You are on page 1of 9

ComboFix 09-08-09.04 - Administrador 06/01/2011 19:47.4.

1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.34.3082.18.894.561 [GMT -5:00
]
Running from: \\PC02\Documentos c\Herramientas\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated) {E5E70D32-01
01-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active
.
- REDUCED FUNCTIONALITY MODE .
(((((((((((((((((((((((((((((((((((((((
)))))))))))))))))))))))))))))
.

Other Deletions

))))))))))))))))))))

c:\windows\system32\esclavx.cfg
.
(((((((((((((((((((((((((
))))))))))))))))))))))))
.

Files Created from 2010-12-07 to 2011-01-07 )))))))

No new files created in this timespan


.
(((((((((((((((((((((((((((((((((((((((( Find3M Report
)))))))))))))))))))))))))))))))
.
2011-01-07 00:42 . 2009-08-10 19:35
256
----a-wm32\escnompc.dat
2008-08-09 02:35 . 2008-08-09 02:35
56
----a-wrograma\Archivos comunes\appop.log
.

)))))))))))))))))))))
c:\windows\syste
c:\archivos de p

((((((((((((((((((((((((((((( SnapShot_2010-02-21_23.13.44 )))))))))))))))))


))))))))))))))))))))))))
.
+ 2009-08-10 19:35 . 2010-10-06 20:06 40960
c:\windows\system32\e
scmult.exe
- 2009-08-10 19:35 . 2009-08-10 19:35 40960
c:\windows\system32\e
scmult.exe
+ 2010-02-21 23:07 . 2009-10-25 11:11 77312
c:\windows\MBR.exe
+ 2010-12-13 15:54 . 2010-12-13 15:54 10134
c:\windows\Installer\
{DB3B70EE-881B-4FF3-8602-E9FF599D328B}\callmsi.exe
- 2010-02-06 18:48 . 2010-02-06 18:48 10134
c:\windows\Installer\
{DB3B70EE-881B-4FF3-8602-E9FF599D328B}\callmsi.exe
+ 2009-10-21 21:45 . 2008-10-16 19:09 51224
c:\windows\ERDNT\cach
e\wuauclt.exe
+ 2009-10-21 21:45 . 2008-04-14 02:19 13824
c:\windows\ERDNT\cach
e\wscntfy.exe
+ 2009-10-21 21:45 . 2008-04-14 02:18 82432
c:\windows\ERDNT\cach
e\ws2_32.dll
+ 2009-10-21 21:45 . 2008-04-14 02:19 26624
c:\windows\ERDNT\cach
e\userinit.exe
+ 2009-10-21 21:45 . 2008-04-14 02:19 14336
c:\windows\ERDNT\cach
e\svchost.exe
+ 2009-10-21 21:45 . 2008-04-14 02:18 71680
c:\windows\ERDNT\cach
e\ssdpsrv.dll
+ 2009-10-21 21:45 . 2008-04-14 02:19 57856
c:\windows\ERDNT\cach

