############################## | UsbFix V 7.118 | [Deletion]
User: MILOŠ (Administrator) # MILOŠ-PC
Updated 24/03/2013 by El Desaparecido
Started at 14:52:08 | 27/03/2013
Website:
http://sosvirus.org/Upload Malware:
http://upload.sosvirus.org/Contact:
contact@sosvirus.org" target="_blank" rel="nofollow
PC: Acer (Aspire 6930G ) (X86-based PC)
CPU: Intel(R) Core(TM)2 Duo CPU T6400 @ 2.00GHz (2000)
RAM -> [Total : 3066 | Free : 1616]
BIOS: ZK2 v0.3204 3B04
BOOT: Normal boot
OS: Microsoft® Windows Vista™ Home Premium (6.0.6002 32-Bit) # Service Pack 2
WB: Windows Internet Explorer 9.0.8112.16421
SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: ESET NOD32 Antivirus 4.2 [Enabled | Updated]
FW: Windows FireWall Service [Enabled]
C:\ (%systemdrive%) -> Fixed drive # 144 Gb (27 Mb free - 19%) [ACER] # NTFS
D:\ -> Fixed drive # 140 Gb (14 Mb free - 10%) [DATA] # NTFS
E:\ -> CD-ROM
F:\ -> CD-ROM
G:\ -> Removable drive # 8 Gb (7 Mb free - 99%) [Miloš] # NTFS
################## | El Desaparecido Section |
HKLM\SOFTWARE | Run : [Windows Defender] - %ProgramFiles%\Windows Defender\MSASCui.exe -hide
HKLM\SOFTWARE | Run : [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
HKLM\SOFTWARE | Run : [RtHDVCpl] - RtHDVCpl.exe
HKLM\SOFTWARE | Run : [ePower_DMC] - C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
HKLM\SOFTWARE | Run : [eDataSecurity Loader] - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
HKLM\SOFTWARE | Run : [eAudio] - "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"
HKLM\SOFTWARE | Run : [BkupTray] - "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
HKLM\SOFTWARE | Run : [ProductReg] - "C:\Program Files\Acer\WR_PopUp\ProductReg.exe"
HKLM\SOFTWARE | Run : [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
HKLM\SOFTWARE | Run : [LManager] - C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
HKLM\SOFTWARE | Run : [Google Desktop Search] - "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
HKLM\SOFTWARE | Run : [eRecoveryService] -
HKLM\SOFTWARE | Run : [ArcadeDeluxeAgent] - "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
HKLM\SOFTWARE | Run : [CLMLServer] - "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
HKLM\SOFTWARE | Run : [PlayMovie] - "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
HKLM\SOFTWARE | Run : [DAEMON Tools] - "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
HKLM\SOFTWARE | Run : [GrooveMonitor] - "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
HKLM\SOFTWARE | Run : [Skytel] - Skytel.exe
HKLM\SOFTWARE | Run : [Adobe Reader Speed Launcher] - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE | Run : [AdobeAAMUpdater-1.0] - "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
HKLM\SOFTWARE | Run : [SwitchBoard] - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
HKLM\SOFTWARE | Run : [AdobeCS5ServiceManager] - "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
HKLM\SOFTWARE | Run : [egui] - "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
HKU\S-1-5-19\SOFTWARE | Run : [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
HKU\S-1-5-20\SOFTWARE | Run : [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-1436560887-626234917-1139969595-1000\SOFTWARE | Run : [Google Update] - "C:\Users\MILOŠ\AppData\Local\Google\Update\GoogleUpdate.exe" /c
HKU\S-1-5-21-1436560887-626234917-1139969595-1000\SOFTWARE | Run : [ehTray.exe] - C:\Windows\ehome\ehTray.exe
HKU\S-1-5-21-1436560887-626234917-1139969595-1001\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
HKU\S-1-5-21-1436560887-626234917-1139969595-1001\SOFTWARE | Run : [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-18\SOFTWARE | Run : [Nokia.PCSync] - D:\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
HKU\S-1-5-21-1436560887-626234917-1139969595-1001\SOFTWARE | RunOnce : [AcerScrSav] - C:\Windows\Acer\run_NB.exe
################## | Stopped processes |
Stopped! C:\Windows\system32\nvvsvc.exe (992)
Stopped! C:\Windows\system32\SLsvc.exe (1344)
Stopped! C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (1720)
Stopped! C:\Windows\system32\nvvsvc.exe (1732)
Stopped! C:\Windows\System32\spoolsv.exe (1976)
