Combo Fix

ComboFix 13-02-13.02 - ALCALDIA 13/02/2013 18:01:31.18.
4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.34.3082.18.3017.2277 [GMT -5:
00]
Running from: d:\escritorio\ComboFix.exe
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))
)))))))))))))))))))))))))))))
.
.
c:\docume~1\ALCALDIA\CONFIG~1\Temp\jna6866796397702668782.dll
c:\documents and settings\ALCALDIA\Configuracin local\temp\jna6866796397702668782
.dll
.
.
((((((((((((((((((((((((( Files Created from 2013-01-13 to 2013-02-13 )))))))
))))))))))))))))))))))))
.
.
2013-02-13 20:12 . 2013-02-13 20:12
-------d-----wc:\archi
vos de programa\Microsoft Synchronization Services
2013-02-13 20:12 . 2013-02-13 20:12
-------d-----wc:\docum
ents and settings\All Users\Microsoft
2013-02-13 20:12 . 2013-02-13 20:12
-------d-----wc:\archi
vos de programa\Microsoft.NET
2013-02-13 20:12 . 2013-02-13 20:12
-------d-----wc:\archi
vos de programa\Microsoft Sync Framework
2013-02-13 20:12 . 2013-02-13 20:12
-------d-----wc:\archi
vos de programa\Microsoft SQL Server Compact Edition
2013-02-13 20:08 . 2013-02-13 20:08
-------d-----wc:\archi
vos de programa\Microsoft Visual Studio 8
2013-02-13 20:07 . 2013-02-13 20:07
-------d-----wc:\archi
vos de programa\Microsoft Analysis Services
2013-02-13 20:01 . 2013-02-13 20:01
-------d-----wc:\archi
vos de programa\Defraggler
2013-02-13 16:08 . 2013-02-13 16:08
-------d-----wc:\windo
ws\system32\wbem\Repository
2013-02-13 16:06 . 2013-02-13 16:06
-------d-----rC:\MSOCa
che
2013-02-07 15:28 . 2013-02-07 15:28
-------d-----wc:\archi
vos de programa\Maycotech
2013-02-01 20:57 . 2008-04-14 12:00
26624 ----a-wc:\documents and
settings\LocalService\Datos de programa\Microsoft\UPnP Device Host\upnphost\udh
isapi.dll
2013-02-01 20:57 . 2013-02-01 20:57
-------d-----wc:\docum
ents and settings\ALCALDIA\Configuracin local\Datos de programa\Samsung
2013-02-01 20:57 . 2013-02-01 20:57
-------d-----wc:\docum
ents and settings\ALCALDIA\Datos de programa\Samsung
2013-02-01 20:53 . 2013-02-01 20:53
-------d-----wc:\docum
ents and settings\All Users\Datos de programa\Samsung
2013-02-01 20:53 . 2013-02-01 20:53
-------d-----wC:\5ec87
689c0f40dc97bfd1826fcb3a4
2013-02-01 20:53 . 2013-02-01 20:53
-------d-----wc:\windo
ws\system32\drivers\umdf
2013-02-01 20:52 . 2013-02-01 20:53
-------d-----wC:\babcc
7765bd82fb7bfbaae
2013-01-29 15:08 . 2008-08-19 00:18
77824 ----a-wc:\windows\syste
m32\fmcodec.DLL
2013-01-25 16:12 . 2012-08-21 18:01