e\spoolsv.exe
+ 2009-10-21 21:45 . 2008-04-14 02:18 59904
e\regsvc.dll
+ 2009-10-21 21:45 . 2008-04-14 02:18 17408
e\powrprof.dll
+ 2009-10-21 21:45 . 2008-04-14 02:18 52736
e\mspmsnsv.dll
+ 2009-10-21 21:45 . 2008-04-14 02:18 33792
e\msgsvc.dll
+ 2009-10-21 21:45 . 2008-04-14 02:19 13312
e\lsass.exe
+ 2009-10-21 21:45 . 2008-04-14 02:18 22016
e\lpk.dll
+ 2009-10-21 21:45 . 2008-04-14 02:18 19968
e\linkinfo.dll
+ 2009-10-21 21:45 . 2008-04-14 01:55 25088
e\kbdclass.sys
+ 2009-10-21 21:45 . 2008-04-13 18:53 36608
e\ip6fw.sys
+ 2009-10-21 21:45 . 2008-04-14 02:18 56320
e\eventlog.dll
+ 2009-10-21 21:45 . 2008-04-14 02:18 15360
e\ctfmon.exe
+ 2009-10-21 21:45 . 2008-04-14 02:18 62464
e\cryptsvc.dll
+ 2009-10-21 21:45 . 2008-04-14 02:18 77824
e\browser.dll
+ 2010-02-21 23:14 . 2008-04-13 18:40 96512
e\atapi.sys
+ 2009-10-21 21:45 . 2008-04-13 18:57 14336
e\asyncmac.sys
+ 2009-10-21 21:45 . 2008-04-13 18:36 42368
e\agp440.sys
+ 2009-10-21 21:45 . 2001-08-24 10:00 12032
e\acpiec.sys
+ 2009-08-10 17:26 . 2009-08-10 17:26 8192
Users\00000004\UsrClass.dat
+ 2009-08-10 17:26 . 2009-08-10 17:26 8192
Users\00000002\UsrClass.dat
+ 2009-10-21 21:45 . 2008-04-14 02:18 5120
\sfc.dll
+ 2009-10-21 21:45 . 2001-08-24 10:00 2944
\null.sys
+ 2009-10-21 21:45 . 2001-08-24 10:00 4224
\beep.sys
+ 2010-12-13 15:54 . 2010-12-13 15:54 833024
\21b83.msi
- 2010-02-06 18:48 . 2010-02-06 18:48 136448
\{DB3B70EE-881B-4FF3-8602-E9FF599D328B}\egui.exe
+ 2010-12-13 15:54 . 2010-12-13 15:54 136448
\{DB3B70EE-881B-4FF3-8602-E9FF599D328B}\egui.exe
+ 2009-08-10 17:26 . 2009-08-10 17:26 262144
s\Users\00000006\UsrClass.dat
+ 2009-08-10 17:26 . 2009-08-10 17:26 233472
s\Users\00000003\NTUSER.DAT
+ 2009-08-10 17:26 . 2009-08-10 17:26 229376
s\Users\00000001\NTUSER.DAT
+ 2009-10-21 21:45 . 2008-04-14 02:18 129024
he\xmlprov.dll
+ 2009-10-21 21:45 . 2008-04-14 02:19 510976

c:\windows\ERDNT\cach
c:\windows\ERDNT\cach
c:\windows\ERDNT\cach
c:\windows\ERDNT\cach
c:\windows\ERDNT\cach
c:\windows\ERDNT\cach
c:\windows\ERDNT\cach
c:\windows\ERDNT\cach
c:\windows\ERDNT\cach
c:\windows\ERDNT\cach
c:\windows\ERDNT\cach
c:\windows\ERDNT\cach
c:\windows\ERDNT\cach
c:\windows\ERDNT\cach
c:\windows\ERDNT\cach
c:\windows\ERDNT\cach
c:\windows\ERDNT\cach
c:\windows\ERDNT\subs\
c:\windows\ERDNT\subs\
c:\windows\ERDNT\cache
c:\windows\ERDNT\cache
c:\windows\ERDNT\cache
c:\windows\Installer
c:\windows\Installer
c:\windows\Installer
c:\windows\ERDNT\sub
c:\windows\ERDNT\sub
c:\windows\ERDNT\sub
c:\windows\ERDNT\cac
c:\windows\ERDNT\cac