Stopped! C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe (952)
Stopped! C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe (1108)
Stopped! C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (1292)
Stopped! C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (1984)
Stopped! C:\Program Files\Acer\Empowering Technology\Service\ETService.exe (1332)
Stopped! C:\Windows\system32\taskeng.exe (2372)
Stopped! C:\Windows\Explorer.EXE (2428)
Stopped! C:\Windows\system32\taskeng.exe (2436)
Stopped! C:\Windows\system32\taskeng.exe (2520)
Stopped! C:\Program Files\Common Files\LightScribe\LSSrvc.exe (2876)
Stopped! C:\Acer\Mobility Center\MobilityService.exe (2892)
Stopped! C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (2928)
Stopped! C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (2996)
Stopped! C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (3048)
Stopped! C:\Windows\system32\PnkBstrA.exe (3088)
Stopped! C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (3232)
Stopped! C:\Windows\system32\SearchIndexer.exe (3328)
Stopped! C:\Windows\system32\DRIVERS\xaudio.exe (3404)
Stopped! C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (3432)
Stopped! C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (3764)
Stopped! C:\Windows\System32\alg.exe (4020)
Stopped! C:\Program Files\Windows Defender\MSASCui.exe (880)
Stopped! C:\Windows\RtHDVCpl.exe (2744)
Stopped! C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (940)
Stopped! C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (2272)
Stopped! C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (2784)
Stopped! C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe (2776)
Stopped! C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (2884)
Stopped! C:\Program Files\Launch Manager\QtZgAcer.EXE (1852)
Stopped! C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (124)
Stopped! C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (1680)
Stopped! C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (3504)
Stopped! C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (1428)
Stopped! C:\Program Files\DAEMON Tools\daemon.exe (300)
Stopped! C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (2352)
Stopped! C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe (684)
Stopped! C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (2316)
Stopped! C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (3848)
Stopped! C:\Windows\ehome\ehtray.exe (2648)
Stopped! C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (3884)
Stopped! C:\Windows\ehome\ehmsas.exe (3744)
Stopped! C:\Users\MILOŠ\AppData\Local\Google\Chrome\Application\chrome.exe (4080)
Stopped! C:\Users\MILO~1\AppData\Local\Temp\RtkBtMnt.exe (3176)
Stopped! C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (1900)
Stopped! C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (4220)
Stopped! C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (4732)
Stopped! C:\Users\MILOŠ\AppData\Local\Google\Update\1.3.21.135\GoogleCrashHandler.exe (4824)
Stopped! C:\Users\MILOŠ\AppData\Local\Google\Chrome\Application\chrome.exe (4856)
Stopped! C:\Users\MILOŠ\AppData\Local\Google\Chrome\Application\chrome.exe (4864)
Stopped! C:\Users\MILOŠ\AppData\Local\Google\Chrome\Application\chrome.exe (4876)
Stopped! C:\Users\MILOŠ\AppData\Local\Google\Chrome\Application\chrome.exe (4916)
Stopped! C:\Users\MILOŠ\AppData\Local\Google\Chrome\Application\chrome.exe (5252)
Stopped! C:\Users\MILOŠ\AppData\Local\Google\Chrome\Application\chrome.exe (5312)
Stopped! C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (5596)
Stopped! C:\Windows\system32\SearchProtocolHost.exe (4084)
Stopped! C:\Windows\System32\WUDFHost.exe (2844)
Stopped! C:\Windows\system32\SearchFilterHost.exe (5236)
Stopped! \\?\C:\Windows\system32\wbem\WMIADAP.EXE (4788)
Stopped! C:\Windows\servicing\TrustedInstaller.exe (3496)
Stopped! C:\Windows\system32\SearchProtocolHost.exe (4156)
################## | Files # Infected Folders |
Deleted ! C:\Users\MILO~1\AppData\Local\Temp\RtkBtMnt.exe
Deleted ! G:\autorun.inf
(!) Temporary files deleted.
