Usbfix (Clean 1) Paola-Pc

############################## | UsbFix V 7.
144 | [Supresin]
Usuario: paola (Administrador) # PAOLA-PC
Actualizado el 08/10/2013 por El Desaparecido - Team SosVirus
Comenz a 21:06:41 | 13/10/2013
Sitio web: http://www.usbfix.net/
Forum : http://www.sosvirus.net/
Upload Malware: http://www.sosvirus.net/upload_malware.php
Contacto: http://www.usbfix.net/contact/
PC: Hewlett-Packard (1854)
CPU: Intel(R) Core(TM) i3-2350M CPU @ 2.30GHz
RAM -> [Total : 2719 | Free : 842]
Bios: Insyde
Boot: Normal boot
OS: Microsoft Windows 7 Ultimate (6.1.7600 32-Bit) #
WB: Windows Internet Explorer 8.0.7600.16385
SC:
WU:
AS:
FW:
Security Center Service [Enabled]

Windows Update Service [Enabled]
Windows Defender [Enabled | (!) Outdated]
Windows FireWall Service [Enabled]
C:\
D:\
E:\
F:\
G:\
J:\
(%systemdrive%) -> Disco fijo # 76 Gb (41 Mb libre(s) - 54%) [] # NTFS

-> Disco fijo # 370 Gb (361 Mb libre(s) - 98%) [] # NTFS
-> Disco fijo # 20 Gb (19 Mb libre(s) - 99%) [] # NTFS
-> CD-ROM
-> Disco extrable # 7 Gb (3 Mb libre(s) - 40%) [ANDRE] # FAT32
-> Disco extrable # 4 Gb (604 Mb libre(s) - 16%) [PAOLA] # FAT32
################## | Regedit Run |

HKLM\SOFTWARE | Run : [GrooveMonitor] - "C:\Program Files\Microsoft Office\Offic
e12\GrooveMonitor.exe"
HKLM\SOFTWARE | Run : [Adobe Reader Speed Launcher] - "C:\Program Files\Adobe\Re
ader 10.0\Reader\Reader_sl.exe"
HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files\Common Files\Adobe\ARM\1.0
\AdobeARM.exe"
HKLM\SOFTWARE | Run : [NBAgent] - "C:\Program Files\Nero\Nero 10\Nero BackItUp\N
BAgent.exe" /WinStart
HKLM\SOFTWARE | Run : [IgfxTray] - C:\Windows\system32\igfxtray.exe
HKLM\SOFTWARE | Run : [HotKeysCmds] - C:\Windows\system32\hkcmd.exe
HKLM\SOFTWARE | Run : [Persistence] - C:\Windows\system32\igfxpers.exe
HKLM\SOFTWARE | Run : [Updatea.vbs] - "C:\Users\paola\AppData\Local\Temp\Updatea
.vbs"
HKLM\SOFTWARE | RunOnce : [] HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar
.exe /autoRun
HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar
.exe /autoRun
HKU\S-1-5-21-3050594924-1935224671-2983113139-1000\SOFTWARE | Run : [Updatea.vbs
] - "C:\Users\paola\AppData\Local\Temp\Updatea.vbs"
HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
################## | ByPass |
Parado! C:\Windows\System32\mshta.exe (ID 1732 |ParentID 3572)
Parado! C:\Windows\System32\WScript.exe (ID 3572 |ParentID 3928 )

