Combo Fix

ComboFix 13-09-19.01 - Luis 22/09/13 3:04.3.
2 - x86 MINIMAL
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.3082.18.2038.1194 [GMT -5:00]
Running from: c:\users\Luis\Downloads\Programs\ComboFix.exe
AV: Advanced SystemCare Ultimate *Enabled/Updated* {1C304DC4-1D72-5DB9-B33A-
43B638ECFD30}
AV: ESET Smart Security 6.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-
21771CA47CD1}
FW: COMODO Firewall *Enabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
FW: Firewall personal de ESET *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: COMODO Antivirus *Disabled/Outdated* {0C2D2636-923D-EE52-2A83-E643204A8275}
SP: ESET Smart Security 6.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-
1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
[i] ADS - Windows: deleted 0 bytes in 1 streams. [/i]
.
((((((((((((((((((((((((((((((((((((((( Other
Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\ESET\MiNODLogin
c:\program files\ESET\MiNODLogin\minodlogin.key
c:\program files\ESET\MiNODLogin\servidores.xml
c:\users\Luis\AppData\Local\assembly\tmp
c:\users\Luis\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\Luis\AppData\Roaming\0002.851F37579D00E52E3D8BAA6FB7EEDE2B3764A0F5.1
c:\users\Luis\AppData\Roaming\0002.851F37579D00E52E3D8BAA6FB7EEDE2B3764A0F5.1\Local
Store\appDB.db
c:\users\Luis\AppData\Roaming\0002.851F37579D00E52E3D8BAA6FB7EEDE2B3764A0F5.1\Local
Store\Content\appDB.db
c:\users\Luis\AppData\Roaming\WinDef.exe
C:\w7lxe.exe
c:\w7lxe.exe\w7lxe.exe
c:\windows\iun6002.exe
c:\windows\ST6UNST.000
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\html
c:\windows\system32\html\calendar.html
c:\windows\system32\html\calendarbottom.html
c:\windows\system32\html\calendartop.html
c:\windows\system32\html\crystalexportdialog.htm
c:\windows\system32\html\crystalprinthost.html
c:\windows\system32\images
c:\windows\system32\images\toolbar\calendar.gif
c:\windows\system32\images\toolbar\crlogo.gif
c:\windows\system32\images\toolbar\export.gif
c:\windows\system32\images\toolbar\export_over.gif
c:\windows\system32\images\toolbar\exportd.gif
c:\windows\system32\images\toolbar\First.gif
c:\windows\system32\images\toolbar\first_over.gif
c:\windows\system32\images\toolbar\Firstd.gif
c:\windows\system32\images\toolbar\gotopage.gif
c:\windows\system32\images\toolbar\gotopage_over.gif
c:\windows\system32\images\toolbar\gotopaged.gif
c:\windows\system32\images\toolbar\grouptree.gif
c:\windows\system32\images\toolbar\grouptree_over.gif
c:\windows\system32\images\toolbar\grouptreed.gif
c:\windows\system32\images\toolbar\grouptreepressed.gif
c:\windows\system32\images\toolbar\Last.gif
c:\windows\system32\images\toolbar\last_over.gif
c:\windows\system32\images\toolbar\Lastd.gif
c:\windows\system32\images\toolbar\Next.gif
c:\windows\system32\images\toolbar\next_over.gif
c:\windows\system32\images\toolbar\Nextd.gif
c:\windows\system32\images\toolbar\Prev.gif
c:\windows\system32\images\toolbar\prev_over.gif
c:\windows\system32\images\toolbar\Prevd.gif
c:\windows\system32\images\toolbar\print.gif
c:\windows\system32\images\toolbar\print_over.gif
c:\windows\system32\images\toolbar\printd.gif
c:\windows\system32\images\toolbar\Refresh.gif
c:\windows\system32\images\toolbar\refresh_over.gif
c:\windows\system32\images\toolbar\refreshd.gif
c:\windows\system32\images\toolbar\Search.gif
c:\windows\system32\images\toolbar\search_over.gif
c:\windows\system32\images\toolbar\searchd.gif
c:\windows\system32\images\toolbar\up.gif
c:\windows\system32\images\toolbar\up_over.gif
c:\windows\system32\images\toolbar\upd.gif
c:\windows\system32\images\tree\begindots.gif
c:\windows\system32\images\tree\beginminus.gif
c:\windows\system32\images\tree\beginplus.gif
