Buda_vfs.img
lovny63
Posted messages
3
Status
Membre
-
lovny63 -
lovny63 -
Hello,
I'm new here, so I hope I'm not posting in the wrong forum.
So, I recently found an image file named
: "buda_vfs" on my 64 GB Verbatim USB stick; it is 0 KB. The problem is I no longer have access to my files that are still on the stick (movies); my stick still has my files since it shows 4.71 GB free out of 59.5.
For your information, I am on Windows 7 Home Edition, and I have an administrator account.
Thank you for your upcoming replies, but I’m thinking of formatting it if this continues; it would be a shame.
I'm new here, so I hope I'm not posting in the wrong forum.
So, I recently found an image file named
: "buda_vfs" on my 64 GB Verbatim USB stick; it is 0 KB. The problem is I no longer have access to my files that are still on the stick (movies); my stick still has my files since it shows 4.71 GB free out of 59.5.
For your information, I am on Windows 7 Home Edition, and I have an administrator account.
Thank you for your upcoming replies, but I’m thinking of formatting it if this continues; it would be a shame.
8 réponses
Is it too late or what?...
First of all, let's recap: buda_vfs.img is a file created by the Freebox Player when a DVD is inserted while a USB key or external hard drive is connected.
This file is essential for the Freebox Player to recognize the USB key and external hard drive. Therefore, it is not a virus.
This is a "bug" acknowledged by Free:
https://dev.freebox.fr/bugs/task/8828
As for the visibility of video files, however... If they are invisible while the music files are visible, it might be worth trying to recover them with data recovery software (but if they are stored elsewhere, you might as well copy them again onto the key once it is formatted)...
First of all, let's recap: buda_vfs.img is a file created by the Freebox Player when a DVD is inserted while a USB key or external hard drive is connected.
This file is essential for the Freebox Player to recognize the USB key and external hard drive. Therefore, it is not a virus.
This is a "bug" acknowledged by Free:
https://dev.freebox.fr/bugs/task/8828
As for the visibility of video files, however... If they are invisible while the music files are visible, it might be worth trying to recover them with data recovery software (but if they are stored elsewhere, you might as well copy them again onto the key once it is formatted)...
Hello
It's not an infection but related to the Freebox
https://forums.commentcamarche.net/forum/affich-25589327-buda-vfs-img-virus-ou-pas
--
If there is a problem, there is always a solution
~~~~~~ Cs ~~~~~~ Absent from July 15 to 27
It's not an infection but related to the Freebox
https://forums.commentcamarche.net/forum/affich-25589327-buda-vfs-img-virus-ou-pas
--
If there is a problem, there is always a solution
~~~~~~ Cs ~~~~~~ Absent from July 15 to 27
Hello
This file is created when you connect your USB drive to your Freebox
So just unplug your USB drive from the Freebox
It's not an infection but we will check with usbfix in scan mode
http://www.commentcamarche.net/download/telecharger-34079838-usbfix
--
If there is a problem, there is always a solution
~~~~~~ Cs ~~~~~~ Away from July 15 to 27
This file is created when you connect your USB drive to your Freebox
So just unplug your USB drive from the Freebox
It's not an infection but we will check with usbfix in scan mode
http://www.commentcamarche.net/download/telecharger-34079838-usbfix
--
If there is a problem, there is always a solution
~~~~~~ Cs ~~~~~~ Away from July 15 to 27
Re hello
Here I haven't explained everything either, sorry I'm with Orange and this file got installed when I plugged my USB stick at a friend's place, who is with Free. Is there a way to remove this file without formatting?
And I'm attaching the USBFix report, if that can help you, I read it but I don't understand much.
