| Re: Ventana emergente con lellenda; warning:your computer is infected...
Pues de antemano gracias por e apoyo, hice lo que me comentaste y al parecer se estabilizo el ordenador, solo me quedo una resaca en una licencia que no encuentra, del bluetooth peripheral device y cuando llego a sacar memorias usb, en ocaciones me manda con un problema con un archivo shell... ,pero todo mejoro, te dejo los reportes de los programas:
Malwarebytes' Anti-Malware 1.11
Versión de la Base de Datos: 611
Tipo de examen : Examen Rápido
Objetos examinados: 28042
Tiempo transcurrido: 3 minute(s), 7 second(s)
Procesos en Memoria Infectados: 0
Módulos en Memoria Infectados: 0
Claves del Registro Infectadas: 3
Valores del Registro Infectados: 0
Elementos de Datos del Registro Infectados: 0
Carpetas Infectadas: 3
Ficheros Infectados: 7
Procesos en Memoria Infectados:
(No se han detectado elementos maliciosos)
Módulos en Memoria Infectados:
(No se han detectado elementos maliciosos)
Claves del Registro Infectadas:
HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemO bjects\shellex\ContextMenuHandlers\SCSDelete (Rogue.SysCleaner) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{645FF04 0-5081-101B-9F08-00AA002F954E}\shellex\ContextMenuHandlers\SCSDelet e (Rogue.SysCleaner) -> Quarantined and deleted successfully.
Valores del Registro Infectados:
(No se han detectado elementos maliciosos)
Elementos de Datos del Registro Infectados:
(No se han detectado elementos maliciosos)
Carpetas Infectadas:
C:\Users\James\AppData\Local\Temp\NI.UGA6PY_0001_N 122M1902 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Users\James\AppData\Roaming\SysCleaner (Rogue.SysCleaner) -> Quarantined and deleted successfully.
C:\Users\James\AppData\Roaming\SysCleaner\logs (Rogue.SysCleaner) -> Quarantined and deleted successfully.
Ficheros Infectados:
C:\Users\James\AppData\Local\Temp\NI.UGA6PY_0001_N 122M1902\settings.ini (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Users\James\AppData\Local\Temp\NI.UGA6PY_0001_N 122M1902\setup.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Users\James\AppData\Local\Temp\NI.UGA6PY_0001_N 122M1902\setup.len (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Users\James\AppData\Roaming\SysCleaner\settings .dat (Rogue.SysCleaner) -> Quarantined and deleted successfully.
C:\Windows\zysalwhkkw.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\zysapghucv.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Windows\zysaxyczld.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
------------------------------------------------------------------------------------------------------------------------------------------------
ComboFix 08-04-10.7 - James 2008-04-11 3:15:52.1 - NTFSx86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.3082.18.1365 [GMT -5:00]
Se ejecuta desde: C:\Users\James\Desktop\ComboFix.exe.
(((((((((((((((((((((((((((((((((((( Otras eliminaciones )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Users\James\AppData\Roaming\.#
C:\Windows\system32\x64
D:\Autorun.inf
.
(((((((((((((((((( Archivos creados desde 2008-03-11 - 2008-04-11 )))))))))))))))))))))))))))))))))
.
Ning£n archivo ha sido creado durante este intervalo de tiempo
.
