| Re: Ayudenme porfavor!!!! mi memory stick infectada!!!
Hola otra vez.... les cuento que segui sus instrucciones al pie de la letra... y no se eliminaron los cuatro archivos.. ruego me ayuden con esto porfis.... les dejo el reporte del combofix para que lo chequen: Cita:
ComboFix 08-02-25.3 - cliente 2008-02-29 9:44:35.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.44 [GMT -5:00]
Running from: C:\Documents and Settings\cliente\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Autorun.inf
C:\WINDOWS\system32\kavo.exe
C:\WINDOWS\system32\kavo0.dll
C:\WINDOWS\system32\kavo1.dll
.
((((((((((((((((((((((((( Files Created from 2008-01-28 to 2008-02-29 )))))))))))))))))))))))))))))))
.
2008-02-28 07:28 . 2008-02-29 09:09 116,587 -r-hs---- C:\6qe.com
2008-02-19 15:29 . 2008-02-27 09:00 112,168 -r-hs---- C:\h2.com
2008-02-18 11:03 . 2008-02-18 11:03 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-02-18 11:03 . 2008-02-18 11:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-02-18 10:50 . 2008-02-18 10:50 <DIR> d-------- C:\Program Files\Photoshop
2008-02-17 12:15 . 2008-02-17 12:14 112,576 -r-hs---- C:\8u.com
2008-02-14 08:08 . 2008-02-14 08:07 113,217 -r-hs---- C:\p3r1ud.exe
2008-02-13 19:17 . 2008-02-13 19:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-02-13 07:35 . 2008-02-13 07:35 <DIR> d-------- C:\Documents and Settings\cliente\Application Data\GibbHill Properties Ltd
2008-02-11 10:22 . 2008-02-28 07:40 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-11 10:22 . 2008-02-11 10:22 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-08 15:56 . 2008-02-08 15:55 114,827 -r-hs---- C:\8ot8y86.exe
2008-02-06 14:23 . 2008-02-06 14:23 <DIR> d-------- C:\Program Files\Alwil Software
2008-02-06 14:23 . 2007-12-04 08:04 837,496 --a------ C:\WINDOWS\SYSTEM32\aswBoot.exe
2008-02-06 14:23 . 2004-01-09 05:13 380,928 --a------ C:\WINDOWS\SYSTEM32\actskin4.ocx
2008-02-06 14:23 . 2007-12-04 07:54 95,608 --a------ C:\WINDOWS\SYSTEM32\AVASTSS.scr
2008-02-06 14:23 . 2007-12-04 09:55 94,544 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aswmon2.sys
2008-02-06 14:23 . 2007-12-04 09:56 93,264 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aswmon.sys
2008-02-06 14:23 . 2007-12-04 09:51 42,912 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aswTdi.sys
2008-02-06 14:23 . 2007-12-04 09:49 26,624 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aavmker4.sys
2008-02-06 14:23 . 2007-12-04 09:53 23,152 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aswRdr.sys
2008-02-06 14:15 . 2008-02-06 14:15 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-02-19 20:58 --------- d-----w C:\Documents and Settings\cliente\Application Data\AdobeUM
2008-02-18 16:08 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-18 15:52 --------- d-----w C:\Program Files\Ares
2008-02-15 17:39 --------- d-----w C:\Program Files\IDoser v4
2008-02-06 19:06 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-06 19:06 --------- d-----w C:\Program Files\Common Files\Panda Software
2008-02-06 19:03 --------- d-----w C:\Program Files\MSN Messenger
2008-02-06 18:47 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-02-06 18:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-06 14:02 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2008-02-06 13:59 --------- d-----w C:\Program Files\QuickTime
2008-02-05 14:36 --------- d-----w C:\Program Files\Google
2008-02-05 02:57 --------- d-----w C:\Program Files\Microsoft Encarta
2008-02-05 02:52 --------- d-----w C:\Program Files\Common Files\Real
2008-01-11 12:52 --------- d-----w C:\Program Files\AvancePaint
2008-01-11 05:53 44,544 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\pngfilt.dll
2007-12-19 23:01 347,136 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtmsft.dll
2007-12-18 09:51 179,584 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mrxdav.sys
2007-12-16 00:36 11,392,476 --sh--r C:\WINDOWS\himem.exe
2007-12-08 05:21 3,592,192 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2007-12-06 11:01 625,664 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
2007-12-06 11:00 70,656 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
2007-12-06 11:00 13,824 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
2007-12-06 04:59 161,792 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\SYSTEM32\oleaut32.dll
2007-12-04 18:38 550,912 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\oleaut32.dll
2005-12-06 16:50 3,596,576 --sha-w C:\WINDOWS\fidbox.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208]
"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgen t.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03 36975]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 02:01 110592]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2006-01-17 13:03 135168]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86 \3\hpztsb09.exe" [2004-01-05 02:30 176128]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38 241664]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent .exe" [ ]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\McUpda te.exe" [ ]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 09:35 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 09:32 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 09:36 114688]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 15:49 49152]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 16:17 159744]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41 282624]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp. exe" [2007-12-04 08:00 79224]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 06:00 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 19:28:24 258048]
