############################## | UsbFix V 7.119 | [Research]

User: ja (Administrator) # COMPAQ
Updated 27/03/2013 by El Desaparecido
Started at 20:32:45 | 28/03/2013

Website: http://sosvirus.org/
Upload Malware: http://upload.sosvirus.org/
Contact: contact@sosvirus.org

PC: Compaq-Presario (RR505AA-ABU SR2125UK) (X86-based PC)
CPU:               Intel(R) Pentium(R) D CPU 2.80GHz (2800)
RAM -> [Total : 2046 | Free : 918]
BIOS: Phoenix - AwardBIOS v6.00PG
BOOT: Normal boot

OS: Microsoft Windows XP Professional (5.1.2600 32-Bit) # Dodatek Service Pack 3
WB: Windows Internet Explorer 8.0.6001.18702

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Fixed drive # 402 Gb (382 Mb free - 95%) [] # NTFS
D:\ -> Fixed drive # 529 Gb (529 Mb free - 100%) [Nowy] # NTFS
E:\ -> CD-ROM
K:\ -> Fixed drive # 699 Gb (481 Mb free - 69%) [New Volume] # NTFS

################## | Active Processes |

C:\WINDOWS\System32\smss.exe (696)
C:\WINDOWS\system32\winlogon.exe (788)
C:\WINDOWS\system32\services.exe (832)
C:\WINDOWS\system32\lsass.exe (844)
C:\WINDOWS\system32\svchost.exe (1020)
C:\WINDOWS\System32\svchost.exe (1192)
C:\Program Files\AVAST Software\Avast\AvastSvc.exe (1444)
C:\WINDOWS\system32\spoolsv.exe (1708)
C:\WINDOWS\Explorer.EXE (1956)
C:\Documents and Settings\All Users\Dane aplikacji\IBUpdaterService\ibsvc.exe (712)
C:\WINDOWS\system32\RunDLL32.exe (784)
C:\WINDOWS\RTHDCPL.EXE (1040)
C:\Program Files\Common Files\Java\Java Update\jusched.exe (1212)
C:\Program Files\Java\jre7\bin\jqs.exe (1364)
C:\WINDOWS\system32\srvany.exe (280)
C:\Program Files\AVAST Software\Avast\avastUI.exe (440)
C:\WINDOWS\KMService.exe (1144)
C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe (1152)
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe (1380)
C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe (1084)
C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe (1760)
C:\WINDOWS\system32\ctfmon.exe (1856)
C:\WINDOWS\system32\nvsvc32.exe (2172)
C:\WINDOWS\system32\IoctlSvc.exe (3180)
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (3368)
C:\WINDOWS\system32\wbem\wmiapsrv.exe (2052)
C:\WINDOWS\system32\NOTEPAD.EXE (4044)
C:\Program Files\Internet Explorer\iexplore.exe (2748)
C:\Program Files\Internet Explorer\iexplore.exe (1996)
C:\Program Files\Internet Explorer\iexplore.exe (4052)
C:\Program Files\Internet Explorer\iexplore.exe (2996)
C:\UsbFix\Go.exe (3296)
C:\WINDOWS\system32\wscntfy.exe (1952)

################## | El Desaparecido Section |

HKLM\SOFTWARE | Run : [NvCplDaemon] - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\SOFTWARE | Run : [NvMediaCenter] - RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
HKLM\SOFTWARE | Run : [nwiz] - C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
HKLM\SOFTWARE | Run : [RTHDCPL] - RTHDCPL.EXE
HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE | Run : [NeroFilterCheck] - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
HKLM\SOFTWARE | Run : [SunJavaUpdateSched] - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
HKLM\SOFTWARE | Run : [BCSSync] - "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
HKLM\SOFTWARE | Run : [avast] - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
HKLM\SOFTWARE | Run : [tuto4pc_pl_8] - 
HKLM\SOFTWARE | Run : [upt4pc_pl_8.exe] - C:\Documents and Settings\ja\Ustawienia lokalne\Dane aplikacji\tuto4pc_pl_8\upt4pc_pl_8.exe -runhelper
HKLM\SOFTWARE | Run : [] - 
HKLM\SOFTWARE | Run : [mxomssmenu] - "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
HKLM\SOFTWARE | Run : [MaxtorOneTouch] - C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
HKLM\SOFTWARE | RunOnce : [] - 
HKU\S-1-5-19\SOFTWARE | Run : [CTFMON.EXE] - C:\WINDOWS\system32\CTFMON.EXE
HKU\S-1-5-20\SOFTWARE | Run : [CTFMON.EXE] - C:\WINDOWS\system32\CTFMON.EXE
HKU\S-1-5-21-823518204-1972579041-1417001333-1003\SOFTWARE | Run : [ctfmon.exe] - C:\WINDOWS\system32\ctfmon.exe
HKU\S-1-5-21-823518204-1972579041-1417001333-1003\SOFTWARE | Run : [OfficeSyncProcess] - "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
HKU\S-1-5-21-823518204-1972579041-1417001333-1003\SOFTWARE | Run : [GG] - "C:\Documents and Settings\ja\Ustawienia lokalne\Dane aplikacji\GG\Application\gghub.exe"
HKU\S-1-5-21-823518204-1972579041-1417001333-1004\SOFTWARE | Run : [CTFMON.EXE] - C:\WINDOWS\system32\CTFMON.EXE
HKU\S-1-5-18\SOFTWARE | Run : [CTFMON.EXE] - C:\WINDOWS\system32\CTFMON.EXE

################## | Files # Infected Folders |

Found ! K:\Recycler\855366bc.exe
Found ! C:\Lista.txt
Found ! K:\autorun.inf
Found ! K:\Recycler\desktop.ini

################## | Registry |


################## | Mountpoints2 |



################## | Vaccin |

(!) This computer is not vaccinated!

################## | E.O.F | http://sosvirus.org |