| Re: trojan mailskinner con infecciones!
he ejecutado los programas k me has dixo, aqui te dejo el archivo:
ComboFix 08-02.05.1 - mireia 2008-02-04 22:20:44.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.3082.18.1549 [GMT 1:00]
Se ejecuta desde: C:\Users\mireia\Desktop\ComboFix.exe
* Creado un nuevo punto de restauración
.
(((((((((((((((((( Archivos creados desde 2008-01-04 - 2008-02-04 )))))))))))))))))))))))))))))))))
.
2008-02-04 16:08 . 2008-02-04 16:08 <DIR> d-------- C:\Users\mireia\AppData\Roaming\SUPERAntiSpyware.c om
2008-02-04 16:08 . 2008-02-04 21:53 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-02-04 16:07 . 2008-02-04 16:07 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-03 20:15 . 2008-02-03 20:15 <DIR> d-------- C:\Users\All Users\Yahoo! Companion
2008-02-03 20:15 . 2008-02-03 20:15 <DIR> d-------- C:\ProgramData\Yahoo! Companion
2008-02-03 19:29 . 2008-02-03 19:29 <DIR> d-------- C:\Program Files\IObit
2008-02-03 19:18 . 2008-02-03 19:18 <DIR> d-------- C:\Program Files\Yahoo!
2008-02-03 19:18 . 2008-02-03 19:18 <DIR> d-------- C:\Program Files\CCleaner
2008-02-03 17:57 . 2008-02-03 17:57 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-03 00:49 . 2008-02-03 17:51 <DIR> d-------- C:\Program Files\SpyBro
2008-02-02 23:12 . 2008-02-03 17:42 <DIR> d-------- C:\Program Files\PCPitstop
2008-02-02 22:55 . 2008-02-02 22:55 <DIR> d-------- C:\Windows\BDOSCAN8
2008-02-02 22:54 . 2008-02-02 22:54 <DIR> d-------- C:\Windows\McAfee.com
2008-02-02 22:50 . 2008-02-02 22:50 <DIR> d-------- C:\Windows\System32\ActiveScan
2008-02-02 21:57 . 2008-02-02 21:57 <DIR> d-------- C:\Windows\System32\Kaspersky Lab
2008-02-02 21:38 . 2008-02-02 21:38 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-02-02 21:38 . 2008-02-02 21:38 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com
2008-02-02 18:34 . 2008-02-04 22:08 <DIR> d-a------ C:\Users\All Users\TEMP
2008-02-02 18:34 . 2008-02-04 22:08 <DIR> d-a------ C:\ProgramData\TEMP
2008-02-02 18:33 . 2008-02-02 18:33 <DIR> d-------- C:\Users\mireia\AppData\Roaming\PC Tools
2008-02-02 18:33 . 2008-02-04 14:34 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-02-02 18:33 . 2007-12-10 14:53 81,288 --a------ C:\Windows\System32\drivers\iksyssec.sys
2008-02-02 18:33 . 2007-12-10 14:53 66,952 --a------ C:\Windows\System32\drivers\iksysflt.sys
2008-02-02 18:33 . 2007-12-10 14:53 41,864 --a------ C:\Windows\System32\drivers\ikfilesec.sys
2008-02-02 18:33 . 2007-12-10 14:53 29,576 --a------ C:\Windows\System32\drivers\kcom.sys
2008-01-31 23:43 . 2008-01-31 23:43 <DIR> d-------- C:\Program Files\Ares
2008-01-31 19:07 . 2008-01-12 18:32 23,904 --a------ C:\Windows\System32\drivers\COH_Mon.sys
2008-01-31 19:07 . 2008-01-15 09:54 10,537 --a------ C:\Windows\System32\drivers\COH_Mon.cat
2008-01-31 19:07 . 2008-01-15 05:28 706 --a------ C:\Windows\System32\drivers\COH_Mon.inf
2008-01-31 18:09 . 2007-07-12 02:49 186,256 --a------ C:\Windows\System32\SymNPPWA.dll
2008-01-31 17:52 . 2008-01-31 17:52 16 --a------ C:\Windows\System32\coh.cache
2008-01-31 17:40 . 2008-02-03 01:28 <DIR> d-------- C:\Program Files\Norton 360
