Scribd
Upload
114 views11 pages

Combo Fix

This document provides a summary of files and programs on a Windows 7 system. It lists software installed, files created between two dates, files in the Windows directory, and other system information like running processes and drivers. The summary identifies the operating system, date and time the report was generated, and lists security programs installed like Kaspersky and Windows Defender.

Uploaded by

Agustín Rosero Ramírez
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
114 views11 pages

Combo Fix

This document provides a summary of files and programs on a Windows 7 system. It lists software installed, files created between two dates, files in the Windows directory, and other system information like running processes and drivers. The summary identifies the operating system, date and time the report was generated, and lists security programs installed like Kaspersky and Windows Defender.

Uploaded by

Agustín Rosero Ramírez
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 11

ComboFix 13-04-18.02 - Planeacion 18-04-2013 8:45.10.

2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.34.3082.18.3326.2266 [GMT -5:00]
Running from: c:\users\Planeacion\Downloads\ComboFix.exe
AV: Kaspersky Anti-Virus *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A0
6}
FW: Kaspersky Anti-Virus *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
SP: Kaspersky Anti-Virus *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20B
B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))
)))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\etc\hosts.ics
.
.
((((((((((((((((((((((((( Files Created from 2013-03-18 to 2013-04-18 )))))))
))))))))))))))))))))))))
.
.
2013-04-18 14:02 . 2013-04-18 14:02
-------d-----wc:\users
\Planeacion\AppData\Local\temp
2013-04-18 14:02 . 2013-04-18 14:02
-------d-----wc:\windo
ws\system32\config\systemprofile\AppData\Local\temp
2013-04-18 14:02 . 2013-04-18 14:02
-------d-----wc:\users
\Soporte\AppData\Local\temp
2013-04-18 14:02 . 2013-04-18 14:02
-------d-----wc:\users
\Public\AppData\Local\temp
2013-04-18 14:02 . 2013-04-18 14:02
-------d-----wc:\users
\DefaultAppPool\AppData\Local\temp
2013-04-18 14:02 . 2013-04-18 14:02
-------d-----wc:\users
\Default\AppData\Local\temp
2013-04-18 13:22 . 2013-04-18 13:22
60872 ----a-wc:\programdata\M
icrosoft\Windows Defender\Definition Updates\{465CBB54-975B-48D5-BC60-244143771F
49}\offreg.dll
2013-04-17 23:22 . 2013-04-17 23:22
-------d-----wc:\progr
am files\iPod
2013-04-17 23:22 . 2013-04-17 23:24
-------d-----wc:\progr
amdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-04-17 23:22 . 2013-04-17 23:24
-------d-----wc:\progr
am files\iTunes
2013-04-16 11:15 . 2013-03-15 07:21
7108640 ----a-wc:\programdata\M
icrosoft\Windows Defender\Definition Updates\{465CBB54-975B-48D5-BC60-244143771F
49}\mpengine.dll
2013-04-15 14:47 . 2012-12-10 20:48
35840 ----a-wc:\windows\syste
m32\drivers\RimSerial.sys
2013-04-11 13:42 . 2013-04-11 13:42
-------d-----wc:\progr
amdata\Splashtop
2013-04-11 13:42 . 2013-04-11 13:42
-------d-----wc:\progr
am files\Splashtop
2013-04-11 13:42 . 2013-04-11 13:42
-------d-----wc:\users
\Planeacion\AppData\Roaming\Splashtop Remote Client 2.0
2013-04-11 13:41 . 2013-04-11 13:41
-------d-----wc:\progr
amdata\Downloaded Installations
2013-04-10 21:42 . 2013-03-09 19:38
-------d-----wC:\Vixen
-3.0.5
2013-04-10 13:42 . 2013-03-01 03:09
2347008 ----a-wc:\windows\syste

