############################## | UsbFix V 7.115 | [Research] User: Marzencia (Administrator) # MARZENCIA-PC Updated 08/03/2013 by El Desaparecido Started at 07:36:24 | 11/03/2013 Website: http://sosvirus.org/index.php Contact: contact@sosvirus.org PC: Acer (Aspire 5735 ) (X86-based PC) CPU: Intel(R) Pentium(R) Dual CPU T3400 @ 2.16GHz (2166) RAM -> [Total : 3000 | Free : 1346] BIOS: Ver 1.00PARTTBL BOOT: Normal boot OS: Microsoft® Windows Vista™ Home Premium (6.0.6002 32-Bit) # Service Pack 2 WB: Windows Internet Explorer 7.0.6002.18005 SC: Security Center Service [Enabled] WU: Windows Update Service [Enabled] AV: avast! Antivirus [Enabled | Updated] FW: Windows FireWall Service [Enabled] C:\ (%systemdrive%) -> Fixed drive # 112 Gb (48 Mb free - 43%) [ACER] # NTFS D:\ -> Fixed drive # 112 Gb (86 Mb free - 77%) [DATA] # NTFS E:\ -> CD-ROM F:\ -> Fixed drive # 932 Gb (26 Mb free - 3%) [Elements] # NTFS G:\ -> CD-ROM H:\ -> Removable drive # 2 Gb (2 Mb free - 98%) [] # FAT32 ################## | Active Processes | C:\Windows\system32\csrss.exe (620) C:\Windows\system32\wininit.exe (664) C:\Windows\system32\csrss.exe (676) C:\Windows\system32\services.exe (708) C:\Windows\system32\lsass.exe (720) C:\Windows\system32\lsm.exe (732) C:\Windows\system32\winlogon.exe (844) C:\Windows\system32\svchost.exe (924) C:\Windows\system32\svchost.exe (1000) C:\Windows\System32\svchost.exe (1040) C:\Windows\System32\svchost.exe (1132) C:\Windows\System32\svchost.exe (1160) C:\Windows\system32\svchost.exe (1180) C:\Windows\system32\SLsvc.exe (1328) C:\Windows\system32\svchost.exe (1364) C:\Windows\system32\svchost.exe (1580) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (1696) C:\Windows\System32\spoolsv.exe (1808) C:\Windows\system32\svchost.exe (1844) C:\Windows\system32\agrsmsvc.exe (2016) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe (2044) C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe (272) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (296) C:\Program Files\Acer\Empowering Technology\Service\ETService.exe (700) C:\Program Files\Common Files\LightScribe\LSSrvc.exe (1168) C:\Acer\Mobility Center\MobilityService.exe (1348) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (1884) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (2068) C:\Windows\system32\svchost.exe (2096) C:\Program Files\Cyberlink\Shared files\RichVideo.exe (2116) C:\Windows\system32\svchost.exe (2148) C:\Windows\System32\svchost.exe (2204) C:\Windows\system32\SearchIndexer.exe (2280) C:\Windows\system32\wbem\unsecapp.exe (2728) C:\Windows\system32\wbem\wmiprvse.exe (2844) C:\Windows\system32\Dwm.exe (3088) C:\Windows\system32\taskeng.exe (3116) C:\Windows\Explorer.EXE (3128) C:\Program Files\Windows Defender\MSASCui.exe (3592) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (3612) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe (3628) C:\Windows\RtHDVCpl.exe (3700) C:\Windows\PLFSetI.exe (3764) C:\Windows\system32\igfxsrvc.exe (3812) C:\Program Files\Launch Manager\LManager.exe (3940) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (3956) C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (3984) C:\Program Files\Alwil Software\Avast5\AvastUI.exe (3992) C:\Windows\System32\igfxtray.exe (4028) C:\Windows\System32\hkcmd.exe (4080) C:\Windows\System32\igfxpers.exe (2276) C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (1448) C:\Windows\ehome\ehtray.exe (1560) C:\Windows\system32\wbem\unsecapp.exe (3176) C:\Users\MARZEN~1\AppData\Local\Temp\RtkBtMnt.exe (3392) C:\Windows\system32\igfxext.exe (3032) C:\Windows\system32\igfxsrvc.exe (3464) C:\Windows\ehome\ehmsas.exe (3396) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (2540) C:\Windows\system32\svchost.exe (1344) C:\Program Files\PLAY ONLINE\PLAY ONLINE.exe (3440) C:\Program Files\Mozilla Firefox\firefox.exe (4776) C:\Users\Marzencia\Downloads\OTL.exe (5516) C:\Windows\notepad.exe (3196) C:\UsbFix\Go.exe (5384) C:\Windows\system32\wbem\wmiprvse.exe (5016) ################## | Files # Infected Folders | Found ! C:\Users\MARZEN~1\AppData\Local\Temp\DataCard_Setup.exe Found ! C:\Users\MARZEN~1\AppData\Local\Temp\RtkBtMnt.exe Found ! F:\Recycler\f4448e25.exe Found ! G:\AutoRun.exe Found ! F:\Recycler\desktop.ini Found ! G:\AUTORUN.INF Found ! C:\Users\Marzencia\AppData\Local\Temp\RtkBtMnt.exe ################## | Registry | ################## | Mountpoints2 | HKCU\.\.\.\.\Explorer\MountPoints2\{08134cf9-747c-11e0-97d0-001d72ee2c93} Shell\AutoRun\Command = F:\AutoRun.exe HKCU\.\.\.\.\Explorer\MountPoints2\{08134d22-747c-11e0-97d0-001d72ee2c93} Shell\AutoRun\Command = F:\AutoRun.exe HKCU\.\.\.\.\Explorer\MountPoints2\{1bbe16d1-c8ab-11e0-9743-001f3b71dcab} Shell\AutoRun\Command = G:\AutoRun.exe HKCU\.\.\.\.\Explorer\MountPoints2\{435bab0c-9bdf-11e0-a6d2-001f3b71dcab} Shell\AutoRun\Command = F:\AutoRun.exe HKCU\.\.\.\.\Explorer\MountPoints2\{435bab1b-9bdf-11e0-a6d2-001f3b71dcab} Shell\AutoRun\Command = F:\AutoRun.exe HKCU\.\.\.\.\Explorer\MountPoints2\{43f2abb6-c745-11df-b3f5-001d72ee2c93} Shell\AutoRun\Command = 8xcrbho6.exe Shell\open\Command = 8xcrbho6.exe HKCU\.\.\.\.\Explorer\MountPoints2\{4f5567ad-34ed-11de-beeb-001d72ee2c93} Shell\AutoRun\Command = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs HKCU\.\.\.\.\Explorer\MountPoints2\{767b70bb-8a09-11e2-bfda-001f3b71dcab} Shell\AutoRun\Command = G:\AutoRun.exe HKCU\.\.\.\.\Explorer\MountPoints2\{d35cea15-5666-11de-b1fb-001d72ee2c93} Shell\1\Command = F:\explorer.exe Shell\AutoRun\Command = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\explorer.exe ################## | Vaccin | (!) This computer is not vaccinated! ################## | E.O.F | http://sosvirus.org |