| darkavalek |  |
|
2011-07-26 17:43 - Respuestas: 0 - Tema nº: 2810325
windows 7 ultimate, procesador amd semprom, memeria 3 gigas
hola amigos les pido que por favor me den solucion a este problema que ya me tiene bastante estresado. lo he pasado por el avast y no pasa nada sigue igual. por ultimo lo pase por el combofix y me genero este reporte.
combofix 11-07-26.02 - user 26/07/2011 10:19:30.2.1 - x86
microsoft windows 7 ultimate 6.1.7600.0.1252.57.3082.18.2814.1840 [gmt -5:00]
running from: c:\users\user\desktop\combofix.exe
av: avast! antivirus *enabled/updated* {2b2d1395-420b-d5c9-657e-930fe358fc3c}
sp: avast! antivirus *enabled/updated* {904cf271-6431-da47-5fce-a87d98dfb681}
sp: windows defender *enabled/updated* {d68ddc3a-831f-4fae-9e44-da132c1acf46}
* created a new restore point
.
.
((((((((((((((((((((((((( files created from 2011-06-26 to 2011-07-26 )))))))))))))))))))))))))))))))
.
.
2011-07-26 15:25 . 2011-07-26 15:25 d-w- c:\users\default\appdata\local\temp
2011-07-26 06:07 . 2011-07-26 06:07 d-w- c:\program files\avast software
2011-07-26 05:07 . 2011-07-04 11:36 441176 a-w- c:\windows\system32\drivers\aswsnx.sys
2011-07-26 05:07 . 2011-07-04 11:43 40112 a-w- c:\windows\avastss.scr
2011-07-26 04:53 . 2011-07-04 11:36 309848 a-w- c:\windows\system32\drivers\aswsp.sys
2011-07-26 04:53 . 2011-07-04 11:32 19544 a-w- c:\windows\system32\drivers\aswfsblk.sys
2011-07-26 04:53 . 2011-07-04 11:32 25432 a-w- c:\windows\system32\drivers\aswrdr.sys
2011-07-26 04:53 . 2011-07-04 11:35 43608 a-w- c:\windows\system32\drivers\aswtdi.sys
2011-07-26 04:53 . 2011-07-04 11:32 54104 a-w- c:\windows\system32\drivers\aswmonflt.sys
2011-07-26 04:53 . 2011-07-04 11:43 199304 a-w- c:\windows\system32\aswboot.exe
2011-07-26 04:24 . 2011-07-26 04:24 d-w- c:\windows\system32\mpenginestore
2011-07-26 03:28 . 2011-07-26 03:28 d-w- c:\nvidia
2011-07-26 01:42 . 2011-07-26 01:42 d-w- c:\program files\adblock pro
2011-07-26 00:46 . 2009-11-25 17:47 99176 a-w- c:\windows\system32\presentationhostproxy.dll
2011-07-26 00:46 . 2009-11-25 17:47 49472 a-w- c:\windows\system32\netfxperf.dll
2011-07-26 00:46 . 2009-11-25 17:47 297808 a-w- c:\windows\system32\mscoree.dll
2011-07-26 00:46 . 2009-11-25 17:47 295264 a-w- c:\windows\system32\presentationhost.exe
2011-07-26 00:46 . 2009-11-25 17:47 1130824 a-w- c:\windows\system32\dfshim.dll
2011-07-26 00:46 . 2009-10-10 02:57 12800 a-w- c:\windows\system32\drivers\sffp_sd.sys
2011-07-26 00:46 . 2011-07-26 00:46 d-w- c:\program files\msxml 4.0
2011-07-26 00:03 . 2011-07-26 14:56 d-w- c:\programdata\spybot - search & destroy
2011-07-26 00:03 . 2011-07-26 00:05 d-w- c:\program files\spybot - search & destroy