(((((((((((((((((((((((((((((((((((((( Reporte Find3M )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
2008-04-11 06:08 --------- d-----w C:\Users\James\AppData\Roaming\Malwarebytes
2008-04-11 06:08 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-04-11 06:08 --------- d-----w C:\PROGRA~2\Malwarebytes
2008-04-11 05:49 --------- d-----w C:\Program Files\McAfee
2008-04-10 00:00 --------- d-----w C:\Users\James\AppData\Roaming\SiteAdvisor
2008-04-09 23:53 --------- d-----w C:\Program Files\Windows Mail
2008-04-08 03:15 --------- d-----w C:\Program Files\Microsoft.NET
2008-04-08 02:55 --------- d-----w C:\PROGRA~2\Microsoft Help
2008-04-08 02:54 --------- d-----w C:\Program Files\Microsoft Works
2008-04-08 02:50 --------- d-----w C:\Program Files\RegistryFix
2008-04-07 03:40 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2008-04-07 03:40 --------- d-----w C:\Program Files\AutoCAD 2008
2008-04-07 03:35 --------- d-----w C:\PROGRA~2\Autodesk
2008-04-05 19:28 --------- d-----w C:\Users\James\AppData\Roaming\LimeWire
2008-04-05 18:09 --------- d-----w C:\Program Files\Common Files\McAfee
2008-04-02 06:31 --------- d-----w C:\Users\James\AppData\Roaming\SUPERAntiSpyware.co m
2008-04-02 06:31 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-04-02 05:33 --------- d-----w C:\PROGRA~2\SUPERAntiSpyware.com
2008-04-02 05:03 --------- d-----w C:\Program Files\Trend Micro
2008-04-01 23:27 --------- d---a-w C:\PROGRA~2\TEMP
2008-04-01 20:06 482 ----a-w C:\sccfg.sys
2008-04-01 17:39 --------- d-----w C:\Program Files\Google
2008-04-01 17:11 --------- d-----w C:\PROGRA~2\Lavasoft
2008-03-31 23:04 --------- d-----w C:\Users\James\AppData\Roaming\CeroVirus
2008-03-31 22:59 --------- d-----w C:\Users\James\AppData\Roaming\discoseguro
2008-03-31 22:57 261,400 ----a-w C:\Users\James\AppData\Roaming\setup_es[1].exe
2008-03-26 04:57 --------- d-----w C:\Program Files\MSXML 4.0
2008-03-26 02:53 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-25 00:34 --------- d-----w C:\Users\James\AppData\Roaming\Corel
2008-03-25 00:23 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-25 00:23 --------- d-----w C:\PROGRA~2\InstallShield
2008-03-25 00:20 --------- d-----w C:\Program Files\Corel
2008-03-25 00:20 --------- d-----w C:\Program Files\Common Files\Corel
2008-03-17 15:17 --------- d-----w C:\Program Files\ASPEL
2008-03-11 01:26 --------- d-----w C:\Program Files\Lexmark 640 Series
2008-03-08 07:56 --------- d-----w C:\Program Files\HP
2008-03-08 06:40 --------- d-----w C:\PROGRA~2\WLInstaller
2008-03-08 05:39 --------- d-----w C:\Program Files\Hewlett-Packard
2008-03-08 05:36 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-08 02:14 148,992 ----a-w C:\Windows\system32\drivers\ks.sys
2008-03-05 16:40 --------- d-----w C:\Program Files\@Last Software
2008-03-04 05:58 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-03-04 05:11 --------- d-----w C:\PROGRA~2\CyberLink
2008-02-28 20:03 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard
2008-02-15 20:22 59,392 ----a-w C:\Windows\system32\drivers\RTSTOR.sys
2008-02-14 05:10 --------- d-----w C:\Program Files\Java
2008-02-13 03:05 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-13 03:04 54,784 ----a-w C:\Windows\system32\drivers\i8042prt.sys
2008-02-13 03:04 495,160 ----a-w C:\Windows\system32\drivers\Wdf01000.sys
2008-02-13 03:04 35,384 ----a-w C:\Windows\system32\drivers\WdfLdr.sys
2008-02-13 03:04 35,384 ----a-w C:\Windows\system32\drivers\kbdclass.sys
2008-02-13 03:04 34,360 ----a-w C:\Windows\system32\drivers\mouclass.sys
2008-02-13 03:04 19,968 ----a-w C:\Windows\system32\drivers\sermouse.sys
2008-02-13 03:04 15,872 ----a-w C:\Windows\system32\drivers\mouhid.sys
2008-02-13 03:04 15,872 ----a-w C:\Windows\system32\drivers\kbdhid.sys
2008-02-13 03:02 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-02-13 03:02 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-02-13 03:02 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-02-13 03:02 17,464 ----a-w C:\Windows\system32\drivers\intelide.sys
2008-02-13 03:02 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-02-13 03:02 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-02-13 03:01 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-13 03:01 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-01-29 09:22 174 --sha-w C:\Program Files\desktop.ini
.