m32\win32k.sys
2013-04-10 13:42 . 2013-01-24 04:47
196328 ----a-wc:\windows\syste
m32\drivers\fvevol.sys
2013-04-10 13:42 . 2013-03-19 05:04
3913560 ----a-wc:\windows\syste
m32\ntoskrnl.exe
2013-04-10 13:42 . 2013-03-19 05:04
3968856 ----a-wc:\windows\syste
m32\ntkrnlpa.exe
2013-04-10 13:42 . 2013-03-19 04:48
38912 ----a-wc:\windows\syste
m32\csrsrv.dll
2013-04-10 13:42 . 2013-03-19 02:49
69632 ----a-wc:\windows\syste
m32\smss.exe
2013-04-10 13:42 . 2013-03-02 05:07
1212264 ----a-wc:\windows\syste
m32\drivers\ntfs.sys
2013-04-09 16:50 . 2013-02-22 07:17
181784 ----a-wc:\windows\syste
m32\drivers\ssudmdm.sys
2013-04-09 16:50 . 2013-02-22 07:17
83864 ----a-wc:\windows\syste
m32\drivers\ssudbus.sys
2013-04-09 16:49 . 2013-02-22 07:16
15304 ----a-wc:\windows\syste
m32\drivers\ssadwhnt.sys
2013-04-09 16:49 . 2013-02-22 07:16
15304 ----a-wc:\windows\syste
m32\drivers\ssadwh.sys
2013-04-09 16:49 . 2013-02-22 07:16
32064 ----a-wc:\windows\syste
m32\drivers\ssadadb.sys
2013-04-09 16:49 . 2013-02-22 07:16
17864 ----a-wc:\windows\syste
m32\drivers\ssadmdfl.sys
2013-04-09 16:49 . 2013-02-22 07:16
15560 ----a-wc:\windows\syste
m32\drivers\ssadcmnt.sys
2013-04-09 16:49 . 2013-02-22 07:16
15560 ----a-wc:\windows\syste
m32\drivers\ssadcm.sys
2013-04-09 16:49 . 2013-02-22 07:16
153672 ----a-wc:\windows\syste
m32\drivers\ssadmdm.sys
2013-04-09 16:49 . 2013-02-22 07:16
1418432 ----a-wc:\windows\syste
m32\WdfCoInstaller01005.dll
2013-04-09 16:49 . 2013-02-22 07:16
1418432 ----a-wc:\windows\syste
m32\drivers\WdfCoInstaller01005.dll
2013-04-09 16:49 . 2013-02-22 07:16
136904 ----a-wc:\windows\syste
m32\drivers\ssadbus.sys
2013-04-09 16:49 . 2013-02-22 07:16
130248 ----a-wc:\windows\syste
m32\drivers\ssadserd.sys
2013-04-05 21:46 . 2013-04-05 21:46
-------d-----wc:\users
\Planeacion\AppData\Roaming\vlc
2013-04-05 21:29 . 2013-04-05 21:29
-------d-----wc:\progr
amdata\Readon
2013-04-05 00:19 . 2013-04-05 20:43
-------d-----wc:\users
\Planeacion\AppData\Local\Readon_Technology
2013-04-05 00:19 . 2013-04-05 00:31
-------d-----wc:\progr
am files\Readon Technology
2013-03-26 13:26 . 2013-02-12 03:32
15872 ----a-wc:\windows\syste
m32\drivers\usb8023.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))
)))))))))))))))))))))))))))))))
.
2013-04-11 20:27 . 2012-04-12 16:19
691592 ----a-wc:\windows\syste
m32\FlashPlayerApp.exe
2013-04-11 20:27 . 2011-10-19 22:43
71048 ----a-wc:\windows\syste
m32\FlashPlayerCPLApp.cpl
2013-03-12 06:10 . 2011-10-19 22:50
237088 ------wc:\windows\syste

