SlideShare a Scribd company logo

Combo fix

Download as TXT, PDF
Sergio Gabriel Cervantes
Sergio Gabriel Cervantes

This document appears to be a log from a program that scans for malware and other security issues on a Windows XP system. It found some unsigned and potentially unwanted files and registry entries. It quarantined some files and made repairs to the system. The system was scanned and no hidden processes, autostart entries or files were found, indicating no rootkits or stealth malware were detected on the system.

Technology
1 of 4
ComboFix 12-01-10.02 - Administrador 11/01/2012 18:29:39.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.34.3082.18.3327.2823 [GMT -5:00] Running from: c:combofixComboFix.exe . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:documents and settingsAdministradorEscritorioInternet Explorer.lnk c:windowssystem32PowerToyReadme.htm c:windowssystem32wallpaper.exe c:windowssystem32windowsupdate.exe c:windowswallpaper.jpg . . ((((((((((((((((((((((((( Files Created from 2011-12-11 to 2012-01- 11 ))))))))))))))))))))))))))))))) . . 2012-01-11 22:59 . 2012-01-11 22:59 -------- d-----w- C:AMD . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2008-05-11 . C2BDEA3B5E025FADB79FD3DEB23B8F53 . 361344 . . [5.1.2600.5512] . . c:windowssystem32driverstcpip.sys . [-] 2008-04-14 07:48 . BC40A2DE9FB2C8A551A240F2359C8F30 . 847360 . . [2001.12.4414.700] . . c:windowssystem32comres.dll [7] 2008-04-14 07:48 . 93F4E612C695E81512110956454E6E25 . 837120 . . [2001.12.4414.700] . . c:windowsXPize DarksideBackupcomres.dll . [-] 2008-05-11 . 38FF5050D7BC47F344AE271B6C250201 . 3591680 . . [7.00.6000.16640] . . c:windowssystem32mshtml.dll . [-] 2008-05-11 . 39E5AA52B667BDD18690336E7E410EAF . 826368 . . [7.00.6000.16640] . . c:windowssystem32wininet.dll . [-] 2008-04-14 . C6C729770D9C3A0AD4D2D28788E71684 . 1698816 . . [6.00.2900.5512] . . c:windowsexplorer.exe [7] 2008-04-14 . 7522F548A84ABAD8FA516DE5AB3931EF . 1036288 . . [6.00.2900.5512] . . c:windowsXPize DarksideBackupexplorer.exe . [-] 2008-04-14 . C8F12B2102B5A9F9AB87E23C6EDFA021 . 429056 . . [5.1.2600.5512] . . c:windowsregedit.exe [7] 2008-04-14 . F4B9F9AA2F72FAD20D09C3E3FF2BE224 . 152064 . . [5.1.2600.5512] . . c:windowsXPize DarksideBackupregedit.exe . [-] 2008-04-14 . 97D44EE3E44CDC7035E3CB2EF20BABDB . 30208 . . [5.1.2600.5512] . . c:windowssystem32ctfmon.exe [7] 2008-04-14 . DAAE1CB1B1875B760496E7D3336DA1AD . 15360 . . [5.1.2600.5512] . . c:windowsXPize DarksideBackupctfmon.exe . . .
[-] 2008-05-11 20:28 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:windowssystem32mspmsnsv.dll . . c:windowsSystem32wscntfy.exe ... is missing !! c:windowsSystem32regsvc.dll ... is missing !! . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun] "TaskSwitchXP"="c:archivos de programaTaskSwitchXPTaskSwitchXP.exe" [2006-08- 04 62976] . [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] "StartCCC"="c:archivos de programaATI TechnologiesATI.ACECore- StaticCLIStart.exe" [2011-03-10 98304] "USB Security"="c:archivos de programaUSB Disk SecurityUSBGuard.exe" [2011- 01-31 627616] . [HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun] "CTFMON.EXE"="c:windowssystem32CTFMON.EXE" [2008-04-14 30208] . [HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRunOnce] "nltide_2"="shell32" [X] "nltide_3"="advpack.dll" [2008-05-11 124928] . [HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer] "NoSMHelp"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) "NoSMMyPictures"= 1 (0x1) "NoResolveTrack"= 1 (0x1) . [HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionpoliciesexplorer ] "ForceClassicControlPanel"= 1 (0x1) "NoSMHelp"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) "NoSMMyPictures"= 1 (0x1) "NoResolveTrack"= 1 (0x1) . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogon] "UIHost"=hex(2):58,50,69,7a,65,5f,4c,6f,67,6f,6e,2e,65,78,65,00 . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregctfmon.exe] 2008-04-14 07:48 30208 ----a-w- c:windowssystem32ctfmon.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregHDAudDeck] 2010-10-22 03:13 40995440 ----a-r- c:archivos de programaVIAVIAudioiHDADeckHDeck.exe . [HKLM~servicessharedaccessparametersfirewallpolicystandardprofile] "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) . [HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthoriz edApplicationsList] "%windir%Network Diagnosticxpnetdiag.exe"= "%windir%system32sessmgr.exe"=
"c:Archivos de programaWindows LiveMessengerwlcsdk.exe"= "c:Archivos de programaWindows LiveMessengermsnmsgr.exe"= . R0 sptd;sptd;c:windowssystem32driverssptd.sys [11/01/2012 11:17 717296] R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:windowssystem32driversAtihdXP3.sys [11/01/2012 18:00 101904] R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:windowssystem32driversl1c51x86.sys [11/01/2012 17:51 50176] R3 usbfilter;AMD USB Filter Driver;c:windowssystem32driversusbfilter.sys [11/01/2012 17:47 30392] R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:windowssystem32driversviahduaa.sys [11/01/2012 17:52 2135280] S3 MSICDSetup;MSICDSetup;??e:cdriver.sys --> e:CDriver.sys [?] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - UDFS . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.experienciaue.com.ar/graciasporinstalar20091.html uSearchURL,(Default) = hxxp://www.google.com/keyword/%s TCP: Interfaces{BE5DD549-A9DA-497C-97B4-8CF94843DB28}: NameServer = 200.48.225.130,200.48.225.146 FF - ProfilePath - . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-01-11 18:31 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(504) c:windowssystem32SETUPAPI.dll c:windowssystem32Ati2evxx.dll c:windowssystem32atiadlxx.dll c:windowssystem32cscui.dll . - - - - - - - > 'lsass.exe'(560) c:windowssystem32setupapi.dll . Completion time: 2012-01-11 18:31:43 ComboFix-quarantined-files.txt 2012-01-11 23:31 . Pre-Run: 257.153.736.704 bytes libres Post-Run: 257.164.029.952 bytes libres . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)WINDOWS [operating systems] c:cmdconsBOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - FF47439C608601FA56E23F036E003415

