############################## | UsbFix V 7.129 | [Research]

User: kamil (Administrator) # KAMILPC
Updated 24/06/2013 by El Desaparecido
Started at 00:33:54 | 14/07/2013

Website: http://sosvirus.net/
Upload Malware: http://www.sosvirus.net/upload-malware-pour-analyse-t489.html
Contact: contact@sosvirus.net

PC: Acer             (Aspire 5741G    ) (x64-based PC)
CPU: Intel(R) Core(TM) i5 CPU       M 430  @ 2.27GHz (2267)
RAM -> [Total : 3959 | Free : 1228]
BIOS: InsydeH2O Version V1.08
BOOT: Normal boot

OS: Microsoft Windows 7 Home Premium  (6.1.7601 64-Bit) # Service Pack 1
WB: Windows Internet Explorer 8.0.7601.17514

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: ESET NOD32 Antivirus 6.0 [Enabled | Updated]
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Fixed drive # 452 Gb (29 Mb free - 6%) [Acer] # NTFS
D:\ -> CD-ROM
E:\ -> CD-ROM
F:\ -> CD-ROM
H:\ -> Removable drive # 4 Gb (4 Mb free - 100%) [] # FAT32
I:\ -> CD-ROM
J:\ -> Removable drive # 4 Gb (2 Mb free - 52%) [] # FAT32