he\winlogon.exe
+ 2009-10-21 21:45 . 2009-07-03
he\wininet.dll
+ 2009-10-21 21:45 . 2008-04-14
he\user32.dll
+ 2009-10-21 21:45 . 2008-04-14
he\upnphost.dll
+ 2009-10-21 21:45 . 2008-04-14
he\termsrv.dll
+ 2009-10-21 21:45 . 2008-06-20
he\tcpip.sys
+ 2009-10-21 21:45 . 2008-04-14
he\tapisrv.dll
+ 2009-10-21 21:45 . 2008-04-14
he\srsvc.dll
+ 2009-10-21 21:45 . 2008-04-14
he\shsvcs.dll
+ 2009-10-21 21:45 . 2009-02-09
he\services.exe
+ 2009-10-21 21:45 . 2008-04-14
he\schedsvc.dll
+ 2009-10-21 21:45 . 2008-04-14
he\scecli.dll
+ 2009-10-21 21:45 . 2009-02-09
he\rpcss.dll
+ 2009-10-21 21:45 . 2008-04-14
he\qmgr.dll
+ 2009-10-21 21:45 . 2008-04-14
he\ntmssvc.dll
+ 2009-10-21 21:45 . 2008-04-13
he\ntfs.sys
+ 2009-10-21 21:45 . 2008-04-14
he\netman.dll
+ 2009-10-21 21:45 . 2008-04-14
he\netlogon.dll
+ 2009-10-21 21:45 . 2008-04-13
he\ndis.sys
+ 2009-10-21 21:45 . 2008-06-20
he\mswsock.dll
+ 2009-10-21 21:45 . 2008-04-14
he\msvcrt.dll
+ 2009-10-21 21:45 . 2008-04-14
he\mfc40u.dll
+ 2009-10-21 21:45 . 2008-04-14
he\imm32.dll
+ 2009-10-21 21:45 . 2008-07-07
he\es.dll
+ 2009-10-21 21:45 . 2008-04-14
he\comctl32.dll
+ 2009-10-21 21:45 . 2008-04-14
he\appmgmts.dll
+ 2009-10-21 21:45 . 2008-04-13
he\aec.sys
+ 2009-08-10 19:34 . 2010-10-06
\esclavo.exe
+ 2009-08-10 17:26 . 2009-08-10
bs\Users\00000005\NTUSER.DAT
+ 2009-10-21 21:45 . 2008-04-14
che\sfcfiles.dll
+ 2009-10-21 21:45 . 2009-02-09

16:57

915456

c:\windows\ERDNT\cac

02:18

579584

c:\windows\ERDNT\cac

02:18

186368

c:\windows\ERDNT\cac

02:18

296960

c:\windows\ERDNT\cac

11:51

361600

c:\windows\ERDNT\cac

02:18

249856

c:\windows\ERDNT\cac

02:18

171520

c:\windows\ERDNT\cac

02:18

135168

c:\windows\ERDNT\cac

11:23

111104

c:\windows\ERDNT\cac

02:18

193536

c:\windows\ERDNT\cac

02:18

185856

c:\windows\ERDNT\cac

10:52

401408

c:\windows\ERDNT\cac

02:18

409088

c:\windows\ERDNT\cac

02:18

437760

c:\windows\ERDNT\cac

19:15

574976

c:\windows\ERDNT\cac

02:18

198144

c:\windows\ERDNT\cac

02:18

407040

c:\windows\ERDNT\cac

19:20

182656

c:\windows\ERDNT\cac

17:47

248320

c:\windows\ERDNT\cac

02:18

343040

c:\windows\ERDNT\cac

02:18

927504

c:\windows\ERDNT\cac

02:18

110080

c:\windows\ERDNT\cac

20:27

253952

c:\windows\ERDNT\cac

02:18

617472

c:\windows\ERDNT\cac

02:18

175104

c:\windows\ERDNT\cac

16:39

142592

c:\windows\ERDNT\cac

20:06

1556480

c:\windows\system32

17:26

4599808

c:\windows\ERDNT\su

02:18

1572352

c:\windows\ERDNT\ca

11:24

2191488

c:\windows\ERDNT\ca

che\ntoskrnl.exe
+ 2009-10-21 21:45 . 2009-02-11 00:06 2068480
che\ntkrnlpa.exe
+ 2009-10-21 21:45 . 2009-07-19 13:14 5937152
che\mshtml.dll
+ 2009-10-21 21:45 . 2009-03-21 14:08 1042944
che\kernel32.dll
+ 2009-10-21 21:45 . 2008-04-14 02:18 1036288
che\explorer.exe
.
-- Snapshot reset to current date -.
((((((((((((((((((((((((((((((((((((( Reg Loading Points
)))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

c:\windows\ERDNT\ca
c:\windows\ERDNT\ca
c:\windows\ERDNT\ca
c:\windows\ERDNT\ca

)))))))))))))))))))

