############################## | UsbFix V 7.130 | [Research]

User: ppp (Administrator) # PPP-C95F006778C
Updated 20/08/2013 by El Desaparecido
Started at 11:07:09 | 23/08/2013

Website: http://sosvirus.net/
Upload Malware: http://sosvirus.net/viewtopic.php?f=6&t=489
Contact: eldesaparecido@sosvirus.net

PC: FUJITSU SIEMENS (SCENIC P / SCENICO P) (X86-based PC)
CPU:                 Intel(R) Celeron(R) CPU 2.80GHz (2800)
RAM -> [Total : 1023 | Free : 183]
BIOS: Version 5.00 R1.07.1961
BOOT: Normal boot

OS: Microsoft Windows XP Home Edition (5.1.2600 32-Bit) # Dodatek Service Pack 2
WB: Windows Internet Explorer 6.0.2900.2180

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Fixed drive # 24 Gb (4 Mb free - 17%) [] # NTFS
D:\ -> Fixed drive # 50 Gb (33 Mb free - 66%) [] # NTFS
E:\ -> CD-ROM
F:\ -> Removable drive # 2 Gb (2 Mb free - 83%) [] # FAT
G:\ -> Removable drive # 2 Gb (954 Mb free - 50%) [KINGSTON] # FAT

################## | Active Processes |

C:\WINDOWS\System32\smss.exe (544)
C:\WINDOWS\system32\winlogon.exe (624)
C:\WINDOWS\system32\services.exe (668)
C:\WINDOWS\system32\lsass.exe (680)
C:\WINDOWS\system32\svchost.exe (832)
C:\WINDOWS\System32\svchost.exe (1028)
C:\WINDOWS\system32\svchost.exe (1064)
C:\WINDOWS\Explorer.EXE (1388)
C:\WINDOWS\system32\spoolsv.exe (1580)
C:\Program Files\VDOTool\TBPanel.exe (1804)
C:\WINDOWS\system32\RUNDLL32.EXE (1824)
C:\Program Files\SweetIM\Messenger\SweetIM.exe (1840)
C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe (1852)
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (1872)
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (1892)
C:\Program Files\CardDetector\ICON225\CardDetector.exe (1916)
C:\WINDOWS\system32\ctfmon.exe (1932)
C:\Program Files\Messenger\msmsgs.exe (1940)
C:\WINDOWS\system32\rundll32.exe (1976)
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (2012)
C:\WINDOWS\system32\svchost.exe (396)
C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe (480)
C:\WINDOWS\System32\svchost.exe (592)
C:\WINDOWS\system32\nvsvc32.exe (724)
C:\WINDOWS\System32\svchost.exe (1200)
C:\WINDOWS\system32\svchost.exe (1324)
C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe (3740)
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe (3888)
C:\WINDOWS\System32\svchost.exe (3980)
C:\Program Files\Mozilla Firefox\firefox.exe (3924)
C:\Program Files\Mozilla Firefox\plugin-container.exe (2696)
C:\WINDOWS\notepad.exe (3296)
C:\WINDOWS\notepad.exe (3316)
C:\UsbFix\Go.exe (3396)

################## | El Desaparecido Section |

HKLM\SOFTWARE | Run : [NvCplDaemon] - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\SOFTWARE | Run : [Gainward] - C:\Program Files\VDOTool\TBPanel.exe /A
HKLM\SOFTWARE | Run : [NvMediaCenter] - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
HKLM\SOFTWARE | Run : [ROC_roc_ssl_v12] - "C:\Program Files\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
HKLM\SOFTWARE | Run : [SweetIM] - C:\Program Files\SweetIM\Messenger\SweetIM.exe
HKLM\SOFTWARE | Run : [Sweetpacks Communicator] - C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe
HKLM\SOFTWARE | Run : [HP Software Update] - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE | Run : [DivXMediaServer] - C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
HKLM\SOFTWARE | Run : [RTHDCPL] - RTHDCPL.EXE
HKLM\SOFTWARE | Run : [Alcmtr] - ALCMTR.EXE
HKLM\SOFTWARE | Run : [CardDetectorICON225] - C:\Program Files\CardDetector\ICON225\CardDetector.exe
HKLM\SOFTWARE | RunOnce : [] - 
HKU\S-1-5-19\SOFTWARE | Run : [CTFMON.EXE] - C:\WINDOWS\system32\CTFMON.EXE
HKU\S-1-5-20\SOFTWARE | Run : [CTFMON.EXE] - C:\WINDOWS\system32\CTFMON.EXE
HKU\S-1-5-21-57989841-1844237615-682003330-1004\SOFTWARE | Run : [CTFMON.EXE] - C:\WINDOWS\system32\ctfmon.exe
HKU\S-1-5-21-57989841-1844237615-682003330-1004\SOFTWARE | Run : [MSMSGS] - "C:\Program Files\Messenger\msmsgs.exe" /background
HKU\S-1-5-21-57989841-1844237615-682003330-1004\SOFTWARE | Run : [Odkurzacz-MCD] - C:\Program Files\Odkurzacz\odk_mcd.exe
HKU\S-1-5-21-57989841-1844237615-682003330-1004\SOFTWARE | Run : [ALLUpdate] - "C:\Program Files\ALLPlayer\ALLUpdate.exe" "sleep"
HKU\S-1-5-21-57989841-1844237615-682003330-1004\SOFTWARE | Run : [Galileo] - C:\Documents and Settings\ppp\Ustawienia lokalne\Dane aplikacji\Galileo\galileo.exe silent
HKU\S-1-5-21-57989841-1844237615-682003330-1004\SOFTWARE | Run : [NTRedirect] - C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\ppp\Dane aplikacji\BabSolution\Shared\NTRedirect.dll",Run
HKU\S-1-5-18\SOFTWARE | Run : [CTFMON.EXE] - C:\WINDOWS\system32\CTFMON.EXE

################## | Files # Infected Folders |


################## | Registry |


################## | Mountpoints2 |

HKCU\.\.\.\.\Explorer\MountPoints2\{f1d55f0e-e57e-11e2-86c5-0024d280102c}
Shell\AutoRun\Command = F:\AutoRunCardDetector.exe



################## | Vaccin |

(!) This computer is not vaccinated!

################## | E.O.F | http://sosvirus.net |