Combo fix

195 views
96 views

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
195
On SlideShare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
2
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Combo fix

  1. 1. ComboFix 12-01-10.02 - Administrador 11/01/2012 18:29:39.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.34.3082.18.3327.2823 [GMT -5:00] Running from: c:combofixComboFix.exe . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:documents and settingsAdministradorEscritorioInternet Explorer.lnk c:windowssystem32PowerToyReadme.htm c:windowssystem32wallpaper.exe c:windowssystem32windowsupdate.exe c:windowswallpaper.jpg . . ((((((((((((((((((((((((( Files Created from 2011-12-11 to 2012-01- 11 ))))))))))))))))))))))))))))))) . . 2012-01-11 22:59 . 2012-01-11 22:59 -------- d-----w- C:AMD . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2008-05-11 . C2BDEA3B5E025FADB79FD3DEB23B8F53 . 361344 . . [5.1.2600.5512] . . c:windowssystem32driverstcpip.sys . [-] 2008-04-14 07:48 . BC40A2DE9FB2C8A551A240F2359C8F30 . 847360 . . [2001.12.4414.700] . . c:windowssystem32comres.dll [7] 2008-04-14 07:48 . 93F4E612C695E81512110956454E6E25 . 837120 . . [2001.12.4414.700] . . c:windowsXPize DarksideBackupcomres.dll . [-] 2008-05-11 . 38FF5050D7BC47F344AE271B6C250201 . 3591680 . . [7.00.6000.16640] . . c:windowssystem32mshtml.dll . [-] 2008-05-11 . 39E5AA52B667BDD18690336E7E410EAF . 826368 . . [7.00.6000.16640] . . c:windowssystem32wininet.dll . [-] 2008-04-14 . C6C729770D9C3A0AD4D2D28788E71684 . 1698816 . . [6.00.2900.5512] . . c:windowsexplorer.exe [7] 2008-04-14 . 7522F548A84ABAD8FA516DE5AB3931EF . 1036288 . . [6.00.2900.5512] . . c:windowsXPize DarksideBackupexplorer.exe . [-] 2008-04-14 . C8F12B2102B5A9F9AB87E23C6EDFA021 . 429056 . . [5.1.2600.5512] . . c:windowsregedit.exe [7] 2008-04-14 . F4B9F9AA2F72FAD20D09C3E3FF2BE224 . 152064 . . [5.1.2600.5512] . . c:windowsXPize DarksideBackupregedit.exe . [-] 2008-04-14 . 97D44EE3E44CDC7035E3CB2EF20BABDB . 30208 . . [5.1.2600.5512] . . c:windowssystem32ctfmon.exe [7] 2008-04-14 . DAAE1CB1B1875B760496E7D3336DA1AD . 15360 . . [5.1.2600.5512] . . c:windowsXPize DarksideBackupctfmon.exe . . .
  2. 2. [-] 2008-05-11 20:28 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:windowssystem32mspmsnsv.dll . . c:windowsSystem32wscntfy.exe ... is missing !! c:windowsSystem32regsvc.dll ... is missing !! . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun] "TaskSwitchXP"="c:archivos de programaTaskSwitchXPTaskSwitchXP.exe" [2006-08- 04 62976] . [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] "StartCCC"="c:archivos de programaATI TechnologiesATI.ACECore- StaticCLIStart.exe" [2011-03-10 98304] "USB Security"="c:archivos de programaUSB Disk SecurityUSBGuard.exe" [2011- 01-31 627616] . [HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun] "CTFMON.EXE"="c:windowssystem32CTFMON.EXE" [2008-04-14 30208] . [HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRunOnce] "nltide_2"="shell32" [X] "nltide_3"="advpack.dll" [2008-05-11 124928] . [HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer] "NoSMHelp"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) "NoSMMyPictures"= 1 (0x1) "NoResolveTrack"= 1 (0x1) . [HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionpoliciesexplorer ] "ForceClassicControlPanel"= 1 (0x1) "NoSMHelp"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) "NoSMMyPictures"= 1 (0x1) "NoResolveTrack"= 1 (0x1) . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogon] "UIHost"=hex(2):58,50,69,7a,65,5f,4c,6f,67,6f,6e,2e,65,78,65,00 . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregctfmon.exe] 2008-04-14 07:48 30208 ----a-w- c:windowssystem32ctfmon.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregHDAudDeck] 2010-10-22 03:13 40995440 ----a-r- c:archivos de programaVIAVIAudioiHDADeckHDeck.exe . [HKLM~servicessharedaccessparametersfirewallpolicystandardprofile] "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) . [HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthoriz edApplicationsList] "%windir%Network Diagnosticxpnetdiag.exe"= "%windir%system32sessmgr.exe"=
  3. 3. "c:Archivos de programaWindows LiveMessengerwlcsdk.exe"= "c:Archivos de programaWindows LiveMessengermsnmsgr.exe"= . R0 sptd;sptd;c:windowssystem32driverssptd.sys [11/01/2012 11:17 717296] R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:windowssystem32driversAtihdXP3.sys [11/01/2012 18:00 101904] R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:windowssystem32driversl1c51x86.sys [11/01/2012 17:51 50176] R3 usbfilter;AMD USB Filter Driver;c:windowssystem32driversusbfilter.sys [11/01/2012 17:47 30392] R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:windowssystem32driversviahduaa.sys [11/01/2012 17:52 2135280] S3 MSICDSetup;MSICDSetup;??e:cdriver.sys --> e:CDriver.sys [?] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - UDFS . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.experienciaue.com.ar/graciasporinstalar20091.html uSearchURL,(Default) = hxxp://www.google.com/keyword/%s TCP: Interfaces{BE5DD549-A9DA-497C-97B4-8CF94843DB28}: NameServer = 200.48.225.130,200.48.225.146 FF - ProfilePath - . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-01-11 18:31 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(504) c:windowssystem32SETUPAPI.dll c:windowssystem32Ati2evxx.dll c:windowssystem32atiadlxx.dll c:windowssystem32cscui.dll . - - - - - - - > 'lsass.exe'(560) c:windowssystem32setupapi.dll . Completion time: 2012-01-11 18:31:43 ComboFix-quarantined-files.txt 2012-01-11 23:31 . Pre-Run: 257.153.736.704 bytes libres Post-Run: 257.164.029.952 bytes libres . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
  4. 4. [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)WINDOWS [operating systems] c:cmdconsBOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - FF47439C608601FA56E23F036E003415

×