################## | Active Processes |

C:\Windows\system32\csrss.exe (524)
C:\Windows\system32\wininit.exe (596)
C:\Windows\system32\csrss.exe (616)
C:\Windows\system32\services.exe (652)
C:\Windows\system32\lsass.exe (676)
C:\Windows\system32\lsm.exe (684)
C:\Windows\system32\winlogon.exe (776)
C:\Windows\system32\svchost.exe (916)
C:\Windows\system32\nvvsvc.exe (976)
C:\Windows\system32\svchost.exe (1016)
C:\Windows\System32\svchost.exe (552)
C:\Windows\System32\svchost.exe (388)
C:\Windows\system32\svchost.exe (604)
C:\Windows\system32\svchost.exe (1112)
C:\Windows\system32\svchost.exe (1204)
C:\Windows\system32\svchost.exe (1288)
C:\Windows\System32\spoolsv.exe (1400)
C:\Windows\system32\nvvsvc.exe (1524)
C:\Windows\system32\taskhost.exe (1740)
C:\Windows\system32\Dwm.exe (1812)
C:\Windows\Explorer.EXE (1844)
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (1240)
C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (1384)
C:\Program Files\Elantech\ETDCtrl.exe (1628)
C:\Windows\PLFSetI.exe (1668)
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (1828)
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (1680)
C:\Program Files\Windows Sidebar\sidebar.exe (2076)
C:\ProgramData\DatacardService\DCService.exe (2368)
C:\Program Files (x86)\Launch Manager\dsiwmis.exe (2428)
C:\ProgramData\DatacardService\DCSHelper.exe (2452)
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe (2464)
C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (2528)
C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (2576)
C:\Program Files (x86)\National Instruments\Shared\NI Error Reporting\nierserver.exe (2592)
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (2632)
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (2652)
C:\Program Files\Acer\Acer Updater\UpdaterService.exe (2756)
C:\Windows\SysWOW64\lkads.exe (2788)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (2852)
C:\Windows\SysWOW64\lxdacoms.exe (2876)
C:\Program Files (x86)\National Instruments\MAX\nimxs.exe (2916)
C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe (2944)
C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe (2968)
C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe (3008)
C:\Program Files (x86)\PLAY ONLINE\PLAY ONLINE.exe (3040)
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (3056)
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (1080)
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (2164)
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (2040)
C:\Program Files (x86)\Launch Manager\LManager.exe (2172)
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe (3112)
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (3132)
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe (3156)
C:\Program Files (x86)\Launch Manager\LMworker.exe (3180)
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (3272)
C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (3292)
C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (3400)
C:\Windows\system32\svchost.exe (3420)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (3460)
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (3512)
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (3548)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (3584)
C:\Windows\system32\wbem\unsecapp.exe (3780)
C:\Windows\system32\wbem\wmiprvse.exe (4040)
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe (620)
C:\Windows\SysWOW64\lkcitdl.exe (4232)
C:\Windows\SysWOW64\lktsrv.exe (4252)
C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe (4288)
C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe (4356)
C:\Users\kamil\AppData\Local\Google\Chrome\Application\chrome.exe (4528)
C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe (4824)
C:\Users\kamil\AppData\Local\Google\Chrome\Application\chrome.exe (4112)
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe (4008)
C:\Windows\system32\SearchIndexer.exe (4380)
C:\Users\kamil\AppData\Local\Google\Chrome\Application\chrome.exe (4208)
C:\Users\kamil\AppData\Local\Google\Chrome\Application\chrome.exe (5336)
C:\Users\kamil\AppData\Local\Google\Chrome\Application\chrome.exe (5768)
C:\Users\kamil\AppData\Local\Google\Chrome\Application\chrome.exe (5836)
C:\Users\kamil\AppData\Local\Google\Chrome\Application\chrome.exe (5904)
C:\Users\kamil\AppData\Local\Google\Chrome\Application\chrome.exe (5920)
C:\Windows\system32\WUDFHost.exe (5952)
C:\Users\kamil\AppData\Local\Google\Chrome\Application\chrome.exe (6136)
C:\Users\kamil\AppData\Local\Google\Chrome\Application\chrome.exe (5640)
C:\Users\kamil\AppData\Local\Google\Chrome\Application\chrome.exe (5732)
C:\Users\kamil\AppData\Local\Google\Chrome\Application\chrome.exe (5852)
C:\Users\kamil\AppData\Local\Google\Chrome\Application\chrome.exe (5880)
C:\Users\kamil\AppData\Local\Google\Chrome\Application\chrome.exe (5052)
C:\Users\kamil\AppData\Local\Google\Chrome\Application\chrome.exe (6992)
C:\Users\kamil\AppData\Local\Google\Chrome\Application\chrome.exe (7048)
C:\Users\kamil\AppData\Local\Google\Chrome\Application\chrome.exe (7088)
C:\Users\kamil\AppData\Local\Google\Chrome\Application\chrome.exe (7152)
C:\Users\kamil\AppData\Local\Google\Chrome\Application\chrome.exe (6428)
C:\Users\kamil\AppData\Local\Google\Chrome\Application\chrome.exe (6544)
C:\Users\kamil\AppData\Local\Google\Chrome\Application\chrome.exe (6780)
C:\Users\kamil\AppData\Local\Google\Chrome\Application\chrome.exe (6540)
C:\Users\kamil\AppData\Local\Google\Chrome\Application\chrome.exe (7264)
C:\Program Files\Elantech\ETDCtrlHelper.exe (7460)
C:\Windows\system32\svchost.exe (3852)
C:\Windows\system32\svchost.exe (5268)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (7832)
C:\Windows\System32\svchost.exe (7448)
C:\Program Files\Windows Media Player\wmpnetwk.exe (1676)
C:\Windows\system32\wuauclt.exe (1720)
C:\Users\kamil\AppData\Local\Google\Chrome\Application\chrome.exe (7440)
C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe (6768)
C:\Windows\system32\svchost.exe (7956)
C:\Users\kamil\AppData\Local\Google\Chrome\Application\chrome.exe (7884)
C:\Users\kamil\AppData\Local\Google\Chrome\Application\chrome.exe (6476)
C:\Users\kamil\AppData\Local\Google\Chrome\Application\chrome.exe (3900)
C:\Users\kamil\AppData\Local\Google\Chrome\Application\chrome.exe (3432)
C:\Users\kamil\AppData\Local\Google\Chrome\Application\chrome.exe (2620)
C:\Users\kamil\AppData\Local\Google\Chrome\Application\chrome.exe (8624)
C:\Users\kamil\AppData\Local\Google\Chrome\Application\chrome.exe (8688)
C:\Users\kamil\AppData\Local\Google\Chrome\Application\chrome.exe (8792)
C:\Users\kamil\AppData\Local\Google\Chrome\Application\chrome.exe (8956)
C:\Users\kamil\Downloads\OTL.exe (8752)
C:\Users\kamil\AppData\Local\Google\Chrome\Application\chrome.exe (5232)
C:\Users\kamil\AppData\Local\Google\Chrome\Application\chrome.exe (8572)
C:\Windows\notepad.exe (8560)
C:\Windows\notepad.exe (8544)
C:\Windows\SysWOW64\NOTEPAD.EXE (7644)
C:\UsbFix\Go.exe (196)
C:\Windows\system32\wbem\wmiprvse.exe (7748)

