Foro de Spyware - Ver Mensaje Individual - MSServer y cambios de registro en al categoría Browser Helper Object (Solucionado)

Tema: MSServer y cambios de registro en al categoría Browser Helper Object (Solucionado)

Ver Mensaje Individual

post #5 (permalink)

15/04/08, 19:04:07

Desatonao

Usuario

Registrado: abr 2008

Ubicación: España

Mensajes: 9

Re: MSServer y cambios de registro en al categoría Browser Helper Object

Bueno, pues he hecho todo lo indicado, y después de que el ComboFix me reiniciara y dijera que no ejecutara ningún programa hasta que este cerrara, y yo no ejecuté ninguno, pero el autoarranque se puso a ejecutar lo de siempre, y el SpyBot detectó varios cambios de registro que luego yo denegué. No sé que es lo que debería haber hecho y si tengo que volver a correr el programa y como. Luego con el CCleaner pasó lo mismo, pero sólo con dos cambios de registro. Además decir que me va el ordenador bastante más lento de lo normal.

Por otra parte permanece un proceso llamado iexplore.exe que no puedo cerrar, sin estar utilizando Internet Explorer y sin que funcione cuando lo intento utilizar. Iexplore.exe está bajo un svchost.exe común con ehmsas.exe, unsecapp.exe, y dos WmiPrvSE.exe. Además cuando intento instalar el ZoneAlarm, se me impide por estar el GoogleDesktop en ejecución, cosa que no es cierta.

Dejo los reportes de Malwarebytes' Anti-Malware 1.11 y ComboFix::

Malwarebytes' Anti-Malware 1.11
Versión de la Base de Datos: 633

Tipo de examen : Examen Completo (C:\|)
Objetos examinados: 191383
Tiempo transcurrido: 1 hour(s), 22 minute(s), 14 second(s)

Procesos en Memoria Infectados: 0
Módulos en Memoria Infectados: 1
Claves del Registro Infectadas: 49
Valores del Registro Infectados: 3
Elementos de Datos del Registro Infectados: 2
Carpetas Infectadas: 5
Ficheros Infectados: 36

Procesos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Módulos en Memoria Infectados:
C:\Windows\System32\byXnoMGv.dll (Trojan.Vundo) -> No action taken.

Claves del Registro Infectadas:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{4ad69ffc-ed34-437c-9ebc-b81579455b99} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{4ad69ffc-ed34-437c-9ebc-b81579455b99} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{02715e47-5a8e-495b-8f63-0d30470b8e72} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{02715e47-5a8e-495b-8f63-0d30470b8e72} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\Browser Helper Objects\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{0b682cc1-fb40-4006-a5dd-99edd3c9095d} (Fake.Dropped.Malware) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{54645654-2225-4455-44a1-9f4543d34545} (Fake.Dropped.Malware) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{5c7f15e1-f31a-44fd-aa1a-2ec63aaffd3a} (Fake.Dropped.Malware) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\Browser Helper Objects\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\Browser Helper Objects\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c8d9eab9-f6a2-4681-8fc8-1b4e661c97b5} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\Software\Classes\HOL5_VXIEWER.FU LL.1 (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\Software\Classes\applications\ac cessdiver.exe (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\Software\fwbd (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\Software\HolLol (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\Software\Inet Delivery (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Uninstall\Inet Delivery (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Uninstall\mslagent (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\Software\Invictus (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorertoolbar (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\Software\mwc (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\Software\Golden Palace Casino PT (Trojan.DNSChanger) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Uninstall\Golden Palace Casino NEW (Trojan.DNSChanger) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\aldd (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{2ebc25fd-cdc9-4354-b220-2b7bfcbb28d3} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{82b8e0b5-45f5-4779-966a-c474164f8f7f} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{80f418f2-f69d-40aa-b516-80421fe6f9ee} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{6b0febf8-0f52-49b9-a469-27b911727c44} (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\webvideo (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\vnbptxlf.bvot (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\vnbptxlf.toolbar.1 (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\MSVPS.MSVPSApp (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VideoPlugin (Trojan.Fakealert) -> No action taken.

