PDA

View Full Version : Combofix virus


enaamorado
2011-04-07, 19:50
Hi, sorry my bad english, can u see my log from combofix, my pc is slow running, and run combofix and see a warning rootkit.

Thanks

ComboFix 11-04-06.03 - ena 07/04/2011 13:36:25.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.34.3082.18.2814.2204 [GMT -3:00]
Running from: c:\documents and settings\ena\Escritorio\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\InfoSat.txt
c:\windows\settings.reg
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\_000007_.tmp.dll
c:\windows\system32\_000008_.tmp.dll
c:\windows\system32\_000009_.tmp.dll
c:\windows\system32\_000010_.tmp.dll
c:\windows\system32\_000011_.tmp.dll
c:\windows\system32\_000012_.tmp.dll
c:\windows\system32\_000013_.tmp.dll
c:\windows\system32\_000014_.tmp.dll
c:\windows\system32\_000015_.tmp.dll
c:\windows\system32\Data
c:\windows\XSxS
.
.
((((((((((((((((((((((((( Files Created from 2011-03-07 to 2011-04-07 )))))))))))))))))))))))))))))))
.
.
2011-04-03 17:22 . 2010-07-16 17:59 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2011-04-03 17:22 . 2010-07-16 17:59 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2011-04-01 20:40 . 2011-04-01 20:40 54016 ----a-w- c:\windows\system32\drivers\yylkh.sys
2011-04-01 16:59 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpi pelineprintproc.dll
2011-04-01 16:59 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintpr oc.dll
2011-04-01 16:59 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2011-04-01 16:59 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2011-04-01 16:59 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2011-04-01 16:59 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2011-04-01 16:59 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2011-04-01 16:59 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesv c.exe
2011-04-01 16:59 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfil terpipelinesvc.exe
2011-04-01 16:37 . 2010-10-18 11:10 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll
2011-04-01 16:37 . 2010-12-20 23:51 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-04-01 16:37 . 2010-12-20 23:51 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2011-04-01 16:37 . 2010-12-20 23:51 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-04-01 16:37 . 2010-12-20 23:51 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-04-01 16:37 . 2010-12-20 23:51 1991680 -c----w- c:\windows\system32\dllcache\iertutil.dll
2011-04-01 16:37 . 2010-12-20 23:51 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-04-01 16:37 . 2010-12-20 14:51 11080704 -c----w- c:\windows\system32\dllcache\ieframe.dll
2011-04-01 11:25 . 2009-08-06 22:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-03-31 22:29 . 2011-01-07 17:54 149456 ----a-w- c:\windows\SGDetectionTool.dll
2011-03-31 22:29 . 2011-01-07 17:54 767952 ----a-w- c:\windows\BDTSupport.dll
2011-03-31 22:29 . 2011-01-07 17:54 1533904 ----a-w- c:\windows\PCTBDRes.dll
2011-03-31 22:29 . 2011-01-07 17:54 2000848 ----a-w- c:\windows\PCTBDCore.dll
2011-03-31 22:21 . 2009-02-13 15:03 57344 ----a-w- c:\windows\system32\ASTSRV.EXE
2011-03-31 22:17 . 2010-12-20 21:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-31 22:17 . 2010-12-20 21:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-31 22:05 . 2011-01-17 12:10 251560 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-03-31 22:05 . 2010-12-10 19:57 160448 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-03-31 22:05 . 2010-12-10 16:24 239168 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-03-31 22:05 . 2010-12-16 11:46 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-03-31 20:22 . 2008-04-14 09:49 539136 ----a-w- c:\windows\system32\spider.exe
2011-03-31 20:22 . 2001-08-24 15:00 57344 ----a-w- c:\windows\system32\sol.exe
2011-03-31 20:22 . 2001-08-24 15:00 55808 ----a-w- c:\windows\system32\freecell.exe
