Scribd
Upload
181 views

Combo Fix

This document summarizes the results of a ComboFix scan on a Windows XP system. It identifies files and processes that were deleted or created during the scan, including potential malware files. It also lists registry entries, drivers, and other system details checked and modified by ComboFix to identify and remove threats. The scan found no active rootkits but did delete some suspicious files and made various system repairs and optimizations.

Uploaded by

Julio Cesar Camones Castillo
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
181 views

Combo Fix

This document summarizes the results of a ComboFix scan on a Windows XP system. It identifies files and processes that were deleted or created during the scan, including potential malware files. It also lists registry entries, drivers, and other system details checked and modified by ComboFix to identify and remove threats. The scan found no active rootkits but did delete some suspicious files and made various system repairs and optimizations.

Uploaded by

Julio Cesar Camones Castillo
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 4

ComboFix 11-06-02.02 - RICARDO 02/06/2011 20:52:57.5.

2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.34.3082.18.1013.542 [GMT -5:0
0]
Running from: d:\j4ck\Soft\ANTIVITUS\ComboFix\ComboFix\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4
F34C0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))
)))))))))))))))))))))))))))))
.
.
c:\docume~1\RICARDO\CONFIG~1\Temp\tcpoptimizer.exe
c:\documents and settings\RICARDO\Datos de programa\hostsys.exe
c:\documents and settings\RICARDO\Datos de programa\SysFile.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-05-03 to 2011-06-03 )))))))
))))))))))))))))))))))))
.
.
2011-06-02 01:08 . 2011-06-02 01:08
-------d-----wc:\archi
vos de programa\Psychro
2011-06-02 01:08 . 2011-06-02 01:08
524288 ------wc:\windows\ArchS
et1.exe
2011-05-31 05:06 . 2011-06-02 01:08
73216 ----a-wc:\windows\ST6UN
ST.EXE
2011-05-08 21:20 . 2011-05-08 21:20
-------d-----wc:\docum
ents and settings\All Users\Datos de programa\DivX
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))
)))))))))))))))))))))))))))))))
.
2011-05-01 16:55 . 2011-05-01 16:55
286720 ----a-wc:\windows\iun50
7.exe
2011-04-15 21:02 . 2011-04-15 21:02
135680 ----a-wc:\windows\syste
m32\MSCOMCT2.oca
2011-04-15 21:02 . 2011-04-15 21:02
90624 ----a-wc:\windows\syste
m32\MSHFLXGD.oca
2011-04-15 21:02 . 2011-04-15 21:02
35840 ----a-wc:\windows\syste
m32\COMDLG32.oca
2011-04-14 21:43 . 2011-04-14 21:43
266752 ----a-wc:\windows\syste
m32\Mscomctl.oca
2011-03-30 01:00 . 2011-03-30 01:00
76800 ----a-wc:\windows\syste
m32\MSFLXGRD.oca
2011-03-16 23:43 . 2011-03-16 23:43
35840 ----a-wc:\windows\syste
m32\MSADODC.oca
2011-03-16 23:43 . 2011-03-16 23:43
69632 ----a-wc:\windows\syste
m32\DBLIST32.oca
2011-03-16 23:42 . 2011-03-16 23:42
66048 ----a-wc:\windows\syste
m32\MSDATGRD.oca
2011-03-16 23:42 . 2011-03-16 23:42
70144 ----a-wc:\windows\syste
m32\MSDATLST.oca
2011-03-16 23:42 . 2011-03-16 23:42
44544 ----a-wc:\windows\syste
m32\MSDATREP.oca
2011-03-16 23:42 . 2011-03-16 23:42
41984 ----a-wc:\windows\syste
m32\MSRDC20.oca
.

