Scribd Logo
Upload

Welcome to Scribd!

  • Combo Fix

    Uploaded by

    Claudio César Claros Olivares
    14 views5 pages

    Original Title

    ComboFix

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    14 views5 pages

    Combo Fix

    Uploaded by

    Claudio César Claros Olivares

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 5

    ComboFix 10-10-06.02 - Rex 07/10/2010 2:06.1.

    2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.34.3082.18.511.201 [GMT -4:00
    ]
    Running from: D:\ComboFix.exe
    AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0
    101-4F12-8FB0-D96ACA4F34C0}
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))
    )))))))))))))))))))))))))))))
    .
    D:\InfoSat.txt
    D:\Muestras
    d:\muestras\WINLOGON.EXE.Muestra EliStartPage v21.76
    .
    ((((((((((((((((((((((((( Files Created from 2010-09-07 to 2010-10-07 )))))))
    ))))))))))))))))))))))))
    .
    2010-10-07 05:23 . 2010-10-07 05:23 -------- d-----w- d:\archi
    vos de programa\CCleaner
    2010-10-07 05:15 . 2010-10-07 05:15 -------- d-----w- d:\docum
    ents and settings\Rex\Datos de programa\Malwarebytes
    2010-10-07 05:15 . 2010-04-29 19:39 38224 ----a-w- d:\windows\syste
    m32\drivers\mbamswissarmy.sys
    2010-10-07 05:14 . 2010-10-07 05:15 -------- d-----w- d:\archi
    vos de programa\Malwarebytes' Anti-Malware
    2010-10-07 05:14 . 2010-10-07 05:14 -------- d-----w- d:\docum
    ents and settings\All Users\Datos de programa\Malwarebytes
    2010-10-07 05:14 . 2010-04-29 19:39 20952 ----a-w- d:\windows\syste
    m32\drivers\mbam.sys
    2010-10-07 04:50 . 2010-10-07 04:36 748043 ------w- D:\EliStarA.exe
    2010-10-07 04:50 . 2010-10-07 04:15 3874403 ------r- D:\ComboFix.exe
    2010-10-07 04:50 . 2010-10-07 04:47 6153352 ------w- D:\mbam-infospyw
    are-1.46.exe
    2010-10-07 04:50 . 2010-10-07 04:39 3430224 ------w- D:\ccsetup236.ex
    e
    2010-10-07 03:50 . 2010-10-07 03:50 -------- d-----w- d:\archi
    vos de programa\Archivos comunes\Adobe
    2010-10-07 03:41 . 2010-10-07 03:41 -------- d-----w- D:\Nueva
    carpeta
    2010-10-07 03:24 . 2010-10-07 05:24 -------- d-sha-r- d:\docum
    ents and settings\Rex\Rex1
    2010-10-05 18:22 . 2000-11-29 01:47 4256 ----a-w- d:\windows\syste
    m32\drivers\UserPort.sys
    2010-10-04 00:37 . 2010-10-04 00:37 -------- d-----w- d:\windo
    ws\system32\LogFiles
    2010-10-03 01:41 . 2010-10-03 01:41 503808 ----a-w- d:\documents and
    settings\Rex\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-3
    d79ed48-n\msvcp71.dll
    2010-10-03 01:41 . 2010-10-03 01:41 499712 ----a-w- d:\documents and
    settings\Rex\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-3
    d79ed48-n\jmc.dll
    2010-10-03 01:41 . 2010-10-03 01:41 348160 ----a-w- d:\documents and
    settings\Rex\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-3
    d79ed48-n\msvcr71.dll
    2010-10-03 01:39 . 2010-10-03 01:39 61440 ----a-w- d:\documents and
    settings\Rex\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-
    1c129959-n\decora-sse.dll
    2010-10-03 01:39 . 2010-10-03 01:39 12800 ----a-w- d:\documents and
    settings\Rex\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-
    1c129959-n\decora-d3d.dll
    2010-10-03 01:39 . 2010-10-03 01:39 -------- d-----w- d:\archi
    vos de programa\Archivos comunes\Java
    2010-10-03 01:39 . 2010-10-03 01:38 423656 ----a-w- d:\windows\syste
    m32\deployJava1.dll
    2010-10-03 01:38 . 2010-10-03 01:38 -------- d-----w- d:\archi
    vos de programa\Java
    2010-09-29 05:00 . 2007-10-23 13:27 110592 ----a-w- d:\documents and
    settings\Rex\Datos de programa\U3\temp\cleanup.exe
    2010-09-29 04:29 . 2008-05-02 14:41 3493888 ---ha-w- d:\documents and
    settings\Rex\Datos de programa\U3\temp\Launchpad Removal.exe
    2010-09-29 04:29 . 2010-09-29 05:00 -------- d-----w- d:\docum
    ents and settings\Rex\Datos de programa\U3
    2010-09-25 16:52 . 2010-09-25 16:52 -------- d-----w- D:\VMwar
    e.Workstation.v6.0.0.45731.and.ACE.Edition-ZWT_CRP
    2010-09-23 03:00 . 2010-09-23 03:00 -------- d-----w- d:\windo
    ws\system32\KB905474
    2010-09-20 00:47 . 2010-10-05 19:35 -------- d-----w- d:\archi
    vos de programa\PokerStars.NET
    2010-09-14 12:17 . 2010-09-14 12:17 -------- d-----w- d:\docum
    ents and settings\All Users\Datos de programa\SSScanAppDataDir
    2010-09-14 12:17 . 2010-09-14 12:17 -------- d-----w- d:\docum
    ents and settings\All Users\Datos de programa\MSScanAppDataDir
    2010-09-09 03:40 . 2010-09-13 05:25 -------- d-----w- d:\archi
    vos de programa\PokerStars
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))
    )))))))))))))))))))))))))))))))
    .
    2010-10-07 06:02 . 2010-08-09 00:39 -------- d-----w- d:\docum
    ents and settings\Rex\Datos de programa\HPAppData
    2010-10-03 01:13 . 2010-07-17 05:18 -------- d-----w- d:\archi
    vos de programa\ESET
    2010-09-23 13:11 . 2010-07-20 03:04 -------- d-----w- d:\docum
    ents and settings\All Users\Datos de programa\HP
    2010-09-02 02:12 . 2010-07-16 23:29 -------- d-----w- d:\docum
