2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.34.3082.18.1014.430 [GMT -6:0
0]
Running from: c:\downloads\UTILERIAS VIRUS ESPECIFICOS\UTILERIAS VIRUS ESPECIFIC
OS\ComboFix.exe
AV: avast! Internet Security *On-access scanning enabled* (Updated) {7591DB91-41
F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))
)))))))))))))))))))))))))))))
.
c:\documents and settings\PCCASA\Datos de programa\EurekaLog
c:\windows\system32\vbzlib1.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))
))))))))))))))))))))))))))))))
.
-------\Legacy_MYWEBSEARCHSERVICE
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http:/
/www.gmer.net
Rootkit scan 2010-11-12 13:43
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E
}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX
.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E
}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E
}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E
}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6A
F30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6A
F30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6A
F30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData
\LocalSystem\Components\ |ÿÿÿÿÀ |ù 9~*]
"A0C0710900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(608)
c:\windows\system32\WININET.dll
c:\archivos de programa\Windows Media Player\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\archivos de programa\Archivos comunes\Corel\Shared\Shell Extension\ShellXP.dl
l
c:\archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\PDFShell.ESP
c:\archivos de programa\Malwarebytes' Anti-Malware\mbamext.dll
c:\archivos de programa\WinRAR\rarext.dll
c:\archiv~1\Eraser\ERASER~3.DLL
c:\archivos de programa\Balabolka\BFileExt.dll
c:\archivos de programa\Axantum\AxCrypt\AxCryptShellExt.dll
.
------------------------ Other Running Processes ------------------------
.
c:\archivos de programa\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\crypserv.exe
c:\archivos de programa\Java\jre6\bin\jqs.exe
c:\archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\archivos de programa\CDBurnerXP\NMSAccessU.exe
c:\archivos de programa\Archivos comunes\Protexis\License Service\PsiService_2.e
xe
c:\archivos de programa\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\archivos de programa\Autorun Eater\billy.exe
.
**************************************************************************
.
Completion time: 2010-11-12 13:50:56 - machine was rebooted
ComboFix-quarantined-files.txt 2010-11-12 19:50
Pre-Run: 52.890.443.776 bytes libres
Post-Run: 52.855.812.096 bytes libres
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional"
/noexecute=optin /fastdetect
C:\wubildr.mbr = "Ubuntu"
- - End Of File - - 77C9805E270EF3AED23E5B4F6CF6C289