_[b]############################## | UsbFix V 7.172 | [Search][/b]
User: les 4thev (Administrator) # LESTHEV
Updated on 23/06/2014 by El Desaparecido - SosVirus
Started at 19:02:57 | 29/06/2014
Website: [url=http://www.usbfix.net/]http://www.usbfix.net/[/url]
Changelog: [url=http://www.usbfix.net/maj/]http://www.usbfix.net/maj/[/url]
Support: [url=http://www.sosvirus.net/forum-virus-securite.html]http://www.sosvirus.net/forum-virus-securite.html[/url]
Upload Malware: [url=http://www.sosvirus.net/upload_malware.php]http://www.sosvirus.net/upload_malware.php[/url]
Contact: [url=http://www.usbfix.net/contact/]http://www.usbfix.net/contact/[/url]
[b]################## | System information |[/b]
MB: Hewlett-Packard (1526)
CPU: Pentium(R) Dual-Core CPU T4500 @ 2.30GHz
GC: Mobile Intel(R) 4 Series Express Chipset Family
RAM -> [Total: 3996 Mo | Free: 2198 Mo]
Bios: Hewlett-Packard
Boot: Normal boot
OS: Microsoft(TM) Windows 7 Home Premium (6.1.7601 64-Bit) Service Pack 1
WB: Internet Explorer: 11.00.9600.16428
WB: Google Chrome: 35.0.1916.153
[b]################## | Security Information |[/b]
AV: Kaspersky PURE 3.0 [[b](!) Disabled[/b] | Up to date]
AS: Kaspersky PURE 3.0 [[b](!) Disabled[/b] | Up to date]
AS: Windows Defender [Active | Up to date]
FW: Kaspersky PURE 3.0 [[b](!) Disabled[/b]]
FW: Windows Firewall [Active]
SC: Security Center [Active]
WU: Windows Update [Active]
[b]################## | Disk Information |[/b]
C:\ (%SystemDrive%) -> Hard disk # 98 Go (28 Go free - 28%) [] # NTFS
D:\ -> Hard disk # 360 Go (92 Go free - 26%) [doc film] # NTFS
G:\ -> Removable disk # 60 Go (5 Go free - 8%) [STORE N GO] # FAT32
[b]################## | Active Processes |[/b]
C:\Windows\System32\smss.exe (ID: 388|ParentID: 4|System)
C:\Windows\System32\wininit.exe (ID: 592|ParentID: 508)
C:\Windows\System32\services.exe (ID: 656|ParentID: 592)
C:\Windows\System32\lsass.exe (ID: 688|ParentID: 592)
C:\Windows\System32\lsm.exe (ID: 696|ParentID: 592)
C:\Windows\System32\winlogon.exe (ID: 736|ParentID: 584)
C:\Windows\System32\svchost.exe (ID: 824|ParentID: 656)
C:\Windows\System32\svchost.exe (ID: 900|ParentID: 656)
C:\Windows\System32\svchost.exe (ID: 956|ParentID: 656)
C:\Windows\System32\svchost.exe (ID: 424|ParentID: 656)
C:\Windows\System32\svchost.exe (ID: 452|ParentID: 656)
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\stacsv64.exe (ID: 520|ParentID: 656)
C:\Windows\System32\audiodg.exe (ID: 884|ParentID: 956)
C:\Windows\System32\svchost.exe (ID: 1084|ParentID: 656)
C:\Windows\System32\svchost.exe (ID: 1120|ParentID: 656)
C:\Windows\System32\svchost.exe (ID: 1316|ParentID: 656)
C:\Windows\System32\spoolsv.exe (ID: 1440|ParentID: 656)
C:\Windows\System32\svchost.exe (ID: 1472|ParentID: 656)
C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ID: 1608|ParentID: 656)
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (ID: 1696|ParentID: 656)
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\AESTSr64.exe (ID: 1716|ParentID: 656)
C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe (ID: 1848|ParentID: 656)
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE (ID: 1884|ParentID: 656)
C:\Windows\System32\svchost.exe (ID: 1908|ParentID: 656)
C:\Windows\System32\taskhost.exe (ID: 548|ParentID: 656|les 4thev)
C:\Windows\System32\dwm.exe (ID: 1280|ParentID: 424|les 4thev)
C:\Windows\explorer.exe (ID: 1104|ParentID: 1580|les 4thev)
C:\Program Files\IDT\WDM\sttray64.exe (ID: 2416|ParentID: 1104|les 4thev)
C:\Windows\System32\hkcmd.exe (ID: 2440|ParentID: 1104|les 4thev)
C:\Windows\System32\igfxpers.exe (ID: 2448|ParentID: 1104|les 4thev)
C:\Windows\System32\igfxsrvc.exe (ID: 2552|ParentID: 824|les 4thev)
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (ID: 2576|ParentID: 1104|les 4thev)
C:\Program Files (x86)\uTorrent\uTorrent.exe (ID: 2632|ParentID: 1104|les 4thev)
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (ID: 2664|ParentID: 1104|les 4thev)