Valores del Registro Infectados:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks\{02715e47-5a8e-495b-8f63-0d30470b8e72} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\SharedTaskScheduler\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\MSServer (Trojan.Agent) -> No action taken.

Elementos de Datos del Registro Infectados:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\byxnomgv -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\byxnomgv -> No action taken.

Carpetas Infectadas:
C:\Windows\mslagent (Adware.EGDAccess) -> No action taken.
C:\Program Files\akl (Fake.Dropped.Malware) -> No action taken.
C:\Windows\system32smp (Fake.Dropped.Malware) -> No action taken.
C:\Program Files\Inet Delivery (Fake.Dropped.Malware) -> No action taken.
C:\Users\Bouzó\Desktopvirii (Fake.Dropped.Malware) -> No action taken.

Ficheros Infectados:
C:\Windows\System32\byXnoMGv.dll (Trojan.Vundo) -> No action taken.
C:\Windows\System32\vGMonXyb.ini (Trojan.Vundo) -> No action taken.
C:\Windows\System32\vGMonXyb.ini2 (Trojan.Vundo) -> No action taken.
C:\Windows\System32\xekgwaau.dll (Trojan.Vundo) -> No action taken.
C:\Windows\System32\uaawgkex.ini (Trojan.Vundo) -> No action taken.
C:\ProgramData\fcfejilq\lovsxcxy.exe (Trojan.FakeAlert) -> No action taken.
C:\Users\Bouzó\AppData\Local\Microsoft\Windows\Tem porary Internet Files\Content.IE5\2295D13S\kriv[1] (Trojan.Vundo) -> No action taken.
C:\Users\Bouzó\AppData\Local\Microsoft\Windows\Tem porary Internet Files\Content.IE5\35UKYEQB\zrt20080408[1] (Trojan.AVKiller) -> No action taken.
C:\Users\Bouzó\AppData\Local\Microsoft\Windows\Tem porary Internet Files\Content.IE5\OZVWUXCB\css4[1] (Trojan.Vundo) -> No action taken.
C:\Windows\System32\fgtsbgvy.exe (Trojan.FakeAlert) -> No action taken.
C:\Windows\System32\qjtqgnvj.dll (Trojan.AVKiller) -> No action taken.
C:\Windows\Web\def.htm (Trojan.FakeAlert) -> No action taken.
C:\Windows\mslagent\2_mslagent.dll (Adware.EGDAccess) -> No action taken.
C:\Windows\mslagent\mslagent.exe (Adware.EGDAccess) -> No action taken.
C:\Windows\mslagent\uninstall.exe (Adware.EGDAccess) -> No action taken.
C:\Program Files\akl\akl.dll (Fake.Dropped.Malware) -> No action taken.
C:\Program Files\akl\akl.exe (Fake.Dropped.Malware) -> No action taken.
C:\Program Files\akl\uninstall.exe (Fake.Dropped.Malware) -> No action taken.
C:\Program Files\akl\unsetup.exe (Fake.Dropped.Malware) -> No action taken.
C:\Windows\system32smp\msrc.exe (Fake.Dropped.Malware) -> No action taken.
C:\Program Files\Inet Delivery\inetdl.exe (Fake.Dropped.Malware) -> No action taken.
C:\Program Files\Inet Delivery\intdel.exe (Fake.Dropped.Malware) -> No action taken.
C:\Users\Bouzó\Desktopvirii\Trojan-Downloader.Win32.Agent.bl.exe (Fake.Dropped.Malware) -> No action taken.
C:\Users\Bouzó\Desktopvirii\Trojan-Downloader.Win32.Agent.p.exe (Fake.Dropped.Malware) -> No action taken.
C:\Users\Bouzó\Desktopvirii\Trojan-Downloader.Win32.Agent.r.exe (Fake.Dropped.Malware) -> No action taken.
C:\Users\Bouzó\Desktopvirii\Trojan-Downloader.Win32.Agent.t.exe (Fake.Dropped.Malware) -> No action taken.
C:\Users\Bouzó\Desktopvirii\Trojan-Downloader.Win32.Agent.v.exe (Fake.Dropped.Malware) -> No action taken.
C:\Windows\bdn.com (Trojan.Agent) -> No action taken.
C:\Windows\iTunesMusic.exe (Trojan.Agent) -> No action taken.
C:\Windows\mssecu.exe (Trojan.Agent) -> No action taken.
rundll32.exe (Trojan.Agent) -> No action taken.
C:\Windows\vnbptxlf.dll (Trojan.FakeAlert) -> No action taken.
C:\Windows\temlxopqgdk.dll (Trojan.FakeAlert) -> No action taken.
C:\Windows\mgsvflkw.dll (Trojan.FakeAlert) -> No action taken.
C:\Windows\qdnkewfa.dll (Trojan.FakeAlert) -> No action taken.
C:\Windows\apoxqwfv.exe (Trojan.FakeAlert) -> No action taken.

