SlideShare a Scribd company logo

Combo fix

Download as TXT, PDF
Sergio Gabriel Cervantes
Sergio Gabriel Cervantes
Technology
1 of 4
ComboFix 12-01-10.02 - Administrador 11/01/2012 18:29:39.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.34.3082.18.3327.2823 [GMT -5:00] Running from: c:combofixComboFix.exe . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:documents and settingsAdministradorEscritorioInternet Explorer.lnk c:windowssystem32PowerToyReadme.htm c:windowssystem32wallpaper.exe c:windowssystem32windowsupdate.exe c:windowswallpaper.jpg . . ((((((((((((((((((((((((( Files Created from 2011-12-11 to 2012-01- 11 ))))))))))))))))))))))))))))))) . . 2012-01-11 22:59 . 2012-01-11 22:59 -------- d-----w- C:AMD . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2008-05-11 . C2BDEA3B5E025FADB79FD3DEB23B8F53 . 361344 . . [5.1.2600.5512] . . c:windowssystem32driverstcpip.sys . [-] 2008-04-14 07:48 . BC40A2DE9FB2C8A551A240F2359C8F30 . 847360 . . [2001.12.4414.700] . . c:windowssystem32comres.dll [7] 2008-04-14 07:48 . 93F4E612C695E81512110956454E6E25 . 837120 . . [2001.12.4414.700] . . c:windowsXPize DarksideBackupcomres.dll . [-] 2008-05-11 . 38FF5050D7BC47F344AE271B6C250201 . 3591680 . . [7.00.6000.16640] . . c:windowssystem32mshtml.dll . [-] 2008-05-11 . 39E5AA52B667BDD18690336E7E410EAF . 826368 . . [7.00.6000.16640] . . c:windowssystem32wininet.dll . [-] 2008-04-14 . C6C729770D9C3A0AD4D2D28788E71684 . 1698816 . . [6.00.2900.5512] . . c:windowsexplorer.exe [7] 2008-04-14 . 7522F548A84ABAD8FA516DE5AB3931EF . 1036288 . . [6.00.2900.5512] . . c:windowsXPize DarksideBackupexplorer.exe . [-] 2008-04-14 . C8F12B2102B5A9F9AB87E23C6EDFA021 . 429056 . . [5.1.2600.5512] . . c:windowsregedit.exe [7] 2008-04-14 . F4B9F9AA2F72FAD20D09C3E3FF2BE224 . 152064 . . [5.1.2600.5512] . . c:windowsXPize DarksideBackupregedit.exe . [-] 2008-04-14 . 97D44EE3E44CDC7035E3CB2EF20BABDB . 30208 . . [5.1.2600.5512] . . c:windowssystem32ctfmon.exe [7] 2008-04-14 . DAAE1CB1B1875B760496E7D3336DA1AD . 15360 . . [5.1.2600.5512] . . c:windowsXPize DarksideBackupctfmon.exe . . .
[-] 2008-05-11 20:28 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:windowssystem32mspmsnsv.dll . . c:windowsSystem32wscntfy.exe ... is missing !! c:windowsSystem32regsvc.dll ... is missing !! . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun] "TaskSwitchXP"="c:archivos de programaTaskSwitchXPTaskSwitchXP.exe" [2006-08- 04 62976] . [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] "StartCCC"="c:archivos de programaATI TechnologiesATI.ACECore- StaticCLIStart.exe" [2011-03-10 98304] "USB Security"="c:archivos de programaUSB Disk SecurityUSBGuard.exe" [2011- 01-31 627616] . [HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun] "CTFMON.EXE"="c:windowssystem32CTFMON.EXE" [2008-04-14 