C:\Program Files (x86)\Supercopier\Supercopier.exe (ID: 2684|ParentID: 1104|les 4thev)
C:\Program Files (x86)\Skype\Phone\Skype.exe (ID: 2820|ParentID: 1104|les 4thev)
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (ID: 2188|ParentID: 2828|les 4thev)
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (ID: 2144|ParentID: 2828|les 4thev)
C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe (ID: 2112|ParentID: 2828|les 4thev)
C:\Program Files\ma-config.com\MaConfigAgent.exe (ID: 2860|ParentID: 656)
C:\Program Files (x86)\PDF Architect\HelperService.exe (ID: 3136|ParentID: 656)
C:\Program Files (x86)\PDF Architect\ConversionService.exe (ID: 3176|ParentID: 656)
C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe (ID: 3272|ParentID: 656)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (ID: 3308|ParentID: 656)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (ID: 3396|ParentID: 3308)
C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe (ID: 3784|ParentID: 3272|les 4thev)
C:\Windows\System32\svchost.exe (ID: 3996|ParentID: 656)
C:\Windows\System32\svchost.exe (ID: 3676|ParentID: 656)
C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 1920|ParentID: 656)
C:\Windows\System32\svchost.exe (ID: 4272|ParentID: 656)
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (ID: 4780|ParentID: 2576|les 4thev)
C:\Program Files\Internet Explorer\iexplore.exe (ID: 4852|ParentID: 1104|les 4thev)
C:\Program Files (x86)\Internet Explorer\iexplore.exe (ID: 4236|ParentID: 4852|les 4thev)
C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\klwtblfs.exe (ID: 2896|ParentID: 824|les 4thev)
C:\Program Files (x86)\Internet Explorer\iexplore.exe (ID: 2724|ParentID: 4852|les 4thev)
C:\Windows\System32\Macromed\Flash\FlashUtil64_13_0_0_214_ActiveX.exe (ID: 4176|ParentID: 824|les 4thev)
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (ID: 5100|ParentID: 656)
C:\Windows\System32\svchost.exe (ID: 5328|ParentID: 656)
C:\Windows\servicing\TrustedInstaller.exe (ID: 1800|ParentID: 656)
C:\Windows\System32\svchost.exe (ID: 3348|ParentID: 656)
C:\Program Files (x86)\Internet Explorer\iexplore.exe (ID: 3556|ParentID: 4852|les 4thev)
C:\Windows\System32\taskeng.exe (ID: 5532|ParentID: 452)
C:\Windows\System32\VSSVC.exe (ID: 6168|ParentID: 656)
C:\UsbFix\UsbFix.exe (ID: 4912|ParentID: 2944|les 4thev)
C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe (ID: 1584|ParentID: 6072)
C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe (ID: 464|ParentID: 656)
C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe (ID: 6220|ParentID: 6072)
C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\wmi64.exe (ID: 4712|ParentID: 464)
[b]################## | Autorun |[/b]
[b]################## | Regedit Run |[/b]
F2 - HKLM\..\Winlogon: [Shell] explorer.exe
F2 - [x64] HKLM\..\Winlogon: [Shell] explorer.exe
F2 - HKLM\..\Winlogon: [Userinit] userinit.exe,
F2 - [x64] HKLM\..\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,
04 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
04 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
04 - HKCU\..\Run: [Supercopier.exe] C:\Program Files (x86)\Supercopier\Supercopier.exe
04 - HKCU\..\Run: [Facebook Update] "C:\Users\les 4thev\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
04 - HKCU\..\Run: [Adobe Reader Synchronizer] "C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe"
04 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
04 - HKLM\..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe /start
04 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
04 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe"
04 - HKLM\..\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
04 - HKLM\..\Run: [HOSTS Anti-Adware_PUPs] C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe
04 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - [x64] HKLM\..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