m32\drivers\GEARAspiWDM.sys
2013-01-25 16:11 . 2013-01-25 16:11
-------d-----wc:\archi
vos de programa\iPod
2013-01-25 16:11 . 2013-01-25 16:12
-------d-----wc:\docum
ents and settings\All Users\Datos de programa\188F1432-103A-4ffb-80F1-36B633C5C9
E1
2013-01-25 16:11 . 2013-01-25 16:12
-------d-----wc:\archi
vos de programa\iTunes
2013-01-17 16:05 . 2013-01-17 16:05
-------d-----wc:\archi
vos de programa\SolidDocuments
2013-01-17 13:40 . 2013-01-12 08:30
m32\WindowsAccessBridge.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))
)))))))))))))))))))))))))))))))
.
2013-02-13 21:08 . 2012-06-13 18:30
m32\FlashPlayerCPLApp.cpl
2013-02-13 21:08 . 2012-06-13 18:30
m32\FlashPlayerApp.exe
2013-01-12 08:00 . 2012-06-13 18:35
m32\javacpl.cpl
2012-12-18 15:06 . 2012-12-18 15:06
90112 ----a-wc:\windows\MAMCi
tyDownload.ocx
2012-12-18 15:06 . 2012-12-18 15:06
330240 ----a-wc:\windows\MASet
upCaller.dll
2012-12-18 15:06 . 2012-12-18 15:06
30568 ----a-wc:\windows\Music
cityDownload.exe
2012-12-18 15:06 . 2012-12-18 15:06
m32\cis-2.4.dll
2012-12-18 15:06 . 2012-12-18 15:06
m32\issacapi_bs-2.3.dll
2012-12-18 15:06 . 2012-12-18 15:06
m32\issacapi_pe-2.3.dll
2012-12-18 15:06 . 2012-12-18 15:06
m32\MTXSYNCICON.dll
2012-12-18 15:06 . 2012-12-18 15:06
m32\MK_Lyric.dll
2012-12-18 15:06 . 2012-12-18 15:06
m32\issacapi_se-2.3.dll
2012-12-18 15:06 . 2012-12-18 15:06
m32\muzdecode.ax
2012-12-18 15:06 . 2012-12-18 15:06
m32\muzapp.dll
2012-12-18 15:06 . 2012-12-18 15:06
m32\MaJGUILib.dll
2012-12-18 15:06 . 2012-12-18 15:06
m32\MAMACExtract.dll
2012-12-18 15:06 . 2012-12-18 15:06
m32\MaXMLProto.dll
2012-12-18 15:06 . 2012-12-18 15:06
m32\MACXMLProto.dll
2012-12-18 15:06 . 2012-12-18 15:06
m32\MTTELECHIP.dll
2012-12-18 15:06 . 2012-12-18 15:06
m32\MSLUR71.dll
2012-12-18 15:06 . 2012-12-18 15:06
m32\muzoggsp.ax
2012-12-18 15:06 . 2012-12-18 15:06
m32\MSCLib.dll
2012-12-18 15:06 . 2012-12-18 15:06
m32\MASetupCleaner.exe
2012-12-18 15:06 . 2012-12-18 15:06
m32\muzwmts.dll
2012-12-18 15:06 . 2012-12-18 15:06
