############################## | UsbFix V 7.167 | [Research]

User: JA (Administrator) # JA
Updated 13/03/2014 by El Desaparecido - Team SosVirus
Started at 19:46:48 | 19/03/2014

Website : http://www.en.usbfix.net/
Changelog : http://www.en.usbfix.net/changelog/
Support : http://en.kioskea.net/forum/viruses-security-7
Upload Malware : http://www.sosvirus.net/upload_malware.php
Contact : http://www.en.usbfix.net/contact/

PC: Acer (Grapevine)
CPU: Intel(R) Celeron(R) M CPU        420  @ 1.60GHz
RAM -> [Total : 502 Mo| Free : 136 Mo]
Bios: Acer
Boot: Normal boot

OS: Microsoft Windows XP Professional (5.1.2600 32-Bit) Dodatek Service Pack 2
WB: Windows Internet Explorer : 7.0.5730.13
WB: Mozilla Firefox : 18.0

SC: Security Center [(!) Disabled]
WU: Windows Update [(!) Disabled]

FW: Windows FireWall [Enabled]

C:\ -> Fixed drive # 54 Gb (55 Mb free - 0%) [MULTIMEDIA] # FAT32
D:\ (%systemdrive%) -> Fixed drive # 53 Gb (1 Mb free - 2%) [Dysk lokalny] # NTFS
E:\ -> CD-ROM
H:\ -> Removable drive # 4 Gb (104 Mb free - 3%) [KINGSTON] # FAT32

################## | Active Processes |

D:\WINDOWS\System32\smss.exe (ID: 292 |ParentID: 4)
D:\WINDOWS\system32\csrss.exe (ID: 380 |ParentID: 292)
D:\WINDOWS\system32\winlogon.exe (ID: 404 |ParentID: 292)
D:\WINDOWS\system32\services.exe (ID: 448 |ParentID: 404)
D:\WINDOWS\system32\lsass.exe (ID: 460 |ParentID: 404)
D:\WINDOWS\system32\svchost.exe (ID: 616 |ParentID: 448)
D:\WINDOWS\system32\svchost.exe (ID: 664 |ParentID: 448)
D:\WINDOWS\System32\svchost.exe (ID: 692 |ParentID: 448)
D:\WINDOWS\Explorer.EXE (ID: 976 |ParentID: 956)
D:\Documents and Settings\JA\Moje dokumenty\LClock\lclock.exe (ID: 1100 |ParentID: 976)
D:\Program Files\Mozilla Firefox\firefox.exe (ID: 1548 |ParentID: 976)
D:\WINDOWS\system32\wbem\wmiprvse.exe (ID: 1972 |ParentID: 616)

################## | Regedit Run |

F2 - HKLM\..\Winlogon : [Shell] Explorer.exe
F2 - [64bit] HKLM\..\Winlogon : [Shell] Explorer.exe
F2 - HKLM\..\Winlogon : [Userinit] D:\WINDOWS\system32\userinit.exe,
F2 - [64bit] HKLM\..\Winlogon : [Userinit] D:\WINDOWS\system32\userinit.exe,
04 - HKCU\..\Run : [LClock] D:\Documents and Settings\JA\Moje dokumenty\LClock\lclock.exe
04 - HKLM\..\RunOnce : [] 
04 - HKLM\Software\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\..\Run : [] 
04 - HKLM\Software\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\..\RunOnce : [] 
04 - HKU\S-1-5-21-1547161642-527237240-839522115-1001\..\Run : [LClock] D:\Documents and Settings\JA\Moje dokumenty\LClock\lclock.exe
04 - HKU\S-1-5-18\..\Run : [VisualTaskTips] D:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe
04 - HKU\S-1-5-18\..\RunOnce : [nltide_2] regsvr32 /s /n /i:U shell32
04 - HKU\S-1-5-18\..\RunOnce : [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N

################## | Generic Research |

Found ! H:\Folder.lnk
Found ! H:\Nowy folder.lnk
Found ! H:\nowe pliki.lnk
Found ! H:\Róźności.lnk
Found ! H:\Nowy folder (2).lnk
Found ! H:\i-i.lnk
Found ! H:\Nowe Pliki 2012.lnk
Found ! H:\Inne.lnk
Found ! H:\Najnowsze z października.lnk
Found ! H:\Z listopada.lnk
Found ! H:\Zablokowane pliki.lnk
Found ! H:\Z grudnia.lnk
Found ! H:\Z folderu Ulubione.lnk
Found ! H:\RECYCLER\a619bc72.exe

################## | Registry |

Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyMusic -> 0
Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowPrinters -> 0

################## | E.O.F | http://www.en.usbfix.net/ - http://www.sosvirus.net |