Foro de Spyware - Ver Mensaje Individual - Project 1 me ha atacado!! ayuda creo infecto mi red local

Tema: Project 1 me ha atacado!! ayuda creo infecto mi red local

Ver Mensaje Individual

post #3 (permalink)

11/04/08, 19:33:21

churritoslwch churritoslwch está offline

Usuario

Registrado: abr 2008

Ubicación: Mexico

Mensajes: 2

Gracias a El Piedra por la ayuda

Realice todos los pasos q me recomendaste y este fue el log del combofix

ComboFix 08-04-11.5 - churrito 2008-04-11 18:14:06.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.34.3082.18.592 [GMT -5:00]
Se ejecuta desde: D:\01_CHURRI\programas\ComboFix.exe
* Creado un nuevo punto de restauración

ADVERTENCIA - ESTE EQUIPO NO TIENE INSTALADA LA CONSOLA DE RECUPERACION!
.

(((((((((((((((((((((((((((((((((((( Otras eliminaciones )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
C:\WINDOWS\system32\config\svchost.exe

.
(((((((((((((((((( Archivos creados desde 2008-03-11 - 2008-04-11 )))))))))))))))))))))))))))))))))
.

2008-04-11 17:52 . 2008-04-11 17:52 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\SUPERAntiSpyware.com
2008-04-11 17:51 . 2008-04-11 17:51 <DIR> d-------- C:\Documents and Settings\churrito\Datos de programa\SUPERAntiSpyware.com
2008-04-11 17:51 . 2008-04-11 18:06 <DIR> d-------- C:\Archivos de programa\SUPERAntiSpyware
2008-04-10 10:39 . 2008-04-10 10:39 <DIR> d-------- C:\Archivos de programa\CCleaner
2008-04-10 10:38 . 2008-04-10 10:38 <DIR> d-------- C:\Documents and Settings\churrito\Datos de programa\Malwarebytes
2008-04-10 10:38 . 2008-04-10 10:38 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\Malwarebytes
2008-04-10 10:38 . 2008-04-10 10:38 <DIR> d-------- C:\Archivos de programa\Malwarebytes' Anti-Malware
2008-04-10 09:25 . 2008-04-10 09:27 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\Lavasoft
2008-04-10 09:25 . 2008-04-10 09:25 <DIR> d-------- C:\Archivos de programa\Lavasoft
2008-04-09 16:37 . 2008-04-10 17:54 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-04-09 09:45 . 2008-04-11 17:51 <DIR> d-------- C:\Archivos de programa\Archivos comunes\Wise Installation Wizard
2008-04-08 17:30 . 2008-04-08 17:30 <DIR> d-------- C:\Archivos de programa\Archivos comunes\Nero
2008-04-08 17:28 . 2008-04-08 17:28 <DIR> d-------- C:\Archivos de programa\Archivos comunes\Ahead
2008-04-08 17:28 . 2008-04-08 17:28 <DIR> d-------- C:\Archivos de programa\Ahead
2008-04-08 17:28 . 2004-07-26 17:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2008-04-08 17:28 . 2004-07-26 17:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2008-04-08 17:28 . 2004-07-26 17:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2008-04-08 17:28 . 2004-07-26 17:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2008-04-08 17:28 . 2001-07-09 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-04-08 17:28 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2008-04-08 16:41 . 2008-04-08 16:41 <DIR> d-------- C:\Archivos de programa\Trend Micro
2008-04-05 12:08 . 2008-04-05 12:08 <DIR> d-------- C:\Documents and Settings\churrito\Datos de programa\Grisoft
2008-04-05 12:08 . 2008-04-05 12:08 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\Grisoft
2008-04-04 19:42 . 2008-04-05 10:42 <DIR> d-a------ C:\Documents and Settings\All Users\Datos de programa\TEMP
