############################## | UsbFix V 7.133 | [Research]

User: Marek (Administrator) # WS-STACJONARNY
Updated 27/08/2013 by El Desaparecido
Started at 23:55:42 | 04/09/2013

Website: http://sosvirus.net/
Upload Malware: http://sosvirus.net/viewtopic.php?f=6&t=489
Contact: eldesaparecido@sosvirus.net

PC: System manufacturer (System Product Name) (X86-based PC)
CPU: Procesor Intel Pentium III Xeon (2823)
RAM -> [Total : 2047 | Free : 1169]
BIOS: BIOS Date: 07/20/09 20:48:23 Ver: 08.00.14
BOOT: Normal boot

OS: Microsoft Windows XP Home Edition (5.1.2600 32-Bit) # Dodatek Service Pack 3
WB: Windows Internet Explorer 8.0.6001.18702

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Fixed drive # 81 Gb (42 Mb free - 52%) [] # NTFS
D:\ -> Fixed drive # 68 Gb (36 Mb free - 52%) [] # NTFS
E:\ -> CD-ROM
G:\ -> Removable drive # 4 Gb (2 Mb free - 46%) [NIEBIESKI] # FAT32

################## | Active Processes |

C:\WINDOWS\System32\smss.exe (1004)
C:\WINDOWS\system32\winlogon.exe (1076)
C:\WINDOWS\system32\services.exe (1128)
C:\WINDOWS\system32\lsass.exe (1140)
C:\WINDOWS\system32\svchost.exe (1332)
C:\WINDOWS\System32\svchost.exe (1660)
C:\WINDOWS\system32\svchost.exe (1708)
C:\WINDOWS\system32\spoolsv.exe (236)
C:\Program Files\xampp\apache\bin\apache.exe (528)
C:\WINDOWS\ATKKBService.exe (556)
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe (576)
C:\Documents and Settings\All Users\Dane aplikacji\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe (664)
C:\WINDOWS\system32\dmwu.exe (884)
C:\Program Files\xampp\mysql\bin\mysqld-nt.exe (908)
C:\Program Files\xampp\apache\bin\apache.exe (1372)
C:\WINDOWS\system32\nvsvc32.exe (2628)
C:\WINDOWS\system32\svchost.exe (2940)
C:\WINDOWS\Explorer.EXE (3964)
C:\Documents and Settings\All Users\Dane aplikacji\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe (1208)
C:\WINDOWS\system32\jmdp\stij.exe (3076)
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe (3632)
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe (1204)
C:\WINDOWS\system32\DeltTray.exe (3644)
C:\WINDOWS\system32\RunDLL32.exe (3720)
C:\Program Files\ASUS\GamerOSD\GamerOSD.exe (4076)
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (156)
C:\WINDOWS\system32\ctfmon.exe (2980)
C:\Program Files\Messenger\msmsgs.exe (3316)
C:\WINDOWS\system32\rundll32.exe (3772)
C:\WINDOWS\system32\wupdmgr.exe (3996)
C:\Program Files\Mozilla Firefox\firefox.exe (1732)
C:\Program Files\Outlook Express\msimn.exe (5260)
G:\ \OTL.exe (5388)
C:\Program Files\Mozilla Firefox\plugin-container.exe (3868)
C:\UsbFix\Go.exe (1216)

################## | El Desaparecido Section |

HKLM\SOFTWARE | Run : [HDAudDeck] - C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
HKLM\SOFTWARE | Run : [AVP] - "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe"
HKLM\SOFTWARE | Run : [DeltTray] - DeltTray.exe
HKLM\SOFTWARE | Run : [NvCplDaemon] - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\SOFTWARE | Run : [NvMediaCenter] - RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
HKLM\SOFTWARE | Run : [nwiz] - C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
HKLM\SOFTWARE | Run : [ASUSGamerOSD] - C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
HKLM\SOFTWARE | Run : [RemoteControl] - "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
HKLM\SOFTWARE | Run : [NeroFilterCheck] - C:\WINDOWS\system32\NeroCheck.exe
HKLM\SOFTWARE | Run : [AdobeAAMUpdater-1.0] - "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
HKLM\SOFTWARE | Run : [SwitchBoard] - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
HKLM\SOFTWARE | Run : [AdobeCS5.5ServiceManager] - "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE | RunOnce : [] - 
HKLM\SOFTWARE | Policies\Explorer\run : [1220] - C:\DOCUME~1\ALLUSE~1\LOCALS~1\Temp\ccrnra.exe
HKU\S-1-5-19\SOFTWARE | Run : [CTFMON.EXE] - C:\WINDOWS\system32\CTFMON.EXE
HKU\S-1-5-20\SOFTWARE | Run : [CTFMON.EXE] - C:\WINDOWS\system32\CTFMON.EXE
HKU\S-1-5-21-484763869-1383384898-725345543-1004\SOFTWARE | Run : [CTFMON.EXE] - C:\WINDOWS\system32\ctfmon.exe
HKU\S-1-5-21-484763869-1383384898-725345543-1004\SOFTWARE | Run : [MSMSGS] - "C:\Program Files\Messenger\msmsgs.exe" /background
HKU\S-1-5-21-484763869-1383384898-725345543-1004\SOFTWARE | Run : [GG] - "C:\Documents and Settings\Marek\Ustawienia lokalne\Dane aplikacji\GG\Application\gghub.exe"
HKU\S-1-5-21-484763869-1383384898-725345543-1004\SOFTWARE | Run : [AdobeBridge] - 
HKU\S-1-5-21-484763869-1383384898-725345543-1004\SOFTWARE | Run : [NTRedirect] - C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\Marek\Dane aplikacji\BabSolution\Shared\enhancedNT.dll",Run
HKU\S-1-5-21-484763869-1383384898-725345543-1008\SOFTWARE | Run : [CTFMON.EXE] - C:\WINDOWS\system32\CTFMON.EXE
HKU\S-1-5-18\SOFTWARE | Run : [CTFMON.EXE] - C:\WINDOWS\system32\CTFMON.EXE

################## | Files # Infected Folders |

Found ! G:\NIEBIESKI (4GB).lnk
Found ! D:\Thumbs.db
Found ! G:\~%VWXMESSAG.ini
Found ! G:\autorun.inf
Found ! G:\desktop.ini
Found ! G:\Thumbs.db

################## | Registry |


################## | Mountpoints2 |



################## | Vaccin |

(!) This computer is not vaccinated!

################## | E.O.F | http://sosvirus.net |