################## | Procesos Parados |
Parado! C:\Windows\System32\spoolsv.exe (ID 1376 |ParentID 472)
Parado! C:\Program Files\Intel\iCLS Client\HeciServer.exe (ID 1524 |ParentID 472
)
Parado! C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_ser
vice.exe (ID 1560 |ParentID 472)
Parado! C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe (ID 158
8 |ParentID 472)
Parado! C:\Windows\system32\taskhost.exe (ID 1644 |ParentID 472)
Parado! C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\sql
servr.exe (ID 2016 |ParentID 472)
Parado! C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (ID 252 |Pa
rentID 1740)
Parado! C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe (ID 352 |ParentI
D 1740)
Parado! C:\Windows\System32\hkcmd.exe (ID 324 |ParentID 1740)
Parado! C:\Windows\System32\igfxpers.exe (ID 608 |ParentID 1740)
Parado! C:\Program Files\Microsoft SQL Server\MSAS10.MSSQLSERVER\OLAP\bin\msmdsr
v.exe (ID 1972 |ParentID 472)
Parado! C:\Program Files\Microsoft SQL Server\MSRS10.MSSQLSERVER\Reporting Servi
ces\ReportServer\bin\ReportingServicesService.exe (ID 1672 |ParentID 472)
Parado! C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (ID 2204 |
ParentID 472)
Parado! C:\Program Files\Movistar\Escritorio Movistar Latam\ImpWiFiSvc.exe (ID 2
276 |ParentID 472)
Parado! C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdl
auncher.exe (ID 2812 |ParentID 472)
Parado! C:\Windows\system32\SearchIndexer.exe (ID 2832 |ParentID 472)
Parado! C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdh
ost.exe (ID 2996 |ParentID 2812)
Parado! C:\Windows\system32\conhost.exe (ID 3004 |ParentID 364)
Parado! C:\Windows\system32\WUDFHost.exe (ID 3288 |ParentID 768)
Parado! C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(ID 3960 |ParentID 472)
Parado! C:\Program Files\Nero\Update\NASvc.exe (ID 2672 |ParentID 472)
Parado! C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(ID 2272 |ParentID 472)
Parado! C:\Program Files\Windows Media Player\wmplayer.exe (ID 3212 |ParentID 59
2)
Parado! C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe (ID 3432 |ParentI
D 1740)
Parado! C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe (ID 4444 |ParentI
D 3432)
Parado! C:\Program Files\Google\Chrome\Application\chrome.exe (ID 2932 |ParentID
1740)
2932)
2932)
2932)
Parado! C:\Program Files\Microsoft Visual Studio 11.0\Common7\IDE\devenv.exe (ID
2640 |ParentID 5568)
Parado! C:\Program Files\Microsoft Visual Studio 11.0\Common7\IDE\Microsoft.Visu
alStudio.Web.Host.exe (ID 4960 |ParentID 2640)
Parado! C:\Windows\system32\conhost.exe (ID 2084 |ParentID 424)
Parado! C:\Program Files\Common Files\Microsoft Shared\DevServer\11.0\WebDev.Web
Server40.exe (ID 4572 |ParentID 2640)