    ents and settings\All Users\Datos de programa\Microsoft Help
    2010-08-30 18:16 . 2004-08-20 05:00 52236 ----a-w- d:\windows\syste
    m32\perfc00A.dat
    2010-08-30 18:16 . 2004-08-20 05:00 365802 ----a-w- d:\windows\syste
    m32\perfh00A.dat
    2010-08-27 18:33 . 2010-08-27 18:33 -------- d-----w- d:\archi
    vos de programa\MSXML 4.0
    2010-08-17 13:17 . 2008-01-26 12:42 58880 ----a-w- d:\windows\syste
    m32\spoolsv.exe
    2010-07-22 15:46 . 2008-01-26 12:41 590848 ----a-w- d:\windows\syste
    m32\rpcrt4.dll
    2010-07-22 06:19 . 2008-05-05 11:25 5632 ----a-w- d:\windows\syste
    m32\xpsp4res.dll
    2010-07-20 03:06 . 2010-07-20 03:01 163803 ----a-w- d:\windows\hpoin
    s37.dat
    2010-07-18 05:42 . 2010-07-16 21:10 86327 ----a-w- d:\windows\pchea
    lth\helpctr\OfflineCache\index.dat
    2010-07-16 21:07 . 2010-07-16 21:07 21900 ----a-w- d:\windows\syste
    m32\emptyregdb.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))
    )))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Google Update"="d:\documents and settings\Rex\Configuración local\Datos de progra
    ma\Google\Update\GoogleUpdate.exe" [2010-07-17 136176]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMAXPnP"="d:\archivos de programa\Analog Devices\SoundMAX\SMax4PNP.exe" [20
    04-07-27 1388544]
    "HP Software Update"="d:\archivos de programa\HP\HP Software Update\HPWuSchd2.ex
    e" [2007-05-08 54840]
    "egui"="d:\archivos de programa\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06
    2021400]
    "SunJavaUpdateSched"="d:\archivos de programa\Archivos comunes\Java\Java Update\
    jusched.exe" [2010-05-14 248552]
    "Adobe Reader Speed Launcher"="d:\archivos de programa\Adobe\Reader 9.0\Reader\R
    eader_sl.exe" [2010-09-23 35760]
    "Adobe ARM"="d:\archivos de programa\Archivos comunes\Adobe\ARM\1.0\AdobeARM.exe
    " [2010-09-21 932288]
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2008-01-26 15360]
    d:\documents and settings\All Users\Men£ Inicio\Programas\Inicio\
    HP Digital Imaging Monitor.lnk - d:\archivos de programa\HP\Digital Imaging\bin\
    hpqtra08.exe [2008-10-16 214360]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Authoriz
    edApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "d:\\Archivos de programa\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "d:\\Archivos de programa\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "d:\\Archivos de programa\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "d:\\Archivos de programa\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "d:\\Archivos de programa\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "d:\\Archivos de programa\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
    "d:\\Archivos de programa\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "d:\\Archivos de programa\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
    "d:\\Archivos de programa\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
    "d:\\Archivos de programa\\Messenger\\msmsgs.exe"=
    R1 ehdrv;ehdrv;d:\windows\system32\drivers\ehdrv.sys [06/02/2009 14:23 106208]
    R1 epfwtdir;epfwtdir;d:\windows\system32\drivers\epfwtdir.sys [06/02/2009 14:24
    93336]
    R1 UserPort;UserPort;d:\windows\system32\drivers\UserPort.sys [05/10/2010 14:22
    4256]
    R2 ekrn;ESET Service;d:\archivos de programa\ESET\ESET NOD32 Antivirus\ekrn.exe
    [06/02/2009 14:23 727720]
    --- Other Services/Drivers In Memory ---
    *NewlyCreated* - MBAMSWISSARMY
    *Deregistered* - MBAMSwissArmy
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder
    2010-10-07 d:\windows\Tasks\WGASetup.job
    - d:\windows\system32\KB905474\wgasetup.exe [2010-09-23 02:18]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = about:blank
    mStart Page = about:blank
    IE: E&xportar a Microsoft Excel - d:\archiv~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - d:\archivos de programa\PokerStars
    .NET\PokerStarsUpdate.exe
    .
    .
    ------- File Associations -------
    .
    inifile=Notepad.exe "%1"
    txtfile=Notepad.exe "%1"
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E
    }]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@d:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX
    .exe,-101"
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E
    }\Elevation]
    "Enabled"=dword:00000001
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E
    }\LocalServer32]
    @="d:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E
    }\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6A
    F30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6A
    F30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6A
    F30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    Completion time: 2010-10-07 02:11:48
    ComboFix-quarantined-files.txt 2010-10-07 06:11
    Pre-Run: 13.590.941.696 bytes libres
    Post-Run: 13.557.673.984 bytes libres
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional"
    /noexecute=optin /fastdetect
    - - End Of File - - EE3F1F439E0D5927EAEA526AF4F90281

    You might also like