__________________________________________________ ___

ComboFix 08-04-14.2 - Bouzó 2008-04-15 23:15:09.1 - NTFSx86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.3082.18.1237 [GMT 2:00]
Se ejecuta desde: C:\Daniel\Recortes\Me\Filosofía\Libros\ComboFix.ex e
.

(((((((((((((((((((((((((((((((((((( Otras eliminaciones )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
C:\Users\Bouzó\Desktopblackbird.jpg
C:\Users\Bouzó\DesktopEditorFKWP1.5.exe
C:\Users\Bouzó\DesktopEditorFKWP2.0.exe
C:\Users\Bouzó\Desktopfilemanagerclient.exe
C:\Users\Bouzó\Desktopfkwp1.5.exe
C:\Users\Bouzó\Desktopfkwp2.0.exe
C:\Users\Bouzó\Desktopfwebd.exe
C:\Users\Bouzó\DesktopFWebdEditor.exe
C:\Users\Bouzó\DesktopTrojan.Win32.BlackBird.exe
C:\Windows\a.bat
C:\Windows\base64.tmp
C:\Windows\FVProtect.exe
C:\Windows\SW_Win2000X32.DLL
C:\Windows\system32\ACER.exe
C:\Windows\system32\byXnoMGv.dll
C:\Windows\system32\drivers\npf.sys
C:\Windows\system32\Packet.dll
C:\Windows\system32\WanPacket.dll
C:\Windows\system32\wpcap.dll
C:\Windows\system32akttzn.exe
C:\Windows\system32anticipator.dll
C:\Windows\system32awtoolb.dll
C:\Windows\system32bdn.com
C:\Windows\system32bsva-egihsg52.exe
C:\Windows\system32dpcproxy.exe
C:\Windows\system32emesx.dll
C:\Windows\system32h@tkeysh@@k.dll
C:\Windows\system32hoproxy.dll
C:\Windows\system32hxiwlgpm.dat
C:\Windows\system32hxiwlgpm.exe
C:\Windows\system32medup012.dll
C:\Windows\system32medup020.dll
C:\Windows\system32msgp.exe
C:\Windows\system32msnbho.dll
C:\Windows\system32mssecu.exe
C:\Windows\system32msvchost.exe
C:\Windows\system32mtr2.exe
C:\Windows\system32mwin32.exe
C:\Windows\system32netode.exe
C:\Windows\system32newsd32.exe
C:\Windows\system32ps1.exe
C:\Windows\system32psof1.exe
C:\Windows\system32psoft1.exe
C:\Windows\system32regc64.dll
C:\Windows\system32regm64.dll
C:\Windows\system32Rundl1.exe
C:\Windows\system32sncntr.exe
C:\Windows\system32ssurf022.dll
C:\Windows\system32ssvchost.com
C:\Windows\system32ssvchost.exe
C:\Windows\system32sysreq.exe
C:\Windows\system32taack.dat
C:\Windows\system32taack.exe
C:\Windows\system32temp#01.exe
C:\Windows\system32thun.dll
C:\Windows\system32thun32.dll
C:\Windows\system32VBIEWER.OCX
C:\Windows\system32vbsys2.dll
C:\Windows\system32vcatchpi.dll
C:\Windows\system32winlogonpc.exe
C:\Windows\system32winsystem.exe
C:\Windows\system32WINWGPX.EXE
C:\Windows\userconfig9x.dll
C:\Windows\winsystem.exe
C:\Windows\zip1.tmp
C:\Windows\zip2.tmp
C:\Windows\zip3.tmp
C:\Windows\zipped.tmp
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_npf

