Scribd Logo
Hochladen

Willkommen bei Scribd!

  • Combo Fix

    Hochgeladen von

    Patricia Quisbert
    22 Ansichten5 Seiten

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Verfügbare Formate

    TXT, PDF, TXT oder online auf Scribd lesen

    Stufen Sie dieses Dokument als nützlich ein?

    Sind diese Inhalte unangemessen?

    Dieses Dokument melden

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Als TXT, PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    22 Ansichten5 Seiten

    Combo Fix

    Hochgeladen von

    Patricia Quisbert

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Als TXT, PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    von 5

    ComboFix 13-10-08.01 - Administrador 08/10/2013 9:34.1.

    2 - x86 NETWORK
    Microsoft Windows XP Professional 5.1.2600.3.1252.591.3082.18.1015.764 [GMT -4:
    00]
    Running from: d:\pc\ComboFix.exe
    AV: Trend Micro OfficeScan Antivirus *Enabled/Updated* {4CA5B9AB-4295-4D4C-96640EBE85AE0525}
    .
    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))
    )))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\lortizf\beiapo.exe
    c:\documents and settings\lortizf\cieav.exe
    c:\documents and settings\lortizf\daaru.exe
    c:\documents and settings\lortizf\gouqiug.exe
    c:\documents and settings\lortizf\hbcar.exe
    c:\documents and settings\lortizf\hiuzoa.exe
    c:\documents and settings\lortizf\koifia.exe
    c:\documents and settings\lortizf\kouoxeq.exe
    c:\documents and settings\lortizf\lieay.exe
    c:\documents and settings\lortizf\liuxuq.exe
    c:\documents and settings\lortizf\loowee.exe
    c:\documents and settings\lortizf\moiyu.exe
    c:\documents and settings\lortizf\muaip.exe
    c:\documents and settings\lortizf\muipis.exe
    c:\documents and settings\lortizf\noeep.exe
    c:\documents and settings\lortizf\pairue.exe
    c:\documents and settings\lortizf\qieoz.exe
    c:\documents and settings\lortizf\quoxua.exe
    c:\documents and settings\lortizf\raoniu.exe
    c:\documents and settings\lortizf\saiif.exe
    c:\documents and settings\lortizf\sieuz.exe
    c:\documents and settings\lortizf\soubui.exe
    c:\documents and settings\lortizf\symoem.exe
    c:\documents and settings\lortizf\teetiav.exe
    c:\documents and settings\lortizf\veoehu.exe
    c:\documents and settings\lortizf\vowon.exe
    c:\documents and settings\lortizf\wfug.com
    c:\documents and settings\lortizf\xtvit.exe
    c:\documents and settings\lortizf\xuuuv.exe
    c:\documents and settings\lortizf\zepos.exe
    c:\documents and settings\lortizf\ziuip.exe
    c:\documents and settings\lortizf\zohek.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-09-08 to 2013-10-08 )))))))
    ))))))))))))))))))))))))
    .
    .
    2013-10-08 13:16 . 2010-06-15 15:26
    67664 ----a-wc:\windows\syste
    m32\drivers\tmactmon.sys
    2013-10-08 13:16 . 2010-06-15 15:26
    57424 ----a-wc:\windows\syste
    m32\drivers\tmevtmgr.sys
    2013-10-08 13:16 . 2010-06-15 15:25
    177232 ----a-wc:\windows\syste
    m32\drivers\tmcomm.sys
    2013-10-08 13:15 . 2013-10-08 13:15
    -------d-----wc:\windo
    ws\system32\log