2011-03-31 20:22 . 2001-08-24 15:00 128000 ----a-w- c:\windows\system32\mshearts.exe
2011-03-31 20:22 . 2001-08-24 15:00 120320 ----a-w- c:\windows\system32\winmine.exe
2011-03-31 19:33 . 2011-03-31 19:33 -------- d-----w- c:\windows\F20A984B9B304A9EA3AC918AF0D85A48.TMP
2011-03-31 18:04 . 2004-03-29 19:23 90112 ----a-w- c:\windows\unvise32.exe
2011-03-31 15:42 . 2011-03-31 15:47 -------- d-----w- c:\windows\system32\URTTemp
2011-03-31 15:42 . 2011-03-31 15:42 -------- d-----w- C:\n1
2011-03-31 14:15 . 2011-03-31 14:14 94720 ----a-w- C:\MsiZap.exe
2011-03-31 10:27 . 2007-03-19 13:21 647168 ----a-w- c:\windows\hasp_windows.dll
2011-03-31 10:27 . 2007-03-19 13:21 84992 ----a-w- c:\windows\csejpeg.dll
2011-03-31 10:27 . 2007-03-19 13:21 188482 ----a-r- c:\windows\system32\helixprodctrl.dll
2011-03-31 10:27 . 2007-01-25 21:47 380928 ----a-w- c:\windows\system32\palm2.ax
2011-03-31 10:27 . 2007-03-19 13:21 864338 ----a-w- c:\windows\system32\csempeg3.dll
2011-03-31 10:23 . 2007-07-19 20:47 57344 ----a-w- c:\windows\system32\pavedius4db.dll
2011-03-30 22:07 . 2010-03-15 10:31 165376 ----a-w- c:\windows\system32\unrar.dll
2011-03-30 22:07 . 2010-12-07 18:40 183808 ----a-w- c:\windows\system32\xvidvfw.dll
2011-03-30 22:07 . 2010-12-07 18:22 810496 ----a-w- c:\windows\system32\xvidcore.dll
2011-03-30 22:07 . 2010-11-03 19:08 237568 ----a-w- c:\windows\system32\yv12vfw.dll
2011-03-30 22:07 . 2010-01-17 16:18 151552 ----a-w- c:\windows\system32\ac3acm.acm
2011-03-30 22:07 . 2006-10-18 19:05 232448 ----a-w- c:\windows\system32\mp3fhg.acm
2011-03-30 22:07 . 2011-02-28 08:00 80896 ----a-w- c:\windows\system32\ff_vfw.dll
2011-03-30 21:53 . 2006-11-22 13:01 693760 ----a-w- c:\windows\system32\drivers\hardlock.sys
2011-03-30 21:53 . 2008-04-24 16:40 2562048 ----a-w- c:\windows\system32\hasplms.exe
2011-03-30 21:53 . 2008-04-24 16:40 2562048 ----a-w- c:\windows\system32\aksllmtp.exe
2011-03-30 21:53 . 2008-03-18 19:09 350720 ----a-w- c:\windows\system32\drivers\aksfridge.sys
2011-03-30 19:33 . 2011-02-03 00:40 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-30 19:33 . 2011-02-02 22:19 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-03-30 19:30 . 2008-12-22 12:15 647168 ------w- c:\windows\system32\hasp_windows.dll
2011-03-30 18:52 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2011-03-30 18:32 . 2009-03-02 21:24 319488 ------w- c:\windows\system32\pavplal.dll
2011-03-30 18:32 . 2009-03-17 13:17 143360 ----a-w- c:\windows\system32\pavedius5db.dll
2011-03-30 18:32 . 2006-11-04 21:28 49152 ----a-w- c:\windows\system32\pavedius.dll
2011-03-30 18:32 . 2008-03-18 11:04 6656 ------w- c:\windows\system32\paveno.dll
2011-03-30 18:32 . 2008-03-18 11:04 462848 ------w- c:\windows\system32\pavapi.dll
2011-03-30 17:17 . 2009-02-06 10:10 227840 ----a-w- c:\windows\system32\wbem\SET19D5.tmp
2011-03-30 17:17 . 2009-03-06 14:20 286720 ----a-w- c:\windows\system32\SET19D4.tmp
2011-03-30 17:17 . 2009-02-09 10:52 401408 ----a-w- c:\windows\system32\SET19D3.tmp
2011-03-30 17:17 . 2009-02-09 10:52 473600 ----a-w- c:\windows\system32\wbem\SET19D7.tmp
2011-03-30 17:17 . 2009-02-09 10:52 453120 ----a-w- c:\windows\system32\wbem\SET19D6.tmp
2011-03-30 17:15 . 2006-03-17 17:49 368640 ----a-w- c:\windows\system32\TwnLib4.dll
2011-03-30 17:15 . 2006-03-17 14:45 802816 ----a-w- c:\windows\system32\imagXRA7.dll
2011-03-30 17:15 . 2006-03-17 14:45 497296 ----a-w- c:\windows\system32\imagXpr7.dll
2011-03-30 17:15 . 2006-03-17 14:45 258048 ----a-w- c:\windows\system32\imagXR7.dll
2011-03-30 17:15 . 2006-03-17 14:45 1757184 ----a-w- c:\windows\system32\imagX7.dll
2011-03-30 17:03 . 2008-10-15 16:36 337408 ----a-w- c:\windows\system32\SET18A8.tmp
2011-03-30 17:03 . 2010-12-09 15:13 2195200 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2011-03-30 17:03 . 2010-12-09 15:13 2151424 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2011-03-30 17:03 . 2010-12-09 15:13 2029568 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2011-03-30 17:03 . 2010-12-09 15:13 2071808 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2011-03-30 17:02 . 2008-06-14 17:33 272512 -c----w- c:\windows\system32\dllcache\bthport.sys