Recommended

101 run commands
101 run commands101 run commands
101 run commands
Sunil Patel
 
التحديثات التلقائية؟
التحديثات التلقائية؟التحديثات التلقائية؟
التحديثات التلقائية؟
saleh222
 
التحديثات التلقائية؟
التحديثات التلقائية؟ التحديثات التلقائية؟
التحديثات التلقائية؟
saleh222
 
Windows 7 error 1079 fix
Windows 7 error 1079 fixWindows 7 error 1079 fix
Windows 7 error 1079 fix
SarahLamusu
 
Skype
SkypeSkype
SkypeMarelleVaino
 
Introducción
IntroducciónIntroducción
Introducción
masterhack
 
O sal
O salO sal
O sal
ProfCalazans
 
Dispositivos de imagen
Dispositivos de imagenDispositivos de imagen
Dispositivos de imagen
academico
 

Recommended

101 run commands
101 run commands101 run commands
101 run commands
Sunil Patel
 
التحديثات التلقائية؟
التحديثات التلقائية؟التحديثات التلقائية؟
التحديثات التلقائية؟
saleh222
 
التحديثات التلقائية؟
التحديثات التلقائية؟ التحديثات التلقائية؟
التحديثات التلقائية؟
saleh222
 
Windows 7 error 1079 fix
Windows 7 error 1079 fixWindows 7 error 1079 fix
Windows 7 error 1079 fix
SarahLamusu
 
Skype
SkypeSkype
SkypeMarelleVaino
 
Introducción
IntroducciónIntroducción
Introducción
masterhack
 
O sal
O salO sal
O sal
ProfCalazans
 
Dispositivos de imagen
Dispositivos de imagenDispositivos de imagen
Dispositivos de imagen
academico
 
Readme italian
Readme italianReadme italian
Readme italianMatheus Lira
 
Yeditepe universitesi
Yeditepe universitesiYeditepe universitesi
Yeditepe universitesizeynep_zyn98
 
