ComboFix 13-02-24.01 - Administrador 25/02/2013 14:57:45.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.34.3082.18.958.600 [GMT -3:00]
Running from: c:\documents and settings\Administrador\Escritorio\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\csrss.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ABP470N5
-------\Service_abp470n5
.
.
((((((((((((((((((((((((( Files Created from 2013-01-25 to 2013-02-25 )))))))))))))))))))))))))))))))
.
.
2013-02-25 17:47 . 2013-02-25 17:47 133430 ----a-w- c:\windows\system32\rundat.exe
2013-02-25 17:40 . 2013-02-25 17:40 108342 ----a-w- c:\windows\goxobx.exe
2013-02-25 17:34 . 2013-02-25 17:34 -------- d-----w- C:\_OTL
2013-02-25 16:50 . 2013-02-25 17:48 1088822 ----a-w- c:\windows\sys.exe
2013-02-25 06:04 . 2008-04-14 07:48 221184 ----a-w- c:\windows\system32\wmpns.dll
2013-02-25 06:02 . 2008-04-14 10:48 32768 ------w- c:\windows\system32\asr_pfu.exe
2013-02-25 06:02 . 2008-04-14 10:48 10752 ------w- c:\windows\system32\smtpapi.dll
2013-02-25 06:02 . 2008-04-14 10:48 9728 ------w- c:\windows\system32\rwnh.dll
2013-02-25 06:02 . 2008-04-14 10:48 1306624 ------w- c:\windows\system32\dllcache\msxml6.dll
2013-02-25 06:02 . 2008-04-14 10:47 103424 ------w- c:\windows\system32\dllcache\dpcdll.dll
2013-02-25 06:02 . 2008-04-14 10:25 90624 ------w- c:\windows\system32\dllcache\msxml6r.dll
2013-02-25 06:02 . 2008-04-14 03:15 46592 ------w- c:\windows\system32\drivers\irbus.sys
2013-02-25 06:02 . 2008-04-14 03:13 9728 ------w- c:\windows\system32\comsdupd.exe
2013-02-25 06:00 . 2013-02-25 06:02 -------- d-----w- c:\windows\ServicePackFiles
2013-02-25 05:58 . 2006-12-29 03:31 19569 ----a-w- c:\windows\000001_.tmp
2013-02-25 05:58 . 2013-02-25 06:02 -------- d-----w- c:\windows\EHome
2013-02-25 04:00 . 2013-02-25 04:00 -------- d-----w- c:\windows\system32\wbem\snmp
2013-02-25 04:00 . 2013-02-25 06:01 -------- d-----w- c:\windows\system32\oobe
2013-02-25 04:00 . 2013-02-25 04:00 -------- d-----w- c:\windows\system32\xircom
2013-02-25 04:00 . 2013-02-25 04:00 -------- d-----w- c:\windows\srchasst
2013-02-25 04:00 . 2013-02-25 04:00 -------- d-----w- c:\windows\msagent
2013-02-25 04:00 . 2013-02-25 04:00 -------- d-----w- c:\archivos de programa\microsoft frontpage
2013-02-25 03:16 . 2013-02-25 17:48 108342 ----a-w- c:\windows\java.exe
2013-02-23 03:46 . 2013-02-23 03:46 -------- d-----w- c:\archivos de programa\Disk Heal
2013-02-23 00:37 . 2013-02-23 00:37 880640 ----a-w- c:\windows\system32\safari.exe
2013-02-22 04:30 . 2013-02-22 04:30 -------- d-----w- c:\documents and settings\Administrador\Datos de programa\Malwarebytes
2013-02-22 04:30 . 2013-02-22 04:30 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Malwarebytes
2013-02-22 04:30 . 2013-02-22 04:30 -------- d-----w- c:\archivos de programa\Malwarebytes' Anti-Malware
2013-02-22 04:30 . 2012-12-14 15:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-02-22 04:24 . 2013-02-22 04:24 -------- d-----w- c:\archivos de programa\Defraggler
2013-02-22 04:12 . 2001-08-22 18:34 12416 ----a-w- c:\windows\system32\drivers\mouhid.sys
2013-02-22 04:02 . 2008-04-14 02:15 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-05-11 . 38FF5050D7BC47F344AE271B6C250201 . 3591680 . . [7.00.6000.16640] . . c:\windows\system32\mshtml.dll
[7] 2008-04-14 . 85B88C504D1527978F1C2FBE6A41E799 . 3066880 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\mshtml.dll
.
[-] 2008-05-11 . 39E5AA52B667BDD18690336E7E410EAF . 826368 . . [7.00.6000.16640] . . c:\windows\system32\wininet.dll
[7] 2008-04-14 . A9A84CFC20D5F4C609E9CBF9491B8DF6 . 668672 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\wininet.dll
.
[-] 2008-05-11 20:28 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
.