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143


ed}]
2008-11-18 17:58
333192 ----a-wc:\archivos de programa\AskBarDi
s\bar\bin\askBar.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9c905b42-976e-43c1-bc30-fc59370179
09}]
2009-08-10 16:41
2215960 ----a-wc:\archivos de programa\shARES\t
bshA1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{9c905b42-976e-43c1-bc30-fc5937017909}"= "c:\archivos de programa\shARES\tbshA1
.dll" [2009-08-10 2215960]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\archivos de programa\AskBarDis\bar
\bin\askBar.dll" [2008-11-18 333192]
[HKEY_CLASSES_ROOT\clsid\{9c905b42-976e-43c1-bc30-fc5937017909}]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{9C905B42-976E-43C1-BC30-FC5937017909}"= "c:\archivos de programa\shARES\tbshA1
.dll" [2009-08-10 2215960]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\archivos de programa\AskBarDis\bar
\bin\askBar.dll" [2008-11-18 333192]
[HKEY_CLASSES_ROOT\clsid\{9c905b42-976e-43c1-bc30-fc5937017909}]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\archivos de programa\Windows Live\Messenger\msnmsgr.exe" [2009-0726 3883856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\archivos de programa\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13
1443072]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify
\DfLogon]
2007-06-28 17:39
65536 ----a-wc:\windows\system32\LogonDll.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute
REG_MULTI_SZ
autocheck autochk /k:C /k:D *
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Men Inicio^Programas^In
icio^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Men Inicio\Programas\Inicio\Adobe Gamma
Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Men Inicio^Programas^In
icio^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Men Inicio\Programas\Inicio\InterVideo W
inCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Authoriz
edApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Archivos de programa\\Messenger\\msmsgs.exe"=
"c:\\Archivos de programa\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Archivos de programa\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Archivos de programa\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Archivos de programa\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Documents and Settings\\Administrador\\temp\\TeamViewer\\Version4\\TeamView
er.exe"=
R0 DeepFrz;DeepFrz;c:\windows\system32\drivers\DeepFrz.sys [28/06/2007 12:45 131
472]
R0 ivicd;Ivi CDVD Filter Driver;c:\windows\system32\drivers\ivicd.sys [08/08/200
8 21:34 38784]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [13/03/2008 16:52
33800]
R2 ekrn;Eset Service;c:\archivos de programa\ESET\ESET NOD32 Antivirus\ekrn.exe
[13/03/2008 16:49 472320]
R2 escSrv;Cargador del Terminal;c:\windows\system32\escsrv.exe [10/08/2009 14:34
45056]
S3 iviudf;iviudf;c:\windows\system32\drivers\IviUdf.sys [08/08/2008 21:34 116224
]
--- Other Services/Drivers In Memory --*Deregistered* - udffsrec
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49
E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEAct
iveSetup SIGNUP
.

Contents of the 'Scheduled Tasks' folder


2009-04-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\archivos de programa\Apple Software Update\SoftwareUpdate.exe [2006-10-10 2
2:13]
2011-01-07 c:\windows\Tasks\User_Feed_Synchronization-{DFCCB465-304E-4007-BD8A-2
DBE3430EFAD}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
.
------- Supplementary Scan ------.
uStart Page = hxxp://www.cbm.com.ar/ini/comun
IE: E&xportar a Microsoft Excel - c:\archiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {1F42879A-C6DF-4C61-96D6-6B6B51E36809} = 200.63.212.110,192.168.0.1
FF - ProfilePath - c:\documents and settings\Administrador\Datos de programa\Moz
illa\Firefox\Profiles\bbx9uhc3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1
&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId
=69157
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - plugin: c:\archivos de programa\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\archivos de programa\Mozilla Firefox\plugins\npFoxitReaderPlugin
.dll
FF - plugin: c:\archivos de programa\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\program files\Adobe\Acrobat 5.0\Reader\browser\nppdf32.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80
e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation
Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ---c:\archivos de programa\Mozilla Firefox\greprefs\all.js
me_site_origin", false);
c:\archivos de programa\Mozilla Firefox\greprefs\all.js
", 51200);
c:\archivos de programa\Mozilla Firefox\greprefs\all.js
d", true);
c:\archivos de programa\Mozilla Firefox\greprefs\all.js
ed", true);
c:\archivos de programa\Mozilla Firefox\greprefs\all.js
nabled", true);
c:\archivos de programa\Mozilla Firefox\greprefs\all.js
utocomplete.enabled", true);
c:\archivos de programa\Mozilla Firefox\greprefs\all.js
y.mailnews.*.wholeText", "noAccess");
c:\archivos de programa\Mozilla Firefox\greprefs\all.js
ult_quota",
5120);
c:\archivos de programa\Mozilla Firefox\greprefs\all.js
nt_probe_rate", 3);
c:\archivos de programa\Mozilla Firefox\greprefs\all.js
mpt-temp-redirect", true);
c:\archivos de programa\Mozilla Firefox\greprefs\all.js
-1);
c:\archivos de programa\Mozilla Firefox\greprefs\all.js