2008-04-04 19:41 . 2008-04-11 17:41 <DIR> d-------- C:\Archivos de programa\SpywareBlaster
2008-04-04 19:41 . 2005-08-25 19:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
2008-04-04 11:59 . 2008-04-04 11:59 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\Corel
2008-04-04 11:59 . 2008-04-04 11:59 <DIR> d-------- C:\Archivos de programa\Archivos comunes\Protexis
2008-04-04 11:57 . 2008-04-04 11:57 <DIR> d-------- C:\Archivos de programa\Archivos comunes\Corel
2008-04-04 11:47 . 2008-04-10 15:29 110 --a------ C:\WINDOWS\fiery.ini
2008-04-04 11:45 . 2000-04-11 12:16 122,880 --a------ C:\WINDOWS\system32\net_wsck.dll
2008-04-04 11:45 . 2000-03-14 13:08 69,632 --a------ C:\WINDOWS\system32\efitrans.dll
2008-04-02 10:08 . 2004-08-19 08:42 57,856 --a------ C:\WINDOWS\system32\schosv.exe
2008-04-02 10:08 . 2008-02-24 08:02 24,576 -rahs---- C:\debian.exe
2008-03-28 18:48 . 2008-03-28 18:48 <DIR> d-------- C:\Archivos de programa\Archivos comunes\NSV
2008-03-25 12:09 . 2008-03-25 12:09 <DIR> d-------- C:\Archivos de programa\USB Keyboard Driver
2008-03-25 12:09 . 2008-03-25 12:34 <DIR> d-------- C:\Archivos de programa\MultiKeyboard Driver
2008-03-25 12:09 . 2008-03-25 12:33 <DIR> d-------- C:\Archivos de programa\Hotkey
2008-03-25 12:09 . 2008-03-25 12:13 104 --a------ C:\WINDOWS\Mycomputer.lnk
2008-03-25 12:09 . 2008-03-25 12:13 78 --a------ C:\WINDOWS\Hotkey.INI
2008-03-25 12:08 . 2008-03-25 12:08 <DIR> d-------- C:\WINDOWS\setup
2008-03-24 10:27 . 2008-03-24 10:27 <DIR> d-------- C:\Archivos de programa\MSXML 6.0
2008-03-19 17:49 . 2008-03-19 17:49 <DIR> d-------- C:\Documents and Settings\churrito\Datos de programa\Bitstream
2008-03-19 15:05 . 2008-04-11 17:45 2,516 --ahs---- C:\Documents and Settings\All Users\Datos de programa\KGyGaAvL.sys
2008-03-19 15:05 . 2008-04-04 12:05 88 -r-hs---- C:\Documents and Settings\All Users\Datos de programa\A1375D7E6F.sys
2008-03-17 19:31 . 2008-03-17 19:31 <DIR> d-------- C:\WINDOWS\Sun
2008-03-17 10:46 . 2008-04-11 18:04 <DIR> d-------- C:\Documents and Settings\churrito\Datos de programa\DNA
2008-03-17 10:46 . 2008-04-08 16:10 <DIR> d-------- C:\Documents and Settings\churrito\Datos de programa\BitTorrent
2008-03-17 10:46 . 2008-03-17 10:46 <DIR> d-------- C:\Archivos de programa\DNA
2008-03-17 10:46 . 2008-03-17 10:46 <DIR> d-------- C:\Archivos de programa\BitTorrent

.
(((((((((((((((((((((((((((((((((((((( Reporte Find3M )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
2008-04-11 20:30 112,496 ----a-w C:\Documents and Settings\churrito\Datos de programa\GDIPFONTCACHEV1.DAT
2008-04-11 18:10 --------- d-----w C:\Documents and Settings\churrito\Datos de programa\LimeWire
2008-04-04 16:45 --------- d--h--w C:\Archivos de programa\InstallShield Installation Information
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 21:22 --------- d-----w C:\Archivos de programa\Corel
2008-03-19 20:05 --------- d-----w C:\Documents and Settings\churrito\Datos de programa\Corel
2008-03-13 17:08 --------- d-----w C:\Archivos de programa\Java
2008-03-10 16:00 --------- d-----w C:\Archivos de programa\LimeWire
2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-27 18:08 --------- d-----w C:\Archivos de programa\Archivos comunes\Adobe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-01-21 15:50 315,392 ----a-w C:\WINDOWS\HideWin.exe
.