04 - [x64] HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
04 - [x64] HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
04 - [x64] HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
04 - [x64] HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
04 - [x64] HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
04 - HKU\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-3397056611-4185507472-2102106554-1001\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
04 - HKU\S-1-5-21-3397056611-4185507472-2102106554-1001\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
04 - HKU\S-1-5-21-3397056611-4185507472-2102106554-1001\..\Run: [Supercopier.exe] C:\Program Files (x86)\Supercopier\Supercopier.exe
04 - HKU\S-1-5-21-3397056611-4185507472-2102106554-1001\..\Run: [Facebook Update] "C:\Users\les 4thev\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
04 - HKU\S-1-5-21-3397056611-4185507472-2102106554-1001\..\Run: [Adobe Reader Synchronizer] "C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe"
04 - HKU\S-1-5-21-3397056611-4185507472-2102106554-1001\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
04 - HKU\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe
[b]################## | Generic Search |[/b]
[b]################## | Registry |[/b]
[b]################## | E.O.F | [url=http://www.sosvirus.net/]http://www.sosvirus.net/[/url] | [url=http://www.usbfix.net/]http://www.usbfix.net/[/url] |[/b]
And thanks again for everything.
Here I haven't explained everything either, sorry I'm with Orange and this file got installed when I plugged my USB stick at a friend's place, who is with Free. Is there a way to remove this file without formatting?
And I'm attaching the USBFix report, if that can help you, I read it but I don't understand much.
_[b]############################## | UsbFix V 7.172 | [Search][/b]
User: les 4thev (Administrator) # LESTHEV
Updated on 23/06/2014 by El Desaparecido - SosVirus
Started at 19:02:57 | 29/06/2014
Website: [url=http://www.usbfix.net/]http://www.usbfix.net/[/url]
Changelog: [url=http://www.usbfix.net/maj/]http://www.usbfix.net/maj/[/url]
Support: [url=http://www.sosvirus.net/forum-virus-securite.html]http://www.sosvirus.net/forum-virus-securite.html[/url]
Upload Malware: [url=http://www.sosvirus.net/upload_malware.php]http://www.sosvirus.net/upload_malware.php[/url]
Contact: [url=http://www.usbfix.net/contact/]http://www.usbfix.net/contact/[/url]
[b]################## | System information |[/b]
MB: Hewlett-Packard (1526)
CPU: Pentium(R) Dual-Core CPU T4500 @ 2.30GHz
GC: Mobile Intel(R) 4 Series Express Chipset Family
RAM -> [Total: 3996 Mo | Free: 2198 Mo]
Bios: Hewlett-Packard
Boot: Normal boot
OS: Microsoft(TM) Windows 7 Home Premium (6.1.7601 64-Bit) Service Pack 1
WB: Internet Explorer: 11.00.9600.16428
WB: Google Chrome: 35.0.1916.153
[b]################## | Security Information |[/b]
AV: Kaspersky PURE 3.0 [[b](!) Disabled[/b] | Up to date]
AS: Kaspersky PURE 3.0 [[b](!) Disabled[/b] | Up to date]
AS: Windows Defender [Active | Up to date]
FW: Kaspersky PURE 3.0 [[b](!) Disabled[/b]]
FW: Windows Firewall [Active]
SC: Security Center [Active]
WU: Windows Update [Active]
[b]################## | Disk Information |[/b]
C:\ (%SystemDrive%) -> Hard disk # 98 Go (28 Go free - 28%) [] # NTFS
D:\ -> Hard disk # 360 Go (92 Go free - 26%) [doc film] # NTFS
G:\ -> Removable disk # 60 Go (5 Go free - 8%) [STORE N GO] # FAT32
[b]################## | Active Processes |[/b]
C:\Windows\System32\smss.exe (ID: 388|ParentID: 4|System)
C:\Windows\System32\wininit.exe (ID: 592|ParentID: 508)
C:\Windows\System32\services.exe (ID: 656|ParentID: 592)
C:\Windows\System32\lsass.exe (ID: 688|ParentID: 592)
C:\Windows\System32\lsm.exe (ID: 696|ParentID: 592)
C:\Windows\System32\winlogon.exe (ID: 736|ParentID: 584)
C:\Windows\System32\svchost.exe (ID: 824|ParentID: 656)
C:\Windows\System32\svchost.exe (ID: 900|ParentID: 656)