m32\MSFLib.dll
2012-12-18 15:06 . 2012-12-18 15:06
m32\3DAudio.ax
2012-12-18 15:06 . 2012-12-18 15:06
m32\muzaf1.dll
2012-12-18 15:06 . 2012-12-18 15:06
m32\muzmpgsp.ax
2012-12-18 15:06 . 2012-12-18 15:06
m32\muzeffect.ax
2012-12-18 15:06 . 2012-12-18 15:06
m32\MaDRM.dll
2012-12-18 15:06 . 2012-12-18 15:06
m32\muzmp4sp.ax
2012-12-18 15:06 . 2012-09-05 15:53
m32\DIFxAPI.dll
2012-12-17 15:41 . 2012-06-13 18:35
m32\npdeployJava1.dll
2012-12-17 15:41 . 2012-06-13 18:35
m32\deployJava1.dll
2012-12-06 18:40 . 2012-12-06 18:40
m32\drivers\RimUsb.sys
2012-12-07 20:18 . 2012-12-07 20:18
262112 ------wc:\archivos de p
rograma\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck ------Note: Unsigned files aren't necessarily malware.
.
[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] .
. c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] .
. c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] .
. c:\windows\system32\drivers\tcpip.sys
[7] 2008-04-14 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] .
. c:\windows\erdnt\cache\tcpip.sys
.
[-] 2012-07-06 . DCA0E43CB14D2390FAA5A21B9DC92274 . 78336 . . [5.1.2600.6260] .
. c:\windows\system32\browser.dll
[-] 2012-07-06 . DCA0E43CB14D2390FAA5A21B9DC92274 . 78336 . . [5.1.2600.6260] .
. c:\windows\system32\dllcache\browser.dll
[-] 2012-07-06 . 88F61096EDAF97F86128ED9007802709 . 78336 . . [5.1.2600.6260] .
. c:\windows\$hf_mig$\KB2705219\SP3QFE\browser.dll
[7] 2008-04-14 . E28818BD591F8AF8FBE9897472B9665E . 77824 . . [5.1.2600.5512] .
. c:\windows\erdnt\cache\browser.dll
.
[-] 2009-02-09 . AEF41FC6F108CC4F94F9B4E96AFA9C70 . 401408 . . [5.1.2600.5755] .
. c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[-] 2009-02-09 . 97869C55F562B777987100EA30AD8108 . 401408 . . [5.1.2600.5755] .
. c:\windows\system32\rpcss.dll
[-] 2009-02-09 . 97869C55F562B777987100EA30AD8108 . 401408 . . [5.1.2600.5755] .
. c:\windows\system32\dllcache\rpcss.dll
[7] 2008-04-14 . 53D02EFFA72CA5C57687BEE20610ABA6 . 399360 . . [5.1.2600.5512] .