c:\windows\system32\images\tree\blank.gif
c:\windows\system32\images\tree\blankdots.gif
c:\windows\system32\images\tree\dots.gif
c:\windows\system32\images\tree\lastdots.gif
c:\windows\system32\images\tree\lastminus.gif
c:\windows\system32\images\tree\lastplus.gif
c:\windows\system32\images\tree\Magnify.gif
c:\windows\system32\images\tree\minus.gif
c:\windows\system32\images\tree\minusbox.gif
c:\windows\system32\images\tree\plus.gif
c:\windows\system32\images\tree\plusbox.gif
c:\windows\system32\images\tree\singleminus.gif
c:\windows\system32\images\tree\singleplus.gif
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Files Created from 2013-08-22 to 2013-09-
22 )))))))))))))))))))))))))))))))
.
.
2013-09-22 11:03 . 2013-09-22 11:03 -------- d-----w-
c:\users\Luis\AppData\Local\temp
2013-09-22 11:03 . 2013-09-22 11:03 -------- d-----w-
c:\users\Default\AppData\Local\temp
2013-09-22 11:03 . 2013-09-22 11:03 -------- d-----w-
c:\users\Chocolegend\AppData\Local\temp
2013-09-21 07:14 . 2013-09-21 07:14 -------- d-----w- c:\program files\Common
Files\COMODO
2013-09-20 19:10 . 2013-09-20 20:16 -------- d-----w-
c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-09-20 19:03 . 2013-09-20 19:03 77528 ----a-w-
c:\windows\system32\drivers\mbamchameleon.sys
2013-09-20 08:23 . 2013-09-20 08:24 -------- d-----w- c:\programdata\Sophos
2013-09-20 08:23 . 2013-09-20 08:23 73728 ----a-r-
c:\users\Luis\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-
9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-09-20 08:23 . 2013-09-20 08:23 73728 ----a-r-
9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-09-20 08:23 . 2013-09-20 08:23 73728 ----a-r-
9826A38D34C1}\ARPPRODUCTICON.exe
2013-09-20 08:23 . 2013-09-20 08:23 -------- d-----w- c:\program files\Sophos
2013-09-17 18:00 . 2013-09-17 18:00 -------- d-----w- c:\programdata\
{D76294E6-03B8-4971-AF2E-3F846161A690}
2013-09-17 18:00 . 2013-09-17 18:00 -------- d-----w- C:\IObit
2013-09-17 18:00 . 2013-09-17 18:00 -------- d-----w- c:\programdata\
{5A85B23A-4B58-47D1-9B9C-DFBD7866099F}
2013-09-17 17:58 . 2013-09-17 18:00 -------- d-----w-
c:\users\Luis\AppData\Roaming\Apple Computer
2013-09-15 05:46 . 2013-09-15 05:47 -------- d-----w-
c:\users\Luis\AppData\Local\Facebook
2013-09-13 06:48 . 2013-09-13 06:48 -------- d-----w-
c:\programdata\MetaQuotes
2013-09-13 04:08 . 2013-09-13 04:09 -------- d-----w- c:\windows\rescache
2013-09-13 03:39 . 2013-09-13 07:24 -------- d-----w- c:\program files\XM MT4
2013-09-11 17:14 . 2013-09-11 17:14 -------- d-----w- c:\program
files\GanttProject-2.6
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M
Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-20 09:42 . 2012-04-21 20:39 692616 ----a-w-
c:\windows\system32\FlashPlayerApp.exe
2013-09-20 09:42 . 2012-01-13 05:41 71048 ----a-w-
c:\windows\system32\FlashPlayerCPLApp.cpl
2013-08-12 19:38 . 2013-08-12 19:38 47368 ----a-w-
c:\windows\system32\certsentry.dll
2013-08-07 09:22 . 2011-02-16 14:02 238872 ------w-
c:\windows\system32\MpSigStub.exe
2013-07-25 08:57 . 2013-08-14 22:43 1620992 ----a-w-
c:\windows\system32\WMVDECOD.DLL
2013-07-19 01:41 . 2013-08-14 22:42 2048 ----a-w- c:\windows\system32\tzres.dll
2013-07-17 21:57 . 2013-06-11 09:49 142470 ----a-w-
c:\windows\system32\drivers\981F4FE9.bin
2013-07-09 05:03 . 2013-08-14 22:43 3913664 ----a-w-
c:\windows\system32\ntoskrnl.exe
2013-07-09 05:03 . 2013-08-14 22:43 3968960 ----a-w-
c:\windows\system32\ntkrnlpa.exe
2013-07-09 04:53 . 2013-08-14 22:43 1289096 ----a-w-
c:\windows\system32\ntdll.dll
2013-07-09 04:52 . 2013-08-14 22:43 175104 ----a-w-
c:\windows\system32\wintrust.dll
2013-07-09 04:50 . 2013-08-14 22:43 652800 ----a-w-
c:\windows\system32\rpcrt4.dll
2013-07-09 04:46 . 2013-08-14 22:43 1166848 ----a-w-