((((((((((((((((((((((((((((((((( Cargando Puntos Reg ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* entradas vacías & entradas legítimas predeterminadas no son mostradas

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"MsnMsgr"="C:\Archivos de programa\Windows Live\Messenger\MsnMsgr.exe" [2008-01-30 10:36 5724184]
"MSMSGS"="C:\Archivos de programa\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 08:42 15360]
"BitTorrent DNA"="C:\Archivos de programa\DNA\btdna.exe" [2008-03-31 10:32 288576]
"SUPERAntiSpyware"="C:\Archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"avgnt"="C:\Archivos de programa\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-01-19 14:17 249896]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 18:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-02-26 16:03 16125440 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 19:04 2879488 C:\WINDOWS\SkyTel.exe]
"ISUSPM Startup"="C:\Archivos de programa\Archivos comunes\InstallShield\UpdateService\isuspm.exe" [2005-08-11 17:30 249856]
"ISUSScheduler"="C:\Archivos de programa\Archivos comunes\InstallShield\UpdateService\issch.exe" [2005-08-11 17:30 81920]
"SunJavaUpdateSched"="C:\Archivos de programa\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-02-07 09:39 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-02-07 09:36 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-02-07 09:40 118784]
"WinampAgent"="C:\Archivos de programa\Winamp\winampa.exe" [2008-01-15 17:54 37376]
"Adobe Reader Speed Launcher"="C:\Archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.e xe" [2001-07-09 11:50 155648]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 08:42 15360]

C:\Documents and Settings\All Users\Men£ Inicio\Programas\Inicio\
Command WorkStation.lnk - C:\Archivos de programa\Fiery\CStation\cstation.exe [2008-01-21 12:40:08 2252848]
Microsoft Office.lnk - C:\Archivos de programa\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04 83360]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Archivos de programa\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Archivos de programa\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Archivos de programa\\Bonjour\\mDNSResponder.exe"=
"C:\\Archivos de programa\\LimeWire\\LimeWire.exe"=
"C:\\Archivos de programa\\DNA\\btdna.exe"=
"C:\\Archivos de programa\\BitTorrent\\bittorrent.exe"=

R2 PSI_SVC_2;Protexis Licensing V2;"c:\Archivos de programa\Archivos comunes\Protexis\License Service\PsiService_2.exe" [2007-07-24 12:15]
S3 MBAMCatchMe;MBAMCatchMe;C:\Archivos de programa\Malwarebytes' Anti-Malware\catchme.sys [2008-04-07 20:17]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\C]
\Shell\Auto\Command - C:\debian.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL debian.exe
\Shell\CMD\Command - C:\debian.exe
\Shell\Explore\Command - C:\debian.exe
\Shell\find\command - C:\debian.exe
\Shell\Open\command - C:\debian.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{07d117a0-ea02-11dc-aa64-0030f12d2b3b}]
\Shell\Auto\Command - E:\debian.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL debian.exe
\Shell\CMD\Command - E:\debian.exe
\Shell\Explore\Command - E:\debian.exe
\Shell\find\command - E:\debian.exe
\Shell\Open\command - E:\debian.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{0a5627d5-070a-11dd-aaa7-0030f12d2b3b}]
\Shell\AutoRun\command - E:\fppg1.exe
\Shell\explore\Command - E:\fppg1.exe
\Shell\open\Command - E:\fppg1.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{0a5627dc-070a-11dd-aaa7-0030f12d2b3b}]
\Shell\Auto\Command - E:\debian.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL debian.exe
\Shell\CMD\Command - E:\debian.exe
\Shell\Explore\Command - E:\debian.exe
\Shell\find\command - E:\debian.exe
\Shell\Open\command - E:\debian.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{13b18dd1-d5cd-11dc-aa38-0030f12d2b3b}]
\Shell\AutoRun\command - E:\3wcxx91.cmd
\Shell\explore\Command - E:\3wcxx91.cmd
\Shell\open\Command - E:\3wcxx91.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{15b8a4d2-f2a6-11dc-aa76-0030f12d2b3b}]
\Shell\AutoRun\command - E:\xp19.com
\Shell\explore\Command - E:\xp19.com
\Shell\open\Command - E:\xp19.com