(((((((((((((((((( Archivos creados desde 2008-03-15 - 2008-04-15 )))))))))))))))))))))))))))))))))
.

2008-04-15 21:24 . 2008-04-15 21:24 <DIR> d-------- C:\Program Files\CCleaner
2008-04-15 21:21 . 2008-04-15 21:21 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-04-15 21:21 . 2008-04-15 21:21 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-04-15 21:21 . 2008-04-15 21:26 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-12 02:20 . 2008-04-12 02:20 <DIR> d-------- C:\Program Files\Zone Labs
2008-04-12 02:18 . 2008-04-12 02:18 <DIR> d-------- C:\Users\All Users\CheckPoint
2008-04-12 02:18 . 2008-04-12 02:18 <DIR> d-------- C:\ProgramData\CheckPoint
2008-04-12 02:18 . 2008-03-03 15:06 279,440 --a------ C:\Windows\System32\drivers\vsdatant.sys
2008-04-12 02:16 . 2008-04-12 02:16 <DIR> d-------- C:\Windows\System32\ZoneLabs
2008-04-12 02:16 . 2008-04-12 02:18 352,339 --ah----- C:\Windows\System32\drivers\vsconfig.xml
2008-04-12 02:15 . 2008-04-12 02:18 <DIR> d-------- C:\Windows\Internet Logs
2008-04-12 01:14 . 2008-04-12 01:22 <DIR> d-a------ C:\Users\All Users\TEMP
2008-04-12 01:14 . 2008-04-12 01:22 <DIR> d-a------ C:\ProgramData\TEMP
2008-04-12 01:13 . 2008-04-12 01:21 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-04-12 01:13 . 2005-08-25 18:19 115,920 --a------ C:\Windows\System32\MSINET.OCX
2008-04-12 00:59 . 2008-04-12 00:59 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-11 23:24 . 2008-04-15 23:09 <DIR> d-------- C:\Users\All Users\fcfejilq
2008-04-11 23:24 . 2008-04-15 23:09 <DIR> d-------- C:\ProgramData\fcfejilq
2008-04-11 23:23 . 2008-04-11 23:23 <DIR> d-------- C:\Program Files\Jocsoft
2008-04-11 23:17 . 2008-04-11 23:26 128 --a------ C:\001.part.met.bak
2008-04-11 23:17 . 2008-04-11 23:26 128 --a------ C:\001.part.met
2008-04-11 23:17 . 2008-04-11 23:17 0 --a------ C:\001.part
2008-04-11 23:13 . 2008-04-11 23:13 <DIR> d-------- C:\Program Files\Url Extractor
2008-04-11 22:41 . 2008-04-11 22:57 <DIR> d-------- C:\Program Files\Visual Web Spider
2008-04-06 15:47 . 2008-04-06 15:47 54,156 --ah----- C:\Windows\QTFont.qfn
2008-04-06 15:47 . 2008-04-06 15:47 1,409 --a------ C:\Windows\QTFont.for
2008-04-05 16:11 . 2008-04-11 07:32 75,654,413 --a------ C:\008.part
2008-04-05 16:11 . 2008-04-11 23:26 385 --a------ C:\008.part.met.bak
2008-04-05 16:11 . 2008-04-11 23:26 385 --a------ C:\008.part.met