c:\windows\system32\crypt32.dll
2013-07-09 04:46 . 2013-08-14 22:43 140288 ----a-w-
c:\windows\system32\cryptsvc.dll
2013-07-09 04:46 . 2013-08-14 22:43 103936 ----a-w-
c:\windows\system32\cryptnet.dll
2013-07-08 20:59 . 2013-06-18 21:16 582936 ----a-w-
c:\windows\system32\drivers\cmdguard.sys
2013-07-06 05:05 . 2013-08-14 22:43 1293760 ----a-w-
c:\windows\system32\drivers\tcpip.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-12-14 . 8626F0C30D4E3564FFDD25C90F4426F1 . 811520 . . [6.1.7601.17514] . .
c:\windows\System32\user32.dll
[7] 2010-11-20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514] . .
c:\windows\winsxs\x86_microsoft-windows-
user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
[7] 2009-07-24 . AE2B4D47934D3798C984D51B1694A490 . 811520 . . [6.1.7600.20496] . .
user32_31bf3856ad364e35_6.1.7600.20496_none_cd8e8f8de7d4e9b5\user32.dll
[7] 2009-07-24 . C7B21BEF09EC7249556BEE19F9D314CB . 811520 . . [6.1.7600.16400] . .
user32_31bf3856ad364e35_6.1.7600.16400_none_cd604238ce73b38f\user32.dll
[7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . .
user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading
Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconove
rlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-02-08 00:49 22376 ----a-w- c:\program files\Internet Download
Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2013-03-14
3672640]
"EssentialPIM"="c:\program files\EssentialPIM\EssentialPIM.exe" [2013-07-11
14075760]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2012-02-23 3474840]
"Facebook Update"="c:\users\Luis\AppData\Local\Facebook\Update\FacebookUpdate.exe"
[2013-09-15 138096]
"Advanced SystemCare Ultimate"="c:\program files\IObit\Advanced SystemCare
Ultimate\ASCTray.exe" [2012-11-07 512384]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 150552]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
[2009-02-26 30040]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-09 36864]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04
958576]
"OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe"
[2006-01-30 98304]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-
12 155648]
"Anti-phishing Domain Advisor"="c:\programdata\Anti-phishing Domain
Advisor\visicom_antiphishing.exe" [2012-05-03 217256]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2012-12-21 5074384]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
[2013-03-12 253816]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet
Security\cistray.exe" [2013-07-08 1464536]
"tvncontrol"="c:\program files\Common Files\COMODO\GeekBuddyRSP.exe" [2013-09-17
2327248]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Start GeekBuddy.lnk - c:\program files\Comodo\GeekBuddy\launcher.exe
"unit_manager.exe" [2013-9-19 49360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2013-01-10 47568]
R1 CFRMD;CFRMD;c:\windows\system32\DRIVERS\CFRMD.sys [2013-05-07 35064]
R1 cmdGuard;COMODO Internet Security Sandbox
Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2013-07-08 582936]
R1 cmdHlp;COMODO Internet Security Helper
Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2013-06-18 43728]
R1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2013-01-10 171680]
R1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2013-01-10 122240]
R1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys
[2013-01-10 46056]
R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program
files\IObit\Advanced SystemCare Ultimate\ascsvc.exe [2012-12-13 1051088]
R2 ASCAntivirusSrv;AdvancedSystemCareAntivirus;c:\program files\IObit\Advanced
SystemCare Ultimate\ascavsvc.exe [2013-07-09 623936]
R2 Autodesk Content Service;Autodesk Content Service;c:\program