Audrey hepburn
Audrey hepburnAudrey hepburn
Audrey hepburn
isabelach97
 
Licitações para copa do mundo e olimpíadas
Licitações para copa do mundo e olimpíadasLicitações para copa do mundo e olimpíadas
Licitações para copa do mundo e olimpíadas
José Rogério de Sousa Mendes Júnior
 
3. Apresentação UCAA
3. Apresentação UCAA3. Apresentação UCAA
3. Apresentação UCAA
Sandra Luccas
 
Lesson plans Nº 3 and 4
Lesson plans Nº 3 and 4Lesson plans Nº 3 and 4
Lesson plans Nº 3 and 4
Mari Montenegro
 
Apresentação tic com simulação
Apresentação tic com simulaçãoApresentação tic com simulação
Apresentação tic com simulação
brazuk
 
Touchpad Trouble Shooting In Windows 7
Touchpad Trouble Shooting In Windows 7Touchpad Trouble Shooting In Windows 7
Touchpad Trouble Shooting In Windows 7
James Duncan
 
Factores de la comunicacion
Factores de la comunicacionFactores de la comunicacion
Factores de la comunicacion
fresiasalazar
 
09 telnet, remote dan ftp
09 telnet, remote dan ftp09 telnet, remote dan ftp
09 telnet, remote dan ftpNurul Hudin
 
Water and agroforestry chin (nxpowerlite)
Water and agroforestry chin (nxpowerlite)Water and agroforestry chin (nxpowerlite)
Water and agroforestry chin (nxpowerlite)
World Agroforestry (ICRAF)
 
Diaposit proyecto ceboll
Diaposit proyecto cebollDiaposit proyecto ceboll
Diaposit proyecto ceboll
Hildebrando Rincon
 
La fotografía
La fotografíaLa fotografía
La fotografía
ctruchado
 
Oyun bağimliliği en son hali
Oyun bağimliliği en son haliOyun bağimliliği en son hali
Oyun bağimliliği en son haliyerdinc
 
Homer donut odyssey
Homer donut odysseyHomer donut odyssey
Homer donut odyssey
mjacobson
 
017 monitores de pantalla plana (1)
017 monitores de pantalla plana (1)017 monitores de pantalla plana (1)
017 monitores de pantalla plana (1)
Claret Malmaceda Castillo
 
Zhp diag
Zhp diagZhp diag
Zhp diag
julian audouard
 
Freefixer log
Freefixer logFreefixer log
Freefixer log
reiryuzaki
 
WannaCry emulation report
WannaCry emulation reportWannaCry emulation report
WannaCry emulation report
Dameon Welch-Abernathy
 
ITFT - DOS - Disk Operating System
ITFT - DOS - Disk Operating SystemITFT - DOS - Disk Operating System
ITFT - DOS - Disk Operating System
Blossom Sood
 
Windows 8.1 Deployment - Tools, Tools, Tools
Windows 8.1 Deployment - Tools, Tools, ToolsWindows 8.1 Deployment - Tools, Tools, Tools
Windows 8.1 Deployment - Tools, Tools, Tools
Roel van Bueren
 
Frst
FrstFrst
Frst
bpkole
 

More Related Content

Viewers also liked

Yeditepe universitesi
Yeditepe universitesiYeditepe universitesi
Yeditepe universitesizeynep_zyn98
 
Audrey hepburn
Audrey hepburnAudrey hepburn
Audrey hepburn
isabelach97
 
Licitações para copa do mundo e olimpíadas
Licitações para copa do mundo e olimpíadasLicitações para copa do mundo e olimpíadas
Licitações para copa do mundo e olimpíadas
José Rogério de Sousa Mendes Júnior
 
3. Apresentação UCAA
3. Apresentação UCAA3. Apresentação UCAA
3. Apresentação UCAA
Sandra Luccas
 
Lesson plans Nº 3 and 4
Lesson plans Nº 3 and 4Lesson plans Nº 3 and 4
Lesson plans Nº 3 and 4
Mari Montenegro
 
Apresentação tic com simulação
Apresentação tic com simulaçãoApresentação tic com simulação
Apresentação tic com simulação
brazuk
 
Touchpad Trouble Shooting In Windows 7
Touchpad Trouble Shooting In Windows 7Touchpad Trouble Shooting In Windows 7
Touchpad Trouble Shooting In Windows 7
James Duncan
 