2011-03-30 17:02 . 2008-06-14 17:33 272512 ------w- c:\windows\system32\drivers\bthport.sys
2011-03-30 16:43 . 2011-03-30 16:46 -------- d-----w- C:\sistema
2011-03-30 16:40 . 2011-03-04 16:32 31552 ----a-w- c:\windows\system32\TURegOpt.exe
2011-03-30 16:40 . 2011-03-04 16:28 29504 ----a-w- c:\windows\system32\uxtuneup.dll
2011-03-30 16:18 . 2010-08-16 08:44 590848 ----a-w- c:\windows\system32\SET1836.tmp
2011-03-30 15:57 . 2009-01-07 21:21 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2011-03-30 15:03 . 2009-04-28 21:27 19456 ----a-w- c:\windows\system32\drivers\gHidPnp.sys
2011-03-30 15:03 . 2009-03-04 12:55 11520 ----a-w- c:\windows\system32\drivers\gMouUsb.sys
2011-03-30 15:02 . 2011-03-30 15:02 -------- d-----w- C:\Genius
2011-03-30 14:24 . 2010-02-04 13:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2011-03-30 14:24 . 2010-02-04 13:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2011-03-30 14:24 . 2010-02-04 13:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2011-03-30 14:24 . 2010-02-04 13:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2011-03-30 13:21 . 2003-10-02 10:48 53248 ----a-r- c:\windows\system32\P17CPI.dll
2011-03-30 13:21 . 2005-07-07 08:14 1389056 ----a-r- c:\windows\system32\drivers\P17.sys
2011-03-30 13:21 . 2005-05-03 11:38 64512 ----a-r- c:\windows\system32\P17.dll
2011-03-30 13:21 . 2004-12-22 11:58 8704 ----a-r- c:\windows\system32\drivers\Pfmodnt.sys
2011-03-30 13:21 . 2002-04-11 01:41 65536 -c--a-w- c:\windows\system32\dllcache\a3d.dll
2011-03-30 13:21 . 2002-04-11 01:41 65536 ----a-r- c:\windows\system32\A3d.dll
2011-03-30 13:21 . 2005-06-13 05:03 137728 ----a-r- c:\windows\system32\P17res.dll
2011-03-30 13:21 . 2005-01-10 10:15 20992 ----a-r- c:\windows\system32\sfman32.dll
2011-03-30 13:21 . 2005-01-10 10:15 115200 ----a-r- c:\windows\system32\sfms32.dll
2011-03-30 13:21 . 2005-06-27 10:37 133632 ----a-r- c:\windows\system32\CtDvInst.dll
2011-03-30 13:21 . 2005-01-10 10:15 106496 ----a-r- c:\windows\system32\drivers\ctoss2k.sys
2011-03-30 13:21 . 2005-01-10 10:15 138752 ----a-r- c:\windows\system32\drivers\ctsfm2k.sys
2011-03-30 13:13 . 2008-04-14 03:15 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2011-03-30 12:55 . 2009-03-24 08:00 70656 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPPA1. DLL
2011-03-30 12:55 . 2009-03-24 08:00 27648 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPDA1. DLL
2011-03-30 12:55 . 2009-03-24 08:00 272384 ----a-w- c:\windows\system32\CNMLMA1.DLL
2011-03-30 12:55 . 2009-03-18 09:09 178176 ----a-w- c:\windows\system32\CNMIUA1.DLL
2011-03-30 12:52 . 2008-07-31 13:41 238088 ----a-w- c:\windows\system32\xactengine3_2.dll
2011-03-30 12:46 . 2011-03-30 12:46 -------- d-----w- c:\windows\system32\AGEIA
2011-03-30 12:44 . 2006-01-23 14:48 176128 ------w- c:\windows\system32\nvuide.exe
2011-03-30 12:44 . 2006-01-23 14:48 176128 ----a-w- c:\windows\system32\nvunrm.exe
2011-03-30 12:44 . 2005-10-27 21:10 101632 ----a-w- c:\windows\system32\drivers\nvtcp.sys
2011-03-30 12:44 . 2006-01-23 14:48 176128 ----a-w- c:\windows\system32\nvusmb.exe
2011-03-30 12:43 . 2009-10-05 02:15 584296 ----a-w- c:\windows\system32\NVUNINST.EXE
2011-03-30 12:42 . 2005-04-06 03:30 26752 ----a-r- c:\windows\system32\drivers\ipfnd51.sys
2011-03-30 12:35 . 2008-04-14 09:49 40960 -c--a-w- c:\windows\system32\dllcache\msiregmv.exe
2011-03-30 12:34 . 2003-03-24 18:52 20540 -c--a-w- c:\windows\system32\dllcache\admin.dll
2011-03-30 12:32 . 2001-08-24 15:00 25088 -c--a-w- c:\windows\system32\dllcache\wisc10.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2011-02-22 23:51 . 2011-02-22 23:51 4280320 ----a-w- c:\windows\system32\GPhotos.scr