30208] . [HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRunOnce] "nltide_2"="shell32" [X] "nltide_3"="advpack.dll" [2008-05-11 124928] . [HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer] "NoSMHelp"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) "NoSMMyPictures"= 1 (0x1) "NoResolveTrack"= 1 (0x1) . [HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionpoliciesexplorer ] "ForceClassicControlPanel"= 1 (0x1) "NoSMHelp"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) "NoSMMyPictures"= 1 (0x1) "NoResolveTrack"= 1 (0x1) . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogon] "UIHost"=hex(2):58,50,69,7a,65,5f,4c,6f,67,6f,6e,2e,65,78,65,00 . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregctfmon.exe] 2008-04-14 07:48 30208 ----a-w- c:windowssystem32ctfmon.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregHDAudDeck] 2010-10-22 03:13 40995440 ----a-r- c:archivos de programaVIAVIAudioiHDADeckHDeck.exe . [HKLM~servicessharedaccessparametersfirewallpolicystandardprofile] "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) . [HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthoriz edApplicationsList] "%windir%Network Diagnosticxpnetdiag.exe"= "%windir%system32sessmgr.exe"=
"c:Archivos de programaWindows LiveMessengerwlcsdk.exe"= "c:Archivos de programaWindows LiveMessengermsnmsgr.exe"= . R0 sptd;sptd;c:windowssystem32driverssptd.sys [11/01/2012 11:17 717296] R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:windowssystem32driversAtihdXP3.sys [11/01/2012 18:00 101904] R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:windowssystem32driversl1c51x86.sys [11/01/2012 17:51 50176] R3 usbfilter;AMD USB Filter Driver;c:windowssystem32driversusbfilter.sys [11/01/2012 17:47 30392] R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:windowssystem32driversviahduaa.sys [11/01/2012 17:52 2135280] S3 MSICDSetup;MSICDSetup;??e:cdriver.sys --> e:CDriver.sys [?] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - UDFS . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.experienciaue.com.ar/graciasporinstalar20091.html uSearchURL,(Default) = hxxp://www.google.com/keyword/%s TCP: Interfaces{BE5DD549-A9DA-497C-97B4-8CF94843DB28}: NameServer = 200.48.225.130,200.48.225.146 FF - ProfilePath - . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-01-11 18:31 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(504) c:windowssystem32SETUPAPI.dll c:windowssystem32Ati2evxx.dll c:windowssystem32atiadlxx.dll c:windowssystem32cscui.dll . - - - - - - - > 'lsass.exe'(560) c:windowssystem32setupapi.dll . Completion time: 2012-01-11 18:31:43 ComboFix-quarantined-files.txt 2012-01-11 23:31 . Pre-Run: 257.153.736.704 bytes libres Post-Run: 257.164.029.952 bytes libres . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)WINDOWS [operating systems] c:cmdconsBOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - FF47439C608601FA56E23F036E003415

