a este ten sken z toho usb:
############################## | UsbFix V 7.134 | [Research]
User: Premio (Administrator) # JHKKPPU
Updated 06/09/2013 by El Desaparecido
Started at 19:26:52 | 12/11/2013
Website:
http://www.sosvirus.net/
Upload Malware:
http://www.sosvirus.net/upload_malware.php
Contact:
eldesaparecido@sosvirus.net
PC: ATComputers (A6Tc) (X86-based PC)
CPU: AMD Turion(tm) 64 X2 Mobile Technology TL-52 (1607)
RAM -> [Total : 1023 | Free : 379]
BIOS: BIOS Date: 04/02/07 20:04:13 Ver: 08.00.12
BOOT: Normal boot
OS: Systém Microsoft Windows XP Professional (5.1.2600 32-Bit) # Service Pack 3
WB: Windows Internet Explorer 6.0.2900.5512
SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
FW: Windows FireWall Service [Enabled]
C:\ (%systemdrive%) -> Fixed drive # 16 Gb (2 Mb free - 12%) [] # FAT32
D:\ -> Fixed drive # 38 Gb (274 Mb free - 1%) [] # NTFS
E:\ -> Fixed drive # 39 Gb (5 Mb free - 13%) [] # NTFS
F:\ -> CD-ROM
G:\ -> Removable drive # 15 Gb (2 Mb free - 13%) [KINGSTON] # FAT32
################## | Active Processes |
C:\WINDOWS\System32\smss.exe (644)
C:\WINDOWS\system32\winlogon.exe (768)
C:\WINDOWS\system32\services.exe (812)
C:\WINDOWS\system32\lsass.exe (848)
C:\WINDOWS\system32\svchost.exe (988)
C:\Program Files\Microsoft Security Client\MsMpEng.exe (1104)
C:\WINDOWS\System32\svchost.exe (1140)
C:\WINDOWS\system32\svchost.exe (1180)
C:\WINDOWS\system32\spoolsv.exe (1728)
C:\Program Files\ArcGIS\License10.0\bin\lmgrd.exe (1864)
C:\Program Files\ArcGIS\License10.0\bin\lmgrd.exe (1888)
C:\PROGRA~1\T-MOBI~1\drivers\A96FED~1\FMMSER~1.EXE (1928)
C:\PROGRA~1\T-MOBI~1\FOFDMU~1.EXE (1956)
C:\Program Files\ArcGIS\License10.0\bin\ARCGIS.exe (1980)
C:\Program Files\Common Files\LightScribe\LSSrvc.exe (2008)
C:\WINDOWS\Explorer.EXE (2036)
C:\WINDOWS\System32\svchost.exe (176)
C:\WINDOWS\system32\nvsvc32.exe (228)
C:\WINDOWS\System32\svchost.exe (260)
C:\WINDOWS\system32\svchost.exe (364)
C:\WINDOWS\ATK0100\HControl.exe (428)
C:\WINDOWS\RTHDCPL.EXE (460)
C:\Program Files\Microsoft Security Client\msseces.exe (704)
C:\WINDOWS\system32\wuauclt.exe (720)
C:\WINDOWS\system32\ctfmon.exe (1356)
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (2184)
C:\WINDOWS\ATK0100\ATKOSD.exe (2624)
C:\Program Files\Mozilla Firefox\firefox.exe (3332)
C:\Program Files\Mozilla Firefox\plugin-container.exe (3316)
C:\UsbFix\Go.exe (3516)
################## | El Desaparecido Section |
HKLM\SOFTWARE | Run : [HControl] - C:\WINDOWS\ATK0100\HControl.exe
HKLM\SOFTWARE | Run : [nwiz] - nwiz.exe /install
HKLM\SOFTWARE | Run : [Power_Gear] - C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
HKLM\SOFTWARE | Run : [Control Center] - C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
HKLM\SOFTWARE | Run : [RTHDCPL] - RTHDCPL.EXE
HKLM\SOFTWARE | Run : [NvCplDaemon] - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\SOFTWARE | Run : [Alcmtr] - ALCMTR.EXE
HKLM\SOFTWARE | Run : [Wireless Console 2] - C:\Program Files\Wireless Console 2\wcourier.exe
HKLM\SOFTWARE | Run : [NvMediaCenter] - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
HKLM\SOFTWARE | Run : [MSC] - "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
HKLM\SOFTWARE | RunOnce : [] -
HKU\S-1-5-19\SOFTWARE | Run : [CTFMON.EXE] - C:\WINDOWS\system32\CTFMON.EXE
HKU\S-1-5-20\SOFTWARE | Run : [CTFMON.EXE] - C:\WINDOWS\system32\CTFMON.EXE
HKU\S-1-5-21-507921405-57989841-839522115-1003\SOFTWARE | Run : [ctfmon.exe] - C:\WINDOWS\system32\ctfmon.exe
HKU\S-1-5-18\SOFTWARE | Run : [CTFMON.EXE] - C:\WINDOWS\system32\ctfmon.exe
HKU\S-1-5-18\SOFTWARE | Run : [DWQueuedReporting] - "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
################## | Files # Infected Folders |
Found ! C:\Documents and Settings\Premio\Local Settings\Data aplikací\PUTTY.RND
Found ! C:\Documents and Settings\Premio\Data aplikací\Temp
Found ! E:\setupSNK.exe
Found ! E:\AUTORUN.INF
################## | Registry |
Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr
################## | Mountpoints2 |
HKCU\.\.\.\.\Explorer\MountPoints2\{2b8b1de0-2fad-11e0-8638-0018f38f93f5}
Shell\AutoRun\Command = G:\Files\PStart\PStart.exe
HKCU\.\.\.\.\Explorer\MountPoints2\{51d9cade-c230-11dc-8330-0018f3af30eb}
Shell\AutoRun\Command = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
Shell\Open(0)\Command = Recycled\ctfmon.exe
################## | Vaccin |
(!) This computer is not vaccinated!
################## | E.O.F |
http://www.sosvirus.net |
Dekuji za prani, bohuzel prijezd na bilem koni mi nevysel
Zase nekdy 