2011-02-09 13:53 . 2008-04-14 09:48 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2008-04-14 09:48 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 01:16 . 2011-02-08 01:16 922112 ------w- c:\windows\system32\imapi2fs.dll
2011-02-08 01:16 . 2011-02-08 01:16 426496 ------w- c:\windows\system32\imapi2.dll
2011-01-21 14:44 . 2011-01-21 14:44 8504320 ------w- c:\windows\system32\SET19C1.tmp
2011-01-21 14:44 . 2008-04-14 09:48 441344 ----a-w- c:\windows\system32\shimgvw.dll
2011-03-18 17:57 . 2011-03-30 14:13 142296 ----a-w- c:\archivos de programa\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\ID M Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-03-02 15:23 68216 ----a-w- c:\archivos de programa\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"IDMan"="c:\archivos de programa\Internet Download Manager\IDMan.exe" [2011-03-30 3278232]
"msnmsgr"="c:\archivos de programa\Windows Live\Messenger\msnmsgr.exe" [2011-04-01 3872080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"P17Helper"="P17.dll" [2005-05-03 64512]
"NvMediaCenter"="c:\windows\system32\NvMcTray. dll" [2009-09-27 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-27 13918208]
"egui"="c:\archivos de programa\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
"ISTray"="c:\archivos de programa\Spyware Doctor\pctsGui.exe" [2011-01-13 1589208]
"PCTools FGuard"="c:\archivos de programa\Spyware Doctor\BDT\FGuard.exe" [2011-01-07 108496]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\ena\Men£ Inicio\Programas\Inicio\
Acceso directo a ad.exe.lnk - c:\archivos de programa\AutoDialogs2\ad.exe [2011-3-31 2070528]
Stardock ObjectDock.lnk - c:\archivos de programa\Stardock\ObjectDockPlus2\ObjectDock.exe [2011-3-30 4142448]
.
c:\documents and settings\All Users\Men£ Inicio\Programas\Inicio\
Sizer.lnk - c:\archivos de programa\Sizer\sizer.exe [2011-1-22 23040]
.
[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\SharedTaskScheduler]
"{1984D045-52CF-49cd-DB77-08F378FEA4DB}"= "c:\archivos de programa\Stardock\ObjectDockPlus2\ODMenu.dll" [2010-03-24 511344]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 10:58 611712 ----a-w- c:\archivos de programa\Archivos comunes\Adobe\CS4ServiceManager\CS4ServiceManager. exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ioCentre]
2007-12-17 18:49 61440 ----a-w- c:\genius\ioCentre\gTaskBar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2010-04-17 01:12 3872080 ----a-w- c:\archivos de programa1\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 14:17 421888 ----a-w- c:\archivos de programa\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiSpyWareDisableNotify"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Archivos de programa\\uTorrent\\uTorrent.exe"=
"c:\\Archivos de programa\\Archivos comunes\\Adobe\\CS4ServiceManager\\CS4ServiceManag er.exe"=
"c:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Archivos de programa\\Bonjour\\mDNSResponder.exe"=
"c:\\Archivos de programa\\Autodesk\\3ds Max 9\\3dsmax.exe"=
"c:\\Archivos de programa\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Archivos de programa\\Autodesk\\Backburner\\manager.exe"=
"c:\\Archivos de programa\\Autodesk\\Backburner\\server.exe"=
"c:\\Archivos de programa\\Skype\\Phone\\Skype.exe"=
"c:\\Archivos de programa\\Skype\\Plugin Manager\\skypePM.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [31/03/2011 07:05 p.m. 239168]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [03/04/2011 02:22 p.m. 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [03/04/2011 02:22 p.m. 656320]
R1 cdrblock;cdrblock;c:\windows\system32\drivers\cdrb lock.sys [30/05/2008 02:13 a.m. 27704]
R1 cdrport;cdrport;c:\windows\system32\drivers\cdrpor t.sys [31/03/2011 07:25 a.m. 4608]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [06/02/2009 02:23 p.m. 106208]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfw tdir.sys [06/02/2009 02:24 p.m. 93336]
R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.s ys [28/03/2011 02:51 p.m. 98160]
R2 ekrn;ESET Service;c:\archivos de programa\ESET\ESET NOD32 Antivirus\ekrn.exe [06/02/2009 02:23 p.m. 727720]
