Scribd Logo
Upload

Welcome to Scribd!

  • Combo Fix

    Uploaded by

    Jose Fernando Prado
    14 views5 pages

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    14 views5 pages

    Combo Fix

    Uploaded by

    Jose Fernando Prado

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 5

    ComboFix 11-10-23.03 - Administrador 23/10/2011 18:38:57.1.

    2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.506.3082.18.1015.666 [GMT -6:
    00]
    Running from: c:\documents and settings\Administrador\Mis documentos\Downloads\C
    omboFix.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))
    )))))))))))))))))))))))))))))
    .
    .
    C:\autorun.inf
    C:\naeg.pif
    c:\windows\system32\d3d9caps.dat
    D:\Autorun.inf
    .
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))
    ))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_AMSINT32
    -------\Service_amsint32
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-09-24 to 2011-10-24 )))))))
    ))))))))))))))))))))))))
    .
    .
    2011-10-19 03:21 . 2011-10-19 03:21
    -------d-----wC:\Intel
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))
    )))))))))))))))))))))))))))))))
    .
    2011-10-24 00:43 . 2011-10-24 00:43
    103140 --sh--rC:\okbasv.exe
    2011-10-18 23:34 . 2008-06-02 23:57
    220160 ----a-wc:\windows\syste
    m32\uxtheme.dll
    .
    .
    ------- Sigcheck ------Note: Unsigned files aren't necessarily malware.
    .
    [-] 2008-06-02 . 030DC4D48CC2B894FEE2F390D8E66AD5 . 361344 . . [5.1.2600.5512] .
    . c:\windows\system32\drivers\tcpip.sys
    .
    [-] 2008-04-14 10:00 . 6DF94DF3666D9897C4903799F7C696D2 . 1071616 . . [2001.12.4
    414.700] . . c:\windows\system32\comres.dll
    .
    [-] 2008-04-14 . 6D7CD73B221FDD2BFA713115F3C4300B . 673280 . . [5.82] . . c:\win
    dows\system32\comctl32.dll
    [7] 2008-04-14 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\wind
    ows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1
    382d70a\comctl32.dll
    [-] 2008-04-14 . AF0475A8E0857566F7241C28FF4EE614 . 1041408 . . [6.0] . . c:\win
    dows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512
    _x-ww_35d4ce83\comctl32.dll

    .
    [-] 2008-06-02 . D541EF961EFF21C4C3AC3F100E8A8CB9 . 3822080 . . [7.00.5730.13] .
    . c:\windows\system32\mshtml.dll
    .
    [-] 2008-04-14 . 000B8A96FFBD468B5C6C67D56C260DED . 525312 . . [5.1.2600.5512] .
    . c:\windows\system32\user32.dll
    .
    [-] 2008-06-02 . 762E7FC313B11AF7E257D3D797E65D68 . 912896 . . [7.00.5730.13] .
    . c:\windows\system32\wininet.dll
    .
    [-] 2008-04-14 . 7A0576C92E2D125C5E567FC0B1961B5A . 1171456 . . [6.00.2900.5512]
    . . c:\windows\explorer.exe
    .
    [-] 2008-04-14 . 758B38A57211AD7641EBC03DB0FFA685 . 274944 . . [5.1.2600.5512] .
    . c:\windows\regedit.exe
    .
    .
    [-] 2008-06-02 . 4D545128A6AB6408318063FCEF428079 . 1572352 . . [5.1.2600.5512]
    . . c:\windows\system32\sfcfiles.dll
    .
    [-] 2008-06-02 23:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5
    145] . . c:\windows\system32\mspmsnsv.dll
    .
    [-] 2008-04-14 . 59EE34F14E7FAB277F53E82A27A6BD6A . 2181632 . . [5.1.2600.5512]
    . . c:\windows\system32\ntkrnlpa.exe
    .
    .
    [-] 2008-04-14 . 0F6022219F514D817F21F26B0E7B1793 . 2302976 . . [5.1.2600.5512]
    . . c:\windows\system32\ntoskrnl.exe
    .
    c:\windows\System32\wscntfy.exe ... is missing !!
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))
    )))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ViOrb"="c:\archivos de programa\Illusion\Software\ViOrb\ViOrb.exe" [2008-05-14
    167936]
    "VisualTaskTips"="c:\archivos de programa\Illusion\Software\VisualTaskTips\Visua
    lTaskTips.exe" [2008-03-09 143360]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Adobe Reader Speed Launcher"="c:\archivos de programa\Adobe\Reader 8.0\Reader\R
    eader_sl.exe" [2008-01-12 109424]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-19 94208]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-19 77824]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-05 114688]
    "Quick TV Agent"="c:\archivos de programa\Terminator\Quick TV\Scheduled.exe" [20
    04-10-11 740352]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "nltide_2"="shell32" [X]
    "nltide_3"="advpack.dll" [2008-06-02 123904]

