log po zatlaceni deletion:
############################## | UsbFix V 7.134 | [Deletion]
User: JST (Administrator) # JST-PC
Updated 06/09/2013 by El Desaparecido
Started at 13:45:51 | 12/08/2014
Website:
http://www.sosvirus.net/
Upload Malware:
http://www.sosvirus.net/upload_malware.php
Contact:
eldesaparecido@sosvirus.net
PC: Hewlett-Packard (HP Pavilion dv6700 Notebook PC ) (X86-based PC)
CPU: AMD Turion(tm) 64 X2 Mobile Technology TL-60 (2000)
RAM -> [Total : 2047 | Free : 857]
BIOS: PhoenixBIOS 4.0 Release 6.1
BOOT: Normal boot
OS: Microsoft Windows 7 Home Premium (6.1.7601 32-Bit) # Service Pack 1
WB: Windows Internet Explorer 11.0.9600.17207
SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: ESET Smart Security 7.0 [(!) Disabled | Updated]
FW: Windows FireWall Service [Enabled]
C:\ (%systemdrive%) -> Fixed drive # 73 Gb (39 Mb free - 53%) [] # NTFS
D:\ -> Fixed drive # 76 Gb (12 Mb free - 16%) [] # NTFS
F:\ -> Removable drive # 2 Gb (189 Mb free - 10%) [] # FAT
################## | El Desaparecido Section |
HKLM\SOFTWARE | Run : [Nvtmru] - "C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE | Run : [SynTPEnh] - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
HKLM\SOFTWARE | Run : [GrooveMonitor] - "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
HKLM\SOFTWARE | Run : [SunJavaUpdateSched] - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
HKLM\SOFTWARE | Run : [NvBackend] - "C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe"
HKLM\SOFTWARE | Run : [ShadowPlay] - C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
HKLM\SOFTWARE | Run : [egui] - "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
HKLM\SOFTWARE | RunOnce : [] -
HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-2933721893-1839638122-3811674133-1000\SOFTWARE | Run : [icq] - C:\Users\JST\AppData\Roaming\ICQM\icq.exe -CU
HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-18\SOFTWARE | RunOnce : [SPReview] - "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"
http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
################## | Stopped processes |
Stopped! C:\Windows\system32\nvvsvc.exe (768)
Stopped! C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (1412)
Stopped! C:\Windows\system32\nvvsvc.exe (1420)
Stopped! C:\Windows\System32\spoolsv.exe (1460)
Stopped! C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (1668)
Stopped! C:\Windows\system32\taskhost.exe (1744)
Stopped! C:\Program Files\Dassault Systemes\B20\intel_a\code\bin\CATSysDemon.exe (1800)
Stopped! C:\Program Files\ESET\ESET Smart Security\ekrn.exe (1980)
Stopped! C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe (444)
Stopped! C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (1076)
Stopped! C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe (1564)
Stopped! C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (2072)
Stopped! C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (2108)
Stopped! C:\Program Files\Common Files\Java\Java Update\jusched.exe (2148)
Stopped! C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe (2168)
Stopped! C:\Program Files\ESET\ESET Smart Security\egui.exe (2400)
Stopped! C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (2628)
Stopped! C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (2656)
Stopped! C:\Windows\system32\conhost.exe (2664)
Stopped! C:\Windows\system32\conhost.exe (2676)
Stopped! C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe (2868)
Stopped! C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (3088)
Stopped! C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (3332)
Stopped! C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE (3384)
Stopped! C:\Windows\system32\SearchIndexer.exe (3400)
Stopped! C:\Program Files\Mozilla Firefox\firefox.exe (2932)
Stopped! C:\Program Files\Windows Media Player\wmpnetwk.exe (788)
Stopped! C:\Windows\System32\WUDFHost.exe (4652)
Stopped! C:\Windows\system32\taskeng.exe (2808)
################## | Files # Infected Folders |
(!) Temporary files deleted.