2011-07-25 18:48 . 2011-07-25 18:48 d-w- c:\program files\recover my files
2011-07-25 18:30 . 2011-07-25 18:30 66048 sha-r- c:\windows\system32\msfeedsbsx.dll
2011-07-25 18:07 . 2011-07-25 18:08 d-w- c:\program files\virtuagirl hd
2011-07-24 23:23 . 2011-07-24 23:44 d-w- c:\users\user\appdata\local\microsoft games
2011-07-23 20:56 . 2011-07-23 20:56 d-w- c:\users\user\appdata\local\elevateddiagnostics
2011-07-23 13:07 . 2011-07-23 16:16 d-w- c:\program files\jdownloader
2011-07-23 06:11 . 2011-07-23 06:11 d-w- c:\windows\system32\wbem\en-us
2011-07-23 06:06 . 2011-07-23 06:06 801792 a-w- c:\windows\system32\fntcache.dll
2011-07-23 05:23 . 2011-07-23 05:23 d-w- c:\program files\nvidia corporation
2011-07-23 05:23 . 2009-08-05 21:10 6136 a-w- c:\windows\system32\drivers\nvphy.bin
2011-07-23 05:23 . 2009-07-30 21:48 705536 a-w- c:\windows\system32\cohelper.dll
2011-07-23 04:46 . 2011-07-23 04:46 83899240 a-w- c:\program files\common files\windows live\.cache\wlc5f42.tmp
2011-07-23 03:52 . 2011-07-23 03:52 d-w- c:\users\user\appdata\roaming\nero
2011-07-23 03:33 . 2011-07-23 03:39 d-w- c:\users\user\appdata\local\google
2011-07-23 03:33 . 2011-07-23 03:33 d-w- c:\users\user\appdata\local\deployment
2011-07-23 03:33 . 2011-07-23 03:33 d-w- c:\users\user\appdata\local\apps
2011-07-23 02:56 . 2011-07-23 02:56 d-w- c:\programdata\spintop games
2011-07-23 02:50 . 2011-07-23 02:50 476904 a-w- c:\program files\mozilla firefox\plugins\npdeployjava1.dll
2011-07-23 02:50 . 2011-07-23 02:50 472808 a-w- c:\windows\system32\deployjava1.dll
2011-07-23 02:39 . 2011-07-26 03:45 d-w- c:\programdata\nvidia
2011-07-23 02:35 . 2010-08-12 15:14 604776 a-w- c:\windows\system32\nvuninst.exe
2011-07-23 00:44 . 2011-07-23 00:44 d-w- c:\programdata\alwil software
.
.
.
(((((((((((((((((((((((((((((((((((((((( find3m report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( reg loading points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*note* empty entries & legit default entries are not shown
regedit4
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083b0-c522-11cf-8763-00608cc02f24}"
[hkey_classes_root\clsid\{472083b0-c522-11cf-8763-00608cc02f24}]
2011-07-04 11:43 122512 a-w- c:\program files\alwil software\avast5\ashshell.dll
.
[hkey_current_user\software\microsoft\windows\currentversion\run]
"spybotsd teatimer"="c:\program files\spybot - search & destroy\teatimer.exe" [2009-03-05 2260480]
.
[hkey_local_machine\software\microsoft\windows\currentversion\policies\system]
"consentpromptbehavioradmin"= 0 (0x0)
"consentpromptbehavioruser"= 3 (0x3)
"enablelua"= 0 (0x0)
"enableuiadesktoptoggle"= 0 (0x0)
"promptonsecuredesktop"= 0 (0x0)
.