################## | Registry |
################## | Mountpoints2 |
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{1156c8f1-0d11-11e0-bf4e-00238b4e6ddf}
################## | Listing |
[08/04/2010 - 11:31:14 | SHD ] C:\$RECYCLE.BIN
[08/04/2010 - 12:18:58 | D ] C:\ACER
[16/12/2010 - 19:23:45 | D ] C:\Autodesk
[18/09/2006 - 22:43:36 | N | 24] C:\autoexec.bat
[26/11/2008 - 07:42:13 | D ] C:\book
[27/03/2013 - 21:49:11 | SHD ] C:\Boot
[11/04/2009 - 07:36:36 | RASH | 333257] C:\bootmgr
[26/11/2008 - 08:16:51 | N | 8192] C:\BOOTSECT.BAK
[08/04/2010 - 12:05:05 | D ] C:\CLSetup
[18/09/2006 - 22:43:37 | N | 10] C:\config.sys
[02/11/2006 - 14:02:03 | SHD ] C:\Documents and Settings
[26/02/2013 - 21:20:28 | D ] C:\Downloads
[04/03/2013 - 18:33:49 | N | 0] C:\END
[25/03/2013 - 09:23:56 | D ] C:\EnergyPlusV7-2-0
[27/03/2013 - 14:47:31 | ASH | 3215843328] C:\hiberfil.sys
[26/11/2008 - 06:30:24 | D ] C:\Intel
[23/03/2013 - 14:45:21 | N | 0] C:\IO.SYS
[08/04/2010 - 12:05:05 | N | 20] C:\Medion.ini
[23/03/2013 - 14:45:21 | N | 0] C:\MSDOS.SYS
[11/04/2010 - 18:48:53 | RHD ] C:\MSOCache
[09/03/2011 - 07:55:56 | D ] C:\NVIDIA
[27/03/2013 - 14:47:29 | ASH | 3529633792] C:\pagefile.sys
[08/04/2010 - 11:57:10 | N | 58] C:\Partition.txt
[21/01/2008 - 03:32:31 | D ] C:\PerfLogs
[26/03/2013 - 20:37:19 | D ] C:\Program Files
[25/03/2013 - 21:05:28 | HD ] C:\ProgramData
[26/11/2008 - 06:37:32 | N | 646] C:\RHDSetup.log
[20/04/2012 - 13:36:50 | D ] C:\Score
[27/03/2013 - 13:44:02 | SHD ] C:\System Volume Information
[25/03/2013 - 15:38:37 | D ] C:\Temp
[27/03/2013 - 14:59:34 | D ] C:\UsbFix
[27/03/2013 - 14:43:31 | N | 8834] C:\UsbFix [Clean 1] MILOŠ-PC.txt
[27/03/2013 - 14:59:56 | A | 11034] C:\UsbFix [Clean 2] MILOŠ-PC.txt
[27/03/2013 - 14:04:42 | N | 3386] C:\UsbFix [Listing 1 ] MILOŠ-PC.txt
[27/03/2013 - 14:07:07 | N | 3459] C:\UsbFix [Listing 2 ] MILOŠ-PC.txt
[27/03/2013 - 14:29:54 | N | 3532] C:\UsbFix [Listing 3 ] MILOŠ-PC.txt
[13/12/2012 - 19:31:25 | D ] C:\Users
[27/03/2013 - 22:04:06 | D ] C:\Windows
[08/04/2010 - 11:31:14 | SHD ] D:\$RECYCLE.BIN
[23/03/2013 - 14:44:19 | D ] D:\Call Of Duty 1 Cz
[25/03/2013 - 20:57:43 | D ] D:\Call of Duty 2
[01/10/2011 - 18:44:18 | D ] D:\Config.Msi
[29/01/2013 - 12:45:30 | D ] D:\DOW
[22/03/2013 - 20:28:51 | D ] D:\FILMY
[17/03/2013 - 22:35:00 | D ] D:\MILOŠ
[18/12/2012 - 17:44:58 | D ] D:\Plocha Veci
[11/03/2013 - 15:23:21 | D ] D:\Stavební fyzika 2010
[08/03/2010 - 23:53:42 | SHD ] D:\System Volume Information
[18/03/2013 - 21:46:47 | D ] D:\Tomb Raider 9 CZ (2013)
[26/03/2013 - 19:34:30 | RASH | 2953] G:\desktop.ini
[26/03/2013 - 19:34:30 | D ] G:\
################## | Vaccin |
C:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
D:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
G:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
################## | E.O.F |
http://sosvirus.org |
