Scribd Logo
Upload

Welcome to Scribd!

  • Combo Fix

    Uploaded by

    luis
    53 views3 pages

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    53 views3 pages

    Combo Fix

    Uploaded by

    luis

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 3

    ComboFix 11-09-19.05 - USUARIO 20/09/2011 10:15:33.1.

    1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.34.3082.18.247.18 [GMT -4:00]
    Running from: c:\documents and settings\USUARIO\Escritorio\ComboFix.exe
    AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .
    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))
    )))))))))))))))))))))))))))))
    .
    .
    c:\archivos de programa\Microsoft Office\OFFICE11\OSA.exe
    c:\documents and settings\USUARIO\WINDOWS
    c:\windows\dasetup.log
    c:\windows\system\MSJET35.DLL
    c:\windows\system32\comct332.ocx
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-08-20 to 2011-09-20 )))))))
    ))))))))))))))))))))))))
    .
    .
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))
    )))))))))))))))))))))))))))))))
    .
    2011-09-20 13:55 . 2011-07-13 19:49
    2454349 ----a-wc:\windows\syste
    m\InsDemo.Exe
    2011-07-04 11:43 . 2011-07-18 04:34
    40112 ----a-wc:\windows\avast
    SS.scr
    2011-07-04 11:43 . 2011-07-13 18:35
    199304 ----a-wc:\windows\syste
    m32\aswBoot.exe
    2011-07-04 11:36 . 2011-07-18 04:34
    441176 ----a-wc:\windows\syste
    m32\drivers\aswSnx.sys
    2011-07-04 11:36 . 2011-07-13 18:35
    309848 ----a-wc:\windows\syste
    m32\drivers\aswSP.sys
    2011-07-04 11:35 . 2011-07-13 18:35
    43608 ----a-wc:\windows\syste
    m32\drivers\aswTdi.sys
    2011-07-04 11:35 . 2011-07-13 18:35
    102616 ----a-wc:\windows\syste
    m32\drivers\aswmon2.sys
    2011-07-04 11:35 . 2011-07-13 18:35
    96344 ----a-wc:\windows\syste
    m32\drivers\aswmon.sys
    2011-07-04 11:32 . 2011-07-13 18:35
    25432 ----a-wc:\windows\syste
    m32\drivers\aswRdr.sys
    2011-07-04 11:32 . 2011-07-13 18:35
    30808 ----a-wc:\windows\syste
    m32\drivers\aavmker4.sys
    2011-07-04 11:32 . 2011-07-13 18:35
    19544 ----a-wc:\windows\syste
    m32\drivers\aswFsBlk.sys
    2011-09-07 18:00 . 2004-06-01 04:16
    134104 ----a-wc:\archivos de p
    rograma\mozilla firefox\components\browsercomps.dll
    .
    .
    ------- Sigcheck ------Note: Unsigned files aren't necessarily malware.
    .
    [-] 2008-07-10 . A984FD70323F1BADC33C170F60DBD5F6 . 1572352 . . [5.1.2600.5512]
    . . c:\windows\system32\sfcfiles.dll

    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))
    )))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellicon
    overlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2011-07-04 11:43
    122512 ----a-wc:\archivos de programa\Alwil So
    ftware\Avast5\ashShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Winpopup LAN Messenger"="c:\archivos de programa\Winpopup LAN Messenger\WinPopu
    p.exe" [2006-10-28 559679]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2003-04-07 155648]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2003-04-07 114688]
    "Adobe ARM"="c:\archivos de programa\Archivos comunes\Adobe\ARM\1.0\AdobeARM.exe
    " [2011-06-06 937920]
    "USB Antivirus"="c:\archivos de programa\USB Disk Security\USBGuard.exe" [2010-0
    1-10 819200]
    "QuickTime Task"="c:\archivos de programa\QuickTime\QTTask.exe" [2010-09-08 4218
    88]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "nltide_2"="shell32" [X]
    "nltide_3"="advpack.dll" [2008-07-10 123904]
    .
    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer
    ]
    "ForceClassicControlPanel"= 1 (0x1)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Authoriz
    edApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    .
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [18/07/2011 0:34 441176]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [13/07/2011 14:35 309848]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [13/07/2011 14:35
    19544]
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2004-06-01 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\archivos de programa\Apple Software Update\SoftwareUpdate.exe [2008-07-30 1
    6:34]
    .
    .
    ------- Supplementary Scan ------.
    uInternet Settings,ProxyServer = 192.168.1.8:3128

    uInternet Settings,ProxyOverride = <local>


    IE: E&xportar a Microsoft Excel - c:\archiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    FF - ProfilePath - c:\documents and settings\USUARIO\Datos de programa\Mozilla\F
    irefox\Profiles\rr46imm6.default\
    FF - prefs.js: network.proxy.ftp - 192.168.1.8
    FF - prefs.js: network.proxy.ftp_port - 3128
    FF - prefs.js: network.proxy.http - 192.168.1.8
    FF - prefs.js: network.proxy.http_port - 3128
    FF - prefs.js: network.proxy.socks - 192.168.1.8
    FF - prefs.js: network.proxy.socks_port - 3128
    FF - prefs.js: network.proxy.ssl - 192.168.1.8
    FF - prefs.js: network.proxy.ssl_port - 3128
    FF - prefs.js: network.proxy.type - 1
    .
    .
    ------- File Associations ------.
    .scr=AutoCADScriptFile
    .
    - - - - ORPHANS REMOVED - - - .
    HKLM-Run-Cmaudio - cmicnfg.cpl
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http:/
    /www.gmer.net
    Rootkit scan 2011-09-20 10:23
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    .
    C:\## aswSnx private storage
    .
    scan completed successfully
    hidden files: 1
    .
    **************************************************************************
    .
    Completion time: 2011-09-20 10:26:41
    ComboFix-quarantined-files.txt 2011-09-20 14:26
    .
    Pre-Run: 10.420.117.504 bytes libres
    Post-Run: 10.485.915.648 bytes libres
    .
    - - End Of File - - 8AD5A3813D673786213E17AA3B7AA702

    You might also like