############################## | UsbFix V 7.

169 | [Supresin]
Usuario: SERGIO (Administrador) # SERGIO-PC
Actualizado el 31/03/2014 por El Desaparecido - Team SosVirus
Comenz a 19:19:27 | 01/05/2014
Sitio web : http://www.es.usbfix.net/
Changelog : http://www.usbfix.net/maj/
Support : http://es.kioskea.net/forum/virus-seguridad-7
Upload Malware : http://www.sosvirus.net/upload_malware.php
Contacto : http://www.es.usbfix.net/contacto/
PC: ECS (Nettle3)
CPU: AMD Phenom(tm) 8650 Triple-Core Processor
RAM -> [Total : 1918 Mo| Free : 649 Mo]
Bios: Phoenix Technologies, LTD
Boot: Normal boot
OS:
WB:
WB:
WB:

Microsoft Windows 7 Enterprise (6.1.7601 32-Bit) Service Pack 1

Windows Internet Explorer : 10.0.9200.16736
Google Chrome : 34.0.1847.131
Mozilla Firefox : 28.0

SC:
WU:
AS:
FW:

Security Center [Enabled]

Windows Update [Enabled]
Windows Defender [Enabled | (!) Outdated]
Windows FireWall [Enabled]

C:\
D:\
E:\
F:\
G:\

(%systemdrive%) -> Disco fijo # 78 Gb (19 Mb libre(s) - 24%) [] # NTFS

-> CD-ROM
-> CD-ROM
-> Disco fijo # 155 Gb (95 Mb libre(s) - 62%) [DATOS] # NTFS
-> Disco extrable # 4 Gb (2 Mb libre(s) - 61%) [SERGIO-LEON] # FAT32

################## | Procesos Activos |

C:\Windows\system32\csrss.exe (ID: 372 |ParentID: 364)
C:\Windows\system32\wininit.exe (ID: 440 |ParentID: 364)
C:\Windows\system32\csrss.exe (ID: 452 |ParentID: 432)
C:\Windows\system32\services.exe (ID: 504 |ParentID: 440)
C:\Windows\system32\lsass.exe (ID: 512 |ParentID: 440)
C:\Windows\system32\lsm.exe (ID: 520 |ParentID: 440)
C:\Windows\system32\winlogon.exe (ID: 548 |ParentID: 432)
C:\Windows\system32\svchost.exe (ID: 668 |ParentID: 504)
C:\Windows\system32\nvvsvc.exe (ID: 736 |ParentID: 504)
C:\Windows\system32\svchost.exe (ID: 776 |ParentID: 504)
C:\Windows\System32\svchost.exe (ID: 844 |ParentID: 504)
C:\Windows\System32\svchost.exe (ID: 912 |ParentID: 504)
C:\Windows\system32\svchost.exe (ID: 944 |ParentID: 504)
C:\Windows\system32\svchost.exe (ID: 984 |ParentID: 504)
C:\Windows\system32\svchost.exe (ID: 1220 |ParentID: 504)
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ID: 1284 |ParentID: 504)
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (ID: 1340 |ParentID: 73
6)
C:\Windows\system32\nvvsvc.exe (ID: 1348 |ParentID: 736)
C:\Program Files\Alwil Software\Avast4\ashServ.exe (ID: 1388 |ParentID: 504)
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (ID: 1696 |ParentID: 1340
)
C:\Windows\System32\spoolsv.exe (ID: 1872 |ParentID: 504)
C:\Windows\system32\taskhost.exe (ID: 1952 |ParentID: 504)

C:\Windows\system32\svchost.exe (ID: 1960 |ParentID: 504)