C:\Windows\System32\svchost.exe (ID: 956|ParentID: 656)
C:\Windows\System32\svchost.exe (ID: 424|ParentID: 656)
C:\Windows\System32\svchost.exe (ID: 452|ParentID: 656)
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\stacsv64.exe (ID: 520|ParentID: 656)
C:\Windows\System32\audiodg.exe (ID: 884|ParentID: 956)
C:\Windows\System32\svchost.exe (ID: 1084|ParentID: 656)
C:\Windows\System32\svchost.exe (ID: 1120|ParentID: 656)
C:\Windows\System32\svchost.exe (ID: 1316|ParentID: 656)
C:\Windows\System32\spoolsv.exe (ID: 1440|ParentID: 656)
C:\Windows\System32\svchost.exe (ID: 1472|ParentID: 656)
C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ID: 1608|ParentID: 656)
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (ID: 1696|ParentID: 656)
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\AESTSr64.exe (ID: 1716|ParentID: 656)
C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe (ID: 1848|ParentID: 656)
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE (ID: 1884|ParentID: 656)
C:\Windows\System32\svchost.exe (ID: 1908|ParentID: 656)
C:\Windows\System32\taskhost.exe (ID: 548|ParentID: 656|les 4thev)
C:\Windows\System32\dwm.exe (ID: 1280|ParentID: 424|les 4thev)
C:\Windows\explorer.exe (ID: 1104|ParentID: 1580|les 4thev)
C:\Program Files\IDT\WDM\sttray64.exe (ID: 2416|ParentID: 1104|les 4thev)
C:\Windows\System32\hkcmd.exe (ID: 2440|ParentID: 1104|les 4thev)
C:\Windows\System32\igfxpers.exe (ID: 2448|ParentID: 1104|les 4thev)
C:\Windows\System32\igfxsrvc.exe (ID: 2552|ParentID: 824|les 4thev)
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (ID: 2576|ParentID: 1104|les 4thev)
C:\Program Files (x86)\uTorrent\uTorrent.exe (ID: 2632|ParentID: 1104|les 4thev)
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (ID: 2664|ParentID: 1104|les 4thev)
C:\Program Files (x86)\Supercopier\Supercopier.exe (ID: 2684|ParentID: 1104|les 4thev)
C:\Program Files (x86)\Skype\Phone\Skype.exe (ID: 2820|ParentID: 1104|les 4thev)
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (ID: 2188|ParentID: 2828|les 4thev)
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (ID: 2144|ParentID: 2828|les 4thev)
C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe (ID: 2112|ParentID: 2828|les 4thev)
C:\Program Files\ma-config.com\MaConfigAgent.exe (ID: 2860|ParentID: 656)
C:\Program Files (x86)\PDF Architect\HelperService.exe (ID: 3136|ParentID: 656)
C:\Program Files (x86)\PDF Architect\ConversionService.exe (ID: 3176|ParentID: 656)
C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe (ID: 3272|ParentID: 656)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (ID: 3308|ParentID: 656)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (ID: 3396|ParentID: 3308)
C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe (ID: 3784|ParentID: 3272|les 4thev)
C:\Windows\System32\svchost.exe (ID: 3996|ParentID: 656)
C:\Windows\System32\svchost.exe (ID: 3676|ParentID: 656)
C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 1920|ParentID: 656)
C:\Windows\System32\svchost.exe (ID: 4272|ParentID: 656)
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (ID: 4780|ParentID: 2576|les 4thev)
C:\Program Files\Internet Explorer\iexplore.exe (ID: 4852|ParentID: 1104|les 4thev)
C:\Program Files (x86)\Internet Explorer\iexplore.exe (ID: 4236|ParentID: 4852|les 4thev)
C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\klwtblfs.exe (ID: 2896|ParentID: 824|les 4thev)
C:\Program Files (x86)\Internet Explorer\iexplore.exe (ID: 2724|ParentID: 4852|les 4thev)
C:\Windows\System32\Macromed\Flash\FlashUtil64_13_0_0_214_ActiveX.exe (ID: 4176|ParentID: 824|les 4thev)
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (ID: 5100|ParentID: 656)
C:\Windows\System32\svchost.exe (ID: 5328|ParentID: 656)
C:\Windows\servicing\TrustedInstaller.exe (ID: 1800|ParentID: 656)
C:\Windows\System32\svchost.exe (ID: 3348|ParentID: 656)