Factores de la comunicacion
Factores de la comunicacionFactores de la comunicacion
Factores de la comunicacion
fresiasalazar
 
09 telnet, remote dan ftp
09 telnet, remote dan ftp09 telnet, remote dan ftp
09 telnet, remote dan ftpNurul Hudin
 
Water and agroforestry chin (nxpowerlite)
Water and agroforestry chin (nxpowerlite)Water and agroforestry chin (nxpowerlite)
Water and agroforestry chin (nxpowerlite)
World Agroforestry (ICRAF)
 
Diaposit proyecto ceboll
Diaposit proyecto cebollDiaposit proyecto ceboll
Diaposit proyecto ceboll
Hildebrando Rincon
 
La fotografía
La fotografíaLa fotografía
La fotografía
ctruchado
 
Oyun bağimliliği en son hali
Oyun bağimliliği en son haliOyun bağimliliği en son hali
Oyun bağimliliği en son haliyerdinc
 
Homer donut odyssey
Homer donut odysseyHomer donut odyssey
Homer donut odyssey
mjacobson
 
017 monitores de pantalla plana (1)
017 monitores de pantalla plana (1)017 monitores de pantalla plana (1)
017 monitores de pantalla plana (1)
Claret Malmaceda Castillo
 

Viewers also liked (16)

Readme italian
Readme italianReadme italian
Readme italian
 
Yeditepe universitesi
Yeditepe universitesiYeditepe universitesi
Yeditepe universitesi
 
Audrey hepburn
Audrey hepburnAudrey hepburn
Audrey hepburn
 
Licitações para copa do mundo e olimpíadas
Licitações para copa do mundo e olimpíadasLicitações para copa do mundo e olimpíadas
Licitações para copa do mundo e olimpíadas
 
3. Apresentação UCAA
3. Apresentação UCAA3. Apresentação UCAA
3. Apresentação UCAA
 
Lesson plans Nº 3 and 4
Lesson plans Nº 3 and 4Lesson plans Nº 3 and 4
Lesson plans Nº 3 and 4
 
Apresentação tic com simulação
Apresentação tic com simulaçãoApresentação tic com simulação
Apresentação tic com simulação
 
Touchpad Trouble Shooting In Windows 7
Touchpad Trouble Shooting In Windows 7Touchpad Trouble Shooting In Windows 7
Touchpad Trouble Shooting In Windows 7
 
Factores de la comunicacion
Factores de la comunicacionFactores de la comunicacion
Factores de la comunicacion
 
09 telnet, remote dan ftp
09 telnet, remote dan ftp09 telnet, remote dan ftp
09 telnet, remote dan ftp
 
Water and agroforestry chin (nxpowerlite)
Water and agroforestry chin (nxpowerlite)Water and agroforestry chin (nxpowerlite)
Water and agroforestry chin (nxpowerlite)
 
Diaposit proyecto ceboll
Diaposit proyecto cebollDiaposit proyecto ceboll
Diaposit proyecto ceboll
 
La fotografía
La fotografíaLa fotografía
La fotografía
 
Oyun bağimliliği en son hali
Oyun bağimliliği en son haliOyun bağimliliği en son hali
Oyun bağimliliği en son hali
 
Homer donut odyssey
Homer donut odysseyHomer donut odyssey
Homer donut odyssey
 
017 monitores de pantalla plana (1)
017 monitores de pantalla plana (1)017 monitores de pantalla plana (1)
017 monitores de pantalla plana (1)
 

Similar to Combo fix

Zhp diag
Zhp diagZhp diag
Zhp diag
julian audouard
 
Freefixer log
Freefixer logFreefixer log
Freefixer log
reiryuzaki
 
WannaCry emulation report
WannaCry emulation reportWannaCry emulation report
WannaCry emulation report
Dameon Welch-Abernathy
 
ITFT - DOS - Disk Operating System
ITFT - DOS - Disk Operating SystemITFT - DOS - Disk Operating System
ITFT - DOS - Disk Operating System
Blossom Sood
 
Windows 8.1 Deployment - Tools, Tools, Tools
Windows 8.1 Deployment - Tools, Tools, ToolsWindows 8.1 Deployment - Tools, Tools, Tools
Windows 8.1 Deployment - Tools, Tools, Tools
Roel van Bueren
 