- pref("media.enforce_sa
- pref("media.cache_size
- pref("media.ogg.enable
- pref("media.wave.enabl
- pref("media.autoplay.e
- pref("browser.urlbar.a
- pref("capability.polic
- pref("dom.storage.defa
- pref("content.sink.eve
- pref("network.http.pro
- pref("layout.css.dpi",
- pref("layout.css.devPi

xelsPerPx", -1);
c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_
single_finger_input", true);
c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_s
cript_run_time", 0);
c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref("network.tcp.send
buffer", 131072);
c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", tr
ue);
c:\archivos de programa\Mozilla Firefox\greprefs\security-prefs.js - pref("secur
ity.remember_cert_checkbox_default_setting", true);
c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox-branding.js - pref
("browser.search.param.yahoo-fr", "moz35");
c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox-branding.js - pref
("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox.js - pref("extensi
ons.blocklist.level", 2);
c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox.js - pref("browser
.urlbar.restrict.typed", "~");
c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox.js - pref("browser
.urlbar.default.behavior", 0);
c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy
.clearOnShutdown.history",
true);
c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy
.clearOnShutdown.formdata",
true);
c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy
.clearOnShutdown.passwords", false);
c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy
.clearOnShutdown.downloads", true);
c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy
.clearOnShutdown.cookies",
true);
c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy
.clearOnShutdown.cache",
true);
c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy
.clearOnShutdown.sessions",
true);
c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy
.clearOnShutdown.offlineApps", false);
c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy
.clearOnShutdown.siteSettings", false);
c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy
.cpd.history",
true);
c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy
.cpd.formdata",
true);
c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy
.cpd.passwords",
false);
c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy
.cpd.downloads",
true);
c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy
.cpd.cookies",
true);
c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy
.cpd.cache",
true);
c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy
.cpd.sessions",
true);
c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy
.cpd.offlineApps",
false);
c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy
.cpd.siteSettings",
false);
c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy
.sanitize.migrateFx3Prefs",
false);
c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox.js - pref("browser

.ssl_override_behavior", 2);
c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox.js
y.alternate_certificate_error_page", "certerror");
c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox.js
.privatebrowsing.autostart", false);
c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox.js
.privatebrowsing.dont_prompt_on_enter", false);
c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox.js
i.uri", "https://www.google.com/loc/json");
.

- pref("securit
- pref("browser
- pref("browser
- pref("geo.wif

**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http:/
/www.gmer.net
Rootkit scan 2011-01-06 19:47
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS --------------------[HKEY_USERS\S-1-5-21-299502267-1715567821-725345543-500\Software\Microsoft\Inter
net Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,60,0e,c1,d8,cf,ad,64,48,a1,59,34,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,60,0e,c1,d8,cf,ad,64,48,a1,59,34,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB
}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-10
1"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB
}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB
}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB
}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41
D6B3}]

@Denied: (A 2) (Everyone)
@="IFlashBroker3"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41
D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41
D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - > 'winlogon.exe'(572)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LogonDll.dll
.
Completion time: 2011-01-07 19:49
ComboFix-quarantined-files.txt 2011-01-07 00:49
ComboFix2.txt 2010-02-21 23:15
ComboFix3.txt 2009-10-21 21:46
ComboFix4.txt 2009-08-10 17:32
Pre-Run: 26.226.475.008 bytes libres
Post-Run: 26.192.830.464 bytes libres
285

--- E O F ---

2009-09-21 21:02