2008-03-31 01:29 . 2008-03-31 01:29 22,177 --ah----- C:\Windows\System32\ConvertDoc.GID
2008-03-16 06:51 . 2008-03-16 06:51 2,560 --a------ C:\Windows\_MSRSTRT.EXE
2008-03-15 19:51 . 2008-03-15 19:51 <DIR> d-------- C:\Program Files\Common Files\SWF Studio
2008-03-15 19:50 . 2008-03-15 19:50 <DIR> d-------- C:\Program Files\LizardTech
2008-03-15 07:06 . 2008-03-15 07:06 2,923,520 --a------ C:\Windows\explorer.exe
2008-03-15 07:04 . 2008-03-15 07:04 194,560 --a------ C:\Windows\System32\WebClnt.dll
2008-03-15 07:04 . 2008-03-15 07:04 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys
2008-03-15 07:00 . 2008-03-15 07:00 8,147,968 --a------ C:\Windows\System32\wmploc.DLL
2008-03-15 07:00 . 2008-03-15 07:00 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
2008-03-15 07:00 . 2008-03-15 07:00 41,984 --a------ C:\Windows\System32\drivers\monitor.sys
2008-03-15 06:58 . 2008-03-15 06:58 806,400 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-03-15 06:57 . 2008-03-15 06:57 1,327,104 --a------ C:\Windows\System32\quartz.dll
2008-03-15 06:57 . 2008-03-15 06:57 223,232 --a------ C:\Windows\System32\WMASF.DLL
2008-03-15 06:57 . 2008-03-15 06:57 9,728 --a------ C:\Windows\System32\LAPRXY.DLL
2008-03-15 06:57 . 2008-03-15 06:57 2,048 --a------ C:\Windows\System32\asferror.dll
2008-03-15 06:54 . 2008-03-15 06:54 737,792 --a------ C:\Windows\System32\inetcomm.dll
2008-03-15 06:54 . 2008-03-15 06:54 84,480 --a------ C:\Windows\System32\INETRES.dll
2008-03-15 06:54 . 2008-03-15 06:54 11,776 --a------ C:\Windows\System32\sbunattend.exe
2008-03-15 06:50 . 2008-03-15 06:50 788,992 --a------ C:\Windows\System32\rpcrt4.dll
2008-03-15 06:50 . 2008-03-15 06:50 130,048 --a------ C:\Windows\System32\drivers\srv2.sys
2008-03-15 06:50 . 2008-03-15 06:50 101,888 --a------ C:\Windows\System32\drivers\mrxsmb.sys
2008-03-15 06:50 . 2008-03-15 06:50 84,992 --a------ C:\Windows\System32\drivers\srvnet.sys
2008-03-15 06:50 . 2008-03-15 06:50 58,368 --a------ C:\Windows\System32\drivers\mrxsmb20.sys
2008-03-15 06:49 . 2008-03-15 06:49 2,048 --a------ C:\Windows\System32\tzres.dll
2008-03-15 06:47 . 2008-03-15 06:47 1,831,424 --a------ C:\Windows\System32\inetcpl.cpl
2008-03-15 06:47 . 2008-03-15 06:47 56,320 --a------ C:\Windows\System32\iesetup.dll
2008-03-15 06:47 . 2008-03-15 06:47 26,624 --a------ C:\Windows\System32\ieUnatt.exe
2008-03-15 06:46 . 2008-03-15 06:46 750,080 --a------ C:\Windows\System32\qmgr.dll

