| Re: CPU 100% - Fallan antivirus...
Gracias por contestar thecat_re.
Te pego el reporte:
ComboFix 08-05-01.3 - Adrián 2008-05-05 17:55:53.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.3082.18.233 [GMT 2:00]
Se ejecuta desde: C:\Documents and Settings\Adrián\Escritorio\Combo-Fix.exe
* Creado un nuevo punto de restauración
ADVERTENCIA - ESTE EQUIPO NO TIENE INSTALADA LA CONSOLA DE RECUPERACION!
.
(((((((((((((((((((((((((((((((((((( Otras eliminaciones )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\system32\ban_list.txt
C:\WINDOWS\system32\drivers\downld
C:\WINDOWS\system32\drivers\downld\104312.exe
C:\WINDOWS\system32\drivers\downld\109515.exe
C:\WINDOWS\system32\drivers\downld\110421.exe
C:\WINDOWS\system32\drivers\downld\112156.exe
C:\WINDOWS\system32\drivers\downld\116203.exe
C:\WINDOWS\system32\drivers\downld\118312.exe
C:\WINDOWS\system32\drivers\downld\119406.exe
C:\WINDOWS\system32\drivers\downld\123125.exe
C:\WINDOWS\system32\drivers\downld\141781.exe
C:\WINDOWS\system32\drivers\downld\143140.exe
C:\WINDOWS\system32\drivers\downld\14630375.exe
C:\WINDOWS\system32\drivers\downld\14639234.exe
C:\WINDOWS\system32\drivers\downld\14642109.exe
C:\WINDOWS\system32\drivers\downld\14689671.exe
C:\WINDOWS\system32\drivers\downld\14703796.exe
C:\WINDOWS\system32\drivers\downld\14722281.exe
C:\WINDOWS\system32\drivers\downld\14875328.exe
C:\WINDOWS\system32\drivers\downld\14898031.exe
C:\WINDOWS\system32\drivers\downld\15099781.exe
C:\WINDOWS\system32\drivers\downld\15107890.exe
C:\WINDOWS\system32\drivers\downld\159828.exe
C:\WINDOWS\system32\drivers\downld\160968.exe
C:\WINDOWS\system32\drivers\downld\161265.exe
C:\WINDOWS\system32\drivers\downld\163812.exe
C:\WINDOWS\system32\drivers\downld\170828.exe
C:\WINDOWS\system32\drivers\downld\177796.exe
C:\WINDOWS\system32\drivers\downld\178453.exe
C:\WINDOWS\system32\drivers\downld\183937.exe
C:\WINDOWS\system32\drivers\downld\184640.exe
C:\WINDOWS\system32\drivers\downld\198546.exe
C:\WINDOWS\system32\drivers\downld\200890.exe
C:\WINDOWS\system32\drivers\downld\206421.exe
C:\WINDOWS\system32\drivers\downld\207046.exe
C:\WINDOWS\system32\drivers\downld\213515.exe
C:\WINDOWS\system32\drivers\downld\217859.exe
C:\WINDOWS\system32\drivers\downld\221140.exe
C:\WINDOWS\system32\drivers\downld\224125.exe
C:\WINDOWS\system32\drivers\downld\226796.exe
C:\WINDOWS\system32\drivers\downld\239234.exe
C:\WINDOWS\system32\drivers\downld\248796.exe
C:\WINDOWS\system32\drivers\downld\269671.exe
C:\WINDOWS\system32\drivers\downld\274359.exe
C:\WINDOWS\system32\drivers\downld\290500.exe
C:\WINDOWS\system32\drivers\downld\291390.exe
C:\WINDOWS\system32\drivers\downld\303625.exe
C:\WINDOWS\system32\drivers\downld\304937.exe
C:\WINDOWS\system32\drivers\downld\313265.exe
C:\WINDOWS\system32\drivers\downld\320218.exe
C:\WINDOWS\system32\drivers\downld\329562.exe
C:\WINDOWS\system32\drivers\downld\339031.exe
C:\WINDOWS\system32\drivers\downld\348031.exe
C:\WINDOWS\system32\drivers\downld\3968015.exe
C:\WINDOWS\system32\drivers\downld\3999406.exe
C:\WINDOWS\system32\drivers\downld\4046453.exe
C:\WINDOWS\system32\drivers\downld\50421.exe
C:\WINDOWS\system32\drivers\downld\51234.exe
C:\WINDOWS\system32\drivers\downld\52000.exe
C:\WINDOWS\system32\drivers\downld\53468.exe
C:\WINDOWS\system32\drivers\downld\551234.exe
C:\WINDOWS\system32\drivers\downld\55375.exe