2932)
2932)
2932)
Parado! C:\Program Files\WinRAR\WinRAR.exe (ID 3732 |ParentID 4684)
Parado! C:\Windows\system32\SearchProtocolHost.exe (ID 2796 |ParentID 2832)
Parado! C:\Windows\system32\SearchFilterHost.exe (ID 1960 |ParentID 2832)
################## | Archivos # Carpetas infectadas |
Suprimido ! G:\Updatea.vbs
Suprimido ! J:\Updatea.vbs
Suprimido ! C:\Users\paola\AppData\Local\Temp\Updatea.vbs
Suprimido ! C:\Users\paola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
\Startup\Updatea.vbs
Suprimido ! G:\Andre Marquez Montoya.xlsx.lnk
Suprimido ! G:\preguntas.docx.lnk
Suprimido ! G:\marquez montoya andre.rar.lnk
Suprimido ! G:\tarea de ingles.docx.lnk
Suprimido ! G:\lista.txt.lnk
Suprimido ! G:\Apuntes_resumen.odt.lnk
Suprimido ! G:\ejerciciossql.pdf.lnk
Suprimido ! G:\Repasando_bd.musica.sql.lnk
Suprimido ! G:\marquez montoya.sql.lnk
Suprimido ! G:\parcial.sql.lnk
Suprimido ! G:\Diseo Lgico 2012.zip.lnk
Suprimido ! G:\9701387-Proyectos-de-Circuitos-Digitales.pdf.lnk
Suprimido ! G:\MEGAMAN X6 HECHO POR ERICK ENCALADA.rar.lnk
Suprimido ! G:\~$Andre Marquez Montoya.xlsx.lnk
Suprimido ! G:\parcialasp.zip.lnk
Suprimido ! G:\parcialasp(1).zip.lnk
Suprimido ! G:\trabajo.zip.lnk
Suprimido ! G:\QUITAR-RECYCLER.cmd.lnk
Suprimido ! J:\conexion.sql.lnk
Suprimido ! D:\INFO\Desktop.ini
Suprimido ! G:\asp.net
Suprimido ! G:\Lista.txt
(!) Archivos temporales suprimido.
################## | Registro |
Suprimido ! HKU\S-1-5-21-3050594924-1935224671-2983113139-1000\Software\Microsof
t\Windows\CurrentVersion\Run|Updatea.vbs
Suprimido ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Updatea.vbs
Suprimido ! HKCU\.\.\.\.\Explorer\MountPoints2\{1a7cd2c2-26e5-11e3-95b4-954b21a1
0228}
################## | Listing |
[13/10/2013
[26/09/2013
[30/09/2013
[07/10/2013
21:01:44
14:41:21
10:08:13
04:31:52
|
|
|
|
SHD
SHD
N |
N |
] C:\$RECYCLE.BIN
] C:\Archivos de programa
86]
C:\arsetup.log
5204837] C:\Asp_desarrollo_andre.docx
[10/06/2009
[26/09/2013
[13/07/2009
[26/09/2013
[10/06/2009
[13/07/2009
[26/09/2013
[13/10/2013
[30/09/2013
[26/09/2013
[13/10/2013
[13/07/2009
[01/10/2013
[04/10/2013
[26/09/2013
[29/09/2013
[30/09/2013
[09/10/2013
[13/10/2013
[13/10/2013
[26/09/2013
[02/10/2013
[26/09/2013
[13/10/2013
[28/09/2013
[26/09/2013
[13/10/2013
[26/09/2013
[26/09/2013
[26/09/2013
[13/10/2013
[27/09/2013
[27/09/2013
.rar
[07/10/2013
[10/10/2013
[07/10/2013
[07/10/2013
[01/01/2007
[06/10/2013
[07/10/2013
[07/10/2013
[26/09/2013
[21/09/2013
[21/09/2013
[06/10/2013
[21/09/2013
[21/09/2013
[20/09/2013
[20/09/2013
[21/09/2013
[06/10/2013
[24/09/2013
[28/09/2013
[29/09/2013
[30/09/2013
[30/09/2013
[30/09/2013
[30/09/2013
[30/09/2013
16:42:20
08:35:36
20:38:58
08:35:37
16:42:20
23:53:55
14:43:11
13:47:53
10:14:23
15:59:12
13:47:56
21:37:05
11:21:01
22:49:05
14:41:21
12:02:41
10:22:40
16:20:05
21:11:29
21:12:40
14:41:26
10:27:18
14:43:12
20:55:23
11:59:44
16:50:24
21:11:23
17:45:17
16:50:36
17:07:01
20:55:23
23:24:54
23:22:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
N | 24]
C:\autoexec.bat
SHD ] C:\Boot
RASH | 383562]
C:\bootmgr
RASH | 8192] C:\BOOTSECT.BAK
N | 10]
C:\config.sys
SHD ] C:\Documents and Settings
N | 204868]
C:\grldr
ASH | 2138591232]
C:\hiberfil.sys
D ]
C:\Intel
RHD ] C:\MSOCache
ASH | 2851454976]
C:\pagefile.sys
D ]
C:\PerfLogs
D ]
C:\Program Files