. c:\windows\erdnt\cache\rpcss.dll
.
[-] 2009-02-09 . 953DF7327510DF0DE048B8E80E504EF9 . 111104 . . [5.1.2600.5755] .
. c:\windows\system32\services.exe
[-] 2009-02-09 . 953DF7327510DF0DE048B8E80E504EF9 . 111104 . . [5.1.2600.5755] .
. c:\windows\system32\dllcache\services.exe
[-] 2009-02-09 . AA6E1769469F9D15603A619FC1FB9E18 . 111104 . . [5.1.2600.5755] .
. c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[7] 2008-04-14 . D658A8C2FC7B2AD53D1259741A09EE04 . 109056 . . [5.1.2600.5512] .
. c:\windows\erdnt\cache\services.exe
.
[-] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] .
. c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] .
. c:\windows\system32\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] .
. c:\windows\system32\dllcache\spoolsv.exe
[7] 2008-04-14 . CDD2DC6AE65084481E723E746C20539A . 57856 . . [5.1.2600.5512] .
. c:\windows\erdnt\cache\spoolsv.exe
.
[-] 2010-08-23 . 3DDEC846E57F668C07407F3AC3B66220 . 617472 . . [5.82] . . c:\win
dows\system32\comctl32.dll
[-] 2010-08-23 . 3DDEC846E57F668C07407F3AC3B66220 . 617472 . . [5.82] . . c:\win
dows\system32\dllcache\comctl32.dll
[-] 2010-08-23 . 24B09ED0C5B019A5198A74504179EEB0 . 1054208 . . [6.0] . . c:\win
dows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028
_x-ww_61e65202\comctl32.dll
[7] 2008-04-14 . 618A4C7A7C0CA86DA884C8C0FACAD8C2 . 617472 . . [5.82] . . c:\win
dows\erdnt\cache\comctl32.dll
[7] 2008-04-14 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\wind
ows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1
382d70a\comctl32.dll
[7] 2008-04-14 . 08D17A982CD6191B34D1B8C8A2E694B6 . 1054208 . . [6.0] . . c:\win
dows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512
_x-ww_35d4ce83\comctl32.dll
.
[-] 2008-07-07 20:27 . A225DD0D0489BD580781D19524A10B19 . 253952 . . [2001.12.44
14.706] . . c:\windows\system32\es.dll
[-] 2008-07-07 20:27 . A225DD0D0489BD580781D19524A10B19 . 253952 . . [2001.12.44
14.706] . . c:\windows\system32\dllcache\es.dll
[-] 2008-07-07 20:25 . 6EC3C2A5CEA41B78BB55B30444292CB8 . 253952 . . [2001.12.44
14.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[7] 2008-04-14 12:00 . 76ABF3BB5A6D684641EC92B28240811D . 246272 . . [2001.12.44
14.701] . . c:\windows\erdnt\cache\es.dll
.
[-] 2009-03-21 . 7DC06BF4CBC3FCD7557D8D69DFBD49F5 . 1042944 . . [5.1.2600.5781]
. . c:\windows\system32\kernel32.dll
[-] 2009-03-21 . 7DC06BF4CBC3FCD7557D8D69DFBD49F5 . 1042944 . . [5.1.2600.5781]
. . c:\windows\system32\dllcache\kernel32.dll
[-] 2009-03-21 . 97D5372816EC546BD035EDAEDB5E6918 . 1044992 . . [5.1.2600.5781]
. . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[7] 2008-04-14 . F43FE49CF77EC1CEF9DB9E67BDDB970F . 1042944 . . [5.1.2600.5512]
. . c:\windows\erdnt\cache\kernel32.dll
.
[-] 2008-06-20 . DC10B07F256C8EDF6642015E380C741E . 248320 . . [5.1.2600.5625] .
. c:\windows\$hf_mig$\KB2509553\SP3QFE\mswsock.dll
[-] 2008-06-20 . 5E11D375C92A0DDA7AC4D487FC4E1978 . 248320 . . [5.1.2600.5625] .
. c:\windows\system32\mswsock.dll
[-] 2008-06-20 . 5E11D375C92A0DDA7AC4D487FC4E1978 . 248320 . . [5.1.2600.5625] .
. c:\windows\system32\dllcache\mswsock.dll
[7] 2008-04-14 . AD893C9D3A09081D55A4BDFBC66AD592 . 248320 . . [5.1.2600.5512] .
. c:\windows\erdnt\cache\mswsock.dll
.
[-] 2011-11-01 . 494276CFE71555AE0F3234C1B227E67A . 1288192 . . [5.1.2600.6168]
