Professional Documents
Culture Documents
Combo Fix
Combo Fix
2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.34.3082.18.1013.556 [GMT -5:0
0]
Running from: d:\j4ck\Soft\ANTIVITUS\ComboFix\ComboFix\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4
F34C0}
.
[i] ADS - WINDOWS: deleted 24 bytes in 1 streams. [/i]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))
)))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Datos de programa\TEMP
c:\documents and settings\All Users\Datos de programa\TEMP\{A8516AC9-AAF1-47F9-9
766-03E2D4CDBCF8}\PostBuild.exe
c:\documents and settings\M_H\Mis documentos\~WRL2574.tmp
c:\documents and settings\M_H\WINDOWS
.
.
((((((((((((((((((((((((( Files Created from 2011-10-24 to 2011-11-24 )))))))
))))))))))))))))))))))))
.
.
2011-10-30 04:25 . 2011-10-30 04:36
-------d-----wC:\Globa
link
2011-10-30 03:58 . 2011-10-30 03:58
-------d-----rC:\MSOCa
che
2011-10-30 02:11 . 2011-11-02 05:25
-------d-----wC:\UniSc
an
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))
)))))))))))))))))))))))))))))))
.
2011-10-30 03:01 . 2003-03-19 01:14
505128 ----a-wc:\windows\syste
m32\msvcp71.dll
2011-09-29 07:12 . 2011-10-30 02:24
134104 ----a-wc:\archivos de p
rograma\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))
)))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\archivos de programa\A
rchivos comunes\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"RocketDock"="c:\archivos de programa\RocketDock\RocketDock.exe" [2007-09-02 495
616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2010-05-07 19523616]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
1480]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt
REG_MULTI_SZ
hpqcxs08
.
.
------- Supplementary Scan ------.
uStart Page = hxxp://www.google.com.pe/
IE: E&xportar a Microsoft Excel - c:\archiv~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: Interfaces\{0E11119D-66E7-4B9E-A89C-EDC0C01E6AFE}: NameServer = 200.48.225.
130,200.48.225.146
FF - ProfilePath - c:\documents and settings\M_H\Datos de programa\Mozilla\Firef
ox\Profiles\1oaftmez.default\
FF - prefs.js: browser.startup.homepage - www.google.com
.
- - - - ORPHANS REMOVED - - - .
HKLM-Run-WinampAgent - c:\archivos de programa\Winamp\winampa.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http:/
/www.gmer.net
Rootkit scan 2011-11-23 23:55
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes --------------------.
- - - - - - - > 'winlogon.exe'(828)
c:\archivos de programa\Archivos comunes\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.
dll
.
Completion time: 2011-11-23 23:57:34
ComboFix-quarantined-files.txt 2011-11-24 04:57
.
Pre-Run: 9,657,008,128 bytes libres
Post-Run: 11,780,464,640 bytes libres
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional"
/noexecute=optin /fastdetect
.
- - End Of File - - 705666BFE8157AFAF46E1630A5F81F32