ComboFix 11-06-22.03 - Administrador 23/06/2011 3:48.1.

1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.34.3082.18.959.626 [GMT -5:00
]
Running from: c:\documents and settings\Administrador\Mis documentos\Descargas\C
omboFix.exe
AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4
F34C0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))
)))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Datos de programa\Microsoft\Network\Download
er\qmgr0.dat
c:\documents and settings\All Users\Datos de programa\Microsoft\Network\Download
er\qmgr1.dat
c:\documents and settings\All Users\Documentos\New Folder.exe
C:\InfoSat.txt
C:\LIN
c:\lin\Common\OPERATION7.ini
c:\windows\system32\azip32.dll
c:\windows\system32\setting.ini
.
----- BITS: Possible infected sites ----.
hxxp://apnmedia.ask.com
.
((((((((((((((((((((((((( Files Created from 2011-05-23 to 2011-06-23 )))))))
))))))))))))))))))))))))
.
.
2011-06-22 11:05 . 2011-06-22 11:05
-------d-----wC:\axeso
5
2011-06-22 10:59 . 2011-06-22 10:59
-------d-----wC:\Game
2011-06-22 10:52 . 2011-06-23 07:24
-------d-----wC:\SUNAT
PDT
2011-06-22 10:48 . 2011-06-23 07:27
-------d-----wC:\SUNAT
RTPS
2011-06-22 09:25 . 2011-06-22 10:40
-------d-----wC:\Progr
am Files
2011-06-22 09:22 . 2011-06-22 09:22
-------d-----rC:\MSOCa
che
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))
)))))))))))))))))))))))))))))))
.
2011-03-18 17:57 . 2011-06-22 09:59
142296 ----a-wc:\archivos de p
rograma\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck ------Note: Unsigned files aren't necessarily malware.
.
[-] 2009-12-15 . AF44C89648F1FC92C06524637CEE6A89 . 1572352 . . [5.1.2600.5512]
. . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))

)))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\archivos de programa\Windows Live\Messenger\msnmsgr.exe" [2011-0622 3872080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\archivos de programa\Archivos comunes\Adobe\ARM\1.0\AdobeARM.exe
" [2011-06-06 937920]
"egui"="c:\archivos de programa\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06
2021400]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Administrador\Men Inicio\Programas\Inicio\
Filtrar.lnk - c:\archivos de programa\Filtrar\Regpsvc.exe [2011-6-23 290816]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.E
XE]
2008-04-14 00:48
15360 ----a-wc:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMo
nitor]
2006-10-27 05:47
31016 ----a-wc:\archivos de programa\Microsof
t Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM S
tartup]
2005-08-11 21:30
249856 ----a-wc:\archivos de programa\Archivos
comunes\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSSche
duler]
2005-08-11 21:30
81920 ----a-wc:\archivos de programa\Archivos
comunes\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenge
r (Yahoo!)]
2010-06-01 15:17
5252408 ----a-wc:\archiv~1\Yahoo!\Messenger\Yah
ooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan
]
2006-06-20 18:42
577536 ----a-wc:\windows\SOUNDMAN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaU
pdateSched]
2011-04-08 17:59
254696 ----a-wc:\archivos de programa\Archivos
comunes\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
2005-03-08 08:33
53248 ----a-rc:\windows\system32\VTTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp]
2005-03-11 22:33
147456 ----a-rc:\windows\system32\VTTrayp.exe

.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Authoriz
edApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Archivos de programa\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Archivos de programa\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Archivos de programa\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Archivos de programa\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Archivos de programa\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Archivos de programa\\Bonjour\\mDNSResponder.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Globally
OpenPorts\List]
"6889:TCP"= 6889:TCP:dvjpizk
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [06/02/2009 14:23 106208]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [06/02/2009 14:24
93336]
R2 ekrn;ESET Service;c:\archivos de programa\ESET\ESET NOD32 Antivirus\ekrn.exe
[06/02/2009 14:23 727720]
S2 oyoedqu;Security Helper;c:\windows\system32\svchost.exe -k netsvcs [02/06/201
1 15:26 14336]
S3 apf001;apf001;c:\game\SoftnyxGame\GunboundLS\apf001.sys [22/06/2011 5:59 1087
2]
S3 XDva385;XDva385;\??\c:\windows\system32\XDva385.sys --> c:\windows\system32\X
Dva385.sys [?]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSv
cs
oyoedqu
.
.
------- Supplementary Scan ------.
uStart Page = about:blank
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: E&xportar a Microsoft Excel - c:\archiv~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Administrador\Datos de programa\Moz
illa\Firefox\Profiles\aphp88s3.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.pe/
.
.
------- File Associations ------.
inifile=Notepad.exe "%1"
txtfile=Notepad.exe "%1"
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - .
MSConfigStartUp-Adobe Reader Speed Launcher - c:\archivos de programa\Adobe\Read
er 9.0\Reader\Reader_sl.exe
.
.

.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http:/
/www.gmer.net
Rootkit scan 2011-06-23 03:53
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\oyoedqu]
"ServiceDll"="c:\windows\system32\iwjxyowu.dll"
.
--------------------- LOCKED REGISTRY KEYS --------------------.
[HKEY_USERS\S-1-5-21-1004336348-2052111302-1644491937-500\Software\Microsoft\Int
ernet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,af,75,11,27,62,ba,13,45,97,8f,17,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,af,75,11,27,62,ba,13,45,97,8f,17,\
.
Completion time: 2011-06-23 03:57:35
ComboFix-quarantined-files.txt 2011-06-23 08:57
.
Pre-Run: 5,638,729,728 bytes libres
Post-Run: 5,595,164,672 bytes libres
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[Boot Loader]
timeout=2
Default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[Operating Systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional"
/noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional"
/noexecute=optin /fastdetect
.
- - End Of File - - 4EA7FF24DCDFA47BF4E108212FA81CA4