. . c:\windows\system32\ole32.dll
[-] 2011-11-01 . 494276CFE71555AE0F3234C1B227E67A . 1288192 . . [5.1.2600.6168]
. . c:\windows\system32\dllcache\ole32.dll
[-] 2011-11-01 . E8C2FA9AC16C25C0AB0677BA12D74BC1 . 1288704 . . [5.1.2600.6168]
. . c:\windows\$hf_mig$\KB2624667\SP3QFE\ole32.dll
[-] 2010-07-16 . BCFEA258277FB42DD7F447EB61C34D06 . 1288704 . . [5.1.2600.6010]
. . c:\windows\$hf_mig$\KB979687\SP3QFE\ole32.dll
[7] 2008-04-14 . 463D57BF9FE5871208FF99399360A57D . 1287168 . . [5.1.2600.5512]
. . c:\windows\erdnt\cache\ole32.dll
.
[-] 2010-04-16 . A8374FF31AC6EDEBB806D2B61D44618D . 406016 . . [1.0420.2600.5969
] . . c:\windows\system32\usp10.dll
[-] 2010-04-16 . A8374FF31AC6EDEBB806D2B61D44618D . 406016 . . [1.0420.2600.5969
] . . c:\windows\system32\dllcache\usp10.dll
[-] 2010-04-16 . 964D29711065A944E1BEC7FD676E61D9 . 406016 . . [1.0420.2600.5969
] . . c:\windows\$hf_mig$\KB981322\SP3QFE\usp10.dll
[7] 2008-04-14 . D2ABEB6AF76DA414D1FFF8B409F00635 . 406016 . . [1.0420.2600.5512
] . . c:\windows\erdnt\cache\usp10.dll
.
[-] 2009-07-27 . 1F617C5A76215C380478D750CE92CC73 . 135168 . . [6.00.2900.5853]
. . c:\windows\system32\shsvcs.dll
[-] 2009-07-27 . 1F617C5A76215C380478D750CE92CC73 . 135168 . . [6.00.2900.5853]
. . c:\windows\system32\dllcache\shsvcs.dll
[-] 2009-07-27 . 8A34F9730A2206726B1BE4DC4209CAB9 . 135168 . . [6.00.2900.5853]
. . c:\windows\$hf_mig$\KB971029\SP3QFE\shsvcs.dll
[7] 2008-04-14 . CA70EDBF32032EA53F114CB930741CB5 . 135168 . . [6.00.2900.5512]
. . c:\windows\erdnt\cache\shsvcs.dll
.
[-] 2010-12-09 . 48AADE1D5F48819A4C3978C09AAD1DC9 . 742912 . . [5.1.2600.6055] .
. c:\windows\$hf_mig$\KB2393802\SP3QFE\ntdll.dll
[-] 2010-12-09 . 45B458684F0471C4F25A31A0BE4D2C70 . 742912 . . [5.1.2600.6055] .
. c:\windows\system32\ntdll.dll
[-] 2010-12-09 . 45B458684F0471C4F25A31A0BE4D2C70 . 742912 . . [5.1.2600.6055] .
. c:\windows\system32\dllcache\ntdll.dll
[-] 2009-02-09 . 6CBEC637D1B5A19A1C91F2B84E03CDE2 . 739840 . . [5.1.2600.5755] .
. c:\windows\$hf_mig$\KB956572\SP3QFE\ntdll.dll
[7] 2008-04-14 . 91346D0D58E9FA1C75D8D0319F281745 . 730624 . . [5.1.2600.5512] .
. c:\windows\erdnt\cache\ntdll.dll
.
[-] 2010-09-18 07:18 . C7D2DE04EEA71D72EB0A8793FA6E9FC1 . 953856 . . [4.1.6151]
. . c:\windows\$hf_mig$\KB2387149\SP3QFE\mfc40u.dll
[-] 2010-09-18 06:53 . 46EF24BCFAF0F7AB46B1A80CCC5BCC71 . 953856 . . [4.1.6151]
. . c:\windows\system32\mfc40u.dll
[-] 2010-09-18 06:53 . 46EF24BCFAF0F7AB46B1A80CCC5BCC71 . 953856 . . [4.1.6151]
. . c:\windows\system32\dllcache\mfc40u.dll
[7] 2008-04-14 12:00 . 27415CEEB58C8C2F92AFF8CFE2517A3C . 927504 . . [4.1.0.61]
. . c:\windows\erdnt\cache\mfc40u.dll
.
[-] 2012-05-05 . 022FD032105D0A6C02794B9C84BAB0E6 . 2071552 . . [5.1.2600.6223]
. . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2012-05-05 . 022FD032105D0A6C02794B9C84BAB0E6 . 2071552 . . [5.1.2600.6223]
. . c:\windows\system32\dllcache\ntkrnlpa.exe
[-] 2012-05-05 . 638EC396B4E753BEE2A46D95F7072A52 . 2029056 . . [5.1.2600.6223]
. . c:\windows\system32\ntkrnlpa.exe
[-] 2012-05-05 . 539C2C08DB474D3E35D0591B453705C5 . 2071552 . . [5.1.2600.6223]
. . c:\windows\$hf_mig$\KB2707511\SP3QFE\ntkrnlpa.exe
[-] 2012-04-11 . F3364F7432D706F7550FBA400DEC258E . 2071552 . . [5.1.2600.6206]
[-] 2010-12-10 . 9F35605BC629F27AA34423B9DE652284 . 2071808 . . [5.1.2600.6055]
