Scribd Logo
Upload

Welcome to Scribd!

  • Log

    Uploaded by

    santirex136275
    22 views4 pages

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    22 views4 pages

    Log

    Uploaded by

    santirex136275

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 4

    ComboFix 11-03-14.07 - Administrador 15/03/2011 16:04:18.1.

    1 - x86 MINIMAL
    Microsoft Windows 2000 Professional 5.0.2195.4.1252.34.3082.18.1022.777 [GMT -5
    :00]
    Running from: c:\documents and settings\Administrador\Escritorio\ComboFix.exe
    .
    /wow section - STAGE 10
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))
    )))))))))))))))))))))))))))))
    .
    .
    c:\winnt\system32\i
    c:\winnt\System32\jrxoq.dll
    c:\winnt\Web\default.htt
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))
    ))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_ccdnxeu
    -------\Service_ccdnxeu
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-02-15 to 2011-03-15 )))))))
    ))))))))))))))))))))))))
    .
    .
    2011-03-08 18:43 . 2011-03-08 18:48
    -------d---a-wC:\matla
    bR12
    2011-03-07 18:42 . 2011-03-07 18:42
    -------d-----wC:\LVSIM
    2011-03-07 18:42 . 2011-03-07 18:42
    -------d-----wC:\LVDAM
    2011-03-02 20:06 . 2011-03-02 20:06
    -------d---a-wC:\WUTem
    p
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))
    )))))))))))))))))))))))))))))))
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))
    )))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "internat.exe"="internat.exe" [1999-12-16 20752]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Synchronization Manager"="mobsync.exe" [2003-06-19 111888]
    "BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]
    "nod32kui"="c:\archivos de programa\Eset\nod32kui.exe" [2011-03-07 921600]
    "UpdateReminder"="c:\archivos de programa\Eset\UpdateReminder.exe" [2011-03-07 4
    34176]
    "IgfxTray"="c:\winnt\system32\igfxtray.exe" [2005-10-19 155648]
    "HotKeysCmds"="c:\winnt\system32\hkcmd.exe" [2005-10-19 126976]

    "Adobe Reader Speed Launcher"="c:\archivos de programa\Adobe\Reader 9.0\Reader\R


    eader_sl.exe" [2009-12-22 35760]
    "Adobe ARM"="c:\archivos de programa\Archivos comunes\Adobe\ARM\1.0\AdobeARM.exe
    " [2009-12-11 948672]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "internat.exe"="internat.exe" [1999-12-16 20752]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "^SetupICWDesktop"="c:\archivos de programa\Internet Explorer\Connection Wizard\
    icwconn1.exe" [2003-06-19 189712]
    .
    c:\documents and settings\All Users\Men Inicio\Programas\Inicio\
    Microsoft Office.lnk - c:\archivos de programa\Microsoft Office\Office10\OSA.EXE
    [2001-2-13 83360]
    .
    R?2 ccdnxeu;Manager Driver;c:\winnt\system32\svchost.exe -k netsvcs [16/12/1999
    1:00 7952]
    R3 usbhub20;Compatibilidad con concentrador de raz USB 2.0;c:\winnt\system32\driv
    ers\usbhub20.sys [02/03/2011 15:37 49776]
    .
    --- Other Services/Drivers In Memory --.
    *NewlyCreated* - IPNAT
    *NewlyCreated* - RASAUTO
    *NewlyCreated* - SHAREDACCESS
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSv
    cs
    ccdnxeu
    .
    .
    ------- Supplementary Scan ------.
    uStart Page = hxxp://www.google.com.co/
    IE: E&xportar a Microsoft Excel - c:\archiv~1\MICROS~2\Office10\EXCEL.EXE/3000
    IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
    LSP: c:\winnt\system32\imon.dll
    LSP: %SystemRoot%\system32\msafd.dll
    DPF: DirectAnimation Java Classes - file://c:\winnt\Java\classes\dajava.cab
    DPF: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http:/
    /www.gmer.net
    Rootkit scan 2011-03-15 16:12
    Windows 5.0.2195 Service Pack 4 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************

    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ccdnxeu]
    "ServiceDll"="c:\winnt\System32\jrxoq.dll"
    .
    --------------------- LOCKED REGISTRY KEYS --------------------.
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E
    }]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINNT\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.e
    xe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E
    }\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E
    }\LocalServer32]
    @="c:\\WINNT\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E
    }\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6A
    F30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6A
    F30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6A
    F30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes --------------------.
    - - - - - - - > 'winlogon.exe'(196)
    c:\winnt\system32\wzcdlg.dll
    c:\winnt\system32\WZCSAPI.DLL
    .
    - - - - - - - > 'lsass.exe'(236)
    c:\winnt\system32\imon.dll
    c:\archivos de programa\Eset\pr_imon.dll
    .
    - - - - - - - > 'explorer.exe'(656)
    c:\winnt\system32\SHDOCVW.DLL
    .
    ------------------------ Other Running Processes -----------------------.
    c:\archivos de programa\Eset\nod32krn.exe
    c:\winnt\system32\regsvc.exe
    c:\winnt\system32\MSTask.exe
    c:\winnt\System32\WBEM\WinMgmt.exe
    c:\winnt\BCMSMMSG.exe
    c:\winnt\system32\internat.exe

    .
    **************************************************************************
    .
    Completion time: 2011-03-15 16:14:56 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-03-15 21:14
    .
    Pre-Run: 16.483.647.488 bytes libres
    Post-Run: 16.693.301.248 bytes libres
    .
    - - End Of File - - 0D4D47C80573AC0D72BCEF8A94A6287C

    You might also like