2008-01-31 17:38 . 2008-01-31 18:08 123,952 --a------ C:\Windows\System32\drivers\SYMEVENT.SYS
2008-01-31 17:38 . 2008-01-31 18:08 10,740 --a------ C:\Windows\System32\drivers\SYMEVENT.CAT
2008-01-31 17:38 . 2008-01-31 18:08 805 --a------ C:\Windows\System32\drivers\SYMEVENT.INF
2008-01-31 17:30 . 2008-01-31 18:08 <DIR> d-------- C:\Program Files\Symantec
2008-01-31 15:01 . 2008-02-02 20:01 <DIR> d-------- C:\Program Files\Disk Cleaner
2008-01-21 20:28 . 2008-01-21 20:32 <DIR> d-------- C:\Users\mireia\AppData\Roaming\Skype
2008-01-10 17:13 . 2008-01-31 17:59 <DIR> d-------- C:\Users\mireia\AppData\Roaming\Symantec
2008-01-09 15:01 . 2008-01-09 15:01 53,248 --a------ C:\Windows\bdoscandel.exe
2008-01-09 15:01 . 2008-01-09 15:01 453 --a------ C:\Windows\bdoscandellang.ini
2008-01-09 14:36 . 2008-01-09 14:36 802,816 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-01-09 14:36 . 2008-01-09 14:36 216,760 --a------ C:\Windows\System32\drivers\netio.sys
2008-01-09 14:36 . 2008-01-09 14:36 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
2008-01-09 14:36 . 2008-01-09 14:36 24,064 --a------ C:\Windows\System32\netcfg.exe
2008-01-09 14:36 . 2008-01-09 14:36 22,016 --a------ C:\Windows\System32\netiougc.exe
2008-01-09 14:35 . 2008-01-09 14:35 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-01-09 14:35 . 2008-01-09 14:35 1,686,016 --a------ C:\Windows\System32\gameux.dll
2008-01-09 14:35 . 2008-01-09 14:35 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
2008-01-09 14:35 . 2008-01-09 14:35 211,000 --a------ C:\Windows\System32\drivers\volsnap.sys
2008-01-09 14:35 . 2008-01-09 14:35 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-01-09 14:35 . 2008-01-09 14:35 109,624 --a------ C:\Windows\System32\drivers\ataport.sys
2008-01-09 14:35 . 2008-01-09 14:35 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys
2008-01-09 14:35 . 2008-01-09 14:35 21,560 --a------ C:\Windows\System32\drivers\atapi.sys
2008-01-09 14:35 . 2008-01-09 14:35 15,928 --a------ C:\Windows\System32\drivers\pciide.sys
2008-01-09 14:35 . 2008-01-09 14:35 11,776 --a------ C:\Windows\System32\sbunattend.exe
2008-01-06 17:04 . 2003-10-02 00:00 413,696 --a------ C:\Windows\System32\PICSDK.dll
2008-01-06 17:04 . 2002-11-01 00:00 114,688 --a------ C:\Windows\System32\EpPicPrt.dll
2008-01-06 17:04 . 2003-10-02 00:00 91,923 --a------ C:\Windows\System32\EPPICPrinterDB.dat
2008-01-06 17:04 . 2003-10-02 00:00 76,956 --a------ C:\Windows\System32\EPPICPattern2.dat
2008-01-06 17:04 . 2002-11-01 00:00 65,536 --a------ C:\Windows\System32\EPPicMgr.dll
2008-01-06 17:04 . 2003-10-02 00:00 39,121 --a------ C:\Windows\System32\EPPICPattern1.dat
2008-01-06 17:04 . 2003-10-02 00:01 27,965 --a------ C:\Windows\System32\EPPICPresetData_JP.dat
2008-01-06 17:04 . 2003-10-02 00:00 15,822 --a------ C:\Windows\System32\EPPICLocal_JP.cfg
2008-01-06 17:04 . 2003-10-02 00:00 14,482 --a------ C:\Windows\System32\EPPICLocal_EN.cfg
.
(((((((((((((((((((((((((((((((((((((( Reporte Find3M )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
2008-02-04 20:33 --------- d-----w C:\ProgramData\Messenger Plus!