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{185a914c-0260-11dd-aa97-0030f12d2b3b}]
\Shell\Auto\Command - E:\debian.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL debian.exe
\Shell\CMD\Command - E:\debian.exe
\Shell\Explore\Command - E:\debian.exe
\Shell\find\command - E:\debian.exe
\Shell\Open\command - E:\debian.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{1af4d18c-072e-11dd-aaa9-0030f12d2b3b}]
\Shell\Auto\Command - L:\debian.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL debian.exe
\Shell\CMD\Command - L:\debian.exe
\Shell\Explore\Command - L:\debian.exe
\Shell\find\command - L:\debian.exe
\Shell\Open\command - L:\debian.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{1af4d193-072e-11dd-aaa9-0030f12d2b3b}]
\Shell\AutoRun\command - L:\2.bat
\Shell\explore\Command - L:\2.bat
\Shell\open\Command - L:\2.bat

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{2293e9b9-eac8-11dc-aa65-0030f12d2b3b}]
\Shell\Auto\command - E:\MSOCache\doWTP_RESTORE_0.exe -autorun
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MSOCache\doWTP_RESTORE_0.exe -autorun

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{280aea13-c6c2-11dc-aa0e-0030f12d2b3b}]
\Shell\Auto\Command - L:\debian.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL debian.exe
\Shell\CMD\Command - L:\debian.exe
\Shell\Explore\Command - L:\debian.exe
\Shell\find\command - L:\debian.exe
\Shell\Open\command - L:\debian.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{2b346119-c9d4-11dc-aa1f-0030f12d2b3b}]
\Shell\AutoRun\command - E:\m1t8ta.com
\Shell\explore\Command - E:\m1t8ta.com
\Shell\open\Command - E:\m1t8ta.com

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{3d0b6b57-c689-11dc-ac57-806d6172696f}]
\Shell\Auto\Command - C:\debian.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL debian.exe
\Shell\CMD\Command - C:\debian.exe
\Shell\Explore\Command - C:\debian.exe
\Shell\find\command - C:\debian.exe
\Shell\Open\command - C:\debian.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{45ae08d7-f439-11dc-aa77-0030f12d2b3b}]
\Shell\AutoRun\command - E:\ntde1ect.com
\Shell\explore\Command - E:\ntde1ect.com
\Shell\open\Command - E:\ntde1ect.com

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{476df1e2-de3d-11dc-aa48-0030f12d2b3b}]
\Shell\Auto\Command - E:\debian.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL debian.exe
\Shell\CMD\Command - E:\debian.exe
\Shell\Explore\Command - E:\debian.exe
\Shell\find\command - E:\debian.exe
\Shell\Open\command - E:\debian.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{52d6f3c6-f5d0-11dc-aa7a-0030f12d2b3b}]
\Shell\AutoRun\command - 22wcb21o.exe
\Shell\explore\Command - 22wcb21o.exe
\Shell\open\Command - 22wcb21o.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{614d3ad0-026d-11dd-aa9b-0030f12d2b3b}]
\Shell\auto\command - E:\Clean.exe open
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Clean.exe open
\Shell\explore\command - E:\Clean.exe open
\Shell\find\command - E:\Clean.exe open
\Shell\install\command - E:\Clean.exe open

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{6d0f1516-d0e7-11dc-aa2e-0030f12d2b3b}]
\Shell\Auto\command - E:\MSOCache\doWTP_RESTORE.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MSOCache\doWTP_RESTORE.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{754b74a7-fcdc-11dc-aa88-0030f12d2b3b}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Setup.pif