m32\MpSigStub.exe
2013-02-12 04:48 . 2013-03-13 06:16
474112 ----a-wc:\windows\apppa
tch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 06:16
2176512 ----a-wc:\windows\apppa
tch\AcGenral.dll
2013-02-05 08:54 . 2011-12-14 20:40
37344 ----a-wc:\windows\syste
m32\FsUsbExDisk.Sys
2013-02-05 08:54 . 2011-12-14 20:40
233472 ----a-wc:\windows\syste
m32\FsUsbExService.Exe
2012-06-06 04:06 . 2012-06-06 04:06
2174976 ----a-wc:\program files
\Common Files\atimpenc.dll
2013-04-12 14:25 . 2013-04-12 14:25
263064 ----a-wc:\program files
\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck ------Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514]
. . c:\windows\ERDNT\cache\user32.dll
[-] 2010-11-20 . 8626F0C30D4E3564FFDD25C90F4426F1 . 811520 . . [6.1.7601.17514]
. . c:\windows\System32\user32.dll
[7] 2010-11-20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514]
. . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.175
14_none_cf3fd62ccb9e983d\user32.dll
[7] 2009-12-16 . C7B21BEF09EC7249556BEE19F9D314CB . 811520 . . [6.1.7600.16400]
. . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.164
00_none_cd604238ce73b38f\user32.dll
[7] 2009-12-16 . AE2B4D47934D3798C984D51B1694A490 . 811520 . . [6.1.7600.20496]
. . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.204
96_none_cd8e8f8de7d4e9b5\user32.dll
[7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385]
. . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.163
85_none_cd0ec264ceb014a3\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))
)))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{9DFE2FE9-CF99-4ADF-A28E-9
B5ADB8DC74F}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellicon
overlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-02-08 00:49
22376 ----a-wc:\program files\Internet Downlo
ad Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2012-11-14 366536]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2012-03-05 34748
40]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-01-08 18708224]
"KiesPreload"="c:\program files\Samsung\Kies\Kies.exe" [2013-03-28 1511792]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Works


tations MP4\avp.exe" [2010-03-13 311680]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe
" [2012-07-03 252848]
"Xerox PanelMgr"="c:\windows\Xerox\PanelMgr\SSMMgr.exe" [2011-10-23 626688]
"NSCSysTrayUI_XEROX"="c:\program files\XEROX\NetworkScan\NSCSysUI_XEROX.exe" [20
11-08-30 266240]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Dri
vers\RIMBBLaunchAgent.exe" [2013-01-17 267792]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScri
beControlPanel.exe" [2009-06-17 2363392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1.0FO\adialhk.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^Users^Planeacion^AppData^Roaming^Microsoft^Windows^Star
t Menu^Programs^Startup^HotSync Manager.lnk]
path=c:\users\Planeacion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\S
tartup\HotSync Manager.lnk
backup=c:\windows\pss\HotSync Manager.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Planeacion^AppData^Roaming^Microsoft^Windows^Star
t Menu^Programs^Startup^Viderio.lnk]
path=c:\users\Planeacion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\S
tartup\Viderio.lnk
backup=c:\windows\pss\Viderio.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe AR
M]
2012-12-03 07:35
946352 ----a-wc:\program files\Common Files\Ad
obe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAM
Updater-1.0]
2012-09-20 12:27
444904 ----a-wc:\program files\Common Files\Ad
obe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemo
n]
2013-01-28 18:08
59720 ----a-wc:\program files\Common Files\Ap
ple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
2012-02-02 15:55
3209216 ----a-wc:\program files\Ares\Ares.exe