[-] 2009-02-09 . 9B5E5D325CEDBB10A9A86679634A38CC . 2068608 . . [5.1.2600.5755]
[7] 2008-04-14 . B4604169BB187939CAE61D62B41E85E0 . 2026496 . . [5.1.2600.5512]
. . c:\windows\erdnt\cache\ntkrnlpa.exe
.
[-] 2012-05-05 . CE21A80B5956FE8C3C0EA78654BB913F . 2195072 . . [5.1.2600.6223]
. . c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2012-05-05 . CE21A80B5956FE8C3C0EA78654BB913F . 2195072 . . [5.1.2600.6223]
. . c:\windows\system32\dllcache\ntoskrnl.exe
[-] 2012-05-05 . 715C530B6FD52E3F730A2977D29D1A0A . 2150912 . . [5.1.2600.6223]
. . c:\windows\system32\ntoskrnl.exe
[-] 2012-05-05 . D9C76CE9F26D6A0725FE9C241819149A . 2195072 . . [5.1.2600.6223]
. . c:\windows\$hf_mig$\KB2707511\SP3QFE\ntoskrnl.exe
[-] 2012-04-11 . 90EB3AFD0833502E05D1D7A4B6F238A5 . 2195072 . . [5.1.2600.6206]
[-] 2010-12-09 . 4F2053B8B0D20F4B398A95BDD1905893 . 2195200 . . [5.1.2600.6055]
[-] 2009-02-11 . 6BC8E4AAFC98B556B8FB616AD30CD5A3 . 2191616 . . [5.1.2600.5755]
[7] 2008-04-14 . 5865859247703A0E7211267AB92A02B7 . 2147840 . . [5.1.2600.5512]
. . c:\windows\erdnt\cache\ntoskrnl.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))
)))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spark"="c:\archivos de programa\Spark\Spark.exe" [2011-07-01 433664]
"KiesPreload"="c:\archivos de programa\Samsung\Kies\Kies.exe" [2012-12-20 147610
4]
"KiesAirMessage"="c:\archivos de programa\Samsung\Kies\KiesAirMessage.exe" [2012
-12-18 578560]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CANON DR2010C SVC"="DR201SVC.dll" [2009-09-15 143360]
"APSDaemon"="c:\archivos de programa\Archivos comunes\Apple\Apple Application Su
pport\APSDaemon.exe" [2012-11-28 59280]
"Adobe ARM"="c:\archivos de programa\Archivos comunes\Adobe\ARM\1.0\AdobeARM.exe
" [2012-12-03 946352]
"iTunesHelper"="c:\archivos de programa\iTunes\iTunesHelper.exe" [2012-12-12 152
544]
"KiesTrayAgent"="c:\archivos de programa\Samsung\Kies\KiesTrayAgent.exe" [2012-1
2-20 310280]
"BCSSync"="c:\archivos de programa\Microsoft Office\Office14\BCSSync.exe" [201003-13 91520]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute
REG_MULTI_SZ
autocheck autochk *\0c:\archiv~1\AVG\AVG2012\avg
rsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ
msv1_0 nwprovau
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.s
ys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Men Inicio^Programas^In
icio^REALTEK RTL8185 Wireless LAN Utility.lnk]
path=c:\documents and settings\All Users\Men Inicio\Programas\Inicio\REALTEK RTL8
185 Wireless LAN Utility.lnk
backup=c:\windows\pss\REALTEK RTL8185 Wireless LAN Utility.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe AR
M]
2012-12-03 07:35
946352 ------wc:\archivos de programa\Archivos
comunes\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CANON DR
2010C SVC]
2009-09-15 14:44
143360 ------wc:\windows\system32\DR201SVC.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CANON DR
2510C SVC]
2009-09-15 14:47
143360 ------wc:\windows\system32\DR251SVC.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPUsageT
rackingLEDM]
2009-08-04 22:21
30264 ------wc:\archivos de programa\HP\HP UT
LEDM\bin\hppusg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-17 03:12
3872080 ------wc:\archivos de programa\Windows
Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spark]
2011-07-01 14:57
433664 ------wc:\archivos de programa\Spark\Sp