C:\WINDOWS\system32\drivers\downld\56656.exe
C:\WINDOWS\system32\drivers\downld\57421.exe
C:\WINDOWS\system32\drivers\downld\583484.exe
C:\WINDOWS\system32\drivers\downld\58625.exe
C:\WINDOWS\system32\drivers\downld\58734.exe
C:\WINDOWS\system32\drivers\downld\59125.exe
C:\WINDOWS\system32\drivers\downld\59312.exe
C:\WINDOWS\system32\drivers\downld\59343.exe
C:\WINDOWS\system32\drivers\downld\603296.exe
C:\WINDOWS\system32\drivers\downld\612140.exe
C:\WINDOWS\system32\drivers\downld\61593.exe
C:\WINDOWS\system32\drivers\downld\62859.exe
C:\WINDOWS\system32\drivers\downld\64265.exe
C:\WINDOWS\system32\drivers\downld\64296.exe
C:\WINDOWS\system32\drivers\downld\66453.exe
C:\WINDOWS\system32\drivers\downld\66953.exe
C:\WINDOWS\system32\drivers\downld\67500.exe
C:\WINDOWS\system32\drivers\downld\68203.exe
C:\WINDOWS\system32\drivers\downld\68859.exe
C:\WINDOWS\system32\drivers\downld\70000.exe
C:\WINDOWS\system32\drivers\downld\71812.exe
C:\WINDOWS\system32\drivers\downld\72375.exe
C:\WINDOWS\system32\drivers\downld\75765.exe
C:\WINDOWS\system32\drivers\downld\78093.exe
C:\WINDOWS\system32\drivers\downld\78875.exe
C:\WINDOWS\system32\drivers\downld\79109.exe
C:\WINDOWS\system32\drivers\downld\81093.exe
C:\WINDOWS\system32\drivers\downld\81265.exe
C:\WINDOWS\system32\drivers\downld\88750.exe
C:\WINDOWS\system32\drivers\downld\89671.exe
C:\WINDOWS\system32\drivers\downld\95609.exe
C:\WINDOWS\system32\drivers\downld\96671.exe
C:\WINDOWS\system32\drivers\downld\96796.exe
C:\WINDOWS\system32\drivers\downld\97187.exe
C:\WINDOWS\system32\drivers\hldrrr.exe . . . . Fallo al eliminar
C:\WINDOWS\system32\drivers\mdelk.exe . . . . Fallo al eliminar
C:\WINDOWS\system32\drivers\srosa.sys . . . . Fallo al eliminar
C:\WINDOWS\system32\mdelk.exe . . . . Fallo al eliminar
C:\WINDOWS\system32\wintems.exe . . . . Fallo al eliminar
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_SROSA
(((((((((((((((((( Archivos creados desde 2008-04-05 - 2008-05-05 )))))))))))))))))))))))))))))))))
.
2008-05-05 18:03 . 2008-05-05 18:03 <DIR> d-------- C:\WINDOWS\system32\drivers\downld
2008-05-05 15:43 . 2008-05-05 15:43 <DIR> d-------- C:\Archivos de programa\ESET
2008-05-05 15:11 . 2008-05-05 15:11 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\Malwarebytes
2008-05-05 15:11 . 2008-05-05 15:11 <DIR> d-------- C:\Archivos de programa\Malwarebytes' Anti-Malware
2008-05-02 01:53 . 2008-05-02 01:53 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\SUPERAntiSpyware.com
2008-05-02 01:52 . 2008-05-02 01:52 <DIR> d-------- C:\Archivos de programa\SUPERAntiSpyware
2008-05-02 01:50 . 2008-05-02 01:50 <DIR> d-------- C:\Archivos de programa\Archivos comunes\Wise Installation Wizard
2008-05-02 01:23 . 2008-05-02 01:23 <DIR> d-------- C:\Archivos de programa\CCleaner
2008-05-01 19:03 . 2008-05-01 19:03 <DIR> d-------- C:\Archivos de programa\VIA
2008-05-01 19:03 . 2005-04-13 16:54 331,184 --------- C:\WINDOWS\system32\difxapi.dll
2008-05-01 19:02 . 2006-10-09 12:58 203,648 --a------ C:\WINDOWS\system32\drivers\vinyl97.sys
2008-04-24 00:04 . 2008-04-24 00:04 <DIR> d-------- C:\Archivos de programa\Fast Break Basketball
2008-04-23 02:07 . 2008-04-23 02:07 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\TVU Networks
2008-04-13 23:50 . 2008-04-13 23:50 <DIR> d-------- C:\mIRC
2008-04-13 01:57 . 2008-04-13 01:57 <DIR> d-------- C:\Archivos de programa\Vodei
.