.
(((((((((((((((((((((((((((((((((((((( Reporte Find3M )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
2008-04-14 21:16 319,456 ----a-w C:\Windows\DIFxAPI.dll
2008-04-11 22:45 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-04-08 19:18 --------- d-----w C:\Program Files\Launch Manager
2008-04-03 09:18 --------- d-----w C:\Program Files\Sibylla
2008-03-25 16:58 --------- d-----w C:\Program Files\Guitar Pro 4 Demo
2008-03-16 04:56 --------- d-----w C:\Program Files\ScummVM
2008-03-16 04:51 --------- d-----w C:\Program Files\Finale 2007 Demo
2008-03-15 17:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-15 05:22 174 --sha-w C:\Program Files\desktop.ini
2008-03-15 05:17 --------- d-----w C:\Program Files\Windows Sidebar
2008-03-15 05:17 --------- d-----w C:\Program Files\Windows Calendar
2008-03-15 05:07 70,144 ----a-w C:\Windows\system32\drivers\pacer.sys
2008-03-15 05:07 619,008 ----a-w C:\Windows\system32\drivers\dxgkrnl.sys
2008-03-15 05:07 61,952 ----a-w C:\Windows\system32\drivers\wanarp.sys
2008-03-15 05:07 48,640 ----a-w C:\Windows\system32\drivers\ndproxy.sys
2008-03-15 05:07 20,480 ----a-w C:\Windows\system32\drivers\ndistapi.sys
2008-03-15 05:06 28,344 ----a-w C:\Windows\system32\drivers\battc.sys
2008-03-15 05:06 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2008-03-15 05:06 20,920 ----a-w C:\Windows\system32\drivers\compbatt.sys
2008-03-15 05:06 14,208 ----a-w C:\Windows\system32\drivers\CmBatt.sys
2008-03-15 05:06 11,264 ----a-w C:\Windows\system32\drivers\wmiacpi.sys
2008-03-15 05:02 54,784 ----a-w C:\Windows\system32\drivers\i8042prt.sys
2008-03-15 05:02 495,160 ----a-w C:\Windows\system32\drivers\Wdf01000.sys
2008-03-15 05:02 35,384 ----a-w C:\Windows\system32\drivers\WdfLdr.sys
2008-03-15 05:02 35,384 ----a-w C:\Windows\system32\drivers\kbdclass.sys
2008-03-15 05:02 34,360 ----a-w C:\Windows\system32\drivers\mouclass.sys
2008-03-15 05:02 19,968 ----a-w C:\Windows\system32\drivers\sermouse.sys
2008-03-15 05:02 15,872 ----a-w C:\Windows\system32\drivers\mouhid.sys
2008-03-15 04:59 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-03-15 04:59 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-03-15 04:59 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-03-15 04:59 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-03-15 04:59 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
2008-03-15 04:59 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-03-15 04:58 73,216 ----a-w C:\Windows\system32\drivers\usbccgp.sys
2008-03-15 04:58 5,888 ----a-w C:\Windows\system32\drivers\usbd.sys
2008-03-15 04:58 38,400 ----a-w C:\Windows\system32\drivers\usbehci.sys
2008-03-15 04:58 224,768 ----a-w C:\Windows\system32\drivers\usbport.sys
2008-03-15 04:58 217,144 ----a-w C:\Windows\system32\drivers\netio.sys
2008-03-15 04:58 193,536 ----a-w C:\Windows\system32\drivers\usbhub.sys
2008-03-15 04:58 19,456 ----a-w C:\Windows\system32\drivers\usbohci.sys
2008-03-15 04:55 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-03-15 04:55 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-03-15 04:55 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-03-15 04:55 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-03-15 04:55 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-03-15 04:48 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-03-02 15:18 296,960 ----a-w C:\Windows\winhlp32.exe
2008-02-26 21:04 --------- d-----w C:\Program Files\Windows Live
2008-02-26 21:03 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-02-26 20:49 --------- d-----w C:\ProgramData\WLInstaller
2008-02-22 14:55 --------- d--h--w C:\Program Files\FX Uninstall Information
2008-02-16 13:13 --------- d-----w C:\Program Files\m&e diccionario de rimas
2007-12-02 17:17 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Lo cal\Microsoft\Windows\History\History.IE5\index.da t
2007-12-02 17:17 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Lo cal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-12-02 17:17 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Ro aming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((((((( Cargando Puntos Reg ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* entradas vac¡as & entradas leg¡timas predeterminadas no son mostradas