((((((((((((((((((((((((((((((((( Cargando Puntos Reg ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* entradas vac¡as & entradas leg¡timas predeterminadas no son mostradas
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\UE AFOverlay]
@={F2F31467-B1AC-4df0-AE79-FD5FA085E22B}
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\UE AFOverlayOpen]
@={A3E208F7-0E3A-4182-A7A6-B169D5D691AA}
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-03-28 19:59 2953216 --a------ C:\Program Files\Protector Suite QL\farchns.dll
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-03-28 19:59 2953216 --a------ C:\Program Files\Protector Suite QL\farchns.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 07:34 2159104 C:\Windows\System32\oobefldr.dll]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 07:35 125440]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"Power2GoExpress"="" []
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 17:30 249856]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 07:36 201728]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 11:12 695808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-28 13:59 1006264]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-17 16:58 815104]
"PSQLLauncher"="C:\Program Files\Protector Suite QL\launcher.exe" [2007-03-28 19:23 49168]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 13:37 174872]
"SigmatelSysTrayApp"="sttray.exe" [2007-07-27 11:48 405504 C:\Windows\sttray.exe]
"Camera Assistant Software"="C:\Program Files\Camera Assistant Software for Gateway\traybar.exe" [2007-06-29 16:12 638976]
"BigFix"="c:\program files\Bigfix\bigfix.exe" [2006-11-16 16:04 2348584]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-03-05 14:10 36904]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 16:27 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 04:22 267048]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-01-02 18:07 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-01-02 18:06 166424]
"Persistence"="C:\Windows\system32\igfxpers.ex e" [2008-01-02 18:07 133656]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 17:30 81920]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 23:33 582992]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce]
"Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]
"GrpConv"="grpconv -o" []
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 18:35 1294336]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
"DelayShred"="c:\program files\mcafee\mshr\ShrCL.exe" [2007-07-25 16:10 111904]
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Sta rtup\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-03-29 13:11:50 719664]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2002-12-02 21:56:10 40960]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"DisableCAD"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
C:\Windows\system32\psqlpwd.dll 2007-03-28 19:46 90112 C:\Windows\System32\psqlpwd.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntivirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"{BD013F8A-A7B9-4578-8D60-6BC752487153}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{6C8B9982-64B8-4059-90E3-CF45A0288B7C}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{FD2C6902-F357-4C67-9107-78B184B1464B}"= Profile=Private|Profile=Public|C:\Program Files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{75E7391C-FA6A-4EF4-A766-DDF3CA0F761E}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{1EBD8379-5541-42D5-B0AB-8D8B3EF3C7F8}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{384A7A89-3814-4F67-B18C-A0425B5385B8}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{C9B883BE-F1F6-4B0C-A88B-3B1084CC10CB}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{AC83DD3C-48B2-44C0-99E2-0B45167439C5}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{01297233-F07F-4765-B6B7-7A7CDBDCB49B}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{D00BB2FA-282B-403B-B571-C2B602527C11}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|S vc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R3 RTSTOR;USB Mass Storage Device;C:\Windows\system32\drivers\RTSTOR.SYS [2008-02-15 15:22]
S3 btwaudio;Dispositivo de audio Bluetooth;C:\Windows\system32\drivers\btwaudio.sys [2007-03-30 05:46]
S3 btwavdt;Bluetooth AVDT Service;C:\Windows\system32\drivers\btwavdt.sys [2007-02-27 16:20]
S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwr chid.sys [2007-02-27 16:20]
S3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-01-02 17:48]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;C:\Windows\system32\drivers\IntcHdmi.sys [2006-11-17 01:05]
S3 MBAMCatchMe;MBAMCatchMe;C:\Program Files\Malwarebytes' Anti-Malware\catchme.sys [2008-04-07 20:17]
S3 NETw2v32;Controlador de conexión de red Intel(R) PRO/Wireless 2200BG para Windows Vista;C:\Windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 02:30]
S3 TcUsb;TC USB Kernel Driver;C:\Windows\system32\Drivers\tcusb.sys [2007-03-28 19:15]
S3 UVCFTR;UVCFTR;C:\Windows\system32\Drivers\UVCFTR_S .SYS [2007-05-23 17:37]
S3 yukonwlh;Controladora de minipuerto NDIS6.0 para controlador Ethernet de Marvell Yukon;C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-02 02:30]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{369457b9-d920-11dc-8d82-001dd9ed49b6}]
