Combo Fix 041111

ComboFix 11-11-04.04 - pc 04/11/2011 17:51:08.1.
1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.34.3082.18.958.622 [GMT -3:00
]
Running from: c:\documents and settings\pc\Escritorio\ComboFix.exe
* Created a new restore point
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))
)))))))))))))))))))))))))))))
.
.
C:\dfinstall.log
c:\documents and settings\All Users\Datos de programa\TEMP
c:\documents and settings\All Users\Datos de programa\TEMP\{A8516AC9-AAF1-47F9-9
766-03E2D4CDBCF8}\PostBuild.exe
c:\documents and settings\pc\WINDOWS
c:\windows\dasetup.log
c:\windows\iun6002.exe
c:\windows\system32\CafeAgent.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))
))))))))))))))))))))))))))))))
.
.
-------\Legacy_AFPANSI
.
.
((((((((((((((((((((((((( Files Created from 2011-10-04 to 2011-11-04 )))))))
))))))))))))))))))))))))
.
.
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))
)))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))
)))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PDVD9LanguageShortcut"="c:\archivos de programa\CyberLink\PowerDVD9\Language\La
nguage.exe" [2008-10-13 50472]
"VTTimer"="VTTimer.exe" [2005-03-07 53248]
"PCTVOICE"="pctspk.exe" [2003-12-18 180224]
"GrooveMonitor"="c:\archivos de programa\Microsoft Office\Office12\GrooveMonitor
.exe" [2006-10-27 31016]
"snp325"="c:\windows\vsnp325.exe" [2009-05-20 835584]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"HDAudDeck"="c:\archivos de programa\VIA\VIAudioi\HDADeck\HDeck.exe" [2009-01-21
33587200]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-29 13666920]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-01-29 110696]
"RTHDCPL"="RTHDCPL.EXE" [2009-04-30 17881088]
"Adobe ARM"="c:\archivos de programa\Archivos comunes\Adobe\ARM\1.0\AdobeARM.exe
" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\archivos de programa\Archivos comunes\Java\Java Update\
jusched.exe" [2011-04-08 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Men Inicio\Programas\Inicio\
Adobe Gamma.lnk - c:\archivos de programa\Archivos comunes\Adobe\Calibration\Ado
be Gamma Loader.exe [2005-3-16 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"NoSecCPL"= 0 (0x0)
"NoConfigPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoSecCPL"= 0 (0x0)
"NoConfigPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoFavoritesMenu"= 1 (0x1)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer
]
"NoRecentDocsNetHood"= 0 (0x0)
"DisableLocalMachineRun"= 0 (0x0)
"DisableLocalMachineRunOnce"= 0 (0x0)
"DisableCurrentUserRun"= 0 (0x0)
"DisableCurrentUserRunOnce"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoFavoritesMenu"= 1 (0x1)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify
\DfLogon]
2009-08-05 16:45
65536 ----a-wc:\windows\system32\LogonDll.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute
REG_MULTI_SZ
autocheck autochk /k:C *
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Authoriz
edApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Archivos de programa\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Archivos de programa\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Archivos de programa\\Skype\\Phone\\Skype.exe"=
"c:\\Archivos de programa\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Archivos de programa\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Archivos de programa\\Microsoft Office\\Office12\\ONENOTE.EXE"=
.
R0 DeepFrz;DeepFrz;c:\windows\system32\drivers\DeepFrz.sys [05/08/2009 13:48 152
472]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2011/02/10 10:32];c:\ar
chivos de programa\CyberLink\PowerDVD9\000.fcl [28/02/2009 19:40 87536]
R2 DFServ;DFServ;c:\archivos de programa\Faronics\Deep Freeze\Install C-0\DFServ
.exe [05/08/2009 13:38 1056256]
R3 Philipscam1;Cmara digital Philips 645: vdeo;c:\windows\system32\drivers\philcam
1.sys [28/05/2011 2:24 75776]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [28/05/2011 2:45 1684
736]
S3 PAC207;PC Camera;c:\windows\system32\drivers\PFC027.SYS [29/05/2007 13:30 508
160]
S3 SNP325;USB PC Camera (SNPSTD325);c:\windows\system32\drivers\snp325.sys [23/0
2/2011 15:36 451456]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system
32\drivers\viahduaa.sys [11/05/2011 18:39 1050112]
S3 VIASens;Vinyl Sensaura WDM 3D Audio Driver;c:\windows\system32\drivers\viasen
s.sys [10/05/2011 17:10 391680]
.
Contents of the 'Scheduled Tasks' folder
.
2011-02-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\archivos de programa\Apple Software Update\SoftwareUpdate.exe [2008-07-30 1
5:34]
.
.
------- Supplementary Scan ------.
uStart Page = hxxp://www.google.com.ar/
IE: E&xportar a Microsoft Excel - c:\archiv~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: Interfaces\{68802050-B56D-46A7-84B1-2636148A7F3C}: NameServer = 200.45.191.
35,200.45.191.40
TCP: Interfaces\{6F086BBE-4652-497F-A0E6-8A5A7477D3EF}: NameServer = 200.45.191.
35,200.45.191.40
TCP: Interfaces\{6F8AC38E-ECD4-4080-A621-4154BFBF4BAE}: NameServer = 200.45.191.
35,200.45.191.40
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
.
.
------- File Associations ------.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - .
HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\archivos de progr
ama\Archivos comunes\Ahead\Lib\NMBgMonitor.exe
HKLM-Run-Cmaudio - cmicnfg.cpl
HKLM-Run-NWEReboot - (no file)
HKLM-Run-CafeAgent - c:\windows\system32\CafeAgent.exe
HKLM-Run-nwiz - nwiz.exe
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http:/
/www.gmer.net
Rootkit scan 2011-11-04 17:56
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\archivos de programa\VIA\VIAudioi\HDADeck\HDeck.exe 1??????????
?????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{B154377D-700F-42cc-9474-23858
FBDF4BD}]
"ImagePath"="\??\c:\archivos de programa\CyberLink\PowerDVD9\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes --------------------.
- - - - - - - > 'winlogon.exe'(712)
c:\windows\system32\LogonDll.dll
.
- - - - - - - > 'explorer.exe'(3120)
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes -----------------------.
c:\windows\system32\nvsvc32.exe
c:\archivos de programa\Java\jre6\bin\jqs.exe
c:\archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\VTTimer.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\RTHDCPL.EXE
c:\archivos de programa\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Completion time: 2011-11-04 18:03:18 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-04 21:03

.
Pre-Run: 64.866.627.584 bytes libres
Post-Run: 64.989.364.224 bytes libres
.
- - End Of File - - 5D7DF47845772CB5B65180D0C33A19C1

Combo Fix 041111

Загружено:

Сведения о документе

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Combo Fix 041111

Загружено:

Авторское право:

Доступные форматы

ComboFix 11-11-04.04 - pc 04/11/2011 17:51:08.1.

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-29 13666920]

ComboFix-quarantined-files.txt 2011-11-04 21:03

Вам также может понравиться