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [ ]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-22 14:06 167368]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2007-08-04 01:18 43008]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
"Octoshape Streaming Services"="C:\Program Files\Octoshape Streaming Services\BouzÃ³\OctoshapeClient.exe" [ ]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 17:46 1460560]
"AdVantage"="C:\Program Files\AdVantage\AdVantage.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce]
"SpybotDeletingC4798"="cmd /c del C:\Program Files\AdVantage\TR.dll" [ ]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-05-24 10:08:41 535336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableLUA"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
Authentication Packages REG_SZ msv1_0

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4079904455-629188700-404443216-1003]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"{D22665C1-57CD-4344-A5EE-2D5C9A187CFE}"= C:\Program Files\CyberLink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
"{8A628ECE-86D4-4AA8-A373-42D43E30D3BD}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{2B37C413-3C39-47DE-A576-C145B7CF79DA}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{A7D4DEF0-6338-42C5-8FE0-A088CFF69F1B}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"TCP Query User{9AF57BD9-E49C-4E22-8CD0-5005D07830F7}C:\\program files\\bittorrent\\bittorrent.exe"= UDP:C:\program files\bittorrent\bittorrent.exe:bittorrent
"UDP Query User{96908D0C-0505-4BC7-96FB-D5B9AEA71F72}C:\\program files\\bittorrent\\bittorrent.exe"= TCP:C:\program files\bittorrent\bittorrent.exe:bittorrent
"TCP Query User{A4F07E6C-380B-481D-8CE1-26DB3D1985B8}C:\\program files\\mirc\\mirc.exe"= UDP:C:\program files\mirc\mirc.exe:mIRC
"UDP Query User{6A696EF1-6F12-4A23-A2C6-041EB899D35F}C:\\program files\\mirc\\mirc.exe"= TCP:C:\program files\mirc\mirc.exe:mIRC
"TCP Query User{C4FC548A-3BB8-46E6-B8D5-FBDDE69FCA4C}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{5A8BFBA2-630F-46EB-BCFC-F959AAB4C2CC}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{D673B827-C314-4C4E-8841-47B0E884E573}C:\\x-cript\\mirc32.exe"= UDP:C:\x-cript\mirc32.exe:mIRC
"UDP Query User{69CC6CEB-19C3-43EE-A382-3CC8C69F6440}C:\\x-cript\\mirc32.exe"= TCP:C:\x-cript\mirc32.exe:mIRC
"TCP Query User{2D926FD3-32AF-4F28-8F26-5530B6E0B258}C:\\program files\\octoshape streaming services\\bouzó\\octoshapeclient.exe"= UDP:C:\program files\octoshape streaming services\bouzó\octoshapeclient.exe:OctoshapeClient
"UDP Query User{035458BA-A6C0-4523-BDD5-ECCACC341095}C:\\program files\\octoshape streaming services\\bouzó\\octoshapeclient.exe"= TCP:C:\program files\octoshape streaming services\bouzó\octoshapeclient.exe:OctoshapeClient
"TCP Query User{E0F9DBBF-5173-41C3-8A78-34AE7CEC58CD}C:\\anestesia\\age2_x1\\age2_x1.exe"= UDP:C:\anestesia\age2_x1\age2_x1.exe:Age of Empires II Expansion
"UDP Query User{A1F4FDA2-CDA7-4E33-AD37-CE9E55D16A65}C:\\anestesia\\age2_x1\\age2_x1.exe"= TCP:C:\anestesia\age2_x1\age2_x1.exe:Age of Empires II Expansion
"{1A1D98B6-A214-4D0F-B120-AF6663C65527}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|S vc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorre nt