Recommended

101 run commands
101 run commands101 run commands
101 run commandsSunil Patel
 
التحديثات التلقائية؟
التحديثات التلقائية؟التحديثات التلقائية؟
التحديثات التلقائية؟saleh222
 
التحديثات التلقائية؟
التحديثات التلقائية؟ التحديثات التلقائية؟
التحديثات التلقائية؟saleh222
 
Windows 7 error 1079 fix
Windows 7 error 1079 fixWindows 7 error 1079 fix
Windows 7 error 1079 fixSarahLamusu
 
Skype
SkypeSkype
SkypeMarelleVaino
 
Introducción
IntroducciónIntroducción
Introducciónmasterhack
 
O sal
O salO sal
O salProfCalazans
 
Dispositivos de imagen
Dispositivos de imagenDispositivos de imagen
Dispositivos de imagenacademico
 

Recommended

101 run commands
101 run commands101 run commands
101 run commandsSunil Patel
 
التحديثات التلقائية؟
التحديثات التلقائية؟التحديثات التلقائية؟
التحديثات التلقائية؟saleh222
 
التحديثات التلقائية؟
التحديثات التلقائية؟ التحديثات التلقائية؟
التحديثات التلقائية؟saleh222
 
Windows 7 error 1079 fix
Windows 7 error 1079 fixWindows 7 error 1079 fix
Windows 7 error 1079 fixSarahLamusu
 
Skype
SkypeSkype
SkypeMarelleVaino
 
Introducción
IntroducciónIntroducción
Introducciónmasterhack
 
O sal
O salO sal
O salProfCalazans
 
Dispositivos de imagen
Dispositivos de imagenDispositivos de imagen
Dispositivos de imagenacademico
 
Readme italian
Readme italianReadme italian
Readme italianMatheus Lira
 
Yeditepe universitesi
Yeditepe universitesiYeditepe universitesi
Yeditepe universitesizeynep_zyn98
 
Audrey hepburn
Audrey hepburnAudrey hepburn
Audrey hepburnisabelach97
 
Licitações para copa do mundo e olimpíadas
Licitações para copa do mundo e olimpíadasLicitações para copa do mundo e olimpíadas
Licitações para copa do mundo e olimpíadasJosé Rogério de Sousa Mendes Júnior
 
3. Apresentação UCAA
3. Apresentação UCAA3. Apresentação UCAA
3. Apresentação UCAASandra Luccas
 
Lesson plans Nº 3 and 4
Lesson plans Nº 3 and 4Lesson plans Nº 3 and 4
Lesson plans Nº 3 and 4Mari Montenegro
 
Apresentação tic com simulação
Apresentação tic com simulaçãoApresentação tic com simulação
Apresentação tic com simulaçãobrazuk
 
Touchpad Trouble Shooting In Windows 7
Touchpad Trouble Shooting In Windows 7Touchpad Trouble Shooting In Windows 7
Touchpad Trouble Shooting In Windows 7James Duncan
 
Factores de la comunicacion
Factores de la comunicacionFactores de la comunicacion
Factores de la comunicacionfresiasalazar
 
09 telnet, remote dan ftp
09 telnet, remote dan ftp09 telnet, remote dan ftp
09 telnet, remote dan ftpNurul Hudin
 
Water and agroforestry chin (nxpowerlite)
Water and agroforestry chin (nxpowerlite)Water and agroforestry chin (nxpowerlite)
Water and agroforestry chin (nxpowerlite)World Agroforestry (ICRAF)
 
Diaposit proyecto ceboll
Diaposit proyecto cebollDiaposit proyecto ceboll
Diaposit proyecto cebollHildebrando Rincon
 
La fotografía
La fotografíaLa fotografía
La fotografíactruchado
 
Oyun bağimliliği en son hali
Oyun bağimliliği en son haliOyun bağimliliği en son hali
Oyun bağimliliği en son haliyerdinc
 
Homer donut odyssey
Homer donut odysseyHomer donut odyssey
Homer donut odysseymjacobson
 
017 monitores de pantalla plana (1)
017 monitores de pantalla plana (1)017 monitores de pantalla plana (1)
017 monitores de pantalla plana (1)Claret Malmaceda Castillo
 
Zhp diag
Zhp diagZhp diag
Zhp diagjulian audouard
 
Freefixer log
Freefixer logFreefixer log
Freefixer logreiryuzaki
 
WannaCry emulation report
WannaCry emulation reportWannaCry emulation report
WannaCry emulation reportDameon Welch-Abernathy
 
ITFT - DOS - Disk Operating System
ITFT - DOS - Disk Operating SystemITFT - DOS - Disk Operating System
ITFT - DOS - Disk Operating SystemBlossom Sood
 
Windows 8.1 Deployment - Tools, Tools, Tools
Windows 8.1 Deployment - Tools, Tools, ToolsWindows 8.1 Deployment - Tools, Tools, Tools
Windows 8.1 Deployment - Tools, Tools, ToolsRoel van Bueren
 
Frst
FrstFrst
Frstbpkole
 

More Related Content

Viewers also liked

Yeditepe universitesi
Yeditepe universitesiYeditepe universitesi
Yeditepe universitesizeynep_zyn98
 