C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (ID: 328 |ParentID: 504)
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (ID: 388 |ParentID: 504)
C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe (ID: 492 |
ParentID: 504)
C:\Windows\system32\taskeng.exe (ID: 792 |ParentID: 984)
C:\Program Files\Rainbow Technologies\SentinelLM 7.2.0.1 Server\English\lservnt.
exe (ID: 1624 |ParentID: 504)
C:\Program Files\Skype\Updater\Updater.exe (ID: 1672 |ParentID: 504)
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (ID: 1688 |ParentI
D: 504)
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (ID: 18
80 |ParentID: 504)
C:\Windows\system32\svchost.exe (ID: 432 |ParentID: 504)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (ID: 150
8 |ParentID: 504)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (ID: 21
88 |ParentID: 1508)
C:\Windows\system32\sppsvc.exe (ID: 2336 |ParentID: 504)
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ID: 2396 |ParentID: 504)
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ID: 2428 |ParentID: 504)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 2608 |ParentID: 668)
C:\Windows\system32\Dwm.exe (ID: 2812 |ParentID: 912)
C:\Windows\Explorer.EXE (ID: 2820 |ParentID: 2804)
C:\Windows\system32\runonce.exe (ID: 2864 |ParentID: 2820)
################## | Bsqueda genrica |
(!) Archivos temporales suprimido.
################## | Registro |
Suprimido ! HKU\S-1-5-21-1536225855-4124339264-1815096150-1000\Software\.\.\.\.\
Mountpoints2\{5bd608dc-8cf2-11e2-945d-002197ca35f7}
################## | Regedit Run |
F2 - HKLM\..\Winlogon : [Shell] explorer.exe
F2 - [x64] HKLM\..\Winlogon : [Shell] explorer.exe
F2 - HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe,
F2 - [x64] HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe,
04 - HKCU\..\Run : [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAnt
iSpyware.exe
04 - HKCU\..\Run : [ares] "C:\Program Files\Ares\Ares.exe" -h
04 - HKCU\..\Run : [obgzcomtit] wscript.exe //B "C:\Users\SERGIO\AppData\Roaming
\obgzcomtit.vbs"
04 - HKLM\..\Run : [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
04 - HKLM\..\Run : [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\Adob
eARM.exe"
04 - HKLM\..\Run : [UnlockerAssistant] "F:\Unlocker\UnlockerAssistant.exe"
04 - HKLM\..\Run : [DBPrompt] "C:\Windows\ptservice.exe"
04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe
/autoRun
04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe
/autoRun
04 - HKU\S-1-5-21-1536225855-4124339264-1815096150-1000\..\Run : [SUPERAntiSpywa
re] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
04 - HKU\S-1-5-21-1536225855-4124339264-1815096150-1000\..\Run : [ares] "C:\Prog
ram Files\Ares\Ares.exe" -h

04 - HKU\S-1-5-21-1536225855-4124339264-1815096150-1000\..\Run : [obgzcomtit] ws
cript.exe //B "C:\Users\SERGIO\AppData\Roaming\obgzcomtit.vbs"
04 - HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-18\..\RunOnce : [SPReview] "C:\Windows\System32\SPReview\SPReview
.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:
7601
################## | Listing |
[28/11/2013 - 02:09:54 | SHD] - C:\$Recycle.Bin
[08/10/2012 - 19:53:42 | D] - C:\Archivos de programa
[28/11/2013 - 02:09:54 | D] - C:\AspenONE
[10/06/2009 - 16:42:20 | A | 0 Ko] - C:\autoexec.bat
[25/04/2014 - 10:01:11 | D] - C:\Config.Msi
[10/06/2009 - 16:42:20 | N | 0 Ko] - C:\config.sys
[13/07/2009 - 23:53:55 | SHD] - C:\Documents and Settings
[01/05/2014 - 19:17:50 | ASH | 1473292 Ko] - C:\hiberfil.sys
[02/11/2013 - 10:46:59 | RASH | 0 Ko] - C:\IO.SYS
[02/11/2013 - 10:46:59 | RASH | 0 Ko] - C:\MSDOS.SYS
[28/11/2013 - 02:09:54 | RHD] - C:\MSOCache
[01/05/2014 - 19:17:50 | ASH | 2946048 Ko] - C:\pagefile.sys
[24/11/2013 - 13:47:41 | N | 1 Ko] - C:\PC-Clean.BAT
[25/04/2014 - 09:45:56 | D] - C:\Program Files
[28/11/2013 - 02:05:00 | D] - C:\Program Files (x86)
[25/04/2014 - 09:41:09 | HD] - C:\ProgramData
[08/10/2012 - 19:53:43 | SHD] - C:\Recovery
[28/11/2013 - 11:28:19 | D] - C:\rtx
[21/03/2014 - 08:42:08 | D] - C:\SolidWorks Data
[28/04/2014 - 12:43:25 | SHD] - C:\System Volume Information
[03/10/2013 - 13:49:00 | D] - C:\Temp
[28/11/2013 - 02:09:58 | D] - C:\TPX
[01/05/2014 - 19:15:43 | D] - C:\UsbFix
[01/05/2014 - 19:14:00 | N | 11 Ko | 9F5E05DEA9410034B9B608C9278CDC4E] - C:\UsbF
ix [Clean 2] SERGIO-PC.txt
[01/05/2014 - 19:20:36 | A | 7 Ko | 4E240C0C0B390A35EF603F77DF4B6196] - C:\UsbFi
x [Clean 4] SERGIO-PC.txt
[01/05/2014 - 19:06:32 | N | 8 Ko | 36BB8A5A04A5ACDB2F8FE98A7766A5A7] - C:\UsbFi
x [Scan 1] SERGIO-PC.txt
[13/04/2013 - 09:36:30 | D] - C:\Users
[25/04/2014 - 09:41:10 | D] - C:\Windows
################## | Vaccin |
F:\Autorun.inf -> Vacuna creada por UsbFix (El Desaparecido)
G:\Autorun.inf -> Vacuna creada por UsbFix (El Desaparecido)
################## | E.O.F | http://www.es.usbfix.net/ - http://www.sosvirus.net
|