ComboFix 11-09-12.03 - Administrador 13/09/2011 13:16:34.1.

2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.51.3082.18.3037.2323 [GMT -5:
00]
Running from: c:\documents and settings\Administrador\Escritorio\ComboFix.exe
AV: Kaspersky Anti-Virus *Enabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0
}
* Resident AV is active
.
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))
)))))))))))))))))))))))))))))
.
.
C:\dfinstall.log
C:\InfoSat.txt
c:\windows\ehome\medctrro.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-08-13 to 2011-09-13 )))))))
))))))))))))))))))))))))
.
.
2011-09-13 14:12 . 2011-09-13 14:12
-------d-----wc:\archi
vos de programa\Archivos comunes\Kaspersky Lab
2011-09-13 14:12 . 2011-09-13 14:12
-------d-----wc:\archi
vos de programa\Archivos comunes\Cisco Systems
2011-09-13 14:12 . 2011-09-13 14:12
335872 ----a-wc:\archivos de p
rograma\Archivos comunes\InstallShield\Driver\7\Intel 32\ISRT.dll
2011-09-13 14:12 . 2011-09-13 14:12
32768 ----a-wc:\archivos de p
rograma\Archivos comunes\InstallShield\Driver\7\Intel 32\objps7.dll
2011-09-13 14:12 . 2011-09-13 14:12
233472 ----a-wc:\archivos de p
rograma\Archivos comunes\InstallShield\Driver\7\Intel 32\IScript7.dll
2011-09-13 14:12 . 2011-09-13 14:12
188416 ----a-wc:\archivos de p
rograma\Archivos comunes\InstallShield\Driver\7\Intel 32\IUser7.dll
2011-09-13 14:12 . 2011-09-13 14:12
626688 ----a-wc:\archivos de p
rograma\Archivos comunes\InstallShield\Driver\7\Intel 32\IDriver.exe
2011-09-13 14:12 . 2011-09-13 14:12
290816 ----a-wc:\archivos de p
rograma\Archivos comunes\InstallShield\Driver\7\Intel 32\_ISRES1033.dll
2011-08-17 19:37 . 2011-08-17 19:37
-------d-----wc:\archi
vos de programa\ArgoUML
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))
)))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))
)))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-07-30 141336]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-07-30 173592]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-07-30 142872]
"ANIWZCS2Service"="c:\archivos de programa\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2
007-01-19 49152]
"RTHDCPL"="RTHDCPL.EXE" [2008-09-09 16851968]
"AVP"="c:\archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Window
s Workstations MP4\avp.exe" [2010-03-13 311680]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Administrador\Men Inicio\Programas\Inicio\
Helper.lnk - c:\windows\bginfo\Bginfo.exe [2009-9-9 845864]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExec
uteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\archivos de programa\Windows Deskt
op Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute
REG_MULTI_SZ
autocheck autochk /k:C /k:D *
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\archivos de programa\Adobe\Reader 9.0\Reader\R
eader_sl.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiSpyWareDisableNotify"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiV
irus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Authoriz
edApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Archivos de programa\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Archivos de programa\\Danware Data\\NetOp School\\Student\\nstdw32.exe"=
"c:\\Archivos de programa\\VMware\\VMware Workstation\\vmware-authd.exe"=
"c:\\Archivos de programa\\NetSupport\\NetSupport School\\client32.exe"=
"c:\\Archivos de programa\\NetSupport\\NetSupport School\\PCINSSCD.EXE"=
"c:\\Archivos de programa\\NetSupport\\NetSupport School\\pcijoin.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Globally
OpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"139:TCP"= 139:TCP:@xpsp2res.dll,-22004
"5985:TCP"= 5985:TCP:*:Disabled:Administracin remota de Windows
"15000:UDP"= 15000:UDP:Kaspersky Administration Kit
.
R0 DeepFrz;DeepFrz;c:\windows\system32\drivers\DeepFrz.sys [02/10/2008 09:14 a.m
. 134928]
R1 NHostNT1;NetOp Driver 1 ver. 9.21 (2008329);c:\windows\system32\drivers\NHOST
NT1.SYS [10/01/2011 12:23 p.m. 102544]
R2 klnagent;Kaspersky Lab Network Agent;c:\archivos de programa\Kaspersky Lab\Ne
tworkAgent 8\klnagent.exe [20/10/2010 01:38 p.m. 141688]

R2 NetOp Host for NT Service;NetOp Helper ver. 9.21 (2008329);c:\archivos de pro

grama\Danware Data\NetOp School\STUDENT\NHOSTSVC.EXE [10/01/2011 12:23 p.m. 1705
896]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [20/10/
2009 01:19 p.m. 50704]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [11/11/2010 01:48 p.m.
70768]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\archivos de programa\Common
Files\VMware\USB\vmware-usbarbitrator.exe [11/11/2010 12:31 p.m. 539248]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system
32\drivers\A3AB.sys [08/09/2009 08:53 p.m. 472832]
R3 NHOSTNT3;NetOp Driver 3 ver. 9.21 (2008329) (NHOSTNT3);c:\windows\system32\dr
ivers\NHOSTNT3.SYS [10/01/2011 12:23 p.m. 10280]
R3 nsafltr;nsafltr;c:\windows\system32\drivers\nsafltr.sys [22/08/2010 06:22 p.m
. 32256]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.e
xe -k WINRM [20/08/2004 07:00 a.m. 14336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ
WINRM
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSv
cs
UxTuneUp
.
.
------- Supplementary Scan ------.
uStart Page = www.tecsup.edu.pe
mStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://www.winpcap.org/
uInternet Settings,ProxyOverride = *.local
IE: E&xportar a Microsoft Excel - c:\archiv~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\archivos de programa\Archivos comunes\NSL\nslsp.dll
LSP: c:\archivos de programa\VMware\VMware Workstation\vsocklib.dll
TCP: Interfaces\{FD433B2C-3B59-41C7-ADE4-77357F6DB5D2}: NameServer = 192.168.65.
43
FF - ProfilePath - c:\documents and settings\Administrador\Datos de programa\Moz
illa\Firefox\Profiles\yh8bskh4.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.tecsup.edu.pe
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\archivos de progr
ama\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\archivos de
programa\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\archivos de
programa\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\archivos de programa\Java\jre6\li
b\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-088257605
34b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\D
otNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-088257605
34b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
.
------- File Associations ------.
inifile=Notepad.exe "%1"
txtfile=Notepad.exe "%1"
.txt=

.
- - - - ORPHANS REMOVED - - - .
Notify-DfLogon - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http:/
/www.gmer.net
Rootkit scan 2011-09-13 13:18
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS --------------------.
[HKEY_USERS\S-1-5-21-1890777736-87672647-413149206-500\Software\Microsoft\Intern
et Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,71,a9,88,2d,bf,ec,37,4a,93,ff,d3,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,71,a9,88,2d,bf,ec,37,4a,93,ff,d3,\
.
--------------------- DLLs Loaded Under Running Processes --------------------.
- - - - - - - > 'winlogon.exe'(940)
c:\archivos de programa\NetSupport\NetSupport School\pciappctrl.dll
.
- - - - - - - > 'csrss.exe'(916)
c:\archivos de programa\NetSupport\NetSupport School\pcihooks.dll
.
Completion time: 2011-09-13 13:20:07
ComboFix-quarantined-files.txt 2011-09-13 18:20
.
Pre-Run: 33,210,556,416 bytes libres
Post-Run: 33,166,229,504 bytes libres
.
- - End Of File - - 88BB97A8B4BCDE0D5FBAC08C3C3F0C7E