R0 O2MDRDR;O2MDRDR;C:\Windows\system32\DRIVERS\o2medi a.sys [2007-04-03 19:04]
R0 O2SDRDR;O2SDRDR;C:\Windows\system32\DRIVERS\o2sd.s ys [2007-04-03 01:11]
R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\ps dfilter.sys [2007-04-12 17:43]
R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PS DNServ.sys [2007-04-12 17:43]
R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdv disk.sys [2007-04-12 17:43]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl [2006-11-02 16:51]
R2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-04-12 17:43]
R2 eNet Service;eNet Service;C:\Acer\Empowering Technology\eNet\eNet Service.exe [2007-04-17 19:36]
R2 eSettingsService;eSettings Service;C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-06-28 18:50]
R2 MobilityService;MobilityService;C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 12:57]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2007-08-31 17:46]
R2 WMIService;ePower Service;C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-06-13 11:23]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.s ys [2006-08-05 18:39]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atik mdag.sys [2007-06-27 08:00]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-04-17 20:12]
S3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2006-11-02 09:30]
S3 BCM43XV;Controlador de adaptador de red 802.11 extensible Broadcom;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-12-19 22:18]
S3 GoogleDesktopManager-091907-194040;Google Desktop Manager 5.1.709.19590;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-11-19 06:54]
S3 MBAMCatchMe;MBAMCatchMe;C:\Program Files\Malwarebytes' Anti-Malware\catchme.sys [2008-04-07 20:17]
S3 SQLWriter;Escritor VSS de SQL Server;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2006-04-14 10:04]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{1ea275da-e148-11dc-9e09-0016d3e1377a}]
\shell\AutoRun\command - J:\
\shell\directx\command - J:\DirectX\dxsetup.exe
\shell\dplay\command - J:\DirectX\dplay61a.exe
\shell\dxdiag\command - J:\goodies\ar40esl.exe
\shell\dxinfo\command - J:\goodies\DirectX\dxinfo.exe
\shell\dxtest\command - J:\DirectX\dxdiag.exe
\shell\dxtool\command - J:\goodies\DirectX\dxtool.exe
\shell\log\command - J:\goodies\machine\machine.exe -l
\shell\machine\command - J:\goodies\machine\machine.exe
\shell\setup\command - J:\aoesetup.exe /autorun
\shell\zone\command - J:\goodies\mszone\zonea600.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{80eace2f-556c-11dc-8687-000000000000}]
\shell\AutoRun\command - H:\SPANISH/THEJAZZGUIDE.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{c0e33085-5bc8-11dc-ab7c-000000000000}]
\shell\adobe\command - I:\goodies\ar405esl.exe
\shell\AutoRun\command - I:\aocsetup.exe /autorun
\shell\log\command - I:\goodies\machine\machine.exe -l
\shell\machine\command - I:\goodies\machine\machine.exe
\shell\setup\command - I:\aocsetup.exe /autorun
\shell\zone\command - I:\goodies\mszone\zonea660.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{ee216f6f-548a-11dc-a145-000000000000}]
\shell\AutoRun\command - G:\beatles.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{fdbbb3cf-6867-11dc-9dd6-0016d3e1377a}]
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe

*Newly Created Service* - SASDIFSV
.
************************************************** ************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-15 23:21:08
Windows 6.0.6000 NTFS

escaneando procesos ocultos ...

escaneando entradas ocultas de autostart ...

escaneando archivos ocultos ...

el escaneo se completo con exito
archivos ocultos: 0

************************************************** ************************
.
--------------------- DLLs cargados bajo los procesos en ejecuci¢n ---------------------

PROCESS: C:\Windows\Explorer.exe
-> C:\Program Files\Hardcopy\HcDLL2_19_Win32.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\Ati2evxx.exe
C:\Windows\System32\audiodg.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Windows\System32\Ati2evxx.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\O2Micro Oz128 Driver\o2flash.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\System32\drivers\XAudio.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Hardcopy\hardcopy.exe
C:\Program Files\stickies\stickies.exe
C:\Acer\Empowering Technology\eNet\eNMTray.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.ex e
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Users\BOUZ~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\wbem\WMIADAP.exe
C:\Windows\System32\conime.exe
C:\Windows\System32\dllhost.exe
.
************************************************** ************************
.
Tiempo completado: 2008-04-15 23:27:02 - machine was rebooted [Bouz¢]
ComboFix-quarantined-files.txt 2008-04-15 21:26:53

El sistema no puede encontrar el texto del mensaje para el mensaje número 0x2379 en el archivo de mensajes para Application.
25 dirs 1,818,976,256 bytes libres
.
2008-03-15 05:08:13 --- E O F ---

Espero que esté todo bien, y en ese caso agradezo finalmente toda la ayuda prestada, y pido un último consejo sobre herramientas de protección par que esto no vuelva a suceder.

Última edición por Desatonao fecha: 15/04/08 a las 19:21:39.