| Re: Tenia virus... ahora internet demasiado lento. dejo log
Que tal buenas noches... disculpa por no haber contestado, pero es que he puesto a hacer todo lo que me has indicado. Aqui dejo el Log que me dio ComboFix...
Saludos.
ComboFix 08-04-29.5 - Brandon 2008-04-30 20:32:35.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.3082.18.333 [GMT -6:00]
Se ejecuta desde: C:\Users\Brandon\Desktop\ComboFix.exe
* Creado un nuevo punto de restauración
.
(((((((((((((((((((((((((((((((((((( Otras eliminaciones )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Windows\system32\x64
.
(((((((((((((((((( Archivos creados desde 2008-04-01 - 2008-05-01 )))))))))))))))))))))))))))))))))
.
Ningún archivo ha sido creado durante este intervalo de tiempo
.
(((((((((((((((((((((((((((((((((((((( Reporte Find3M )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
2008-05-01 02:17 --------- d-----w C:\Program Files\Yahoo!
2008-05-01 02:17 --------- d-----w C:\Program Files\CCleaner
2008-05-01 00:38 --------- d-----w C:\Users\Brandon\AppData\Roaming\Malwarebytes
2008-05-01 00:38 --------- d-----w C:\ProgramData\Malwarebytes
2008-05-01 00:38 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-05-01 00:04 --------- d-----w C:\Users\Brandon\AppData\Roaming\SUPERAntiSpyware. com
2008-05-01 00:04 --------- d-----w C:\ProgramData\SUPERAntiSpyware.com
2008-05-01 00:04 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-05-01 00:03 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-01 00:00 --------- d-----w C:\Program Files\Norton Security Scan
2008-04-30 22:55 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-30 21:40 --------- d-----w C:\Program Files\Trend Micro
2008-04-30 15:08 --------- d-----w C:\ProgramData\Microsoft Help
2008-04-30 03:14 --------- d-----w C:\Users\Brandon\AppData\Roaming\SiteAdvisor
2008-04-30 02:41 --------- d-----w C:\Program Files\Microsoft Works
2008-04-30 02:40 --------- d-----w C:\Program Files\MSBuild
2008-04-30 02:38 --------- d-----w C:\Program Files\Microsoft.NET
2008-04-30 02:33 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-04-30 02:12 --------- d-----w C:\ProgramData\McAfee
2008-04-30 02:11 --------- d-----w C:\Program Files\SiteAdvisor
2008-04-30 02:10 --------- d-----w C:\Program Files\McAfee
2008-04-30 02:10 --------- d-----w C:\Program Files\Common Files\McAfee
2008-04-30 02:08 --------- d-----w C:\Program Files\McAfee.com
2008-04-30 02:05 --------- d-----w C:\Program Files\ESET
2008-04-30 02:02 --------- d-----w C:\Program Files\Panda Security
2008-04-27 14:33 --------- d-----w C:\ProgramData\Okay meta anti lite
2008-04-27 14:33 --------- d-----w C:\ProgramData\aboutlinkhelp
2008-04-13 16:46 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-04-10 16:33 --------- d-----w C:\Program Files\Windows Mail
2008-03-27 01:21 --------- d-----w C:\ProgramData\Symantec
2008-03-10 03:55 --------- d-----w C:\Program Files\Java
2008-02-29 06:51 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 06:39 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:39 371,712 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:38 313,856 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 06:38 16,384 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 06:34 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
2008-02-29 04:16 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-21 04:43 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-02-21 04:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-19 05:10 620,088 ----a-w C:\Windows\System32\ci.dll
2008-02-14 23:19 944,184 ----a-w C:\Windows\System32\winload.exe
2008-02-14 17:01 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-14 16:56 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-14 16:56 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-14 16:56 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-14 16:56 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-14 16:56 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-14 16:55 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-14 16:55 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-14 16:55 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-14 16:55 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-02-14 16:55 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-14 16:55 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-14 16:55 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-01-23 10:31 174 --sha-w C:\Program Files\desktop.ini
.