    2013-10-08 13:15 . 2013-10-08 13:16


    -------d-----wc:\archi
    vos de programa\Trend Micro
    2013-10-08 13:08 . 2013-10-08 13:08
    -------d-----wc:\docum
    ents and settings\Administrador\Datos de programa\InstallShield
    2013-10-08 13:04 . 2013-10-08 13:05
    -------d-----wC:\AdwCl
    eaner
    2013-10-08 12:46 . 2013-10-08 12:46
    -------d-----wc:\windo
    ws\system32\wbem\Repository
    2013-10-08 12:21 . 2013-10-08 12:21
    -------d-----wc:\windo
    ws\SchCache
    2013-09-27 18:25 . 2013-09-27 18:25
    -------d-----wc:\docum
    ents and settings\daguilera\Datos de programa\DivX
    2013-09-27 18:25 . 2013-09-27 18:25
    -------d-----wc:\docum
    ents and settings\daguilera\Datos de programa\Media Player Classic
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))
    )))))))))))))))))))))))))))))))
    .
    2013-07-31 10:56 . 2008-04-14 11:48
    868528 ----a-wc:\windows\syste
    m32\wmvdmod.dll
    2013-07-26 02:49 . 2008-04-14 11:48
    920064 ----a-wc:\windows\syste
    m32\wininet.dll
    2013-07-26 02:48 . 2008-04-14 11:49
    1469440 ----a-wc:\windows\syste
    m32\inetcpl.cpl
    2013-07-26 02:48 . 2008-04-14 11:48
    43520 ----a-wc:\windows\syste
    m32\licmgr10.dll
    2013-07-25 15:54 . 2008-04-14 11:22
    385024 ----a-wc:\windows\syste
    m32\html.iec
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))
    )))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMAXPnP"="c:\archivos de programa\Analog Devices\Core\smax4pnp.exe" [2007-0
    1-05 872448]
    "USB Security"="c:\archivos de programa\USB Disk Security\USBGuard.exe" [2011-01
    -31 623520]
    "GrooveMonitor"="c:\archivos de programa\Microsoft Office\Office12\GrooveMonitor
    .exe" [2006-10-27 31016]
    "SynTPEnh"="c:\archivos de programa\Synaptics\SynTP\SynTPEnh.exe" [2009-07-29 15
    45512]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-03-13 141336]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-03-13 173592]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-03-13 142360]
    "Communicator"="c:\archivos de programa\Microsoft Lync\communicator.exe" [2010-1
    1-04 11937552]
    "OfficeScanNT Monitor"="c:\archivos de programa\Trend Micro\OfficeScan Client\pc
    cntmon.exe" [2010-08-12 870712]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

    "_nltide_3"="advpack.dll" [2009-03-08 128512]


    .
    [HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
    "NoAutoUpdate"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state
    \S-1-5-21-298878442-2581766405-3177602052-9258\Scripts\Logon\0\0]
    "Script"=Client_Install.bat
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.s
    ys]
    @="Driver"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Men Inicio^Programas^In
    icio^Adobe Gamma Loader.lnk]
    path=c:\documents and settings\All Users\Men Inicio\Programas\Inicio\Adobe Gamma
    Loader.lnk
    backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Re
    ader Speed Launcher]
    2008-06-12 06:38
    34672 ----a-wc:\archivos de programa\Adobe\Re
    ader 9.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyP
    rinter]
    2008-03-04 01:06
    1848648 ----a-wc:\archivos de programa\Canon\My
    Printer\BJMYPRT.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSol
    utionMenu]
    2008-03-11 01:20
    689488 ----a-wc:\archivos de programa\Canon\So
    lutionMenu\CNSLMAIN.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
    2007-01-02 19:46
    40960 ----a-wc:\archivos de programa\HewlettPackard\Default Settings\Cpqset.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Language
    Shortcut]
    2006-12-06 02:55
    54832 ----a-wc:\archivos de programa\CyberLin
    k\PowerDVD\Language\Language.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilt
    erCheck]
    2006-01-12 19:40
    155648 ----a-wc:\archivos de programa\Archivos
    comunes\Ahead\Lib\NeroCheck.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.
    exe]
    2008-02-26 12:36
    177456 ----a-wc:\archivos de programa\HewlettPackard\HP Quick Launch Buttons\QLBCTRL.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteCo
    ntrol]
    2006-11-23 19:10
    56928 ------wc:\archivos de programa\CyberLin
    k\PowerDVD\PDVDServ.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus
    ]