\shell\AutoRun\command - H:\nlblkhq.com
\shell\explore\Command - H:\nlblkhq.com
\shell\open\Command - H:\nlblkhq.com
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{4bd78d30-fa24-11dc-993a-001dd9ed49b6}]
\shell\AutoRun\command - F:\a3g3.bat
\shell\explore\Command - F:\a3g3.bat
\shell\open\Command - F:\a3g3.bat
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{50dd5a97-d8af-11dc-bb59-001b77a342f9}]
\shell\AutoRun\command - F:\3wcxx91.cmd
\shell\explore\Command - F:\3wcxx91.cmd
\shell\open\Command - F:\3wcxx91.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{572be997-de23-11dc-b7e1-001b77a342f9}]
\shell\AutoRun\command - F:\i.exe
\shell\explore\Command - F:\i.exe
\shell\open\Command - F:\i.exe
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{572be9c2-de23-11dc-b7e1-001b77a342f9}]
\shell\AutoRun\command - G:\d6fagcs8.cmd
\shell\explore\Command - G:\d6fagcs8.cmd
\shell\open\Command - G:\d6fagcs8.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{61aa95b8-d978-11dc-a3bd-001dd9ed49b6}]
\shell\AutoRun\command - 0hct8ybw.bat
\shell\explore\Command - 0hct8ybw.bat
\shell\open\Command - 0hct8ybw.bat
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{61aa95c3-d978-11dc-a3bd-001dd9ed49b6}]
\shell\Auto\command - G:\auto.exe
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\auto.exe
\shell\explore\Command - G:\0hct8ybw.bat
\shell\open\Command - G:\0hct8ybw.bat
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{6be9b4a6-e6fc-11dc-b69e-001dd9ed49b6}]
\shell\Setup\command - setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{7210cb61-ebf6-11dc-b0eb-001dd9ed49b6}]
\shell\AutoRun\command - E:\i.exe
\shell\explore\Command - E:\i.exe
\shell\open\Command - E:\i.exe
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{c1a50ba5-eac3-11dc-9678-0003254d524b}]
\shell\AutoRun\command - E:\u2.cmd
\shell\explore\Command - E:\u2.cmd
\shell\open\Command - E:\u2.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{e6ee992d-8ef4-11dc-a18b-806e6f6e6963}]
\shell\AutoRun\command - E:\SETUP.EXE /AUTORUN
\shell\configure\command - E:\SETUP.EXE
\shell\install\command - E:\SETUP.EXE
*Newly Created Service* - ECACHE
.
************************************************** ************************
catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-11 03:23:07
Windows 6.0.6000 NTFS
escaneando procesos ocultos ...
escaneando entradas ocultas de autostart ...
escaneando archivos ocultos ...
el escaneo se completo con exito
archivos ocultos: 0
************************************************** ************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Windows\HelpPane.exe
C:\Windows\System32\MDM.EXE
.
************************************************** ************************
.
Tiempo completado: 2008-04-11 3:26:01 - machine was rebooted [James]
ComboFix-quarantined-files.txt 2008-04-11 08:25:52
El sistema no puede encontrar el texto del mensaje para el mensaje número 0x2379 en el archivo de mensajes para Application.
El sistema no puede encontrar el texto del mensaje para el mensaje n£mero 0x2379 en el archivo de mensajes para Application.
.
2008-04-09 22:32:57 --- E O F ---
------------------------------------------------------------------------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:58:38 p.m., on 12/04/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\sttray.exe
C:\Program Files\Camera Assistant Software for Gateway\traybar.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Camera Assistant Software for Gateway\CEC_MAIN.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\conime.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc= SPN_MX&Sys=PTB&M=M-6804m
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Barra Yahoo! con bloqueador de ventanas emergentes - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: McAfee Phishing Filter - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: Barra Yahoo! con bloqueador de ventanas emergentes - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Gateway\traybar.exe"
O4 - HKLM\..\Run: [BigFix] c:\program files\Bigfix\bigfix.exe /atstartup
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Servicio de red')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [DelayShred] "c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\Users\James\AppData\Local\Temp\Low\HSPERF~1.SH! C:\Users\James\AppData\Local\Temp\HSPERF~1.SH! (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [DelayShred] "c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\Users\James\AppData\Local\Temp\Low\HSPERF~1.SH! C:\Users\James\AppData\Local\Temp\HSPERF~1.SH! (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Enviar imagen al dispositivo &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Enviar página al dispositivo &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {DA141806-BBCA-4B58-86EF-4FA8093B941D} (JpgViewLe Control) - http://192.168.1.65/jpgviewle.cab
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Servicio Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Servicio SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV.exe
--
End of file - 9918 bytes  |