(((((((((((((((((((((((((((((((((((((( Reporte Find3M )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
2008-05-05 13:21 14,848 ----a-w C:\WINDOWS\system32\dllcache\register.exe
2008-05-04 01:36 90,112 ----a-w C:\WINDOWS\DUMPe276.tmp
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-04 16:52 286,720 ----a-w C:\WINDOWS\system32\libcurl.dll
2008-03-01 16:28 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 08:55 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-29 08:55 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:35 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-15 05:44 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-02-06 23:06 2,560 ----a-w C:\WINDOWS\system32\BitCometRes.dll
.
((((((((((((((((((((((((((((((((( Cargando Puntos Reg ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* entradas vac¡as & entradas leg¡timas predeterminadas no son mostradas
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 20:00 15360]
"SUPERAntiSpyware"="C:\Archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-05 18:03 0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"preload"="C:\Windows\RUNXMLPL.exe" [2005-05-19 17:09 32768]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-01-23 10:36 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-01-23 10:31 126976]
"SynTPLpr"="C:\Archivos de programa\Synaptics\SynTP\SynTPLpr.exe" [2004-08-23 10:02 684032]
"SynTPEnh"="C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe" [2005-02-04 11:11 708698]
"EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-06-01 14:17 192512]
"ePowerManagement"="C:\Acer\ePM\ePM.exe" [2005-03-15 10:03 2893824]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.e xe" [2004-08-20 20:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScI nst.exe" [2004-08-20 20:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT \TINTSETP.exe" [2004-08-20 20:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TIN TSETP.exe" [2004-08-20 20:00 455168]
"PCMService"="C:\Program Files\Arcade\PCMService.exe" [2005-03-09 18:59 49152]
"LaunchAp"="C:\Archivos de programa\Launch Manager\LaunchAp.exe" [2005-07-25 13:36 32768]
"PowerKey"="C:\Archivos de programa\Launch Manager\PowerKey.exe" [2002-08-30 15:02 94208]
"LManager"="C:\Archivos de programa\Launch Manager\HotkeyApp.exe" [2005-06-06 11:52 69632]
"CtrlVol"="C:\Archivos de programa\Launch Manager\CtrlVol.exe" [2003-09-16 14:28 20480]
"LMgrOSD"="C:\Archivos de programa\Launch Manager\OSDCtrl.exe" [2005-07-25 10:45 241664]
"Wbutton"="C:\Archivos de programa\Launch Manager\Wbutton.exe" [2005-07-25 13:34 81920]
"eRecoveryService"="C:\Archivos de programa\Acer\eRecovery\Monitor.exe" [2008-05-05 18:04 352256]
"ccApp"="C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe" [2008-05-05 18:04 58992]
"Symantec NetDriver Monitor"="C:\ARCHIV~1\SYMNET~1\SNDMon.exe" [2006-01-27 23:44 100056]
"KTSinit"="C:\Programme\Bosch\ESItronic\KTS500\Ph_ Test.exe" [2003-12-15 11:38 1046528]
"GrooveMonitor"="C:\Archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"QuickTime Task"="C:\Archivos de programa\QuickTime\qttask.exe" [2008-01-30 15:06 385024]
"AudioDeck"="C:\Archivos de programa\VIA\VIAudioi\SBADeck\ADeck.exe" [2006-11-02 16:57 528384]
"SoundMan"="SOUNDMAN.EXE" [2005-04-15 11:01 77824 C:\WINDOWS\SOUNDMAN.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-20 20:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableLUA"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Archivos de programa\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= c:\archiv~1\codecp~1\i263\i263_32.drv
