Weitere ähnliche Inhalte
Ähnlich wie Combo fix (20)
Kürzlich hochgeladen (20)
Combo fix
- 1. ComboFix 12-01-10.02 - Administrador 11/01/2012 18:29:39.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.34.3082.18.3327.2823 [GMT
-5:00]
Running from: c:combofixComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other
Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:documents and settingsAdministradorEscritorioInternet Explorer.lnk
c:windowssystem32PowerToyReadme.htm
c:windowssystem32wallpaper.exe
c:windowssystem32windowsupdate.exe
c:windowswallpaper.jpg
.
.
((((((((((((((((((((((((( Files Created from 2011-12-11 to 2012-01-
11 )))))))))))))))))))))))))))))))
.
.
2012-01-11 22:59 . 2012-01-11 22:59 -------- d-----w- C:AMD
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M
Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-05-11 . C2BDEA3B5E025FADB79FD3DEB23B8F53 . 361344 . . [5.1.2600.5512] .
. c:windowssystem32driverstcpip.sys
.
[-] 2008-04-14 07:48 . BC40A2DE9FB2C8A551A240F2359C8F30 . 847360 . .
[2001.12.4414.700] . . c:windowssystem32comres.dll
[7] 2008-04-14 07:48 . 93F4E612C695E81512110956454E6E25 . 837120 . .
[2001.12.4414.700] . . c:windowsXPize DarksideBackupcomres.dll
.
[-] 2008-05-11 . 38FF5050D7BC47F344AE271B6C250201 . 3591680 . .
[7.00.6000.16640] . . c:windowssystem32mshtml.dll
.
[-] 2008-05-11 . 39E5AA52B667BDD18690336E7E410EAF . 826368 . . [7.00.6000.16640]
. . c:windowssystem32wininet.dll
.
[-] 2008-04-14 . C6C729770D9C3A0AD4D2D28788E71684 . 1698816 . . [6.00.2900.5512]
. . c:windowsexplorer.exe
[7] 2008-04-14 . 7522F548A84ABAD8FA516DE5AB3931EF . 1036288 . . [6.00.2900.5512]
. . c:windowsXPize DarksideBackupexplorer.exe
.
[-] 2008-04-14 . C8F12B2102B5A9F9AB87E23C6EDFA021 . 429056 . . [5.1.2600.5512] .
. c:windowsregedit.exe
[7] 2008-04-14 . F4B9F9AA2F72FAD20D09C3E3FF2BE224 . 152064 . . [5.1.2600.5512] .
. c:windowsXPize DarksideBackupregedit.exe
.
[-] 2008-04-14 . 97D44EE3E44CDC7035E3CB2EF20BABDB . 30208 . .
[5.1.2600.5512] . . c:windowssystem32ctfmon.exe
[7] 2008-04-14 . DAAE1CB1B1875B760496E7D3336DA1AD . 15360 . .
[5.1.2600.5512] . . c:windowsXPize DarksideBackupctfmon.exe
.
.
.
- 2. [-] 2008-05-11 20:28 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . .
[11.0.5721.5145] . . c:windowssystem32mspmsnsv.dll
.
.
c:windowsSystem32wscntfy.exe ... is missing !!
c:windowsSystem32regsvc.dll ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading
Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"TaskSwitchXP"="c:archivos de programaTaskSwitchXPTaskSwitchXP.exe" [2006-08-
04 62976]
.
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"StartCCC"="c:archivos de programaATI TechnologiesATI.ACECore-
StaticCLIStart.exe" [2011-03-10 98304]
"USB Security"="c:archivos de programaUSB Disk SecurityUSBGuard.exe" [2011-
01-31 627616]
.
[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
"CTFMON.EXE"="c:windowssystem32CTFMON.EXE" [2008-04-14 30208]
.
[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2008-05-11 124928]
.
[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
.
[HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionpoliciesexplorer
]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogon]
"UIHost"=hex(2):58,50,69,7a,65,5f,4c,6f,67,6f,6e,2e,65,78,65,00
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared
toolsmsconfigstartupregctfmon.exe]
2008-04-14 07:48 30208 ----a-w- c:windowssystem32ctfmon.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared
toolsmsconfigstartupregHDAudDeck]
2010-10-22 03:13 40995440 ----a-r- c:archivos de
programaVIAVIAudioiHDADeckHDeck.exe
.
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
.
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthoriz
edApplicationsList]
"%windir%Network Diagnosticxpnetdiag.exe"=
"%windir%system32sessmgr.exe"=
- 3. "c:Archivos de programaWindows LiveMessengerwlcsdk.exe"=
"c:Archivos de programaWindows LiveMessengermsnmsgr.exe"=
.
R0 sptd;sptd;c:windowssystem32driverssptd.sys [11/01/2012 11:17 717296]
R3 AtiHDAudioService;ATI Function Driver for HD Audio
Service;c:windowssystem32driversAtihdXP3.sys [11/01/2012 18:00 101904]
R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet
Controller;c:windowssystem32driversl1c51x86.sys [11/01/2012 17:51 50176]
R3 usbfilter;AMD USB Filter Driver;c:windowssystem32driversusbfilter.sys
[11/01/2012 17:47 30392]
R3 VIAHdAudAddService;VIA High Definition Audio Driver
Service;c:windowssystem32driversviahduaa.sys [11/01/2012 17:52 2135280]
S3 MSICDSetup;MSICDSetup;??e:cdriver.sys --> e:CDriver.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - UDFS
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.experienciaue.com.ar/graciasporinstalar20091.html
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
TCP: Interfaces{BE5DD549-A9DA-497C-97B4-8CF94843DB28}: NameServer =
200.48.225.130,200.48.225.146
FF - ProfilePath -
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2012-01-11 18:31
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(504)
c:windowssystem32SETUPAPI.dll
c:windowssystem32Ati2evxx.dll
c:windowssystem32atiadlxx.dll
c:windowssystem32cscui.dll
.