3. Apresentação UCAA
3. Apresentação UCAA3. Apresentação UCAA
3. Apresentação UCAASandra Luccas
 
Lesson plans Nº 3 and 4
Lesson plans Nº 3 and 4Lesson plans Nº 3 and 4
Lesson plans Nº 3 and 4Mari Montenegro
 
Apresentação tic com simulação
Apresentação tic com simulaçãoApresentação tic com simulação
Apresentação tic com simulaçãobrazuk
 
Touchpad Trouble Shooting In Windows 7
Touchpad Trouble Shooting In Windows 7Touchpad Trouble Shooting In Windows 7
Touchpad Trouble Shooting In Windows 7James Duncan
 
Factores de la comunicacion
Factores de la comunicacionFactores de la comunicacion
Factores de la comunicacionfresiasalazar
 
09 telnet, remote dan ftp
09 telnet, remote dan ftp09 telnet, remote dan ftp
09 telnet, remote dan ftpNurul Hudin
 
La fotografía
La fotografíaLa fotografía
La fotografíactruchado
 
Oyun bağimliliği en son hali
Oyun bağimliliği en son haliOyun bağimliliği en son hali
Oyun bağimliliği en son haliyerdinc
 
Homer donut odyssey
Homer donut odysseyHomer donut odyssey
Homer donut odysseymjacobson
 

Viewers also liked (16)

Readme italian
Readme italianReadme italian
Readme italian
 
Yeditepe universitesi
Yeditepe universitesiYeditepe universitesi
Yeditepe universitesi
 
Audrey hepburn
Audrey hepburnAudrey hepburn
Audrey hepburn
 
Licitações para copa do mundo e olimpíadas
Licitações para copa do mundo e olimpíadasLicitações para copa do mundo e olimpíadas
Licitações para copa do mundo e olimpíadas
 
3. Apresentação UCAA
3. Apresentação UCAA3. Apresentação UCAA
3. Apresentação UCAA
 
Lesson plans Nº 3 and 4
Lesson plans Nº 3 and 4Lesson plans Nº 3 and 4
Lesson plans Nº 3 and 4
 
Apresentação tic com simulação
Apresentação tic com simulaçãoApresentação tic com simulação
Apresentação tic com simulação
 
Touchpad Trouble Shooting In Windows 7
Touchpad Trouble Shooting In Windows 7Touchpad Trouble Shooting In Windows 7
Touchpad Trouble Shooting In Windows 7
 
Factores de la comunicacion
Factores de la comunicacionFactores de la comunicacion
Factores de la comunicacion
 
09 telnet, remote dan ftp
09 telnet, remote dan ftp09 telnet, remote dan ftp
09 telnet, remote dan ftp
 
Water and agroforestry chin (nxpowerlite)
Water and agroforestry chin (nxpowerlite)Water and agroforestry chin (nxpowerlite)
Water and agroforestry chin (nxpowerlite)
 
Diaposit proyecto ceboll
Diaposit proyecto cebollDiaposit proyecto ceboll
Diaposit proyecto ceboll
 
La fotografía
La fotografíaLa fotografía
La fotografía
 
Oyun bağimliliği en son hali
Oyun bağimliliği en son haliOyun bağimliliği en son hali
Oyun bağimliliği en son hali
 
Homer donut odyssey
Homer donut odysseyHomer donut odyssey
Homer donut odyssey
 
017 monitores de pantalla plana (1)
017 monitores de pantalla plana (1)017 monitores de pantalla plana (1)
017 monitores de pantalla plana (1)
 

Similar to Combo fix

ITFT - DOS - Disk Operating System
ITFT - DOS - Disk Operating SystemITFT - DOS - Disk Operating System
ITFT - DOS - Disk Operating SystemBlossom Sood
 
Windows 8.1 Deployment - Tools, Tools, Tools
Windows 8.1 Deployment - Tools, Tools, ToolsWindows 8.1 Deployment - Tools, Tools, Tools
Windows 8.1 Deployment - Tools, Tools, ToolsRoel van Bueren
 