[7] 2008-04-14 . 12CE2CACCF25D99944CA69F6A3A83441 . 93184 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\iexplore.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SarbyxTrayClock"="c:\archivos de programa\SarbyxTrayClock\trayclock.exe" [2006-10-19 60928]
"Windows Service Base"="safari.exe" [2013-02-23 880640]
"Supports RAS Connections"="rundat.exe" [2013-02-25 133430]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"Supports RAS Connections"="rundat.exe" [2013-02-25 133430]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-07 16862208]
"AVG_TRAY"="c:\archivos de programa\AVG\AVG2012\avgtray.exe" [2012-01-24 2490208]
"Adobe ARM"="c:\archivos de programa\Archivos comunes\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 921536]
"Windows Service Base"="safari.exe" [2013-02-23 880640]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-31 7634944]
"Supports RAS Connections"="rundat.exe" [2013-02-25 133430]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"Supports RAS Connections"="rundat.exe" [2013-02-25 133430]
"Windows Service Base"="safari.exe" [2013-02-23 880640]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Windows Service Base"="safari.exe" [2013-02-23 880640]
"Supports RAS Connections"="rundat.exe" [2013-02-25 133430]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunServices]
"Supports RAS Connections"="rundat.exe" [2013-02-25 133430]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Dnscache"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Archivos de programa\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Archivos de programa\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Archivos de programa\\AVG\\AVG2012\\avgtray.exe"=
"c:\\WINDOWS\\system32\\netsh.exe"=
"c:\\Archivos de programa\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\RTHDCPL.EXE"=
"c:\\Documents and Settings\\Administrador\\Configuración local\\Datos de programa\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Archivos de programa\\Microsoft Office\\Office12\\POWERPNT.EXE"=
"c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"=
"c:\\Archivos de programa\\SarbyxTrayClock\\trayclock.exe"=
"c:\\Archivos de programa\\WinZip\\WZQKPICK32.EXE"=
"c:\\WINDOWS\\System32\\cmd.exe"= c:\\WINDOWS\\system32\\cmd.exe
"c:\\Archivos de programa\\Microsoft Application Virtualization Client\\sftlist.exe"=
"c:\\Archivos de programa\\Archivos comunes\\Microsoft Shared\\Virtualization Handler\\CVHSVC.EXE"=
"c:\\Archivos de programa\\Archivos comunes\\Java\\Java Update\\jusched.exe"=
"c:\\Archivos de programa\\Malwarebytes' Anti-Malware\\mbamgui.exe"=
"c:\\Archivos de programa\\AVG\\AVG2012\\avgemcx.exe"=
"c:\\Documents and Settings\\Administrador\\Configuración local\\Datos de programa\\Google\\Update\\GoogleUpdate.exe"=
"c:\\Archivos de programa\\Archivos comunes\\Adobe\\ARM\\1.0\\AdobeARM.exe"=
"c:\\Documents and Settings\\Administrador\\Configuración local\\Datos de programa\\Google\\Update\\1.3.21.135\\GoogleCrashHandler.exe"=
"c:\\Archivos de programa\\Malwarebytes' Anti-Malware\\mbamservice.exe"=
"c:\\WINDOWS\\inf\\unregmp2.exe"=
"c:\\WINDOWS\\system32\\safari.exe"=
"c:\\Archivos de programa\\Adobe\\Reader 10.0\\Reader\\Reader_sl.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3020:TCP"= 3020:TCP:cevoqtg
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [10/07/2011 21:14 23120]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [03/03/2012 0:31 717296]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [07/10/2011 2:23 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [10/07/2011 21:14 295248]
R2 avgwd;WatchDog de AVG;c:\archivos de programa\AVG\AVG2012\avgwdsvc.exe [02/08/2011 2:09 192776]
R2 cvhsvc;Client Virtualization Handler;c:\archivos de programa\Archivos comunes\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [27/02/2010 21:33 899488]
R2 MBAMScheduler;MBAMScheduler;c:\archivos de programa\Malwarebytes' Anti-Malware\mbamscheduler.exe [22/02/2013 1:30 398184]
R2 sftlist;Application Virtualization Client;c:\archivos de programa\Microsoft Application Virtualization Client\sftlist.exe [02/12/2009 17:23 553320]
R2 WebUpdate4;Web Update Wizard Service V4;c:\windows\system32\WebUpdateSvc4.exe [22/06/2007 8:36 229592]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [22/02/2013 1:30 21104]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfsxp.sys [02/12/2009 17:23 554344]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplayxp.sys [02/12/2009 17:23 211304]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [02/12/2009 17:23 20584]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvolxp.sys [02/12/2009 17:23 18280]
R3 sftvsa;Application Virtualization Service Agent;c:\archivos de programa\Microsoft Application Virtualization Client\sftvsa.exe [02/12/2009 17:23 209768]
S2 AVGIDSAgent;AVGIDSAgent;c:\archivos de programa\AVG\AVG2012\AVGIDSAgent.exe [12/10/2011 2:25 4502880]
S2 MBAMService;MBAMService;c:\archivos de programa\Malwarebytes' Anti-Malware\mbamservice.exe [22/02/2013 1:30 756072]
S4 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [10/07/2011 21:14 134608]
S4 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [10/07/2011 21:14 24272]
S4 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [04/10/2011 2:21 16720]
S4 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [13/09/2011 2:30 32592]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
kkwebzkt
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xportar a Microsoft Excel - c:\archiv~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 200.75.0.4 200.75.25.224
.
- - - - ORPHANS REMOVED - - - -
.
HKU-Default-Run-cpjksvxxyviutjyixjx - (null)\cpjksvxxyviutjyixjx.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-02-25 15:04
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2524)
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\RTHDCPL.EXE
c:\archivos de programa\Java\jre6\bin\jqs.exe
c:\windows\system32\rundat.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\safari.exe
.
**************************************************************************
.
Completion time: 2013-02-25 15:05:47 - machine was rebooted
ComboFix-quarantined-files.txt 2013-02-25 18:05
ComboFix2.txt 2013-02-25 08:16
.
Pre-Run: 60.175.196.160 bytes libres
Post-Run: 60.120.944.640 bytes libres
.
- - End Of File - - 1E65748748B60601FBAF824A222B32AD