Frst
FrstFrst
Frst
bpkole
 
MegaScriptSample - Released x-x-15
MegaScriptSample - Released x-x-15MegaScriptSample - Released x-x-15
MegaScriptSample - Released x-x-15
Bob Powers
 
List Command at Run
List Command at RunList Command at Run
List Command at Run
Imam Dermawan
 
C fosspeed setup_log
C fosspeed setup_logC fosspeed setup_log
C fosspeed setup_log
Ramadan Hasibuan
 
156-useful-run-commands.pdf
156-useful-run-commands.pdf156-useful-run-commands.pdf
156-useful-run-commands.pdf
MuhammadFaizalAbdull3
 
Configuration Manager: zero-touch & Windows 8.1 (WinDays14)
Configuration Manager: zero-touch & Windows 8.1 (WinDays14)Configuration Manager: zero-touch & Windows 8.1 (WinDays14)
Configuration Manager: zero-touch & Windows 8.1 (WinDays14)
Tomica Kaniski
 
Ideal Deployment In .NET World
Ideal Deployment In .NET WorldIdeal Deployment In .NET World
Ideal Deployment In .NET World
Dima Pasko
 
Ataques dirigidos contra activistas
Ataques dirigidos contra activistasAtaques dirigidos contra activistas
Ataques dirigidos contra activistas
David Barroso
 
BSides MCR 2016: From CSV to CMD to qwerty
BSides MCR 2016: From CSV to CMD to qwertyBSides MCR 2016: From CSV to CMD to qwerty
BSides MCR 2016: From CSV to CMD to qwerty
Jerome Smith
 
How to remove conduit search and other toolbars — extended guide
How to remove conduit search and other toolbars — extended guideHow to remove conduit search and other toolbars — extended guide
How to remove conduit search and other toolbars — extended guide
Judy Halliwell
 
Windows 8.1 a closer look
Windows 8.1 a closer lookWindows 8.1 a closer look
Windows 8.1 a closer look
Microsoft TechNet - Belgium and Luxembourg
 
Windows Utilities
Windows UtilitiesWindows Utilities
Windows Utilities
Veronica Alejandro
 
Illusion® v2 wpi
Illusion® v2 wpiIllusion® v2 wpi
Illusion® v2 wpi
camilopascuaza18
 
Velocity 2014 nyc WebPagetest private instances
Velocity 2014 nyc WebPagetest private instancesVelocity 2014 nyc WebPagetest private instances
Velocity 2014 nyc WebPagetest private instances
Patrick Meenan
 
Windows Shortcut keys
Windows Shortcut keysWindows Shortcut keys
Windows Shortcut keys
Puneet Bhardwaj
 

Similar to Combo fix (20)

Zhp diag
Zhp diagZhp diag
Zhp diag
 
Freefixer log
Freefixer logFreefixer log
Freefixer log
 
WannaCry emulation report
WannaCry emulation reportWannaCry emulation report
WannaCry emulation report
 
ITFT - DOS - Disk Operating System
ITFT - DOS - Disk Operating SystemITFT - DOS - Disk Operating System
ITFT - DOS - Disk Operating System
 
Windows 8.1 Deployment - Tools, Tools, Tools
Windows 8.1 Deployment - Tools, Tools, ToolsWindows 8.1 Deployment - Tools, Tools, Tools
Windows 8.1 Deployment - Tools, Tools, Tools
 
Frst
FrstFrst
Frst
 
MegaScriptSample - Released x-x-15
MegaScriptSample - Released x-x-15MegaScriptSample - Released x-x-15
MegaScriptSample - Released x-x-15
 
List Command at Run
List Command at RunList Command at Run
List Command at Run
 
C fosspeed setup_log
C fosspeed setup_logC fosspeed setup_log
C fosspeed setup_log
 
156-useful-run-commands.pdf
156-useful-run-commands.pdf156-useful-run-commands.pdf
156-useful-run-commands.pdf
 
Configuration Manager: zero-touch & Windows 8.1 (WinDays14)
Configuration Manager: zero-touch & Windows 8.1 (WinDays14)Configuration Manager: zero-touch & Windows 8.1 (WinDays14)
Configuration Manager: zero-touch & Windows 8.1 (WinDays14)
 
Ideal Deployment In .NET World
Ideal Deployment In .NET WorldIdeal Deployment In .NET World
Ideal Deployment In .NET World
 
Ataques dirigidos contra activistas
Ataques dirigidos contra activistasAtaques dirigidos contra activistas
Ataques dirigidos contra activistas
 