    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Authoriz
    edApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Archivos de programa\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Archivos de programa\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Archivos de programa\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    .
    R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [23/07/2008 11:31 44800]
    S2 ArcGIS License Manager;ArcGIS License Manager;c:\archivos de programa\ESRI\Li
    cense\arcgis9x\lmgrd.exe [05/03/2012 15:30 1431440]
    S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [26/07/2011 17:52 9
    9896]
    S2 ManageEngine AssetExplorer Agent;ManageEngine AssetExplorer Agent;c:\archivos
    de programa\ManageEngine\AssetExplorer\bin\agentmonitor.exe [17/06/2011 18:18 3
    03104]
    S2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [08/10/2013 9:16 5
    7424]
    S2 TmFilter;Trend Micro Filter;c:\archivos de programa\Trend Micro\OfficeScan Cl
    ient\tmxpflt.sys [25/03/2011 16:12 264504]
    S2 TmPreFilter;Trend Micro PreFilter;c:\archivos de programa\Trend Micro\OfficeS
    can Client\tmpreflt.sys [25/03/2011 16:12 36664]
    S3 Com4QLBEx;Com4QLBEx;c:\archivos de programa\Hewlett-Packard\HP Quick Launch B
    uttons\Com4QLBEx.exe [26/07/2011 15:43 193840]
    S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\c:\docume~1\usuario\CONFIG~1\
    Temp\EverestDriver.sys --> c:\docume~1\usuario\CONFIG~1\Temp\EverestDriver.sys [
    ?]
    S3 HP24X;HP PC Card Smart Card Reader;c:\windows\system32\drivers\HP24X.sys [26/
    07/2011 14:48 33024]
    S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.
    sys [28/07/2011 8:40 100736]
    S3 ManageEngine AssetExplorer RemoteControl;ManageEngine AssetExplorer RemoteCon
    trol;c:\archivos de programa\ManageEngine\AssetExplorer\RemoteControl\Service.ex
    e [17/06/2011 18:18 278528]
    S3 mvusbews;USB EWS Device;c:\windows\system32\drivers\mvusbews.sys [26/07/2011
    17:51 17408]
    S3 TmProxy;OfficeScan NT Proxy Service;c:\archivos de programa\Trend Micro\Offic
    eScan Client\TmProxy.exe [25/03/2011 16:12 689416]
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-10-08 c:\windows\Tasks\User_Feed_Synchronization-{013BFEFB-4368-415C-8EF0-B
    FBB7208F1D2}.job
    - c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
    .
    2013-10-08 c:\windows\Tasks\User_Feed_Synchronization-{57FDFB2D-7CC0-430D-A80B-5
    0F74E024FF9}.job
    - c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
    .
    .
    ------- Supplementary Scan ------.
    IE: E&xportar a Microsoft Excel - c:\archiv~1\MICROS~2\Office12\EXCEL.EXE/3000
    TCP: Interfaces\{620A6084-ADCB-4E64-85AE-F8083C0FB393}: NameServer = 100.192.1.4
    ,100.192.1.30

    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http:/
    /www.gmer.net
    Rootkit scan 2013-10-08 09:40
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS --------------------.
    [HKEY_USERS\S-1-5-21-796845957-838170752-1417001333-500\Software\Microsoft\Inter
    net Explorer\User Preferences]
    @Denied: (2) (Administrator)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a8,d0,20,f7,1d,05,cc,40,a5,58,64,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a8,d0,20,f7,1d,05,cc,40,a5,58,64,\
    .
    Completion time: 2013-10-08 09:41:19
    ComboFix-quarantined-files.txt 2013-10-08 13:41
    .
    Pre-Run: 65.272.029.184 bytes libres
    Post-Run: 66.076.467.200 bytes libres
    .
    - - End Of File - - 7730667071E4E43F5272851FF69270E2
    792F61657FECE3D17A9122B4EE282847

    Das könnte Ihnen auch gefallen