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{85c8cf9a-04d2-11dd-aa9f-0030f12d2b3b}]
\Shell\Auto\Command - E:\debian.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL debian.exe
\Shell\CMD\Command - E:\debian.exe
\Shell\Explore\Command - E:\debian.exe
\Shell\find\command - E:\debian.exe
\Shell\Open\command - E:\debian.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{85c8cf9d-04d2-11dd-aa9f-0030f12d2b3b}]
\Shell\Auto\Command - L:\debian.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL debian.exe
\Shell\CMD\Command - L:\debian.exe
\Shell\Explore\Command - L:\debian.exe
\Shell\find\command - L:\debian.exe
\Shell\Open\command - L:\debian.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{85c8cfa7-04d2-11dd-aa9f-0030f12d2b3b}]
\Shell\Auto\Command - E:\debian.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL debian.exe
\Shell\CMD\Command - E:\debian.exe
\Shell\Explore\Command - E:\debian.exe
\Shell\find\command - E:\debian.exe
\Shell\Open\command - E:\debian.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{8d42b247-01c6-11dd-aa95-0030f12d2b3b}]
\Shell\Auto\command - E:\MSOCache\doWTP_RESTORE.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MSOCache\doWTP_RESTORE.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{8dfe005e-05b4-11dd-aaa1-0030f12d2b3b}]
\Shell\Auto\command - E:\MSOCache\doWTP_RESTORE.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MSOCache\doWTP_RESTORE.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{8dfe0062-05b4-11dd-aaa1-0030f12d2b3b}]
\Shell\Auto\Command - L:\debian.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL debian.exe
\Shell\CMD\Command - L:\debian.exe
\Shell\Explore\Command - L:\debian.exe
\Shell\find\command - L:\debian.exe
\Shell\Open\command - L:\debian.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{97206b7e-f9b3-11dc-aa7c-0030f12d2b3b}]
\Shell\Auto\Command - E:\debian.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL debian.exe
\Shell\CMD\Command - E:\debian.exe
\Shell\Explore\Command - E:\debian.exe
\Shell\find\command - E:\debian.exe
\Shell\Open\command - E:\debian.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{9919e30b-e7a7-11dc-aa60-0030f12d2b3b}]
\Shell\Auto\Command - E:\debian.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL debian.exe
\Shell\CMD\Command - E:\debian.exe
\Shell\Explore\Command - E:\debian.exe
\Shell\find\command - E:\debian.exe
\Shell\Open\command - E:\debian.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{abc6b830-fc51-11dc-aa87-0030f12d2b3b}]
\Shell\AutoRun\command - E:\tknn6.bat
\Shell\explore\Command - E:\tknn6.bat
\Shell\open\Command - E:\tknn6.bat

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{b60076f6-0660-11dd-aaa5-0030f12d2b3b}]
\Shell\Auto\Command - E:\debian.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL debian.exe
\Shell\CMD\Command - E:\debian.exe
\Shell\Explore\Command - E:\debian.exe
\Shell\find\command - E:\debian.exe
\Shell\Open\command - E:\debian.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{b6007701-0660-11dd-aaa5-0030f12d2b3b}]
\Shell\Auto\command - E:\MSOCache\doWTP_RESTORE.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MSOCache\doWTP_RESTORE.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{b6007702-0660-11dd-aaa5-0030f12d2b3b}]
\Shell\Auto\Command - L:\debian.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL debian.exe
\Shell\CMD\Command - L:\debian.exe
\Shell\Explore\Command - L:\debian.exe
\Shell\find\command - L:\debian.exe
\Shell\Open\command - L:\debian.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{ba6a1da1-0198-11dd-aa94-0030f12d2b3b}]
\Shell\Auto\Command - E:\debian.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL debian.exe
\Shell\CMD\Command - E:\debian.exe
\Shell\Explore\Command - E:\debian.exe
\Shell\find\command - E:\debian.exe
\Shell\Open\command - E:\debian.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{bb243db8-e3b7-11dc-aa53-0030f12d2b3b}]
\Shell\AutoRun\command - F:\semo2x.exe
\Shell\explore\Command - F:\semo2x.exe
\Shell\open\Command - F:\semo2x.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{bd9ae693-cdb4-11dc-aa26-0030f12d2b3b}]
\Shell\Auto\Command - E:\debian.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL debian.exe
\Shell\CMD\Command - E:\debian.exe
\Shell\Explore\Command - E:\debian.exe
\Shell\find\command - E:\debian.exe
\Shell\Open\command - E:\debian.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{bfae1ad4-dca6-11dc-aa47-0030f12d2b3b}]
\Shell\AutoRun\command - EXPLORER.EXE
\Shell\explore\Command - EXPLORER.EXE
\Shell\open\Command - EXPLORER.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{c3a9ff57-0011-11dd-aa8f-0030f12d2b3b}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL debian.exe
\Shell\Explore\Command - E:\debian.exe
\Shell\find\command - E:\debian.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{cc3a0588-eb95-11dc-aa68-0030f12d2b3b}]
\Shell\AutoRun\command - F:\ekugb3.bat
\Shell\explore\Command - F:\ekugb3.bat
\Shell\open\Command - F:\ekugb3.bat