    .
    c:\documents and settings\All Users\Men Inicio\Programas\Inicio\
    TV Remote Control.lnk - c:\archivos de programa\Terminator\TV7131 Utilities\P3XR
    Ctl.exe [2011-10-18 69632]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "ForceClassicControlPanel"= 1 (0x1)
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMConfigurePrograms"= 1 (0x1)
    "NoSMMyPictures"= 1 (0x1)
    "NoResolveTrack"= 1 (0x1)
    "NoSMHelp"= 1 (0x1)
    .
    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer
    ]
    "ForceClassicControlPanel"= 1 (0x1)
    "NoSMConfigurePrograms"= 1 (0x1)
    "NoSMMyPictures"= 1 (0x1)
    "NoResolveTrack"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
    "UIHost"=hex(2):49,53,53,4f,2d,6c,6f,67,6f,6e,2e,65,78,65,00
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    "FirewallOverride"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
    "AntiVirusOverride"=dword:00000001
    "AntiVirusDisableNotify"=dword:00000001
    "FirewallDisableNotify"=dword:00000001
    "FirewallOverride"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001
    "UacDisableNotify"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    "DisableNotifications"= 1 (0x1)
    "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Authoriz
    edApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "d:\\drivers\\C-MEDIA_XP_2K_ME_98(UDA041_build04L)\\C-MEDIA_XP_2K_ME_98(UDA041_b
    uild04L)\\Setup.exe"=
    "c:\\Archivos de programa\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe"=
    "c:\\Documents and Settings\\Administrador\\Configuracin local\\Datos de programa
    \\Google\\Chrome\\Application\\chrome.exe"=
    .
    R3 Cap713x;Philips Cap713x Video Capture;c:\windows\system32\drivers\Cap713x.sys
    [18/10/2011 22:28 685824]
    R3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\
    windows\system32\drivers\RTL8187B.sys [22/06/2011 16:22 215040]
    .
    --- Other Services/Drivers In Memory --.
    *NewlyCreated* - AMSINT32
    .

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39


    FF-953E-4F45-898F-59F243B9A523}]
    2008-04-02 13:59
    1274880 ----a-wc:\archivos de programa\Windows
    Sidebar\sidebar.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    .
    ------- Supplementary Scan ------.
    uStart Page = hxxp://www.google.com.co/
    TCP: DhcpNameServer = 192.168.1.1
    .
    - - - - ORPHANS REMOVED - - - .
    HKLM-Run-Cmaudio - cmicnfg.cpl
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http:/
    /www.gmer.net
    Rootkit scan 2011-10-23 18:42
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes --------------------.
    - - - - - - - > 'winlogon.exe'(676)
    c:\windows\system32\SETUPAPI.dll
    c:\windows\system32\sfc_os.dll
    .
    - - - - - - - > 'lsass.exe'(732)
    c:\windows\system32\setupapi.dll
    .
    - - - - - - - > 'explorer.exe'(2060)
    c:\windows\system32\SHDOCVW.dll
    c:\archivos de programa\Illusion\Software\VisualTaskTips\VttHooks.dll
    c:\windows\system32\COMRes.dll
    c:\windows\system32\LINKINFO.dll
    c:\windows\system32\msi.dll
    c:\archivos de programa\Illusion\Software\ViOrb\StartHook.dll
    c:\windows\system32\IEFRAME.dll
    c:\windows\system32\wpdshserviceobj.dll
    c:\windows\system32\SETUPAPI.dll
    c:\windows\system32\portabledevicetypes.dll
    c:\windows\system32\portabledeviceapi.dll
    c:\windows\system32\NETSHELL.dll
    c:\windows\system32\credui.dll

    .
    ------------------------ Other Running Processes -----------------------.
    c:\windows\system32\RunDll32.exe
    .
    **************************************************************************
    .
    Completion time: 2011-10-23 18:44:24 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-10-24 00:44
    .
    Pre-Run: 37.809.025.024 bytes libres
    Post-Run: 37.766.111.232 bytes libres
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional"
    /noexecute=optin /fastdetect
    .
    - - End Of File - - EB5AFBF4E7DBD14BC97FDE44A81057ED

    You might also like