! C:\tyktjfww.exe Found ! D:\tyktjfww.exe Found ! F:\tyktjfww.exe Found ! H:\qkm.exe Found ! H:\tyktjfww.exe ################## | Registry | Found ! HKLM\Software\Classes\CLSID\MADOWN Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apitrap.dll Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ASSTE.dll Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVSTE.dll Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Cleanup.dll Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cqw32.exe Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.dll Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divxdec.ax Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DJSMAR00.dll Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DRMINST.dll Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\enc98.EXE Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EncodeDivXExt.dll Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EncryptPatchVer.dll Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\front.exe Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fullsoft.dll Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GBROWSER.DLL Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htmlmarq.ocx Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htmlmm.ocx Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ishscan.dll Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ISSTE.dll Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\javai.dll Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jvm.dll Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jvm_g.dll Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\main123w.dll Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mngreg32.exe Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msci_uno.dll Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscoree.dll Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscorsvr.dll Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscorwks.dll Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msjava.dll Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mso.dll Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVOPTRF.dll Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NeVideoFX.dll Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NPMLIC.dll Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NSWSTE.dll Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\photohse.EXE Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PMSTE.dll Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ppw32hlp.dll Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\printhse.EXE Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\prwin8.EXE Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ps80.EXE Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\psdmt.exe Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qfinder.EXE Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qpw.EXE Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\salwrap.dll Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup32.dll Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sevinst.exe Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symlcnet.dll Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tcore_ebook.dll Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TFDTCTT8.DLL Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ua80.EXE Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\udtapi.dll Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ums.dll Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vb40032.dll Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbe6.dll Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wpwin8.EXE Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xlmlEN.dll Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xwsetup.EXE Found ! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_INSTPGM.EXE Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives ################## | Mountpoints2 | ################## | Vaccin | C:\autorun.inf -> Folder created by Flash_Disinfector (sUBs) D:\autorun.inf -> Folder created by Flash_Disinfector (sUBs) F:\autorun.inf -> Folder created by Flash_Disinfector (sUBs) ################## | E.O.F |