.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDT
ray]
2006-09-28 19:21
57344 ----a-wc:\program files\SlySoft\CloneCD
\CloneCDTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DF Manag
er]
2010-06-23 17:31
2068992 ----a-wc:\program files\DepositFiles\DF
Manager\DFManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook
Update]
2012-07-11 23:20
138096 ----atwc:\users\Planeacion\AppData\Loca
l\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Laser
Jet Professional M1530 MFP Series Fax]
2010-04-09 20:09
2460472 ------wc:\program files\HP\HP LaserJet
Professional M1530 MFP Series\Fax Driver\hppfaxprintersrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHe
lper]
2013-02-20 17:35
152392 ----a-wc:\program files\iTunes\iTunesHe
lper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR
]
2013-03-28 09:32
1106288 ----a-wc:\program files\Samsung\Kies\Ex
ternal\FirmwareUpdate\KiesPDLR.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPrel
oad]
2013-03-28 09:32
1511792 ----a-wc:\program files\Samsung\Kies\Ki
es.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTray
Agent]
2013-03-28 09:32
310640 ----a-wc:\program files\Samsung\Kies\Ki
esTrayAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScr
ibe Control Panel]
2009-06-17 17:13
2363392 ----a-wc:\program files\Common Files\Li
ghtScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyGarmin
Agent]
2010-03-16 14:36
337256 ----a-wc:\program files\Garmin\MyGarmin
Agent\myGarminAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent]
2010-03-26 15:52
1234216 ----a-wc:\program files\Nero\Nero 10\Ne
ro BackItUp\NBAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaSui
te.exe]
2012-05-16 12:44
1084840 ----a-wc:\program files\Nokia\Nokia Sui
te\NokiaSuite.exe
.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD9Lan
guageShortcut]
2008-10-14 01:41
50472 ------wc:\program files\CyberLink\Power
DVD9\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteCo
ntrol9]
2009-02-16 14:55
87336 ------wc:\program files\CyberLink\Power
DVD9\PDVD9Serv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RIMBBLau
nchAgent.exe]
2013-01-17 21:08
267792 ----a-wc:\program files\Common Files\Re
search In Motion\USB Drivers\RIMBBLaunchAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-01-08 17:58
18708224
----a-rc:\program files\Skype\P
hone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellEx
e]
2012-11-15 15:05
296096 ----a-wc:\program files\Real\RealPlayer
\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToolboxF
X]
2010-04-16 16:32
58936 ----a-wc:\program files\HP\ToolboxFX\bi
n\HPTLBXFX.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiV
irus]
"DisableMonitoring"=dword:00000001
.
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C S
ervice\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32
\Drivers\ssadadb.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windo
ws\system32\DRIVERS\ssudbus.sys [x]
R3 hid7906;hid7906;c:\windows\system32\drivers\hid7906.sys [x]
R3 hid8101;hid8101;c:\windows\system32\drivers\hid8101.sys [x]
R3 hid8103;hid8103;c:\windows\system32\drivers\hid8103.sys [x]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu
.sys [x]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sy
s [x]
R3 OracleClientCache80;OracleClientCache80;c:\orant6i\BIN\ONRSD80.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\dri
vers\rdpvideominiport.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32
\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadm
dfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm
.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32
\DRIVERS\ssadserd.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\
DRIVERS\ssudmdm.sys [x]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Servicio de tecnologas de activacin de Windows;c:\windows\system32\
Wat\WatAdminSvc.exe [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sy
s [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\a
tiesrxx.exe [x]
S2 DLPortIO;DriverLINX Port I/O Driver; [x]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [x]
S2 HP LaserJet Service;HP LaserJet Service;c:\program files\HP\HPLaserJetService
\HPLaserJetService.exe [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [x]
S2 klnagent;Agente de red de Kaspersky Lab;c:\program files\Kaspersky Lab\Networ
kAgent 8\klnagent.exe [x]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [x]
S2 PhoneMyPC_Helper;PhoneMyPC_Helper;c:\program files\SoftwareForMe Inc\PhoneMyP
C\PhoneMyPC_Helper.exe [x]
S2 SCPDFReadSpool;SolidConverterPDFReadSpool;c:\windows\Installer\MSI9BF6.tmp [x
]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]
S2 SSUService;Splashtop Software Updater Service;c:\program files\Splashtop\Spla
shtop Software Updater\SSUService.exe [x]
S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Serv
ice.exe [x]
S2 Xerox MFP Fax Server;Xerox MFP Fax Server;c:\windows\system32\spool\drivers\w
32x86\3\XrxFaxServer.exe [x]
S3 Blackberry Device Manager;Blackberry Device Manager;c:\program files\Common F
iles\Research In Motion\USB Drivers\BbDevMgr.exe [x]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\DRIVERS\klfltdev.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
.
.
--- Other Services/Drivers In Memory --.
*NewlyCreated* - FSUSBEXDISK
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ
SSDPSRV upnphost SCardSvr TBS fd
respub AppIDSvc QWAVE wcncsvc SensrSvc
HPZ12 REG_MULTI_SZ
Pml Driver HPZ12 Net Driver HPZ12
GPSvcGroup
REG_MULTI_SZ
GPSvc
iissvcs REG_MULTI_SZ
w3svc was
apphost REG_MULTI_SZ
apphostsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - Local
Service
FontCache
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D
85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 17:11
451872 ----a-wc:\program files\Common Files\Li
ghtScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D3