################## | Registry |
################## | Mountpoints2 |
################## | Listing |
[30/06/2014 - 21:06:49 | SHD ] C:\$Recycle.Bin
[10/06/2009 - 23:42:20 | N | 24] C:\autoexec.bat
[11/08/2014 - 13:57:44 | D ] C:\Config.Msi
[10/06/2009 - 23:42:20 | N | 10] C:\config.sys
[14/07/2009 - 06:53:55 | SHD ] C:\Documents and Settings
[12/08/2014 - 09:14:15 | D ] C:\flexlm
[12/08/2014 - 09:11:29 | ASH | 1609814016] C:\hiberfil.sys
[01/07/2014 - 20:23:29 | RHD ] C:\MSOCache
[08/08/2014 - 20:56:49 | D ] C:\NVIDIA
[12/08/2014 - 09:11:32 | ASH | 2146418688] C:\pagefile.sys
[14/07/2009 - 04:37:05 | D ] C:\PerfLogs
[11/08/2014 - 14:12:29 | D ] C:\Program Files
[12/08/2014 - 09:59:09 | HD ] C:\ProgramData
[30/06/2014 - 21:06:29 | SHD ] C:\Recovery
[01/07/2014 - 08:49:06 | D ] C:\swsetup
[11/08/2014 - 13:03:01 | SHD ] C:\System Volume Information
[05/08/2014 - 11:44:23 | D ] C:\Temp
[12/08/2014 - 13:46:54 | D ] C:\UsbFix
[12/08/2014 - 13:47:19 | A | 5620] C:\UsbFix [Clean 1] JST-PC.txt
[12/08/2014 - 13:42:24 | N | 5509] C:\UsbFix [Scan 1] JST-PC.txt
[05/08/2014 - 10:34:12 | D ] C:\Users
[05/08/2014 - 19:15:14 | D ] C:\Windows
[01/07/2014 - 08:01:39 | SHD ] D:\$RECYCLE.BIN
[01/07/2014 - 07:16:38 | D ] D:\100___04
[08/07/2014 - 10:24:32 | N | 10268] D:\Benzin-ceny.xlsx
[11/08/2014 - 20:24:40 | D ] D:\brigada
[21/10/2013 - 13:15:44 | N | 21585] D:\Ceny pozemkov.xlsx
[11/08/2014 - 13:44:48 | N | 53554] D:\Dennicek vydajov.xlsx
[01/07/2014 - 07:17:09 | D ] D:\DIPLOMOVKA
[12/08/2014 - 13:35:17 | D ] D:\Downloads
[05/08/2014 - 20:27:00 | D ] D:\Foto
[29/08/2013 - 11:01:01 | N | 688759] D:\instaloavne programy.docx
[01/09/2013 - 13:49:32 | N | 7368430] D:\Juraj toth.docx
[01/07/2014 - 07:36:11 | D ] D:\mama fon
[01/07/2014 - 07:38:28 | D ] D:\Matlab R2010a
[01/07/2014 - 07:40:37 | D ] D:\NFD
[01/07/2014 - 07:52:17 | D ] D:\NI LabVIEW 2011 plus Toolkits and Device Drivers
[30/06/2014 - 14:43:40 | N | 403747] D:\Part1.CATPart
[20/07/2014 - 15:45:15 | D ] D:\Skola
[06/08/2014 - 22:22:27 | N | 11505] D:\Sledovanie pocitov Kardio.xlsx
[22/09/2013 - 21:19:48 | N | 14742] D:\splacanie uveru.xlsx
[01/07/2014 - 08:48:27 | SHD ] D:\System Volume Information
[02/01/2014 - 16:29:19 | N | 13159] D:\Tipovanie 2013.xlsx
[18/05/2014 - 11:30:05 | N | 15928] D:\Tipovanie 2014.xlsx
[25/07/2014 - 13:39:28 | N | 53207] D:\Umriete od smiechu.docx
[10/08/2014 - 21:10:01 | D ] D:\Union
[29/12/2013 - 16:01:45 | N | 14111] D:\vlaky NZ.xlsx
[29/12/2013 - 20:25:18 | N | 77824] D:\vlaky.xls
[05/08/2012 - 21:38:38 | N | 32768] F:\FOUND.000
[03/01/2013 - 21:08:24 | D ] F:\FOUND.001
[12/02/2013 - 20:30:18 | D ] F:\FOUND.002
[11/08/2014 - 08:38:20 | D ] F:\FOUND.003
[11/08/2014 - 09:04:36 | D ] F:\FOUND.004
[11/08/2014 - 13:00:20 | D ] F:\FOUND.005
################## | Vaccin |
C:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
D:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
F:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
################## | E.O.F |
http://www.sosvirus.net |
, po otvoreni kluca mi neukazalo nic len prazdne okno bez suborov .
Zkuste tam pustit USBFix 
Přispějete na provoz fóra?