((((((((((((((((((((((((((((((((( Cargando Puntos Reg ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* entradas vacías & entradas legítimas predeterminadas no son mostradas
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-23 04:04 1232896]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 06:34 2159104 C:\Windows\System32\oobefldr.dll]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe" [2008-01-22 18:47 171448]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 06:34 201728]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-23 04:16 1006264]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-01-02 18:07 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-01-02 18:06 166424]
"Persistence"="C:\Windows\system32\igfxpers.ex e" [2008-01-02 18:07 133656]
"MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [2007-01-17 15:30 152144]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"MSConfig"="C:\Windows\system32\msconfig.exe" [2006-11-02 03:45 222208]
[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANTI LITE TITLE DEBUG]
--a------ 2008-04-27 08:33 397328 C:\ProgramData\heart show bike.ppwjdw4
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FragByte]
--a------ 2008-04-27 08:31 364560 C:\ProgramData\Acid find find.t7l21
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"{35D60054-8F69-479D-B9A0-8A38CCAAF7E0}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{40A814E4-10B7-4A6B-A11B-690A4E21FEE5}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{A15F99F4-A8C0-4B7F-871F-4E6F85D49913}C:\\program files\\ares\\ares.exe"= UDP:C:\program files\ares\ares.exe:Ares p2p for windows
"UDP Query User{0006A80D-7CBB-42E1-8903-DCEFD2787131}C:\\program files\\ares\\ares.exe"= TCP:C:\program files\ares\ares.exe:Ares p2p for windows
"TCP Query User{0A7BC935-1CDF-46C6-BFAF-2DD7D4047CD0}C:\\program files\\ares\\ares.exe"= UDP:C:\program files\ares\ares.exe:Ares p2p for windows
"UDP Query User{64058FAA-299D-42CB-99A9-0D63DC03AF6C}C:\\program files\\ares\\ares.exe"= TCP:C:\program files\ares\ares.exe:Ares p2p for windows
"{CF87A0CA-C437-4F9C-B001-2325F701B8BA}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{75FDE24A-401A-429D-B6F5-47DCFB771F5B}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{84B79A42-E55D-4671-9789-694F6A0D1FD5}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{53A442D3-0FE1-4916-94CC-F0388889DE9C}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{73F4FF08-1513-4E6F-B764-8EED3528E4A7}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{0AE39FBB-9C35-479A-BBB8-BA3C17C44B4A}"= UDP:C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"{7AF7401C-003F-4A23-A837-1DA67E2B1572}"= TCP:C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|S vc=DFSR:Allow inbound TCP traffic|
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-01-02 17:48]
R3 VST_DPV;VST_DPV;C:\Windows\system32\DRIVERS\VSTDPV 3.SYS [2006-11-02 01:41]
R3 VSTHWBS2;VSTHWBS2;C:\Windows\system32\DRIVERS\VSTB S23.SYS [2006-11-02 01:41]
S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 01:36]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{161dc455-16eb-11dd-955a-806e6f6e6963}]
\shell\AutoRun\command - D:\h0s2.bat
\shell\explore\Command - D:\h0s2.bat
\shell\open\Command - D:\h0s2.bat
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{60e60f11-16e0-11dd-a23b-001d92035f75}]
\shell\AutoRun\command - D:\h0s2.bat
\shell\explore\Command - D:\h0s2.bat
\shell\open\Command - D:\h0s2.bat
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{ac5cfcd9-c971-11dc-bca5-001d92035f75}]
\shell\Auto\command - D:\MSOCache\doWTP_RESTORE_0.exe -autorun
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL D:\MSOCache\doWTP_RESTORE_0.exe -autorun
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{ac5cfcea-c971-11dc-bca5-001d92035f75}]
\shell\AutoRun\command - D:\semo2x.exe
\shell\explore\Command - D:\semo2x.exe
\shell\open\Command - D:\semo2x.exe
*Newly Created Service* - CATCHME
.
Contenido de carpeta 'Tareas Programadas'
"2008-04-30 03:06:26 C:\Windows\Tasks\McDefragTask.job"
- C:\Windows\system32\Defrag.exe
"2008-04-30 03:06:26 C:\Windows\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe.4158 0
"2008-05-01 00:03:01 C:\Windows\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
************************************************** ************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-30 20:34:48
Windows 6.0.6000 NTFS
escaneando procesos ocultos ...
escaneando entradas ocultas de autostart ...
escaneando archivos ocultos ...
el escaneo se completo con exito
archivos ocultos: 4
************************************************** ************************
.
--------------------- DLLs cargados bajo los procesos en ejecución ---------------------
PROCESS: C:\Windows\Explorer.exe
-> ?:\Windows\system32\NetworkExplorer.dll
.
Tiempo completado: 2008-04-30 20:35:43
ComboFix-quarantined-files.txt 2008-05-01 02:35:36
El sistema no puede encontrar el texto del mensaje para el mensaje número 0x2379 en el archivo de mensajes para Application.
El sistema no puede encontrar el texto del mensaje para el mensaje número 0x2379 en el archivo de mensajes para Application.
178 --- E O F --- 2008-04-30 15:08:35  |