HD ] C:\ProgramData
SHD ] C:\Recovery
D ]
C:\SQL Server 2000 Sample Databases
D ]
C:\SWSetup
SHD ] C:\System Volume Information
D ]
C:\UsbFix
A | 9107]
C:\UsbFix [Clean 1] PAOLA-PC.txt
RD ] C:\Users
D ]
C:\Windows
N | 0]
C:\winx.ld
SHD ] D:\$RECYCLE.BIN
D ]
D:\Andre
D ]
D:\Fondos
D ]
D:\Info
D ]
D:\Nueva carpeta
D ]
D:\paola
SHD ] D:\System Volume Information
SHD ] E:\$RECYCLE.BIN
D ]
E:\andre marquez montoya 26 de setiempre
N | 5098825] E:\andre marquez montoya 26 de setiempre
08:58:06
22:58:27
08:58:54
09:00:52
00:01:52
23:46:52
08:59:32
09:00:15
14:37:06
04:18:28
04:26:08
04:40:38
04:20:06
04:21:38
19:56:26
16:39:30
05:14:36
08:09:42
14:54:58
17:10:46
19:37:40
00:05:10
01:25:30
10:11:08
10:20:02
21:20:04
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
N |
N |
N |
N |
D ]
N |
N |
N |
SHD
D ]
D ]
D ]
D ]
D ]
N |
N |
D ]
N |
N |
D ]
N |
N |
N |
D ]
D ]
N |
91593]
E:\axe.jpg
1628611] E:\controles web.docx
69505]
E:\furion.jpg
14614]
E:\leoric.jpg
E:\parcial
1008900] E:\pregunta1.rar
45588]
E:\pudge.jpg
6852]
E:\slar.jpg
] E:\System Volume Information
G:\ANTIVURIS
G:\ejercicio
G:\pregunta1
G:\V CICLO
G:\VI CICLO
12147]
G:\Andre Marquez Montoya.xlsx
2991270] G:\marquez montoya andre.rar
G:\andre
32309]
G:\preguntas.docx
5688662] G:\tarea de ingles.docx
G:\controladores de red
21678]
G:\Apuntes_resumen.odt
217713]
G:\ejerciciossql.pdf
8780]
G:\Repasando_bd.musica.sql
G:\controladores de graficos
G:\controlador de chipset
1654]
G:\marquez montoya.sql
[23/09/2013
[02/10/2013
[04/11/2012
[02/10/2013
les.pdf
[04/10/2013
[04/10/2013
[04/10/2013
ar
[04/10/2013
[04/10/2013
[04/10/2013
[04/10/2013
[10/10/2013
[11/10/2013
[19/08/2011
[10/10/2013
[10/10/2013
[10/10/2013
21:23:28
16:21:24
15:19:54
18:27:12
|
|
|
|
N
D
N
N
| 1084]
G:\parcial.sql
]
G:\sistemas digitales
| 123120839]
G:\Diseo Lgico 2012.zip
| 2736380] G:\9701387-Proyectos-de-Circuitos-Digita
- 01:00:40 | D ]
G:\Ejercicio 1
- 00:59:28 | D ]
G:\Tutoriales
- 08:17:26 | N | 39782676] G:\MEGAMAN X6 HECHO POR ERICK ENCALADA.r
-
13:33:04
13:33:44
13:44:48
13:50:52
17:29:28
00:03:40
23:59:32
22:05:16
21:04:28
22:06:54
|
|
|
|
|
|
|
|
|
|
N
N
N
D
D
N
N
N
D
D
|
|
|
]
]
|
|
|
]
]
165]
G:\~$Andre Marquez Montoya.xlsx
1360]
G:\parcialasp.zip
8973863] G:\parcialasp(1).zip
G:\parcialasp
G:\trabajo
5092333] G:\trabajo.zip
65]
G:\QUITAR-RECYCLER.cmd
474]
J:\conexion.sql
J:\Sistema
J:\
################## | Vaccin |
C:\Autorun.inf
D:\Autorun.inf
E:\Autorun.inf
G:\Autorun.inf
J:\Autorun.inf
->
->
->
->
->
Vacuna
Vacuna
Vacuna
Vacuna
Vacuna
creada
creada
creada
creada
creada
por
por
por
por
por
UsbFix
UsbFix
UsbFix
UsbFix
UsbFix
(El
(El
(El
(El
(El
Desaparecido)
Desaparecido)
Desaparecido)
Desaparecido)
Desaparecido)
################## | E.O.F | http://www.usbfix.net - http://www.sosvirus.net |

Usbfix (Clean 1) Paola-Pc

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Usbfix (Clean 1) Paola-Pc

Uploaded by

Copyright:

Available Formats

############################## | UsbFix V 7.

Security Center Service [Enabled]

(%systemdrive%) -> Disco fijo # 76 Gb (41 Mb libre(s) - 54%) [] # NTFS

################## | Regedit Run |

Parado! C:\Windows\System32\WScript.exe (ID 3572 |ParentID 3928 )

Server40.exe (ID 4572 |ParentID 2640)

################## | E.O.F | http://www.usbfix.net - http://www.sosvirus.net |

You might also like