Foro de Spyware - Ver Mensaje Individual - Ayuda con savetheinformation y pop ups

Tema: Ayuda con savetheinformation y pop ups

Ver Mensaje Individual

post #5 (permalink)

20/10/07, 17:23:45

Perfent

Usuario

Registrado: oct 2007

Ubicación: Mexico

Mensajes: 3

Re: Ayuda con savetheinformation y pop ups

Gracias por darle seguimiento a mi problema

Creo que nuevamente el problema eran esos archivos en system32 ya que despues de borrarlos todo funcionaba perfectamente.

Al momento de seguir las instrucciones me ocurrieron varias cosas, y creo que el problema comenzo de nuevo.

- Al correr combofix, tanto hoy, como hace 2 dias, a mitad del scan me aparecio un mensaje que decia algo como

“sed.cdexe presenta problemas y tiene que cerrarse”

y no tengo idea de que sea

- Despues de reiniciar la PC en modo normal la pantalla se puso negra y aparecio un mensaje con caracteres/simbolos en el que solo se podia presionar "OK". Esto sucede cada vez que inicio la sesion con cualquier usuario

- En cuanto conecte una memoria (F:) la computadora se trabo por unos segundos, y despues volvio a ocurrir el problema de los archivos ocultos. Sera possible que tenga algun virus en la memoria?

- La pepelera de reciclaje se muestra llena y cuando le doy click dice que tiene 24 documentos, pero cuando la abro no aparece nada. Ya le pique "Vaciar papelera de reciclaje", use CCleaner y tambien Disk Cleaner pero aun dice lo mismo. Todos muestran que hay 24 archivos pero ninguno lo borra. Al correr Disk Cleaner aparecio esto.

The file or directory /Recycled/Df66.jpg is corrupt and unreadble. Please run the Chkdsk utility

Creo que eso se origina en el drive F: ya que en cuanto lo desconecte la papelera volvio a la normalidad

- AVG y Ewido nuevamente no encontraron nada. Spy Sweeper encontro esto

Trojan Horse encontrado: ldpinch Trojan
HKLM/software/Microsoft/windows/currentversion/mcd

Adware encontrado: cnsmin
HKLM/software/Microsoft/internet explorer/activex compatibility

Trojan Horse encontrado: trojan-relayer-himpax
HKU/WRSS_Profile_S-1-5-21-151103320-2458556691-201262330-500/software/Microsoft/internet explorer/security/ l l installation_id
HKU/WRSS_Profile_S-1-5-21-151103320-2458556691-201262330-1007/software/Microsoft/internet explorer/security/ l l installation_id

Adware encontrado: virtumonde
HKU/WRSS_Profile_S-1-5-21-151103320-2458556691-201262330-1018/software/microsoft/rdfa/
HKU/WRSS_Profile_S-1-5-21-151103320-2458556691-201262330-1018/software/Microsoft/aldd/
HKU…/…-1009/rdfa
HKU…/…-1009/aldd
HKU…/…-1007/rdfa
HKU…/…-1007/aldd