ark.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaU
pdateSched]
2012-07-03 14:04
252848 ------wc:\archivos de programa\Archivos
comunes\Java\Java Update\jusched.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"CANON DR2010C SVC"=rundll32.exe DR201SVC.dll,EntryPointUserMessage
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Authoriz
edApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Archivos de programa\\Spark\\Spark.exe"=
"c:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Archivos de programa\\Bonjour\\mDNSResponder.exe"=
"c:\\Archivos de programa\\Archivos comunes\\Apple\\Apple Application Support\\W
ebKit2WebProcess.exe"=
"c:\\Documents and Settings\\ALCALDIA\\Configuracin local\\Datos de programa\\Tor
ch\\Plugins\\Torrent\\TorchTorrent.exe"=
"c:\\Archivos de programa\\iTunes\\iTunes.exe"=
"c:\\Archivos de programa\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Archivos de programa\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Archivos de programa\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [04/09/2012 11:11
24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [04
/09/2012 11:11 31952]
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [28/03
/2008 11:14 24064]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [04/09/2012 11
:11 301248]
R2 BrcmMgmtAgent;Broadcom Management Agent;c:\archivos de programa\Broadcom\Mgmt
Agent\BrcmMgmtAgent.exe [14/01/2011 17:10 130560]
R2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [17/07/2012 9:24 4300]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [05/09/
2012 16:08 38144]
R2 HP LaserJet Service;HP LaserJet Service;c:\archivos de programa\HP\HPLaserJet
Service\HPLaserJetService.exe [24/06/2009 10:57 136704]
R2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [12/10/2012 11:23 9
9896]
R2 SCPDFReadSpool;SolidConverterPDFReadSpool;c:\windows\Installer\MSI1B8.tmp [17
/01/2013 11:05 177784]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [04/09/2012 11:11 309
44]
R3 cnnctfy2MP;cnnctfy2MP;c:\windows\system32\drivers\cnnctfy2.sys [24/07/2012 10
:08 31344]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windo
ws\system32\drivers\e1k5132.sys [08/11/2012 17:27 168616]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [05/09/2012 11:11 36608]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [04/0
9/2012 11:11 235216]
S2 Connectify;Connectify; [x]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [0
4/09/2012 11:11 30944]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [04/0
9/2012 11:11 139856]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [04/0
9/2012 11:11 24144]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [04/09/2012
11:11 17232]
S3 cnnctfy2;Connectify Service;c:\windows\system32\drivers\cnnctfy2.sys [24/07/2
012 10:08 31344]
S3 EUCR;ENE USB Mass Storage;c:\windows\system32\drivers\EUCR6SK.sys [29/06/2012
10:11 26112]
S3 HPKBCCID;HP Keyboard Smart Card Driver;c:\windows\system32\drivers\HPKBCCID.s
ys [05/08/2009 6:56 48256]
S3 mvusbews;USB EWS Device;c:\windows\system32\drivers\mvusbews.sys [12/10/2012
11:23 17408]
S3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\S
RS_PremiumSound_i386.sys [13/06/2012 14:49 246000]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32
\drivers\ssadbus.sys [01/02/2013 15:56 121064]