- - - - - - - > 'lsass.exe'(560)
c:windowssystem32setupapi.dll
.
Completion time: 2012-01-11 18:31:43
ComboFix-quarantined-files.txt 2012-01-11 23:31
.
Pre-Run: 257.153.736.704 bytes libres
Post-Run: 257.164.029.952 bytes libres
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
![ComboFix 12-01-10.02 - Administrador 11/01/2012 18:29:39.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.34.3082.18.3327.2823 [GMT
-5:00]
Running from: c:combofixComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other
Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:documents and settingsAdministradorEscritorioInternet Explorer.lnk
c:windowssystem32PowerToyReadme.htm
c:windowssystem32wallpaper.exe
c:windowssystem32windowsupdate.exe
c:windowswallpaper.jpg
.
.
((((((((((((((((((((((((( Files Created from 2011-12-11 to 2012-01-
11 )))))))))))))))))))))))))))))))
.
.
2012-01-11 22:59 . 2012-01-11 22:59 -------- d-----w- C:AMD
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M
Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-05-11 . C2BDEA3B5E025FADB79FD3DEB23B8F53 . 361344 . . [5.1.2600.5512] .
. c:windowssystem32driverstcpip.sys
.
[-] 2008-04-14 07:48 . BC40A2DE9FB2C8A551A240F2359C8F30 . 847360 . .
[2001.12.4414.700] . . c:windowssystem32comres.dll
[7] 2008-04-14 07:48 . 93F4E612C695E81512110956454E6E25 . 837120 . .
[2001.12.4414.700] . . c:windowsXPize DarksideBackupcomres.dll
.
[-] 2008-05-11 . 38FF5050D7BC47F344AE271B6C250201 . 3591680 . .
[7.00.6000.16640] . . c:windowssystem32mshtml.dll
.
[-] 2008-05-11 . 39E5AA52B667BDD18690336E7E410EAF . 826368 . . [7.00.6000.16640]
. . c:windowssystem32wininet.dll
.
[-] 2008-04-14 . C6C729770D9C3A0AD4D2D28788E71684 . 1698816 . . [6.00.2900.5512]
. . c:windowsexplorer.exe
[7] 2008-04-14 . 7522F548A84ABAD8FA516DE5AB3931EF . 1036288 . . [6.00.2900.5512]
. . c:windowsXPize DarksideBackupexplorer.exe
.
[-] 2008-04-14 . C8F12B2102B5A9F9AB87E23C6EDFA021 . 429056 . . [5.1.2600.5512] .
. c:windowsregedit.exe
[7] 2008-04-14 . F4B9F9AA2F72FAD20D09C3E3FF2BE224 . 152064 . . [5.1.2600.5512] .
. c:windowsXPize DarksideBackupregedit.exe
.
[-] 2008-04-14 . 97D44EE3E44CDC7035E3CB2EF20BABDB . 30208 . .
[5.1.2600.5512] . . c:windowssystem32ctfmon.exe
[7] 2008-04-14 . DAAE1CB1B1875B760496E7D3336DA1AD . 15360 . .
[5.1.2600.5512] . . c:windowsXPize DarksideBackupctfmon.exe
.
.
.](https://image.slidesharecdn.com/combofix-140428133004-phpapp01/85/Combo-fix-1-320.jpg)
![[-] 2008-05-11 20:28 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . .
[11.0.5721.5145] . . c:windowssystem32mspmsnsv.dll
.
.
c:windowsSystem32wscntfy.exe ... is missing !!
c:windowsSystem32regsvc.dll ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading
Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"TaskSwitchXP"="c:archivos de programaTaskSwitchXPTaskSwitchXP.exe" [2006-08-
04 62976]
.
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"StartCCC"="c:archivos de programaATI TechnologiesATI.ACECore-
StaticCLIStart.exe" [2011-03-10 98304]
"USB Security"="c:archivos de programaUSB Disk SecurityUSBGuard.exe" [2011-
01-31 627616]
.
[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
"CTFMON.EXE"="c:windowssystem32CTFMON.EXE" [2008-04-14 30208]
.
[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2008-05-11 124928]
.
[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
.
[HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionpoliciesexplorer
]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogon]
"UIHost"=hex(2):58,50,69,7a,65,5f,4c,6f,67,6f,6e,2e,65,78,65,00
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared
toolsmsconfigstartupregctfmon.exe]
2008-04-14 07:48 30208 ----a-w- c:windowssystem32ctfmon.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared
toolsmsconfigstartupregHDAudDeck]
2010-10-22 03:13 40995440 ----a-r- c:archivos de
programaVIAVIAudioiHDADeckHDeck.exe
.
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
.
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthoriz
edApplicationsList]
"%windir%Network Diagnosticxpnetdiag.exe"=
"%windir%system32sessmgr.exe"=](data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7)