Podria localizarlos y borrarlos usandio regedit pero mejor espero a que me digan que hacer

~~~~~~~

Log Combofix sin F: conectado (no se si importe)

ComboFix 07-10-19.1 - Carlos 2007-10-20 8:55:14.2 - NTFSx86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.203 [GMT -5:00]
Running from: C:\Documents and Settings\Carlos\My Documents\prog\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2007-09-20 to 2007-10-20 )))))))))))))))))))))))))))))))
.

2007-10-18 20:07 <DIR> d-------- C:\Program Files\Disk Cleaner
2007-10-18 19:51 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-18 13:04 <DIR> d-------- C:\Documents and Settings\Carlos\Application Data\Webroot
2007-10-18 08:57 75,328 --a------ C:\WINDOWS\system32\uxnhtxol.exe
2007-10-18 08:54 75,328 --a------ C:\WINDOWS\system32\ugtnacqf.exe
2007-10-18 08:52 340,032 --a------ C:\WINDOWS\system32\vnphmyia.dll
2007-10-16 10:42 75,328 --a------ C:\WINDOWS\system32\xxbwpqmf.exe
2007-10-16 10:29 86,851 -r-hs---- C:\ntde1ect.com
2007-10-14 11:46 86,851 -r-hs---- C:\WINDOWS\system32\avpo.exe
2007-10-14 11:46 75,328 --a------ C:\WINDOWS\system32\gkncyyat.exe
2007-10-14 11:46 27,308 -r-hs---- C:\WINDOWS\system32\avpo0.dll
2007-10-12 17:37 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-10-09 21:34 367,168 ---hs---- C:\WINDOWS\system32\mmllm.bak2
2007-10-09 01:26 75,328 --a------ C:\WINDOWS\system32\jhraerqa.exe
2007-10-08 09:37 <DIR> d--hs---- C:\found.000
2007-10-07 13:50 75,328 --a------ C:\WINDOWS\system32\shqhqdok.exe
2007-10-07 01:56 <DIR> d-------- C:\Program Files\DivX
2007-10-04 16:03 <DIR> d-------- C:\Documents and Settings\Carlos\Contacts
2007-10-04 11:34 <DIR> d-------- C:\Documents and Settings\Carlos\Application Data\Apple Computer
2007-10-03 12:06 1,299 --a------ C:\WINDOWS\mozver.dat
2007-10-03 00:23 75,328 --a------ C:\WINDOWS\system32\vtwnocmk.exe
2007-10-02 13:47 <DIR> C:\Documents and Settings\Carlos\Application Data\'O%§O?"ª<„Sy"
2007-10-01 23:22 75,328 --a------ C:\WINDOWS\system32\udirtksk.exe
2007-09-27 09:45 75,328 --a------ C:\WINDOWS\system32\ncctndnk.exe
2007-09-27 09:39 75,328 --a------ C:\WINDOWS\system32\bqogmuyq.exe
2007-09-26 08:19 75,328 --a------ C:\WINDOWS\system32\uiqocwfs.exe
2007-09-25 01:43 75,328 --a------ C:\WINDOWS\system32\dmvohdtt.exe
2007-09-24 11:46 75,328 --a------ C:\WINDOWS\system32\gobdvyyx.exe
2007-09-23 13:49 <DIR> d-------- C:\ePSXe
2007-09-23 13:24 <DIR> d-------- C:\Documents and Settings\Carlos\Application Data\fltk.org
2007-09-23 12:01 <DIR> d-------- C:\Documents and Settings\Antonio\Application Data\Grisoft
2007-09-23 10:31 <DIR> d-------- C:\Documents and Settings\Bianca\Application Data\Grisoft
2007-09-23 02:49 <DIR> d-------- C:\Documents and Settings\Carlos\Application Data\Media Player Classic
2007-09-23 02:38 <DIR> d-------- C:\Documents and Settings\Carlos\dwhelper
2007-09-22 23:51 <DIR> d-------- C:\Documents and Settings\Carlos\Application Data\Grisoft
2007-09-22 23:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-09-22 23:50 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-09-22 22:58 <DIR> d-------- C:\Documents and Settings\Carlos\Application Data\AdobeUM
2007-09-22 19:17 <DIR> d-------- C:\Program Files\LimeWire
2007-09-22 11:55 <DIR> d-------- C:\Documents and Settings\Carlos\Application Data\SUPERAntiSpyware.com
2007-09-22 11:29 <DIR> d-------- C:\Documents and Settings\Carlos\WINDOWS
2007-09-22 11:29 <DIR> d-------- C:\Documents and Settings\Carlos\Application Data\You've Got Pictures Screensaver
2007-09-22 11:29 <DIR> d-------- C:\Documents and Settings\Carlos\Application Data\SampleView
2007-09-22 11:29 <DIR> d-------- C:\Documents and Settings\Carlos\Application Data\AOL
2007-09-21 21:38 33,792 --a------ C:\WINDOWS\system32\iifcayy.dll
2007-09-21 21:01 33,792 --a------ C:\WINDOWS\system32\gebxvsp.dll
2007-09-21 19:21 33,792 --a------ C:\WINDOWS\system32\hggdeby.dll
2007-09-20 18:17 33,792 --a------ C:\WINDOWS\system32\tuvwwvw.dll
2007-09-20 09:54 <DIR> d-------- C:\WINDOWS\Sun

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2007-10-19 21:04 --------- d-----w C:\Program Files\SUPERAntiSpyware
2007-10-11 21:32 --------- d-----w C:\Documents and Settings\Bianca\Application Data\IMVU
2007-10-08 03:55 --------- d-----w C:\Program Files\IMVU
2007-10-02 18:47 --------- d-----w C:\Documents and Settings\Carlos\Application Data\’O‰ºŒ“¬‹äŠy•”
2007-09-27 11:41 6,448 --sh--w C:\WINDOWS\system32\acbeg.bak2