MegaScriptSample - Released x-x-15
MegaScriptSample - Released x-x-15MegaScriptSample - Released x-x-15
MegaScriptSample - Released x-x-15Bob Powers
 
Configuration Manager: zero-touch & Windows 8.1 (WinDays14)
Configuration Manager: zero-touch & Windows 8.1 (WinDays14)Configuration Manager: zero-touch & Windows 8.1 (WinDays14)
Configuration Manager: zero-touch & Windows 8.1 (WinDays14)Tomica Kaniski
 
Ideal Deployment In .NET World
Ideal Deployment In .NET WorldIdeal Deployment In .NET World
Ideal Deployment In .NET WorldDima Pasko
 
Ataques dirigidos contra activistas
Ataques dirigidos contra activistasAtaques dirigidos contra activistas
Ataques dirigidos contra activistasDavid Barroso
 
BSides MCR 2016: From CSV to CMD to qwerty
BSides MCR 2016: From CSV to CMD to qwertyBSides MCR 2016: From CSV to CMD to qwerty
BSides MCR 2016: From CSV to CMD to qwertyJerome Smith
 
How to remove conduit search and other toolbars — extended guide
How to remove conduit search and other toolbars — extended guideHow to remove conduit search and other toolbars — extended guide
How to remove conduit search and other toolbars — extended guideJudy Halliwell
 
Velocity 2014 nyc WebPagetest private instances
Velocity 2014 nyc WebPagetest private instancesVelocity 2014 nyc WebPagetest private instances
Velocity 2014 nyc WebPagetest private instancesPatrick Meenan
 

Similar to Combo fix (20)

Zhp diag
Zhp diagZhp diag
Zhp diag
 
Freefixer log
Freefixer logFreefixer log
Freefixer log
 
WannaCry emulation report
WannaCry emulation reportWannaCry emulation report
WannaCry emulation report
 
ITFT - DOS - Disk Operating System
ITFT - DOS - Disk Operating SystemITFT - DOS - Disk Operating System
ITFT - DOS - Disk Operating System
 
Windows 8.1 Deployment - Tools, Tools, Tools
Windows 8.1 Deployment - Tools, Tools, ToolsWindows 8.1 Deployment - Tools, Tools, Tools
Windows 8.1 Deployment - Tools, Tools, Tools
 
Frst
FrstFrst
Frst
 
MegaScriptSample - Released x-x-15
MegaScriptSample - Released x-x-15MegaScriptSample - Released x-x-15
MegaScriptSample - Released x-x-15
 
List Command at Run
List Command at RunList Command at Run
List Command at Run
 
C fosspeed setup_log
C fosspeed setup_logC fosspeed setup_log
C fosspeed setup_log
 
156-useful-run-commands.pdf
156-useful-run-commands.pdf156-useful-run-commands.pdf
156-useful-run-commands.pdf
 
Configuration Manager: zero-touch & Windows 8.1 (WinDays14)
Configuration Manager: zero-touch & Windows 8.1 (WinDays14)Configuration Manager: zero-touch & Windows 8.1 (WinDays14)
Configuration Manager: zero-touch & Windows 8.1 (WinDays14)
 
Ideal Deployment In .NET World
Ideal Deployment In .NET WorldIdeal Deployment In .NET World
Ideal Deployment In .NET World
 
Ataques dirigidos contra activistas
Ataques dirigidos contra activistasAtaques dirigidos contra activistas
Ataques dirigidos contra activistas
 
BSides MCR 2016: From CSV to CMD to qwerty
BSides MCR 2016: From CSV to CMD to qwertyBSides MCR 2016: From CSV to CMD to qwerty
BSides MCR 2016: From CSV to CMD to qwerty
 
How to remove conduit search and other toolbars — extended guide
How to remove conduit search and other toolbars — extended guideHow to remove conduit search and other toolbars — extended guide
How to remove conduit search and other toolbars — extended guide
 