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{d19d1e33-ff3e-11dc-aa8d-0030f12d2b3b}]
\Shell\AutoRun\command - E:\3o.exe
\Shell\explore\Command - E:\3o.exe
\Shell\open\Command - E:\3o.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{dd9c00a7-c6c0-11dc-aa0d-0030f12d2b3b}]
\Shell\AutoRun\command - xo8wr9.exe
\Shell\explore\Command - xo8wr9.exe
\Shell\open\Command - xo8wr9.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{ecadca1e-ca8f-11dc-aa20-0030f12d2b3b}]
\Shell\AutoRun\command - E:\awda2.exe
\Shell\explore\Command - E:\awda2.exe
\Shell\open\Command - E:\awda2.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{ecadcaa5-ca8f-11dc-aa20-0030f12d2b3b}]
\Shell\AutoRun\command - 80avp08.com
\Shell\explore\Command - 80avp08.com
\Shell\open\Command - 80avp08.com

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{eee04b38-cc20-11dc-aa25-0030f12d2b3b}]
\Shell\AutoRun\command - E:\xo8wr9.exe
\Shell\explore\Command - E:\xo8wr9.exe
\Shell\open\Command - E:\xo8wr9.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{eff1f162-d748-11dc-aa3e-0030f12d2b3b}]
\Shell\AutoRun\command - L:\ylr.exe
\Shell\explore\Command - L:\ylr.exe
\Shell\open\Command - L:\ylr.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{f3715503-d1a3-11dc-aa30-0030f12d2b3b}]
\Shell\AutoRun\command - xn1i9x.com
\Shell\explore\Command - xn1i9x.com
\Shell\open\Command - xn1i9x.com

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{f938824a-00fe-11dd-aa91-0030f12d2b3b}]
\Shell\AutoRun\command - E:\2.bat
\Shell\explore\Command - E:\2.bat
\Shell\open\Command - E:\2.bat

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{f938824e-00fe-11dd-aa91-0030f12d2b3b}]
\Shell\Auto\Command - E:\debian.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL debian.exe
\Shell\CMD\Command - E:\debian.exe
\Shell\Explore\Command - E:\debian.exe
\Shell\find\command - E:\debian.exe
\Shell\Open\command - E:\debian.exe

*Newly Created Service* - CATCHME
.
************************************************** ************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-11 18:15:25
Windows 5.1.2600 Service Pack 2 NTFS

escaneando procesos ocultos ...

escaneando entradas ocultas de autostart ...

escaneando archivos ocultos ...

el escaneo se completo con exito
archivos ocultos: 0

************************************************** ************************
.
Tiempo completado: 2008-04-11 18:15:43
ComboFix-quarantined-files.txt 2008-04-11 23:15:39
7 dirs 32,504,184,832 bytes libres
9 dirs 32,490,065,920 bytes libres
.
2008-04-09 15:19:42 --- E O F ---