r1 rfzcwqww;rfzcwqww;c:\windows\system32\drivers\rfzcwqww.sys [x]
r2 kmservice;kmservice;c:\windows\system32\srvany.exe [2010-11-10 8192]
r2 sbsdwscservice;sbsd security center service;c:\program files\spybot - search & destroy\sdwinsec.exe [2009-01-26 1153368]
r3 k57nd60x;broadcom netlink (tm) gigabit ethernet: ndis 6.0;c:\windows\system32\drivers\k57nd60x.sys [2009-07-13 229888]
r3 microsoft sharepoint workspace audit service;microsoft sharepoint workspace audit service;c:\program files\microsoft office\office14\groove.exe [2010-03-25 30969208]
r3 osppsvc;office software protection platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe [2010-01-10 4640000]
r3 rtl8167;controlador nt de realtek 8167;c:\windows\system32\drivers\rt86win7.sys [2009-07-13 139776]
s1 aswsnx;aswsnx; [x]
s1 aswsp;aswsp; [x]
s1 vwififlt;virtual wifi filter driver;c:\windows\system32\drivers\vwififlt.sys [2009-07-13 48128]
s2 {1ba31e5a-c098-42d8-8f88-3c9f78a2fddc};power control [2010/11/10 11:47];c:\program files\cyberlink\powerdvd10\navfilter\000.fcl [2010-03-13 17:58 87536]
s2 aswfsblk;aswfsblk; [x]
s2 aswmonflt;aswmonflt;c:\windows\system32\drivers\aswmonflt.sys [2011-07-04 54104]
s2 clr_optimization_v4.0.30319_32;microsoft .net framework ngen v4.0.30319_x86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
s3 srvhsfhda;srvhsfhda;c:\windows\system32\drivers\vstazl3.sys [2009-07-13 207360]
s3 srvhsfv92;srvhsfv92;c:\windows\system32\drivers\vstdpv3.sys [2009-07-13 980992]
s3 srvhsfwinac;srvhsfwinac;c:\windows\system32\drivers\vstcnxt3.sys [2009-07-13 661504]
.
.
contents of the 'scheduled tasks' folder
.
2011-07-25 c:\windows\tasks\googleupdatetaskusers-1-5-21-3731493080-220338106-55123767-1000core.job
- c:\users\user\appdata\local\google\update\googleupdate.exe [2011-07-23 03:33]
.
2011-07-26 c:\windows\tasks\googleupdatetaskusers-1-5-21-3731493080-220338106-55123767-1000ua.job
- c:\users\user\appdata\local\google\update\googleupdate.exe [2011-07-23 03:33]
.
.
- supplementary scan -
.
ustart page = hxxp://www.google.com.co/
ie: &block this image (abp) - c:\program files\adblock pro\blockimg.html
ie: &bloquear esta imagen (abp) - c:\program files\adblock pro\blockimg.html
ie: &enviar a onenote - c:\progra~1\micros~2\office14\onbttnie.dll/105
ie: e&xportar a microsoft excel - c:\progra~1\micros~2\office14\excel.exe/3000
tcp: dhcpnameserver = 192.168.1.1
ff - profilepath - c:\users\user\appdata\roaming\mozilla\firefox\profiles\0zemu5ij.default\
ff - prefs.js: browser.startup.homepage - www.google.com
ff - ext: default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
.
[hkey_local_machine\system\controlset001\services\{1ba31e5a-c098-42d8-8f88-3c9f78a2fddc}]
"imagepath"="\??\c:\program files\cyberlink\powerdvd10\navfilter\000.fcl"
.
- locked registry keys -
.
[hkey_local_machine\system\controlset001\control\class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0000\allusersettings]
@denied: (a) (users)
@denied: (a) (everyone)
@allowed: (b 1 2 3 4 5) (s-1-5-20)
"blinddial"=dword:00000000
.
[hkey_local_machine\system\controlset001\control\pcw\security]
@denied: (full) (everyone)
.
completion time: 2011-07-26 10:31:06
combofix-quarantined-files.txt 2011-07-26 15:31
.
pre-run: 8,910,635,008 bytes libres
post-run: 8,912,314,368 bytes libres
.
- - end of file - - af5316f48953150e19b1e3f1bdb5b4da
| |
|
|