S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadm
dfl.sys [01/02/2013 15:56 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm
.sys [01/02/2013 15:56 136808]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32
\drivers\ssadserd.sys [01/02/2013 15:56 114280]
S3 STCFUx32;STC DFU Driver;c:\windows\system32\drivers\STCFUx32.sys [24/01/2007
2:01 7680]
.
--- Other Services/Drivers In Memory --.
*NewlyCreated* - BASFND
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ
Pml Driver HPZ12 Net Driver HPZ12
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D3
45-D564-463c-AFF1-A69D9E530F96}]
2013-02-13 20:54
1607120 ----a-wc:\archivos de programa\Google\C
hrome\Application\24.0.1312.57\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-13 21
:08]
.
2012-12-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\archivos de programa\Apple Software Update\SoftwareUpdate.exe [2011-06-01 2
2:57]
.
2013-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\archivos de programa\Google\Update\GoogleUpdate.exe [2013-02-13 20:54]
.
2013-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\archivos de programa\Google\Update\GoogleUpdate.exe [2013-02-13 20:54]
.
.
------- Supplementary Scan ------.
ustart page = hxxp://172.23.50.135:8080/intranet2/
uInternet Settings,ProxyOverride = *.local
IE: &Enviar a OneNote - c:\archiv~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: E&xportar a Microsoft Excel - c:\archiv~1\MICROS~2\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 172.23.50.12
FF - ProfilePath - c:\documents and settings\ALCALDIA\Datos de programa\Mozilla\
Firefox\Profiles\z2wpxu14.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com.co/
FF - prefs.js: network.proxy.ftp - 203.117.130.15
FF - prefs.js: network.proxy.ftp_port - 80
FF - prefs.js: network.proxy.http - 203.117.130.15
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.socks - 203.117.130.15
FF - prefs.js: network.proxy.socks_port - 80
FF - prefs.js: network.proxy.ssl - 203.117.130.15
FF - prefs.js: network.proxy.ssl_port - 80
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-01-24 11:31; {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}; c:\archiv
os de programa\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: extensions.funmoods.hmpg - true
FF - user.js: extensions.funmoods.hmpgUrl - hxxp://searchfunmoods.com/?f=1&a=tes
t331&chnl=test331&cd=2XzuyEtN2Y1L1QzutDtDtCzz0EyByE0BtC0E0BzytD0C0AyDtN0D0Tzu0Ct
ByCyDtN1L2XzutBtFtCtFtBtFtAtAtC&cr=1047224899
FF - user.js: extensions.funmoods.dfltSrch - true
FF - user.js: extensions.funmoods.srchPrvdr - Search
FF - user.js: extensions.funmoods.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods.newTabUrl - hxxp://searchfunmoods.com/?f=2&a=t
est331&chnl=test331&cd=2XzuyEtN2Y1L1QzutDtDtCzz0EyByE0BtC0E0BzytD0C0AyDtN0D0Tzu0
CtByCyDtN1L2XzutBtFtCtFtBtFtAtAtC&cr=1047224899
FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://searchfunmoods.com/?f=3&a
=test331&chnl=test331&cd=2XzuyEtN2Y1L1QzutDtDtCzz0EyByE0BtC0E0BzytD0C0AyDtN0D0Tz
u0CtByCyDtN1L2XzutBtFtCtFtBtFtAtAtC&cr=1047224899&q=
FF - user.js: extensions.funmoods.id - 0018E74B1EB90CA5
FF - user.js: extensions.funmoods.instlDay - 15604
FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2213:44:6
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - test331
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef - test331
FF - user.js: extensions.funmoods.dfltLng FF - user.js: extensions.funmoods.excTlbr - false
FF - user.js: extensions.funmoods.autoRvrt - false
FF - user.js: extensions.funmoods.envrmnt - production
FF - user.js: extensions.funmoods.isdcmntcmplt - true
FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http:/
/www.gmer.net
Rootkit scan 2013-02-13 18:06
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SCPDFReadSpool]
"ImagePath"="c:\windows\Installer\MSI1B8.tmp"
.
--------------------- LOCKED REGISTRY KEYS --------------------.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66
}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502
_149_ActiveX.exe,-101"
.
}\Elevation]
"Enabled"=dword:00000001
.
}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"
.
}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C
9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- DLLs Loaded Under Running Processes --------------------.
- - - - - - - > 'explorer.exe'(1364)
c:\windows\system32\WININET.dll
c:\archiv~1\ARCHIV~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\archiv~1\MICROS~2\Office14\3082\GrooveIntlResource.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\archivos de programa\Archivos comunes\Apple\Mobile Device Support\AppleMobile
DeviceService.exe
c:\archivos de programa\Bonjour\mDNSResponder.exe
c:\archivos de programa\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\archivos de programa\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2013-02-13 18:08:53 - machine was rebooted
ComboFix-quarantined-files.txt 2013-02-13 23:08
ComboFix2.txt 2013-02-01 22:14
ComboFix3.txt 2013-01-23 14:44
.
Pre-Run: 125.125.656.576 bytes libres
Post-Run: 125.150.060.544 bytes libres
.
- - End Of File - - F91E8081F6A2BF4E3B9C34A2342ADB4E

Combo Fix

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Combo Fix

Uploaded by

Copyright:

Available Formats

ComboFix 13-02-13.02 - ALCALDIA 13/02/2013 18:01:31.18.

2013-01-25 16:12 . 2012-08-21 18:01

[7] 2008-04-14 . 53D02EFFA72CA5C57687BEE20610ABA6 . 399360 . . [5.1.2600.5512] .

\drivers\ssadbus.sys [01/02/2013 15:56 121064]

--------------------- LOCKED REGISTRY KEYS --------------------.

You might also like