Combo Fix

ComboFix 11-03-16.06 - jonathan 17/03/2011 16:20:01.1.
2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.34.3082.18.1404.1043 [GMT -5:
00]
Running from: H:\ComboFix.exe
AV: ESET Smart Security 4.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F3
4C0}
FW: Cortafuegos personal de ESET *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0
}
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))
)))))))))))))))))))))))))))))
.
.
c:\windows\system32\Thumbs.db
D:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-02-17 to 2011-03-17 )))))))
))))))))))))))))))))))))
.
.
2011-03-05 19:11 . 2011-03-06 03:44 -------- d-----w- c:\docum
ents and settings\jonathan\Configuración local\Datos de programa\Google
2011-03-05 06:31 . 2011-03-05 15:25 -------- d-----w- c:\docum
ents and settings\jonathan\Configuración local\Datos de programa\OpenCandy
2011-03-05 06:31 . 2011-03-05 06:31 -------- d-----w- c:\docum
ents and settings\jonathan\Datos de programa\OpenCandy
2011-03-05 01:50 . 2011-03-05 01:50 -------- d-----w- c:\docum
ents and settings\All Users\Men Inicio
2011-03-05 01:49 . 2011-03-05 01:49 -------- d-----w- c:\archi
vos de programa\RealArcade
2011-03-04 05:40 . 2011-03-04 05:40 -------- d-----w- c:\archi
vos de programa\Moyea
2011-03-04 05:37 . 2006-10-12 00:03 75264 ----a-w- c:\windows\syste
m32\zlib1.dll
m32\MyFlashZip0.ax
m32\rtl2.dat
2011-03-03 21:45 . 2011-03-03 21:45 -------- d-----w- c:\docum
ents and settings\jonathan\Configuración local\Datos de programa\TechSmith
m32\tsccvid.dll
2011-03-03 21:40 . 2011-03-03 21:40 -------- d-----w- c:\windo
ws\system32\QuickTime
2011-03-03 21:40 . 2011-03-03 21:40 -------- d-----w- c:\docum
ents and settings\All Users\Datos de programa\TechSmith
2011-03-03 21:40 . 2011-03-03 21:40 -------- d-----w- c:\archi
vos de programa\Archivos comunes\TechSmith Shared
2011-03-03 21:39 . 2011-03-03 21:39 -------- d-----w- c:\archi
vos de programa\TechSmith
2011-02-27 19:31 . 2011-02-27 21:35 -------- d-----w- c:\docum
ents and settings\jonathan\Packet Tracer 5.2
2011-02-27 19:28 . 2011-02-27 19:28 -------- d-----w- c:\archi
vos de programa\Packet Tracer 5.2
2011-02-27 06:01 . 2011-02-27 21:12 -------- d-----w- c:\docum
ents and settings\All Users\Datos de programa\Blizzard Entertainment
2011-02-23 05:11 . 2011-03-04 05:15 -------- d-----w- c:\docum
ents and settings\jonathan\Datos de programa\Moyea
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))
)))))))))))))))))))))))))))))))
.
2011-02-24 04:57 . 2011-02-09 18:42 165232 ---ha-w- c:\documents and
settings\jonathan\Datos de programa\Microsoft\Virtual PC\VPCKeyboard.dll
m32\drivers\VMM.sys
m32\sbe.dll
m32\encdec.dll
m32\mstscax.dll
m32\mstsc.exe
m32\CmdLineExt.dll
m32\shimgvw.dll
m32\atmfd.dll
m32\win32k.sys
m32\kerberos.dll
m32\wininet.dll
2010-12-20 23:51 . 2008-04-14 12:00 43520 ------w- c:\windows\syste
m32\licmgr10.dll
2010-12-20 23:51 . 2008-04-14 12:00 1469440 ------w- c:\windows\syste
m32\inetcpl.cpl
m32\lsasrv.dll
m32\html.iec
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))
)))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\archivos de programa\Windows Live\Messenger\msnmsgr.exe" [2010-04-
17 3872080]
"Google Update"="c:\documents and settings\jonathan\Configuración local\Datos de p
rograma\Google\Update\GoogleUpdate.exe" [2011-03-05 136176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\archivos de programa\ESET\ESET Smart Security\egui.exe" [2009-05-14 2
029640]
"Adobe Reader Speed Launcher"="c:\archivos de programa\Adobe\Reader 9.0\Reader\R
eader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\archivos de programa\Archivos comunes\Adobe\ARM\1.0\AdobeARM.exe
" [2010-09-21 932288]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\jonathan\Men£ Inicio\Programas\Inicio\
CurseClientStartup.ccip [2011-3-14 0]
.
[HKLM\~\startupfolder\C:^Documents and Settings^jonathan^Menú Inicio^Programas^Ini
cio^CurseClientStartup.ccip]
path=c:\documents and settings\jonathan\Menú Inicio\Programas\Inicio\CurseClientSt
artup.ccip
backup=c:\windows\pss\CurseClientStartup.ccipStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe AR