Inicio r pido de HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 19:50:52 53248]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winhwr32]
winhwr32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
--a------ 2004-12-06 02:05 127035 C:\WINDOWS\system32\dla\tfswctrl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McRegWiz]
C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPSExe]
C:\Program Files\McAfee.com\MPS\mscifapp.exe
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\MSMSGS.EXE"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
R2 NwSapAgent;SAP Agent;C:\WINDOWS\system32\svchost.exe [2004-08-04 06:00]
R3 axvdkbus;axvdkbus;C:\WINDOWS\system32\DRIVERS\axvd kbus.sys [2003-02-25 20:43]
R3 axvodka;axvodka;C:\WINDOWS\system32\DRIVERS\axvodk a.sys [2003-02-27 18:50]
S3 o1394bul;o1394bul;C:\DOCUME~1\cliente\LOCALS~1\Tem p\o1394bul.sys []
S3 PavSRK.sys;PavSRK.sys;C:\WINDOWS\system32\PavSRK.s ys []
S3 PavTPK.sys;PavTPK.sys;C:\WINDOWS\system32\PavTPK.s ys []
S3 SE2Fbus;Sony Ericsson Device 047 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Fbus.sys [2006-11-10 09:55]
S3 SE2Fmdfl;Sony Ericsson Device 047 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE2Fmdfl.sys [2006-11-10 09:55]
S3 SE2Fmdm;Sony Ericsson Device 047 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE2Fmdm.sys [2006-11-10 09:55]
S3 SE2Fmgmt;Sony Ericsson Device 047 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE2Fmgmt.sys [2006-11-10 09:55]
S3 se2Fnd5;Sony Ericsson Device 047 USB Ethernet Emulation SEMC47 (NDIS);C:\WINDOWS\system32\DRIVERS\se2Fnd5.sys [2006-11-10 09:55]
S3 SE2Fobex;Sony Ericsson Device 047 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE2Fobex.sys [2006-11-10 09:55]
S3 se2Funic;Sony Ericsson Device 047 USB Ethernet Emulation SEMC47 (WDM);C:\WINDOWS\system32\DRIVERS\se2Funic.sys [2006-11-10 09:55]
S3 SE30bus;Sony Ericsson Device 048 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE30bus.sys [2006-11-10 09:48]
S3 SE30mdfl;Sony Ericsson Device 048 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE30mdfl.sys [2006-11-10 09:48]
S3 SE30mdm;Sony Ericsson Device 048 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE30mdm.sys [2006-11-10 09:48]
S3 SE30mgmt;Sony Ericsson Device 048 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE30mgmt.sys [2006-11-10 09:48]
S3 se30nd5;Sony Ericsson Device 048 USB Ethernet Emulation SEMC48 (NDIS);C:\WINDOWS\system32\DRIVERS\se30nd5.sys [2006-11-10 09:48]
S3 SE30obex;Sony Ericsson Device 048 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE30obex.sys [2006-11-10 09:48]
S3 se30unic;Sony Ericsson Device 048 USB Ethernet Emulation SEMC48 (WDM);C:\WINDOWS\system32\DRIVERS\se30unic.sys [2006-11-10 09:48]
S3 usb2vcom;Nokia CA-42 USB;C:\WINDOWS\system32\DRIVERS\usb2vcom.sys [2005-11-11 11:31]
S3 w300bus;Sony Ericsson W300 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\w300bus.sys [2006-03-13 15:49]
S3 w300mdfl;Sony Ericsson W300 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w300mdfl.sys [2006-03-13 15:50]
S3 w300mdm;Sony Ericsson W300 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w300mdm.sys [2006-03-13 15:50]
S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w300mgmt.sys [2006-03-13 15:50]
S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w300obex.sys [2006-03-13 15:50]
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{50196265-8346-11dc-9251-001111c3a8d3}]
\Shell\AutoRun\command - fooool.exe
\Shell\explore\Command - fooool.exe
\Shell\open\Command - fooool.exe
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{7d346bde-0b20-11dc-916a-001111c3a8d3}]
\Shell\Auto\command - adp.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL adp.exe
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{88d1a3ff-3536-11dc-91d4-001111c3a8d3}]
\Shell\AutoRun\command - G:\p3r1ud.exe
\Shell\explore\Command - G:\p3r1ud.exe
\Shell\open\Command - G:\p3r1ud.exe
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{8fe8bf62-23e1-11dc-91a8-001111c3a8d3}]
\Shell\AutoRun\command - H:\8ot8y86.exe
\Shell\explore\Command - H:\8ot8y86.exe
\Shell\open\Command - H:\8ot8y86.exe
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{ad0657e6-d4e2-11dc-92d3-001111c3a8d3}]
\Shell\AutoRun\command - SSVICHOSST.exe
.
Contents of the 'Scheduled Tasks' folder
"2005-12-27 21:50:24 C:\WINDOWS\Tasks\XoftSpy.job"
- C:\Program Files\XoftSpy\XoftSpy.exe
.
************************************************** ************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-29 09:51:34
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
Completion time: 2008-02-29 9:55:09
ComboFix-quarantined-files.txt 2008-02-29 14:55:06
.
2008-02-14 04:41:02 --- E O F ---
| |