C:\Program Files (x86)\Internet Explorer\iexplore.exe (ID: 3556|ParentID: 4852|les 4thev)
C:\Windows\System32\taskeng.exe (ID: 5532|ParentID: 452)
C:\Windows\System32\VSSVC.exe (ID: 6168|ParentID: 656)
C:\UsbFix\UsbFix.exe (ID: 4912|ParentID: 2944|les 4thev)
C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe (ID: 1584|ParentID: 6072)
C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe (ID: 464|ParentID: 656)
C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe (ID: 6220|ParentID: 6072)
C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\wmi64.exe (ID: 4712|ParentID: 464)
[b]################## | Autorun |[/b]
[b]################## | Regedit Run |[/b]
F2 - HKLM\..\Winlogon: [Shell] explorer.exe
F2 - [x64] HKLM\..\Winlogon: [Shell] explorer.exe
F2 - HKLM\..\Winlogon: [Userinit] userinit.exe,
F2 - [x64] HKLM\..\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,
04 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
04 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
04 - HKCU\..\Run: [Supercopier.exe] C:\Program Files (x86)\Supercopier\Supercopier.exe
04 - HKCU\..\Run: [Facebook Update] "C:\Users\les 4thev\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
04 - HKCU\..\Run: [Adobe Reader Synchronizer] "C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe"
04 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
04 - HKLM\..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe /start
04 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
04 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe"
04 - HKLM\..\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
04 - HKLM\..\Run: [HOSTS Anti-Adware_PUPs] C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe
04 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - [x64] HKLM\..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
04 - [x64] HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
04 - [x64] HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
04 - [x64] HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
04 - [x64] HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
04 - [x64] HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
04 - HKU\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-3397056611-4185507472-2102106554-1001\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
04 - HKU\S-1-5-21-3397056611-4185507472-2102106554-1001\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
04 - HKU\S-1-5-21-3397056611-4185507472-2102106554-1001\..\Run: [Supercopier.exe] C:\Program Files (x86)\Supercopier\Supercopier.exe
04 - HKU\S-1-5-21-3397056611-4185507472-2102106554-1001\..\Run: [Facebook Update] "C:\Users\les 4thev\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
04 - HKU\S-1-5-21-3397056611-4185507472-2102106554-1001\..\Run: [Adobe Reader Synchronizer] "C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe"
04 - HKU\S-1-5-21-3397056611-4185507472-2102106554-1001\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
04 - HKU\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe
[b]################## | Generic Search |[/b]
[b]################## | Registry |[/b]
[b]################## | E.O.F | [url=http://www.sosvirus.net/]http://www.sosvirus.net/[/url] | [url=http://www.usbfix.net/]http://www.usbfix.net/[/url] |[/b]
And thanks again for everything.
I told you
Delete the file, it is not an infection
--
If there is a problem, there is always a solution
~~~~~~ Cs ~~~~~~ Absent from July 15 to 27
Delete the file, it is not an infection
--
If there is a problem, there is always a solution
~~~~~~ Cs ~~~~~~ Absent from July 15 to 27
Yes, you told me, but I still don't have access to my movies. Damn it, I thought that would solve everything, but no.
They may have gone into hiding?
--
If there is a problem, there is always a solution
~~~~~~ Cs ~~~~~~ Absent from July 15 to 27
--
If there is a problem, there is always a solution
~~~~~~ Cs ~~~~~~ Absent from July 15 to 27