2007-09-23 01:05 --------- d-----w C:\Documents and Settings\Bianca\Application Data\U3
2007-09-21 22:05 --------- d-----w C:\Documents and Settings\Bianca\Application Data\LimeWire
2007-09-19 01:10 --------- d-----w C:\Documents and Settings\Bianca\Application Data\SUPERAntiSpyware.com
2007-09-17 18:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-09-15 15:21 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-09-14 17:35 --------- d-----w C:\Program Files\SpywareBlaster
2007-09-14 16:07 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-09-12 22:56 --------- d-----w C:\Program Files\MSN Messenger
2007-09-08 18:47 --------- d-----w C:\Program Files\Infogrames Interactive
2007-08-30 23:09 --------- d-----w C:\Program Files\MSN Encarta Plus
2007-08-30 23:09 --------- d-----w C:\Program Files\Microsoft Works
2007-08-30 23:09 --------- d-----w C:\Program Files\LiveUpdate
2007-08-22 22:41 --------- d-----w C:\Documents and Settings\Bianca\Application Data\AdobeUM
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-13 23:54 413,696 ----a-w C:\WINDOWS\system32\vbscript.dll
2007-08-13 23:54 156,160 ----a-w C:\WINDOWS\system32\msls31.dll
2007-08-13 23:45 78,336 ----a-w C:\WINDOWS\system32\ieencode.dll
2007-08-13 23:44 40,960 ----a-w C:\WINDOWS\system32\licmgr10.dll
2007-08-13 23:39 71,680 ----a-w C:\WINDOWS\system32\admparse.dll
2007-08-13 23:39 55,296 ----a-w C:\WINDOWS\system32\iesetup.dll
2007-08-13 23:36 36,352 ----a-w C:\WINDOWS\system32\imgutil.dll
2007-08-13 23:32 45,568 ----a-w C:\WINDOWS\system32\mshta.exe
2007-08-13 23:01 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll
2007-07-31 00:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-31 00:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-31 00:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-31 00:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-31 00:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-31 00:19 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-07-31 00:19 207,736 ----a-w C:\WINDOWS\system32\muweb.dll
2007-07-31 00:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-31 00:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-31 00:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 05:01]
"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" []
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2006-06-27 11:47]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 15:57]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 14:00 C:\WINDOWS\system32\rundll32.exe]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45]

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\run]
"Power2GoExpress"=NA

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 2007-09-14 23:18 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

S2 altio;altio;\??\C:\WINDOWS\system32\altio.sys
S3 motmodem;Motorola USB CDC ACM Driver;C:\WINDOWS\system32\DRIVERS\motmodem.sys

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\C]
AutoRun\command - C:\ntde1ect.com
explore\Command - C:\ntde1ect.com
open\Command - C:\ntde1ect.com

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\D]
AutoRun\command - D:\ntde1ect.com
explore\Command - D:\ntde1ect.com
open\Command - D:\ntde1ect.com

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{0524f8fa-c84e-11db-81a4-0040ca966dfa}]
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
Open(&0)\command - G:\Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{3f083634-ba4d-11db-8164-0040ca966dfa}]
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
Open(&0)\command - Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{5930fb2b-5cdf-11db-bf77-0040ca966dfa}]
AutoRun\command - F:\ntde1ect.com
explore\Command - F:\ntde1ect.com
open\Command - F:\ntde1ect.com

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{66b12c51-05f9-11db-b838-806d6172696f}]
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

.
Contents of the 'Scheduled Tasks' folder
"2007-09-28 11:30:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-10-20 06:08:02 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
"2006-10-06 16:23:34 C:\WINDOWS\Tasks\ISP signup reminder 1.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
.
************************************************** ************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-20 08:57:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2007-10-20 8:58:10
C:\ComboFix2.txt ... 2007-10-18 20:05
.
--- E O F ---