################## | El Desaparecido Section |

HKLM\SOFTWARE | Run : [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
HKLM\SOFTWARE | Run : [SuiteTray] - "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
HKLM\SOFTWARE | Run : [EgisUpdate] - "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
HKLM\SOFTWARE | Run : [EgisTecPMMUpdate] - "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
HKLM\SOFTWARE | Run : [NortonOnlineBackupReminder] - "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
HKLM\SOFTWARE | Run : [Adobe Reader Speed Launcher] - "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
HKLM\SOFTWARE | Run : [BackupManagerTray] - "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
HKLM\SOFTWARE | Run : [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe
HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE | Run : [GrooveMonitor] - "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
HKLM\SOFTWARE | Run : [facemoods] - "C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.3\facemoodssrv.exe" /md I
HKLM\SOFTWARE | Run : [Browsers Protector] - C:\Program Files (x86)\Browsers Protector\regmon32.exe
HKLM\SOFTWARE | Run : [NI Update Service] - "C:\Program Files (x86)\National Instruments\Shared\Update Service\NIUpdateService.exe" -startupTask
HKLM\SOFTWARE | Run : [DivXUpdate] - "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
HKLM\SOFTWARE | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM\SOFTWARE\wow6432Node | Run : [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
HKLM\SOFTWARE\wow6432Node | Run : [SuiteTray] - "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
HKLM\SOFTWARE\wow6432Node | Run : [EgisUpdate] - "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
HKLM\SOFTWARE\wow6432Node | Run : [EgisTecPMMUpdate] - "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
HKLM\SOFTWARE\wow6432Node | Run : [NortonOnlineBackupReminder] - "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
HKLM\SOFTWARE\wow6432Node | Run : [Adobe Reader Speed Launcher] - "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
HKLM\SOFTWARE\wow6432Node | Run : [BackupManagerTray] - "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
HKLM\SOFTWARE\wow6432Node | Run : [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe
HKLM\SOFTWARE\wow6432Node | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE\wow6432Node | Run : [GrooveMonitor] - "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
HKLM\SOFTWARE\wow6432Node | Run : [facemoods] - "C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.3\facemoodssrv.exe" /md I
HKLM\SOFTWARE\wow6432Node | Run : [Browsers Protector] - C:\Program Files (x86)\Browsers Protector\regmon32.exe
HKLM\SOFTWARE\wow6432Node | Run : [NI Update Service] - "C:\Program Files (x86)\National Instruments\Shared\Update Service\NIUpdateService.exe" -startupTask
HKLM\SOFTWARE\wow6432Node | Run : [DivXUpdate] - "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
HKLM\SOFTWARE\wow6432Node | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM\SOFTWARE | RunOnce : [] - 
HKLM\SOFTWARE\wow6432Node | RunOnce : [] - 
HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-996039625-2918249784-1359685941-1001\SOFTWARE | Run : [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
HKU\S-1-5-21-996039625-2918249784-1359685941-1001\SOFTWARE | Run : [Google Update] - "C:\Users\kamil\AppData\Local\Google\Update\GoogleUpdate.exe" /c
HKU\S-1-5-21-996039625-2918249784-1359685941-1001\SOFTWARE | Run : [DAEMON Tools Lite] - "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
HKU\S-1-5-21-996039625-2918249784-1359685941-1001\SOFTWARE | Run : [ALLUpdate] - "C:\Program Files (x86)\ALLPlayer\ALLUpdate.exe" "sleep"
HKU\S-1-5-21-996039625-2918249784-1359685941-1001\SOFTWARE | Run : [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
HKU\S-1-5-21-996039625-2918249784-1359685941-1001\SOFTWARE | Run : [AlcoholAutomount] - "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
HKU\S-1-5-21-996039625-2918249784-1359685941-1001\SOFTWARE | Run : [swg] - "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe

################## | Files # Infected Folders |

Found ! J:\Removable Disk (4GB).lnk
Found ! C:\Users\kamil\AppData\Local\Temp\utt1F36.tmp.exe
Found ! E:\AutoRun.exe
Found ! E:\AUTORUN.INF
Found ! E:\SysConfig.dat
Found ! H:\autorun.inf
Found ! H:\desktop.ini
Found ! H:\Thumbs.db
Found ! J:\autorun.inf
Found ! J:\Thumbs.db

################## | Registry |


################## | Mountpoints2 |

HKCU\.\.\.\.\Explorer\MountPoints2\E
Shell\AutoRun\Command = E:\AutoRun.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{2db23aba-4b40-11e0-8f9e-88ae1d0f3153}
Shell\AutoRun\Command = F:\autorun.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{67a1ee0a-6020-11e0-9926-b3fc4897776e}
Shell\AutoRun\Command = E:\AutoRun.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{7af1e20a-4e52-11e0-b95d-806e6f6e6963}
Shell\AutoRun\Command = E:\AutoRun.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{7af1e23e-4e52-11e0-b95d-88ae1d0f3153}
Shell\AutoRun\Command = E:\AutoRun.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{8300d327-53b8-11e0-abf4-88ae1d0f3153}
Shell\AutoRun\Command = E:\AutoRun.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{9cd363a0-4fe3-11e0-95e3-001e101f7f74}
Shell\AutoRun\Command = E:\AutoRun.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{bf01e590-d7a9-11dd-9cd9-001e101f9843}
Shell\AutoRun\Command = "H:\WD SmartWare.exe" autoplay=true



################## | Vaccin |

(!) This computer is not vaccinated!

################## | E.O.F | http://sosvirus.net |