M]
2010-09-21 04:07 932288 ----a-r- c:\archivos de programa\Archivos
comunes\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Re
ader Speed Launcher]
2011-01-31 08:44 35760 ----a-w- c:\archivos de programa\Adobe\Re
ader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.e
xe]
2008-04-14 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google U
pdate]
2011-03-05 19:11 136176 ----atw- c:\documents and settings\jonath
an\Configuración local\Datos de programa\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysC
mds]
2010-09-21 15:59 163328 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray
]
2010-09-21 16:00 129536 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persiste
nce]
2010-09-21 15:59 138752 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTim
e Task]
2010-11-29 22:38 421888 ----a-w- c:\archivos de programa\QuickTim
e\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2009-06-25 06:07 17887232 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Authoriz
edApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Archivos de programa\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe"=
.
R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [22/11/2010
01:09 p.m. 40560]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14/05/2009 03:47 p.m. 1072
56]
R2 ekrn;ESET Service;c:\archivos de programa\ESET\ESET Smart Security\ekrn.exe [
14/05/2009 03:47 p.m. 731840]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c
:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 01:16 p.m.
130384]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [21/11/2010 11:35 p.m
. 1684736]
S3 cpudrv;cpudrv;c:\archivos de programa\SystemRequirementsLab\cpudrv.sys [18/12
/2009 11:58 a.m. 11336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\wind
ows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 01
:16 p.m. 753504]
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\archivos de programa\Apple Software Update\SoftwareUpdate.exe [2008-07-30 1
7:34]
.
2011-03-17 c:\windows\Tasks\User_Feed_Synchronization-{405FD428-B439-4F92-B98A-6
97621599044}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
2011-03-17 c:\windows\Tasks\User_Feed_Synchronization-{7DB1EBDB-F9EE-47B7-873D-D
920E6303230}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.pe/
IE: E&xportar a Microsoft Excel - c:\archiv~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\jonathan\Datos de programa\Mozilla\
Firefox\Profiles\bhfg8525.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://es-ES.start3.mozilla.com/firefo
x?client=firefox-a&rls=org.mozilla:es-ES:official
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\archivos de progr
ama\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-088257605
34b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\D
otNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-088257605
34b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\ext
ensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http:/
/www.gmer.net
Rootkit scan 2011-03-17 16:23
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E
}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX
.exe,-101"
.
}\Elevation]
"Enabled"=dword:00000001
.
}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6A
F30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
F30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
F30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1216)
c:\windows\system32\igfxdev.dll
.
Completion time: 2011-03-17 16:24:45
ComboFix-quarantined-files.txt 2011-03-17 21:24
.
Pre-Run: 6,603,423,744 bytes libres
Post-Run: 8,216,604,672 bytes libres
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional"
/noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional"
/noexecute=optin /fastdetect
.
- - End Of File - - 737448D58A55F79D9F7232123A8E231E

Combo Fix

Hochgeladen von

Dokumentinformationen

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Combo Fix

Hochgeladen von

Copyright:

Verfügbare Formate

ComboFix 11-03-16.06 - jonathan 17/03/2011 16:20:01.1.

Das könnte Ihnen auch gefallen