.
((((((((((((((((((((((((((((( SnapShot@2011-05-07_16.04.17 )))))))))))))))))
))))))))))))))))))))))))
.
+ 2011-06-03 00:53 . 2011-06-03 00:53 16384
c:\windows\Temp\Perfl
ib_Perfdata_ac.dat
+ 2003-06-20 01:05 . 2003-06-20 01:05 10752
c:\windows\system32\h
h.exe
+ 1998-07-28 05:00 . 1999-06-01 05:00 101888
c:\windows\system32\
VB6STKIT.DLL
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))
)))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\archivos de programa\A
rchivos comunes\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"RocketDock"="c:\archivos de programa\RocketDock\RocketDock.exe" [2007-09-02 495
616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"egui"="c:\archivos de programa\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06
2021400]
"Adobe Reader Speed Launcher"="c:\archivos de programa\Adobe\Reader 9.0\Reader\R
eader_sl.exe" [2008-06-12 34672]
"HP Software Update"="c:\archivos de programa\HP\HP Software Update\HPWuSchd2.ex
e" [2007-03-12 49152]
"RemoteControl9"="c:\archivos de programa\CyberLink\PowerDVD9\PDVD9Serv.exe" [20
09-02-16 87336]
"PDVD9LanguageShortcut"="c:\archivos de programa\CyberLink\PowerDVD9\Language\La
nguage.exe" [2008-10-14 50472]
"CloneCDTray"="c:\archivos de programa\SlySoft\CloneCD\CloneCDTray.exe" [2006-09
-28 57344]
"GrooveMonitor"="c:\archivos de programa\Microsoft Office\Office12\GrooveMonitor
.exe" [2006-10-27 31016]
"AdobeCS4ServiceManager"="c:\archivos de programa\Archivos comunes\Adobe\CS4Serv
iceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"NeroFilterCheck"="c:\archivos de programa\Archivos comunes\Nero\Lib\NeroCheck.e
xe" [2008-02-28 570664]
"NBKeyScan"="c:\archivos de programa\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [20
08-02-18 2221352]
"VirtualCloneDrive"="c:\archivos de programa\Elaborate Bytes\VirtualCloneDrive\V
CDDaemon.exe" [2008-06-29 52168]
"RTHDCPL"="RTHDCPL.EXE" [2010-05-07 19523616]
"SunJavaUpdateSched"="c:\archivos de programa\Archivos comunes\Java\Java Update\
jusched.exe" [2010-10-29 249064]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Men Inicio^Programas^In
icio^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Men Inicio\Programas\Inicio\HP Digital I

maging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Authoriz
edApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Archivos de programa\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Archivos de programa\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Archivos de programa\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Archivos de programa\\Archivos comunes\\Adobe\\CS4ServiceManager\\CS4Servic
eManager.exe"=
"c:\\Game\\SoftnyxGame\\GunboundLS\\NyxLauncher.exe"=
"c:\\Archivos de programa\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Archivos de programa\\Softnyx\\RakionLS\\Bin\\rakion.bin"=
"c:\\Archivos de programa\\Ares\\Ares.exe"=
"c:\\Archivos de programa\\Softnyx\\RakionLS\\NyxLauncher.exe"=
"c:\\Archivos de programa\\Microsoft Visual Studio\\COMMON\\Tools\\VS-Ent98\\Van
alyzr\\VARPC.EXE"=
"d:\\J4CK\\juego\\GunZ\\gunz.exe"=
"d:\\J4CK\\Soft\\INTERNET\\GUIOS & CARITAS & WINKS\\Local MCO Installer.exe"=
"d:\\J4CK\\juego\\Warcraft III\\Warcraft III\\war3.exe"=
"Windows Update System"= c:\documents and settings\RICARDO\Datos de programa\hos
tsys.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Globally
OpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [06/02/2009 14:23 106208]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [06/02/2009 14:24
93336]
R2 ekrn;ESET Service;c:\archivos de programa\ESET\ESET NOD32 Antivirus\ekrn.exe
[06/02/2009 14:23 727720]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [30/01/2011 13:27 169
1480]
S3 apf001;apf001;\??\c:\game\SoftnyxGame\GunboundLS\apf001.sys --> c:\game\Softn
yxGame\GunboundLS\apf001.sys [?]
S3 DRIVER1111;DRIVER1111;\??\d:\j4ck\Hack Speed\Hack Speed\dbk32.sys --> d:\j4ck
\Hack Speed\Hack Speed\dbk32.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt
REG_MULTI_SZ
hpqcxs08
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-03 c:\windows\Tasks\User_Feed_Synchronization-{C577265D-40C3-4C62-9F27-F
87F9BCE7296}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
.
------- Supplementary Scan ------.
uStart Page = hxxp://onlinesearchs.info
IE: E&xportar a Microsoft Excel - c:\archiv~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: Interfaces\{8418DA43-D010-4AF8-91BB-B1D2EA88A025}: NameServer = 200.48.225.

130,200.48.225.146
DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.es/Genoogle/
Components/ActiveX/SearchEngineQuery.dll
FF - ProfilePath - c:\documents and settings\RICARDO\Datos de programa\Mozilla\F
irefox\Profiles\s5ca9svo.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\archivos de progr
ama\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\archivos de
programa\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: [email protected] - c:\archivos de programa\Java\jre6\li
b\deploy\jqs\ff
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http:/
/www.gmer.net
Rootkit scan 2011-06-02 20:58
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes --------------------.
- - - - - - - > 'winlogon.exe'(828)
c:\archivos de programa\Archivos comunes\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.
dll
.
Completion time: 2011-06-02 20:59:53
ComboFix-quarantined-files.txt 2011-06-03 01:59
ComboFix2.txt 2011-05-26 21:46
ComboFix3.txt 2011-05-07 16:05
.
Pre-Run: 14,349,090,816 bytes libres
Post-Run: 14,795,767,808 bytes libres
.
- - End Of File - - 06F88505936F713A21E90FFC81793940

You might also like