2008-02-02 22:36 --------- d-----w C:\Program Files\Picasa2
2008-02-02 19:34 101,376 ----a-w C:\Windows\system32\drivers\ACEDRV07.sys
2008-02-01 14:14 --------- d-----w C:\ProgramData\Symantec
2008-01-31 17:06 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-31 14:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-31 14:03 --------- d-----w C:\ProgramData\QuickTime
2008-01-28 22:00 --------- d-----w C:\ProgramData\Roxio
2008-01-22 22:57 --------- d-----w C:\Program Files\Google
2008-01-20 22:21 --------- d-----w C:\Users\mireia\AppData\Roaming\Packard Bell
2008-01-09 14:06 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-09 14:06 --------- d-----w C:\Program Files\Windows Mail
2008-01-09 13:35 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-01-09 13:35 449,024 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-01-09 13:35 2,143,744 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-01-09 13:35 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-01-05 19:01 --------- d-----w C:\Users\mireia\AppData\Roaming\Image Zone Express
2007-12-26 00:59 --------- d-----w C:\Program Files\MSN Messenger
2007-12-25 19:15 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-12-13 00:14 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2007-12-13 00:14 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2007-12-13 00:14 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2007-12-13 00:14 --------- d-----w C:\ProgramData\Microsoft Help
2007-12-13 00:13 824,832 ----a-w C:\Windows\System32\wininet.dll
2007-12-13 00:13 56,320 ----a-w C:\Windows\System32\iesetup.dll
2007-12-13 00:13 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2007-12-13 00:13 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2007-12-13 00:06 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2007-12-13 00:06 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2007-12-13 00:06 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2007-12-13 00:06 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2007-12-13 00:05 3,504,824 ----a-w C:\Windows\System32\ntkrnlpa.exe
2007-12-13 00:05 3,470,520 ----a-w C:\Windows\System32\ntoskrnl.exe
2007-12-09 20:27 --------- d-----w C:\Program Files\Lanaccess
2007-11-14 23:22 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2007-11-14 23:22 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2007-11-14 23:22 542,720 ----a-w C:\Windows\System32\sysmain.dll
2007-11-14 23:22 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2007-11-14 23:22 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2007-11-14 23:22 297,984 ----a-w C:\Windows\System32\wlansec.dll
2007-11-14 23:22 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2007-11-14 23:22 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2007-11-14 23:22 2,923,520 ----a-w C:\Windows\explorer.exe
2007-11-14 23:22 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2007-11-14 23:20 8,704 ----a-w C:\Windows\System32\hcrstco.dll
2007-11-14 23:20 8,704 ----a-w C:\Windows\System32\hccoin.dll
2007-11-14 23:20 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2007-11-05 13:19 356,352 ----a-w C:\Windows\eSellerateEngine.dll
2007-10-28 10:52 174 --sha-w C:\Program Files\desktop.ini
.
((((((((((((((((((((((((((((((((( Cargando Puntos Reg ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* entradas vacías & entradas legítimas predeterminadas no son mostradas
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 17:07 4390912 C:\Windows\RtHDVCpl.exe]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 14:35 1232896]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 22:59 115816]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 20:52 49152]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-08-16 16:19 5728112]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-10-28 14:44 1838592]
"ares"="C:\Program Files\Ares\Ares.exe" [2007-12-31 15:29 962560]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-12 05:28 86016]
"NvMediaCenter"="C:\Windows\system32\NvMcTray. dll" [2007-09-12 05:28 81920]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-12 05:28 8497696]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
"toolbar_eula_launcher"="C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 17:20 28672]
"ACTIVBOARD"="C:\Program Files\Packard Bell\FIJI\aboard.exe" [2007-01-18 13:03 79416]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2007-12-10 14:53 1103752]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-01-11 10:40 232184]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 03:40 218032]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-07-24 12:46 1006264]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2007-12-10 14:53 1103752]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 22:59 115816]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 22:18 443968]
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\system]
"LogonHoursAction"= 2 (0x2)
"DontDisplayLogonHoursWarnings"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~ 1.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnsyslog]
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsd efs\20080122.002\IDSvix86.sys [2007-12-04 18:05]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMN DISV.SYS [2007-01-09 23:32]
S3 MA8630U;MA8630U;C:\Windows\system32\DRIVERS\MA8630 U.sys [2006-06-14 12:02]
S3 MaRdPnp;MaRdPnp;C:\Windows\system32\DRIVERS\MaRdP2 K.sys [2005-08-18 04:44]
S3 stllssvr;stllssvr;"C:\Program Files\Common Files\SureThing Shared\stllssvr.exe" [2006-09-14 13:54]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\D]
\shell\AutoRun\command - D:\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\J]
\shell\AutoRun\command - J:\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{2694e71f-79a1-11dc-91b5-001c252698a3}]
\shell\AutoRun\command - J:\autorun.exe
*Newly Created Service* - COMHOST
.
Contenido de carpeta 'Tareas Programadas'
"2008-02-04 20:40:00 C:\Windows\Tasks\Comprobar actualizaciones de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-02-04 21:00:00 C:\Windows\Tasks\Garantía ampliable.job"
- C:\Program Files\Packard Bell\SetupmyPC\PBCarNot.exe
"2008-02-04 18:18:09 C:\Windows\Tasks\User_Feed_Synchronization-{46C9A110-7697-4E31-8116-B03D76D69046}.job"
- C:\Windows\system32\msfeedssync.exe
.
************************************************** ************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-04 22:22:58
Windows 6.0.6000 NTFS
detected NTDLL code modification:
ZwClose
escaneando procesos ocultos ...
escaneando entradas ocultas de autostart ...
escaneando archivos ocultos ...
el escaneo se completo con exito
archivos ocultos: 0
************************************************** ************************
.
Tiempo completado: 2008-02-04 22:24:05
.
2008-02-01 14:16:13 --- E O F ---
Última edición por mireyeta19 fecha: 04/02/08 a las 17:04:41.
|