Combo Fix
If you can't read please download the document
Transcript of Combo Fix
ComboFix 11-09-19.05 - USUARIO 20/09/2011 10:15:33.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.34.3082.18.247.18 [GMT -4:00] Running from: c:\documents and settings\USUARIO\Escritorio\ComboFix.exe AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . . ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))) ))))))))))))))))))))))))))))) . . c:\archivos de programa\Microsoft Office\OFFICE11\OSA.exe c:\documents and settings\USUARIO\WINDOWS c:\windows\dasetup.log c:\windows\system\MSJET35.DLL c:\windows\system32\comct332.ocx . . ((((((((((((((((((((((((( Files Created from 2011-08-20 to 2011-09-20 ))))))) )))))))))))))))))))))))) . . . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))) ))))))))))))))))))))))))))))))) . 2011-09-20 13:55 . 2011-07-13 19:49 2454349 ----a-wc:\windows\syste m\InsDemo.Exe 2011-07-04 11:43 . 2011-07-18 04:34 40112 ----a-wc:\windows\avast SS.scr 2011-07-04 11:43 . 2011-07-13 18:35 199304 ----a-wc:\windows\syste m32\aswBoot.exe 2011-07-04 11:36 . 2011-07-18 04:34 441176 ----a-wc:\windows\syste m32\drivers\aswSnx.sys 2011-07-04 11:36 . 2011-07-13 18:35 309848 ----a-wc:\windows\syste m32\drivers\aswSP.sys 2011-07-04 11:35 . 2011-07-13 18:35 43608 ----a-wc:\windows\syste m32\drivers\aswTdi.sys 2011-07-04 11:35 . 2011-07-13 18:35 102616 ----a-wc:\windows\syste m32\drivers\aswmon2.sys 2011-07-04 11:35 . 2011-07-13 18:35 96344 ----a-wc:\windows\syste m32\drivers\aswmon.sys 2011-07-04 11:32 . 2011-07-13 18:35 25432 ----a-wc:\windows\syste m32\drivers\aswRdr.sys 2011-07-04 11:32 . 2011-07-13 18:35 30808 ----a-wc:\windows\syste m32\drivers\aavmker4.sys 2011-07-04 11:32 . 2011-07-13 18:35 19544 ----a-wc:\windows\syste m32\drivers\aswFsBlk.sys 2011-09-07 18:00 . 2004-06-01 04:16 134104 ----a-wc:\archivos de p rograma\mozilla firefox\components\browsercomps.dll . . ------- Sigcheck ------Note: Unsigned files aren't necessarily malware. . [-] 2008-07-10 . A984FD70323F1BADC33C170F60DBD5F6 . 1572352 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
. ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))) ))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellicon overlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-07-04 11:43 122512 ----a-wc:\archivos de programa\Alwil So ftware\Avast5\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Winpopup LAN Messenger"="c:\archivos de programa\Winpopup LAN Messenger\WinPopu p.exe" [2006-10-28 559679] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2003-04-07 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2003-04-07 114688] "Adobe ARM"="c:\archivos de programa\Archivos comunes\Adobe\ARM\1.0\AdobeARM.exe " [2011-06-06 937920] "USB Antivirus"="c:\archivos de programa\USB Disk Security\USBGuard.exe" [2010-0 1-10 819200] "QuickTime Task"="c:\archivos de programa\QuickTime\QTTask.exe" [2010-09-08 4218 88] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_2"="shell32" [X] "nltide_3"="advpack.dll" [2008-07-10 123904] . [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer ] "ForceClassicControlPanel"= 1 (0x1) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Authoriz edApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= . R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [18/07/2011 0:34 441176] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [13/07/2011 14:35 309848] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [13/07/2011 14:35 19544] . Contents of the 'Scheduled Tasks' folder . 2004-06-01 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\archivos de programa\Apple Software Update\SoftwareUpdate.exe [2008-07-30 1 6:34] . . ------- Supplementary Scan ------. uInternet Settings,ProxyServer = 192.168.1.8:3128
uInternet Settings,ProxyOverride = IE: E&xportar a Microsoft Excel - c:\archiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\USUARIO\Datos de programa\Mozilla\F irefox\Profiles\rr46imm6.default\ FF - prefs.js: network.proxy.ftp - 192.168.1.8 FF - prefs.js: network.proxy.ftp_port - 3128 FF - prefs.js: network.proxy.http - 192.168.1.8 FF - prefs.js: network.proxy.http_port - 3128 FF - prefs.js: network.proxy.socks - 192.168.1.8 FF - prefs.js: network.proxy.socks_port - 3128 FF - prefs.js: network.proxy.ssl - 192.168.1.8 FF - prefs.js: network.proxy.ssl_port - 3128 FF - prefs.js: network.proxy.type - 1 . . ------- File Associations ------. .scr=AutoCADScriptFile . - - - - ORPHANS REMOVED - - - . HKLM-Run-Cmaudio - cmicnfg.cpl . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http:/ /www.gmer.net Rootkit scan 2011-09-20 10:23 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . . C:\## aswSnx private storage . scan completed successfully hidden files: 1 . ************************************************************************** . Completion time: 2011-09-20 10:26:41 ComboFix-quarantined-files.txt 2011-09-20 14:26 . Pre-Run: 10.420.117.504 bytes libres Post-Run: 10.485.915.648 bytes libres . - - End Of File - - 8AD5A3813D673786213E17AA3B7AA702