45-D564-463c-AFF1-A69D9E530F96}]
2013-04-10 20:33
1642448 ----a-wc:\program files\Google\Chrome\A
pplication\26.0.1410.64\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 20
:27]
.
2013-04-17 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3251087407-5187487571599405275-1001Core.job
- c:\users\Planeacion\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-1129 23:20]
.
2013-04-18 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3251087407-5187487571599405275-1001UA.job
- c:\users\Planeacion\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-1129 23:20]
.
2013-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-10 15:57]
.
2013-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-10 15:57]
.
2013-04-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3251087407-518748757-15
99405275-1001Core.job
- c:\users\Planeacion\AppData\Local\Google\Update\GoogleUpdate.exe [2013-04-01 2
0:34]
.
2013-04-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3251087407-518748757-15
99405275-1001UA.job
- c:\users\Planeacion\AppData\Local\Google\Update\GoogleUpdate.exe [2013-04-01 2
0:34]
.
.
------- Supplementary Scan ------.
uStart Page = hxxp://www.google.com.co/
mStart Page = hxxp://www.bigseekpro.com/virtualwifirouter18/{497215B7-C483-48578CFE-6A590D6FC859}
IE: &Enviar a OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Agregar al componente Anti-Banners - c:\program files\Kaspersky Lab\Kaspersk
y Anti-Virus 6.0 for Windows Workstations MP4\ie_banner_deny.htm
IE: Descargar con IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Descargar con IDM todos los enlaces - c:\program files\Internet Download Ma
nager\IEGetAll.htm
IE: Descargar con Mipony - file://c:\program files\MiPony\Browser\IEContext.htm
IE: E&xportar a Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{9B2AF9CD-75E0-47AE-A98D-4281AA38AABA}: NameServer = 200.24.7.3,
200.24.7.20
FF - ProfilePath - c:\users\Planeacion\AppData\Roaming\Mozilla\Firefox\Profiles\
momvsyul.default-1346251290608\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com.co
FF - ExtSQL: 2013-02-25 15:04; [email protected]; c:\users\Planeacion\AppData\R
oaming\Mozilla\Firefox\Profiles\momvsyul.default-1346251290608\extensions\firefo
[email protected]

FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/


?babsrc=TB_def&mntrId=d0e92ac50000000000000617c4b308c0&q=
FF - user.js: extensions.BabylonToolbar.id - d0e92ac50000000000000617c4b308c0
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92D
D98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15686
FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.4.9
FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.4.9
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.8.4.910:16
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar_i.excTlbr - false
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112842&tt=111212_kwno
bl_5012_5
FF - user.js: extensions.BabylonToolbar_i.babExt FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar.autoRvrt - false
FF - user.js: extensions.BabylonToolbar.rvrt - false
FF - user.js: extensions.BabylonToolbar_i.newTab - false
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SCPDFReadSpool]
"ImagePath"="c:\windows\Installer\MSI9BF6.tmp"
.
--------------------- LOCKED REGISTRY KEYS --------------------.
[HKEY_USERS\S-1-5-21-3251087407-518748757-1599405275-1001_Classes\CLSID\{014078e
a-fabd-487d-87d8-d582fa1d8ac8}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000be
"Therad"=dword:0000001b
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_USERS\S-1-5-21-3251087407-518748757-1599405275-1001_Classes\CLSID\{7B8E916
4-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):bb,cb,41,7a,d4,2c,3b,fc,3f,41,10,a2,1a,78,82,46,a6,7d,75,dd,d3,
aa,12,76,f7,bc,5a,59,e1,c8,50,a0,b7,0b,03,a9,52,69,81,af,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66
}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602
_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66
}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66

}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66
}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C
9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C
9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C
9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC108002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC108002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC108002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC108002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC108002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC108002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC108002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-04-18 09:06:28
ComboFix-quarantined-files.txt 2013-04-18 14:06
ComboFix2.txt 2013-04-11 21:03
.
Pre-Run: 36,622,245,888 bytes libres
Post-Run: 36,727,930,880 bytes libres
.
- - End Of File - - 0DDA137305E6C561776C78541441C2E3

You might also like