Windows 8.1 a closer look
Windows 8.1 a closer lookWindows 8.1 a closer look
Windows 8.1 a closer look
 
Windows Utilities
Windows UtilitiesWindows Utilities
Windows Utilities
 
Illusion® v2 wpi
Illusion® v2 wpiIllusion® v2 wpi
Illusion® v2 wpi
 
Velocity 2014 nyc WebPagetest private instances
Velocity 2014 nyc WebPagetest private instancesVelocity 2014 nyc WebPagetest private instances
Velocity 2014 nyc WebPagetest private instances
 
Windows Shortcut keys
Windows Shortcut keysWindows Shortcut keys
Windows Shortcut keys
 

Recently uploaded

Using IESVE for Room Loads Analysis - UK & Ireland
Using IESVE for Room Loads Analysis - UK & IrelandUsing IESVE for Room Loads Analysis - UK & Ireland
Using IESVE for Room Loads Analysis - UK & IrelandIES VE
 
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...TrustArc
 
Top 10 CodeIgniter Development Companies
Top 10 CodeIgniter Development CompaniesTop 10 CodeIgniter Development Companies
Top 10 CodeIgniter Development CompaniesTopCSSGallery
 
Syngulon - Selection technology May 2024.pdf
Syngulon - Selection technology May 2024.pdfSyngulon - Selection technology May 2024.pdf
Syngulon - Selection technology May 2024.pdfSyngulon
 
ERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage IntacctERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage IntacctBrainSell Technologies
 
Introduction to FIDO Authentication and Passkeys.pptx
Introduction to FIDO Authentication and Passkeys.pptxIntroduction to FIDO Authentication and Passkeys.pptx
Introduction to FIDO Authentication and Passkeys.pptxFIDO Alliance
 
Intro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptxIntro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptxFIDO Alliance
 
ChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps ProductivityChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps ProductivityVictorSzoltysek
 
State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!Memoori
 
Frisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdf
Frisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdfFrisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdf
Frisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdfAnubhavMangla3
 
TopCryptoSupers 12thReport OrionX May2024
TopCryptoSupers 12thReport OrionX May2024TopCryptoSupers 12thReport OrionX May2024
TopCryptoSupers 12thReport OrionX May2024Stephen Perrenod
 
Event-Driven Architecture Masterclass: Challenges in Stream Processing
Event-Driven Architecture Masterclass: Challenges in Stream ProcessingEvent-Driven Architecture Masterclass: Challenges in Stream Processing
Event-Driven Architecture Masterclass: Challenges in Stream ProcessingScyllaDB
 
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...FIDO Alliance
 
Oauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoftOauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoftshyamraj55
 
Design and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data ScienceDesign and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data SciencePaolo Missier
 
Working together SRE & Platform Engineering
Working together SRE & Platform EngineeringWorking together SRE & Platform Engineering
Working together SRE & Platform EngineeringMarcus Vechiato
 
How to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cfHow to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cfdanishmna97
 
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...panagenda
 
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...marcuskenyatta275
 

Recently uploaded (20)

Using IESVE for Room Loads Analysis - UK & Ireland
Using IESVE for Room Loads Analysis - UK & IrelandUsing IESVE for Room Loads Analysis - UK & Ireland
Using IESVE for Room Loads Analysis - UK & Ireland
 
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
 
Top 10 CodeIgniter Development Companies
Top 10 CodeIgniter Development CompaniesTop 10 CodeIgniter Development Companies
Top 10 CodeIgniter Development Companies
 
Syngulon - Selection technology May 2024.pdf
Syngulon - Selection technology May 2024.pdfSyngulon - Selection technology May 2024.pdf
Syngulon - Selection technology May 2024.pdf
 
ERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage IntacctERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage Intacct
 
Introduction to FIDO Authentication and Passkeys.pptx
Introduction to FIDO Authentication and Passkeys.pptxIntroduction to FIDO Authentication and Passkeys.pptx
Introduction to FIDO Authentication and Passkeys.pptx
 
Overview of Hyperledger Foundation
Overview of Hyperledger FoundationOverview of Hyperledger Foundation
Overview of Hyperledger Foundation
 
Intro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptxIntro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptx
 
ChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps ProductivityChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps Productivity
 
State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!
 
Frisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdf
Frisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdfFrisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdf
Frisco Automating Purchase Orders with MuleSoft IDP- May 10th, 2024.pptx.pdf
 
TopCryptoSupers 12thReport OrionX May2024
TopCryptoSupers 12thReport OrionX May2024TopCryptoSupers 12thReport OrionX May2024
TopCryptoSupers 12thReport OrionX May2024
 
Event-Driven Architecture Masterclass: Challenges in Stream Processing
Event-Driven Architecture Masterclass: Challenges in Stream ProcessingEvent-Driven Architecture Masterclass: Challenges in Stream Processing
Event-Driven Architecture Masterclass: Challenges in Stream Processing
 
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
 
Oauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoftOauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoft
 
Design and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data ScienceDesign and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data Science
 
Working together SRE & Platform Engineering
Working together SRE & Platform EngineeringWorking together SRE & Platform Engineering
Working together SRE & Platform Engineering
 
How to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cfHow to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cf
 
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
 
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
 

Combo fix

  • 1. ComboFix 12-01-10.02 - Administrador 11/01/2012 18:29:39.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.34.3082.18.3327.2823 [GMT -5:00] Running from: c:combofixComboFix.exe . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:documents and settingsAdministradorEscritorioInternet Explorer.lnk c:windowssystem32PowerToyReadme.htm c:windowssystem32wallpaper.exe c:windowssystem32windowsupdate.exe c:windowswallpaper.jpg . . ((((((((((((((((((((((((( Files Created from 2011-12-11 to 2012-01- 11 ))))))))))))))))))))))))))))))) . . 2012-01-11 22:59 . 2012-01-11 22:59 -------- d-----w- C:AMD . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2008-05-11 . C2BDEA3B5E025FADB79FD3DEB23B8F53 . 361344 . . [5.1.2600.5512] . . c:windowssystem32driverstcpip.sys . [-] 2008-04-14 07:48 . BC40A2DE9FB2C8A551A240F2359C8F30 . 847360 . . [2001.12.4414.700] . . c:windowssystem32comres.dll [7] 2008-04-14 07:48 . 93F4E612C695E81512110956454E6E25 . 837120 . . [2001.12.4414.700] . . c:windowsXPize DarksideBackupcomres.dll . [-] 2008-05-11 . 38FF5050D7BC47F344AE271B6C250201 . 3591680 . . [7.00.6000.16640] . . c:windowssystem32mshtml.dll . [-] 2008-05-11 . 39E5AA52B667BDD18690336E7E410EAF . 826368 . . [7.00.6000.16640] . . c:windowssystem32wininet.dll . [-] 2008-04-14 . C6C729770D9C3A0AD4D2D28788E71684 . 1698816 . . [6.00.2900.5512] . . c:windowsexplorer.exe [7] 2008-04-14 . 7522F548A84ABAD8FA516DE5AB3931EF . 1036288 . . [6.00.2900.5512] . . c:windowsXPize DarksideBackupexplorer.exe . [-] 2008-04-14 . C8F12B2102B5A9F9AB87E23C6EDFA021 . 429056 . . [5.1.2600.5512] . . c:windowsregedit.exe [7] 2008-04-14 . F4B9F9AA2F72FAD20D09C3E3FF2BE224 . 152064 . . [5.1.2600.5512] . . c:windowsXPize DarksideBackupregedit.exe . [-] 2008-04-14 . 97D44EE3E44CDC7035E3CB2EF20BABDB . 30208 . . [5.1.2600.5512] . . c:windowssystem32ctfmon.exe [7] 2008-04-14 . DAAE1CB1B1875B760496E7D3336DA1AD . 15360 . . [5.1.2600.5512] . . c:windowsXPize DarksideBackupctfmon.exe . . .