files\Autodesk\Content Service\Connect.Service.ContentService.exe [2011-02-02
18656]
R2 BemaIO;BemaIO; [x]
R2 CLPSLauncher;COMODO LPS Launcher;c:\program files\Common
Files\COMODO\launcher_service.exe [2013-09-19 70352]
R2 DragonUpdater;COMODO Dragon Update Service;c:\program
files\Comodo\Dragon\dragon_updater.exe [2013-05-29 2094216]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2012-12-21
1333424]
R2 GeekBuddyRSP;GeekBuddyRSP Server;c:\program files\Common
Files\COMODO\GeekBuddyRSP.exe [2013-09-17 2327248]
R2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2012-02-08 91936]
R2 MSSQL$OPUSDB;SQL Server (OPUSDB);c:\program files\Microsoft SQL
Server\MSSQL10_50.OPUSDB\MSSQL\Binn\sqlservr.exe [2012-06-29 43129288]
R2 NitroDriverReadSpool2;NitroPDFDriverCreatorReadSpool2;c:\program files\Nitro
PDF\Professional 7\NitroPDFDriverService2.exe [2012-02-24 198136]
R2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program
files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe [2012-06-25 184848]
R2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\NLSSRV32.EXE [2012-02-
24 70136]
R2 SentinelKeysServer;Sentinel Keys Server;c:\program files\Common Files\SafeNet
Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [2009-09-17 369952]
R2 SentinelSecurityRuntime;Sentinel Security Runtime;c:\program files\Common
Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe [2009-09-17
292128]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-06-21
162408]
R2 TeamViewer8;TeamViewer 8;c:\program
files\TeamViewer\Version8\TeamViewer_Service.exe [2013-09-02 5071712]
R2 WinisoCDBus;WinISO Virtual CD Drive;c:\windows\system32\drivers\WinisoCDBus.sys
[2013-03-29 121600]
R3 androidusb;SAMSUNG Android Composite ADB Interface
Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-05-13 30312]
R3 BematechClassService;Bematech Parallel Port
Printer;c:\windows\system32\Drivers\bemapar.sys [2007-03-26 71680]
R3 CH341SER;CH341SER;c:\windows\system32\Drivers\CH341SER.SYS [2007-09-24 37488]
R3 cmdvirth;COMODO Virtual Service Manager;c:\program files\COMODO\COMODO Internet
Security\cmdvirth.exe [2013-06-18 127192]
R3 RdpVideoMiniport;Remote Desktop Video Miniport
Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-11-01 14848]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13
661504]
R3 ssadbus;SAMSUNG Android USB Composite Device driver
(WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 121064]
R3 ssadmdfl;SAMSUNG Android USB Modem
(Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 12776]
R3 ssadmdm;SAMSUNG Android USB Modem
Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 136808]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port
(WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-05-13 114280]
R3 teamviewervpn;TeamViewer VPN
Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2012-08-07 25088]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-11-01 49664]
R3 TsUsbGD;Remote Desktop Generic USB
Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-11-01 27136]
R3 WatAdminSvc;Servicio de tecnologas de activacin de
Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-16 1343400]
R3 XRNBO;XRNBO;c:\windows\system32\drivers\XRNBO.sys [2013-06-13 177152]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet
Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program
files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 44896]
R4 RsFx0153;RsFx0153 Driver;c:\windows\system32\DRIVERS\RsFx0153.sys [2012-06-29
249288]
R4 SQLAgent$OPUSDB;SQL Server Agent (OPUSDB);c:\program files\Microsoft SQL
Server\MSSQL10_50.OPUSDB\MSSQL\Binn\SQLAGENT.EXE [2012-06-29 379848]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows
Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 cmderd;COMODO Internet Security Eradication
Driver;c:\windows\system32\DRIVERS\cmderd.sys [2013-06-18 20072]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-
D564-463c-AFF1-A69D9E530F96}]
2013-09-20 02:50 1177552 ----a-w- c:\program
files\Google\Chrome\Application\29.0.1547.76\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-21
09:43]
.
2013-09-22 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-919561338-1568001461-
2518970591-1000Core.job
- c:\users\Luis\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-09-15 05:46]
.
2013-09-22 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-919561338-1568001461-
2518970591-1000UA.job
- c:\users\Luis\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-09-15 05:46]
.
2013-09-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-19 06:58]
.
2013-09-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA1ce80122ecaf789.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-19 06:58]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.realmadrid.com/
uInternet Settings,ProxyServer = localhost:8080
IE: Descargar con IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Descargar con IDM todos los enlaces - c:\program files\Internet Download
Manager\IEGetAll.htm
IE: E&xportar a Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: engdis.com
TCP: DhcpNameServer = 200.75.200.2 200.75.200.3
DPF: {0B12C2CF-6DE8-4388-99D7-B4FC1935D8CE} -
hxxp://edo250np.engdis.com/inadeh/Runtime/Programmers/Objects/UrlFLoad.cab
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{9D717F81-9148-4f12-8568-69135F087DB0} - (no file)
BHO-{f4f99c6d-f390-4fbc-858b-1541f9113fd8} - (no file)
Toolbar-10 - (no file)
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Servidor de OPUS.lnk -
c:\opuscms\server\s4server.exe
AddRemove-Hoolapp For Android -
c:\users\Luis\AppData\Roaming\HoolappForAndroid\UpdateProc\UpdateTask.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-919561338-1568001461-2518970591-1000_Classes\CLSID\{2e6b521c-
69d0-429c-95d5-de7b585e7317}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000149
"Therad"=dword:00000018
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_USERS\S-1-5-21-919561338-1568001461-2518970591-1000_Classes\CLSID\{5ED60779-
4DE2-4E07-B862-974CA4FF2E9C}]
"scansk"=hex(0):d3,5f,b0,ac,d5,5a,9b,29,25,46,a0,4b,5a,c7,8e,11,3b,cc,eb,49,47,
1a,d7,93,08,15,13,f4,a4,a1,d9,e9,4e,b1,19,3c,91,84,78,59,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-919561338-1568001461-2518970591-1000_Classes\CLSID\{7B8E9164-
324D-4A2E-A46D-0165FB2000EC}]
"scansk"=hex(0):b9,ac,2d,5f,60,e1,48,8d,8c,74,37,68,5b,d5,9d,65,29,e4,6e,ab,6f,
1d,d5,ce,70,fb,1e,1b,3f,e7,e0,fe,09,19,70,e1,63,27,d6,1b,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-919561338-1568001461-2518970591-1000_Classes\CLSID\{a74f044a-
a1f7-4bd8-9fb4-4a10e63477dd}]
"Model"=dword:000000ab
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,75,07,18,dd,fb,11,42,94,27,b7,99,0d,2a,ba,05,1a,a2,02,c9,3e,9b,f9,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-
08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
.
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
.
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
.
Completion time: 2013-09-22 06:09:23
ComboFix-quarantined-files.txt 2013-09-22 11:09
.
Pre-Run: 6,561,705,984 bytes libres
Post-Run: 7,170,650,112 bytes libres
.
- - End Of File - - 68B92DEB5BF5B7958D880B13DB4EAF0C
8F558EB6672622401DA993E1E865C861

Combo Fix

Hochgeladen von

Dokumentinformationen

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Combo Fix

Hochgeladen von

Copyright:

Verfügbare Formate

ComboFix 13-09-19.01 - Luis 22/09/13 3:04.3.

Das könnte Ihnen auch gefallen