R2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\nlssrv32.exe [28/04/2010 05:56 p.m. 63488]
R2 sdAuxService;PC Tools Auxiliary Service;c:\archivos de programa\Spyware Doctor\pctsAuxs.exe [03/04/2011 02:22 p.m. 366840]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\archivos de programa\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [04/03/2011 01:30 p.m. 1523008]
R3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\drivers\gHidPnp.sys [30/03/2011 12:03 p.m. 19456]
R3 gMouUsb;USB Mouse Device Drv;c:\windows\system32\drivers\gMouUsb.sys [30/03/2011 12:03 p.m. 11520]
R3 ip100xp;ENCORE 10/100Mbps Fast Ethernet PCI Adapter NT Driver;c:\windows\system32\drivers\ipfnd51.sys [30/03/2011 09:42 a.m. 26752]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [29/01/2011 12:15 a.m. 57248]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\archivos de programa\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [07/10/2010 12:34 p.m. 10064]
S4 Browser Defender Update Service;Browser Defender Update Service;c:\archivos de programa\Spyware Doctor\BDT\BDTUpdateService.exe [31/03/2011 07:29 p.m. 247760]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - PCTSDInjDriver32
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\archivos de programa\Apple Software Update\SoftwareUpdate.exe [2008-07-30 15:34]
.
2011-04-07 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\archivos de programa\Ask.com\UpdateTask.exe [2010-09-29 01:44]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Descargar con IDM - c:\archivos de programa\Internet Download Manager\IEExt.htm
IE: Descargar con IDM todos los enlaces - c:\archivos de programa\Internet Download Manager\IEGetAll.htm
IE: Sothink SWF Catcher - c:\archivos de programa\Archivos comunes\SourceTec\SWF Catcher\InternetExplorer.htm
FF - ProfilePath - c:\documents and settings\ena\Datos de programa\Mozilla\Firefox\Profiles\qlx4rjt5.default \
FF - prefs.js: browser.startup.homepage - www.google.com.ar
.
.
------- File Associations -------
.
inifile=Notepad.exe "%1"
txtfile=Notepad.exe "%1"
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
AddRemove-V-Ray for 3dsmax R9 for x86 - c:\archivos de programa\Chaos Group\V-Ray\3dsmax R9 for x86\uninstall\wininstaller.exe-uninstall=c:\archivos de programa\Chaos Group\V-Ray\3dsmax R9 for x86\uninstall\install.log
.
.
.
************************************************** ************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-07 13:45
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macrome d\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUt il10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Curr entVersion\Installer\UserData\LocalSystem\Componen ts\h–€|ÿÿÿÿ¤•€|ù•9~*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
.
Completion time: 2011-04-07 13:47:24
ComboFix-quarantined-files.txt 2011-04-07 16:47
ComboFix2.txt 2008-03-29 05:35
ComboFix3.txt 2011-03-25 15:09
ComboFix4.txt 2011-02-05 07:09
ComboFix5.txt 2011-04-07 15:53
.
Pre-Run: 4.929.089.536 bytes libres
Post-Run: 4.928.081.920 bytes libres
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Micro soft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - ACBDFA541FFDD7F40F0ABC4100F9E80F
tashi
2011-04-07, 20:19
Hello enaamorado,

In case you missed it please see the FAQ which includes guidelines for this forum and also instructions on posting preliminary logs in post #2.
"BEFORE You POST"(Please read this Procedure Before Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)

No combofix log please. ;) Please do not run 'FIXES' (ComboFix etc) without being asked (http://forums.spybot.info/showthread.php?t=16806)

Then start a new topic and a volunteer analyst will advise you when available. :)

Best regards.
enaamorado
2011-04-07, 20:47
Thanks Tashi.
I puted the new topic...can u closed this. Thanks! :bigthumb:


http://forums.spybot.info/showthread.php?t=62173