BSides MCR 2016: From CSV to CMD to qwerty
BSides MCR 2016: From CSV to CMD to qwertyBSides MCR 2016: From CSV to CMD to qwerty
BSides MCR 2016: From CSV to CMD to qwerty
 
How to remove conduit search and other toolbars — extended guide
How to remove conduit search and other toolbars — extended guideHow to remove conduit search and other toolbars — extended guide
How to remove conduit search and other toolbars — extended guide
 
Windows 8.1 a closer look
Windows 8.1 a closer lookWindows 8.1 a closer look
Windows 8.1 a closer look
 
Windows Utilities
Windows UtilitiesWindows Utilities
Windows Utilities
 
Illusion® v2 wpi
Illusion® v2 wpiIllusion® v2 wpi
Illusion® v2 wpi
 
Velocity 2014 nyc WebPagetest private instances
Velocity 2014 nyc WebPagetest private instancesVelocity 2014 nyc WebPagetest private instances
Velocity 2014 nyc WebPagetest private instances
 
Windows Shortcut keys
Windows Shortcut keysWindows Shortcut keys
Windows Shortcut keys
 

Recently uploaded

Serial Arm Control in Real Time Presentation
Serial Arm Control in Real Time PresentationSerial Arm Control in Real Time Presentation
Serial Arm Control in Real Time Presentation
tolgahangng
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
DianaGray10
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
Alpen-Adria-Universität
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
DianaGray10
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
panagenda
 
“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”
Claudio Di Ciccio
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Malak Abu Hammad
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
名前 です男
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
Aftab Hussain
 
GenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizationsGenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizations
kumardaparthi1024
 
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
SOFTTECHHUB
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
Matthew Sinclair
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
Zilliz
 
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceAI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
IndexBug
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
Kari Kakkonen
 
Mariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceXMariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceX
Mariano Tinti
 
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
Pixlogix Infotech
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
Matthew Sinclair
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems S.M.S.A.
 

Recently uploaded (20)

Serial Arm Control in Real Time Presentation
Serial Arm Control in Real Time PresentationSerial Arm Control in Real Time Presentation
Serial Arm Control in Real Time Presentation
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
 
“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
 
GenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizationsGenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizations
 
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
 
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceAI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
 
Mariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceXMariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceX
 