  • 2. [-] 2008-05-11 20:28 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:windowssystem32mspmsnsv.dll . . c:windowsSystem32wscntfy.exe ... is missing !! c:windowsSystem32regsvc.dll ... is missing !! . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun] "TaskSwitchXP"="c:archivos de programaTaskSwitchXPTaskSwitchXP.exe" [2006-08- 04 62976] . [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] "StartCCC"="c:archivos de programaATI TechnologiesATI.ACECore- StaticCLIStart.exe" [2011-03-10 98304] "USB Security"="c:archivos de programaUSB Disk SecurityUSBGuard.exe" [2011- 01-31 627616] . [HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun] "CTFMON.EXE"="c:windowssystem32CTFMON.EXE" [2008-04-14 30208] . [HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRunOnce] "nltide_2"="shell32" [X] "nltide_3"="advpack.dll" [2008-05-11 124928] . [HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer] "NoSMHelp"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) "NoSMMyPictures"= 1 (0x1) "NoResolveTrack"= 1 (0x1) . [HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionpoliciesexplorer ] "ForceClassicControlPanel"= 1 (0x1) "NoSMHelp"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) "NoSMMyPictures"= 1 (0x1) "NoResolveTrack"= 1 (0x1) . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogon] "UIHost"=hex(2):58,50,69,7a,65,5f,4c,6f,67,6f,6e,2e,65,78,65,00 . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregctfmon.exe] 2008-04-14 07:48 30208 ----a-w- c:windowssystem32ctfmon.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregHDAudDeck] 2010-10-22 03:13 40995440 ----a-r- c:archivos de programaVIAVIAudioiHDADeckHDeck.exe . [HKLM~servicessharedaccessparametersfirewallpolicystandardprofile] "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) . [HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthoriz edApplicationsList] "%windir%Network Diagnosticxpnetdiag.exe"= "%windir%system32sessmgr.exe"=
  • 3. "c:Archivos de programaWindows LiveMessengerwlcsdk.exe"= "c:Archivos de programaWindows LiveMessengermsnmsgr.exe"= . R0 sptd;sptd;c:windowssystem32driverssptd.sys [11/01/2012 11:17 717296] R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:windowssystem32driversAtihdXP3.sys [11/01/2012 18:00 101904] R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:windowssystem32driversl1c51x86.sys [11/01/2012 17:51 50176] R3 usbfilter;AMD USB Filter Driver;c:windowssystem32driversusbfilter.sys [11/01/2012 17:47 30392] R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:windowssystem32driversviahduaa.sys [11/01/2012 17:52 2135280] S3 MSICDSetup;MSICDSetup;??e:cdriver.sys --> e:CDriver.sys [?] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - UDFS . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.experienciaue.com.ar/graciasporinstalar20091.html uSearchURL,(Default) = hxxp://www.google.com/keyword/%s TCP: Interfaces{BE5DD549-A9DA-497C-97B4-8CF94843DB28}: NameServer = 200.48.225.130,200.48.225.146 FF - ProfilePath - . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-01-11 18:31 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(504) c:windowssystem32SETUPAPI.dll c:windowssystem32Ati2evxx.dll c:windowssystem32atiadlxx.dll c:windowssystem32cscui.dll . - - - - - - - > 'lsass.exe'(560) c:windowssystem32setupapi.dll . Completion time: 2012-01-11 18:31:43 ComboFix-quarantined-files.txt 2012-01-11 23:31 . Pre-Run: 257.153.736.704 bytes libres Post-Run: 257.164.029.952 bytes libres . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
  • 4. [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)WINDOWS [operating systems] c:cmdconsBOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - FF47439C608601FA56E23F036E003415