~~~~~~~~~~~~~~~~~

Log HijackThis con el F: conectado

ComboFix 07-10-19.1 - Carlos 2007-10-20 8:55:14.2 - NTFSx86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.203 [GMT -5:00]
Running from: C:\Documents and Settings\Carlos\My Documents\prog\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2007-09-20 to 2007-10-20 )))))))))))))))))))))))))))))))
.

2007-10-18 20:07 <DIR> d-------- C:\Program Files\Disk Cleaner
2007-10-18 19:51 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-18 13:04 <DIR> d-------- C:\Documents and Settings\Carlos\Application Data\Webroot
2007-10-18 08:57 75,328 --a------ C:\WINDOWS\system32\uxnhtxol.exe
2007-10-18 08:54 75,328 --a------ C:\WINDOWS\system32\ugtnacqf.exe
2007-10-18 08:52 340,032 --a------ C:\WINDOWS\system32\vnphmyia.dll
2007-10-16 10:42 75,328 --a------ C:\WINDOWS\system32\xxbwpqmf.exe
2007-10-16 10:29 86,851 -r-hs---- C:\ntde1ect.com
2007-10-14 11:46 86,851 -r-hs---- C:\WINDOWS\system32\avpo.exe
2007-10-14 11:46 75,328 --a------ C:\WINDOWS\system32\gkncyyat.exe
2007-10-14 11:46 27,308 -r-hs---- C:\WINDOWS\system32\avpo0.dll
2007-10-12 17:37 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-10-09 21:34 367,168 ---hs---- C:\WINDOWS\system32\mmllm.bak2
2007-10-09 01:26 75,328 --a------ C:\WINDOWS\system32\jhraerqa.exe
2007-10-08 09:37 <DIR> d--hs---- C:\found.000
2007-10-07 13:50 75,328 --a------ C:\WINDOWS\system32\shqhqdok.exe
2007-10-07 01:56 <DIR> d-------- C:\Program Files\DivX
2007-10-04 16:03 <DIR> d-------- C:\Documents and Settings\Carlos\Contacts
2007-10-04 11:34 <DIR> d-------- C:\Documents and Settings\Carlos\Application Data\Apple Computer
2007-10-03 12:06 1,299 --a------ C:\WINDOWS\mozver.dat
2007-10-03 00:23 75,328 --a------ C:\WINDOWS\system32\vtwnocmk.exe
2007-10-02 13:47 <DIR> C:\Documents and Settings\Carlos\Application Data\'O%§O?"ª<„Sy"
2007-10-01 23:22 75,328 --a------ C:\WINDOWS\system32\udirtksk.exe
2007-09-27 09:45 75,328 --a------ C:\WINDOWS\system32\ncctndnk.exe
2007-09-27 09:39 75,328 --a------ C:\WINDOWS\system32\bqogmuyq.exe
2007-09-26 08:19 75,328 --a------ C:\WINDOWS\system32\uiqocwfs.exe
2007-09-25 01:43 75,328 --a------ C:\WINDOWS\system32\dmvohdtt.exe
2007-09-24 11:46 75,328 --a------ C:\WINDOWS\system32\gobdvyyx.exe
2007-09-23 13:49 <DIR> d-------- C:\ePSXe
2007-09-23 13:24 <DIR> d-------- C:\Documents and Settings\Carlos\Application Data\fltk.org
2007-09-23 12:01 <DIR> d-------- C:\Documents and Settings\Antonio\Application Data\Grisoft
2007-09-23 10:31 <DIR> d-------- C:\Documents and Settings\Bianca\Application Data\Grisoft
2007-09-23 02:49 <DIR> d-------- C:\Documents and Settings\Carlos\Application Data\Media Player Classic
2007-09-23 02:38 <DIR> d-------- C:\Documents and Settings\Carlos\dwhelper
2007-09-22 23:51 <DIR> d-------- C:\Documents and Settings\Carlos\Application Data\Grisoft
2007-09-22 23:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-09-22 23:50 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-09-22 22:58 <DIR> d-------- C:\Documents and Settings\Carlos\Application Data\AdobeUM
2007-09-22 19:17 <DIR> d-------- C:\Program Files\LimeWire
2007-09-22 11:55 <DIR> d-------- C:\Documents and Settings\Carlos\Application Data\SUPERAntiSpyware.com
2007-09-22 11:29 <DIR> d-------- C:\Documents and Settings\Carlos\WINDOWS
2007-09-22 11:29 <DIR> d-------- C:\Documents and Settings\Carlos\Application Data\You've Got Pictures Screensaver
2007-09-22 11:29 <DIR> d-------- C:\Documents and Settings\Carlos\Application Data\SampleView
2007-09-22 11:29 <DIR> d-------- C:\Documents and Settings\Carlos\Application Data\AOL
2007-09-21 21:38 33,792 --a------ C:\WINDOWS\system32\iifcayy.dll
2007-09-21 21:01 33,792 --a------ C:\WINDOWS\system32\gebxvsp.dll
2007-09-21 19:21 33,792 --a------ C:\WINDOWS\system32\hggdeby.dll
2007-09-20 18:17 33,792 --a------ C:\WINDOWS\system32\tuvwwvw.dll
2007-09-20 09:54 <DIR> d-------- C:\WINDOWS\Sun