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
 

Combo fix

  • 1. ComboFix 12-01-10.02 - Administrador 11/01/2012 18:29:39.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.34.3082.18.3327.2823 [GMT -5:00] Running from: c:combofixComboFix.exe . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:documents and settingsAdministradorEscritorioInternet Explorer.lnk c:windowssystem32PowerToyReadme.htm c:windowssystem32wallpaper.exe c:windowssystem32windowsupdate.exe c:windowswallpaper.jpg . . ((((((((((((((((((((((((( Files Created from 2011-12-11 to 2012-01- 11 ))))))))))))))))))))))))))))))) . . 2012-01-11 22:59 . 2012-01-11 22:59 -------- d-----w- C:AMD . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2008-05-11 . C2BDEA3B5E025FADB79FD3DEB23B8F53 . 361344 . . [5.1.2600.5512] . . c:windowssystem32driverstcpip.sys . [-] 2008-04-14 07:48 . BC40A2DE9FB2C8A551A240F2359C8F30 . 847360 . . [2001.12.4414.700] . . c:windowssystem32comres.dll [7] 2008-04-14 07:48 . 93F4E612C695E81512110956454E6E25 . 837120 . . [2001.12.4414.700] . . c:windowsXPize DarksideBackupcomres.dll . [-] 2008-05-11 . 38FF5050D7BC47F344AE271B6C250201 . 3591680 . . [7.00.6000.16640] . . c:windowssystem32mshtml.dll . [-] 2008-05-11 . 39E5AA52B667BDD18690336E7E410EAF . 826368 . . [7.00.6000.16640] . . c:windowssystem32wininet.dll . [-] 2008-04-14 . C6C729770D9C3A0AD4D2D28788E71684 . 1698816 . . [6.00.2900.5512] . . c:windowsexplorer.exe [7] 2008-04-14 . 7522F548A84ABAD8FA516DE5AB3931EF . 1036288 . . [6.00.2900.5512] . . c:windowsXPize DarksideBackupexplorer.exe . [-] 2008-04-14 . C8F12B2102B5A9F9AB87E23C6EDFA021 . 429056 . . [5.1.2600.5512] . . c:windowsregedit.exe [7] 2008-04-14 . F4B9F9AA2F72FAD20D09C3E3FF2BE224 . 152064 . . [5.1.2600.5512] . . c:windowsXPize DarksideBackupregedit.exe . [-] 2008-04-14 . 97D44EE3E44CDC7035E3CB2EF20BABDB . 30208 . . [5.1.2600.5512] . . c:windowssystem32ctfmon.exe [7] 2008-04-14 . DAAE1CB1B1875B760496E7D3336DA1AD . 15360 . . [5.1.2600.5512] . . c:windowsXPize DarksideBackupctfmon.exe . . .
  • 2. [-] 2008-05-11 20:28 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:windowssystem32mspmsnsv.dll . . c:windowsSystem32wscntfy.exe ... is missing !! c:windowsSystem32regsvc.dll ... is missing !! . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun] "TaskSwitchXP"="c:archivos de programaTaskSwitchXPTaskSwitchXP.exe" [2006-08- 04 62976] . [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] "StartCCC"="c:archivos de programaATI TechnologiesATI.ACECore- StaticCLIStart.exe" [2011-03-10 98304] "USB Security"="c:archivos de programaUSB Disk SecurityUSBGuard.exe" [2011- 01-31 627616] . [HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun] "CTFMON.EXE"="c:windowssystem32CTFMON.EXE" [2008-04-14 30208] . [HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRunOnce] "nltide_2"="shell32" [X] "nltide_3"="advpack.dll" [2008-05-11 124928] . [HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer] "NoSMHelp"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) "NoSMMyPictures"= 1 (0x1) "NoResolveTrack"= 1 (0x1) . [HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionpoliciesexplorer ] "ForceClassicControlPanel"= 1 (0x1) "NoSMHelp"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) "NoSMMyPictures"= 1 (0x1) "NoResolveTrack"= 1 (0x1) . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogon] "UIHost"=hex(2):58,50,69,7a,65,5f,4c,6f,67,6f,6e,2e,65,78,65,00 . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregctfmon.exe] 2008-04-14 07:48 30208 ----a-w- c:windowssystem32ctfmon.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregHDAudDeck] 2010-10-22 03:13 40995440 ----a-r- c:archivos de programaVIAVIAudioiHDADeckHDeck.exe . [HKLM~servicessharedaccessparametersfirewallpolicystandardprofile] "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) . [HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthoriz edApplicationsList] "%windir%Network Diagnosticxpnetdiag.exe"= "%windir%system32sessmgr.exe"=
  • 3. "c:Archivos de programaWindows LiveMessengerwlcsdk.exe"= "c:Archivos de programaWindows LiveMessengermsnmsgr.exe"= . R0 sptd;sptd;c:windowssystem32driverssptd.sys [11/01/2012 11:17 717296] R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:windowssystem32driversAtihdXP3.sys [11/01/2012 18:00 101904] R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:windowssystem32driversl1c51x86.sys [11/01/2012 17:51 50176] R3 usbfilter;AMD USB Filter Driver;c:windowssystem32driversusbfilter.sys [11/01/2012 17:47 30392] R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:windowssystem32driversviahduaa.sys [11/01/2012 17:52 2135280] S3 MSICDSetup;MSICDSetup;??e:cdriver.sys --> e:CDriver.sys [?] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - UDFS . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.experienciaue.com.ar/graciasporinstalar20091.html uSearchURL,(Default) = hxxp://www.google.com/keyword/%s TCP: Interfaces{BE5DD549-A9DA-497C-97B4-8CF94843DB28}: NameServer = 200.48.225.130,200.48.225.146 FF - ProfilePath - . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-01-11 18:31 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(504) c:windowssystem32SETUPAPI.dll c:windowssystem32Ati2evxx.dll c:windowssystem32atiadlxx.dll c:windowssystem32cscui.dll . - - - - - - - > 'lsass.exe'(560) c:windowssystem32setupapi.dll . Completion time: 2012-01-11 18:31:43 ComboFix-quarantined-files.txt 2012-01-11 23:31 . Pre-Run: 257.153.736.704 bytes libres Post-Run: 257.164.029.952 bytes libres . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
  • 4. [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)WINDOWS [operating systems] c:cmdconsBOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - FF47439C608601FA56E23F036E003415