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2007-10-19 21:04 --------- d-----w C:\Program Files\SUPERAntiSpyware
2007-10-11 21:32 --------- d-----w C:\Documents and Settings\Bianca\Application Data\IMVU
2007-10-08 03:55 --------- d-----w C:\Program Files\IMVU
2007-10-02 18:47 --------- d-----w C:\Documents and Settings\Carlos\Application Data\’O‰ºŒ“¬‹äŠy•”
2007-09-27 11:41 6,448 --sh--w C:\WINDOWS\system32\acbeg.bak2
2007-09-23 01:05 --------- d-----w C:\Documents and Settings\Bianca\Application Data\U3
2007-09-21 22:05 --------- d-----w C:\Documents and Settings\Bianca\Application Data\LimeWire
2007-09-19 01:10 --------- d-----w C:\Documents and Settings\Bianca\Application Data\SUPERAntiSpyware.com
2007-09-17 18:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-09-15 15:21 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-09-14 17:35 --------- d-----w C:\Program Files\SpywareBlaster
2007-09-14 16:07 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-09-12 22:56 --------- d-----w C:\Program Files\MSN Messenger
2007-09-08 18:47 --------- d-----w C:\Program Files\Infogrames Interactive
2007-08-30 23:09 --------- d-----w C:\Program Files\MSN Encarta Plus
2007-08-30 23:09 --------- d-----w C:\Program Files\Microsoft Works
2007-08-30 23:09 --------- d-----w C:\Program Files\LiveUpdate
2007-08-22 22:41 --------- d-----w C:\Documents and Settings\Bianca\Application Data\AdobeUM
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-13 23:54 413,696 ----a-w C:\WINDOWS\system32\vbscript.dll
2007-08-13 23:54 156,160 ----a-w C:\WINDOWS\system32\msls31.dll
2007-08-13 23:45 78,336 ----a-w C:\WINDOWS\system32\ieencode.dll
2007-08-13 23:44 40,960 ----a-w C:\WINDOWS\system32\licmgr10.dll
2007-08-13 23:39 71,680 ----a-w C:\WINDOWS\system32\admparse.dll
2007-08-13 23:39 55,296 ----a-w C:\WINDOWS\system32\iesetup.dll
2007-08-13 23:36 36,352 ----a-w C:\WINDOWS\system32\imgutil.dll
2007-08-13 23:32 45,568 ----a-w C:\WINDOWS\system32\mshta.exe
2007-08-13 23:01 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll
2007-07-31 00:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-31 00:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-31 00:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-31 00:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-31 00:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-31 00:19 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-07-31 00:19 207,736 ----a-w C:\WINDOWS\system32\muweb.dll
2007-07-31 00:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-31 00:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-31 00:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 05:01]
"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" []
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2006-06-27 11:47]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 15:57]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 14:00 C:\WINDOWS\system32\rundll32.exe]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45]

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\run]
"Power2GoExpress"=NA

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 2007-09-14 23:18 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

S2 altio;altio;\??\C:\WINDOWS\system32\altio.sys
S3 motmodem;Motorola USB CDC ACM Driver;C:\WINDOWS\system32\DRIVERS\motmodem.sys

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\C]
AutoRun\command - C:\ntde1ect.com
explore\Command - C:\ntde1ect.com
open\Command - C:\ntde1ect.com

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\D]
AutoRun\command - D:\ntde1ect.com
explore\Command - D:\ntde1ect.com
open\Command - D:\ntde1ect.com

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{0524f8fa-c84e-11db-81a4-0040ca966dfa}]
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
Open(&0)\command - G:\Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{3f083634-ba4d-11db-8164-0040ca966dfa}]
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
Open(&0)\command - Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{5930fb2b-5cdf-11db-bf77-0040ca966dfa}]
AutoRun\command - F:\ntde1ect.com
explore\Command - F:\ntde1ect.com
open\Command - F:\ntde1ect.com

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{66b12c51-05f9-11db-b838-806d6172696f}]
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

.
Contents of the 'Scheduled Tasks' folder
"2007-09-28 11:30:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-10-20 06:08:02 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
"2006-10-06 16:23:34 C:\WINDOWS\Tasks\ISP signup reminder 1.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
.
************************************************** ************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-20 08:57:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2007-10-20 8:58:10
C:\ComboFix2.txt ... 2007-10-18 20:05
.
--- E O F ---

~~~~~~~~~~

Eso seria todo.

Hay algun programa especial para checar el drive F:? Ya que los programas que uso para scanneralo no me muestran nada, pero en cuanto lo conecte comenzo el problema.

Última edición por Perfent fecha: 20/10/07 a las 18:15:24. Razón: Acabo de encontrar algo mas