"vidc.DIV3"= c:\archiv~1\codecp~1\divx3\divxc32.dll
"vidc.DIV4"= c:\archiv~1\codecp~1\divx412\divx.dll
"vidc.DIVX"= c:\archiv~1\codecp~1\divx511\divx.dll
"vidc.xvid"= c:\archiv~1\codecp~1\xvid\xvid.dll
"vidc.fvfw"= c:\archiv~1\codecp~1\ffvfw\ffvfw.dll
"msacm.avis"= c:\archiv~1\codecp~1\ffvfw\ffvfw.dll
"vidc.MPG4"= c:\archiv~1\codecp~1\mpeg4\mpg4c32.dll
"vidc.MP42"= c:\archiv~1\codecp~1\mpeg4\mpg4c32.dll
"vidc.MP43"= c:\archiv~1\codecp~1\mpeg4\mpg4c32.dll
"VIDC.MJPG"= c:\archiv~1\codecp~1\picvideo\pvmjpg21.dll
"VIDC.PIMJ"= c:\archiv~1\codecp~1\picvideo\pvljpg20.dll
"VIDC.PVW2"= c:\archiv~1\codecp~1\picvideo\pvwv220.dll
"VIDC.SJPG"= c:\archiv~1\codecp~1\pmmjpeg\pmmjpeg.dll
"vidc.MJPX"= c:\archiv~1\codecp~1\m3jpegv3\m3jpeg32.dll
"vidc.dmb1"= c:\archiv~1\codecp~1\m3jpegv3\m3jpeg32.dll
"VIDC.HFYU"= c:\archiv~1\codecp~1\huffyuv\huffyuv.dll
"VIDC.ZLIB"= c:\archiv~1\codecp~1\lcljp\avizlib.dll
"VIDC.MSZH"= c:\archiv~1\codecp~1\lcljp\avimszh.dll
"vidc.MVW1"= c:\archiv~1\codecp~1\aware\icmw_32.dll
"vidc.dvmc"= c:\archiv~1\codecp~1\mcdv\mcdvd_32.dll
"vidc.VP31"= c:\archiv~1\codecp~1\on2vp3\vp31vfw.dll
"vidc.VP60"= c:\archiv~1\codecp~1\on2vp6\vp6vfw.dll
"vidc.VP61"= c:\archiv~1\codecp~1\on2vp6\vp6vfw.dll
"vidc.3IV2"= c:\archiv~1\codecp~1\3ivx\3ivxvf~1.dll
"vidc.I263"= c:\archiv~1\codecp~1\i263\i263_32.drv
"msacm.imc"= c:\archiv~1\codecp~1\i263\imc32.acm
"VIDC.YMPG"= c:\archiv~1\codecp~1\ympeg\ympgcdc.dll
"msacm.ympgacm"= c:\archiv~1\codecp~1\ympeg\ympgacm.acm
"VIDC.WMV3"= c:\archiv~1\codecp~1\wm9\wmv9vcm.dll
"msacm.lameacm"= c:\archiv~1\codecp~1\mp3lame\lameacm.acm
"msacm.atrac3"= c:\archiv~1\codecp~1\atrac3\atrac3.acm
"msacm.qmpeg"= c:\archiv~1\codecp~1\qmpeg\qmpeg.acm
"msacm.uleaddv"= c:\archiv~1\codecp~1\uleaddv\dvacm.acm
"msacm.vorbis"= c:\archiv~1\codecp~1\vorbis\vorbis.acm
"msacm.divxa32"= c:\archiv~1\codecp~1\wma\divxa32.acm
"msacm.msaudio2"= c:\archiv~1\codecp~1\wma\msaud32h.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Archivos de programa\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Archivos de programa\\Microsoft Office\\Office12\\groove.exe"=
"C:\\Archivos de programa\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Archivos de programa\\Messenger\\MSMSGS.EXE"=
"C:\\Archivos de programa\\MSN Messenger\\msnmsgr.exe"=
"C:\\Archivos de programa\\MSN Messenger\\livecall.exe"=
"C:\\Archivos de programa\\SopCast\\SopCast.exe"=
"C:\\Archivos de programa\\eMule\\emule.exe"=
"C:\\Archivos de programa\\BitComet\\BitComet.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Archivos de programa\\Internet Explorer\\iexplore.exe"=
"C:\\Archivos de programa\\SopCast\\adv\\SopAdver.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"24911:TCP"= 24911:TCP:BitComet 24911 TCP
"24911:UDP"= 24911:UDP:BitComet 24911 UDP
"23991:TCP"= 23991:TCP:BitComet 23991 TCP
"23991:UDP"= 23991:UDP:BitComet 23991 UDP
R1 Hotkey;Hotkey;C:\WINDOWS\system32\drivers\Hotkey.s ys [2003-04-28 11:27]
R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 13:10]
R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-04-07 18:08]
R2 int15.sys;int15.sys;C:\Archivos de programa\Acer\eRecovery\int15.sys [2005-01-13 14:46]
R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-03-04 16:37]
R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.s ys [2005-01-14 15:57]
R3 POWERKEY;POWERKEY;C:\Archivos de programa\Launch Manager\POWERKEY.sys [2000-12-19 18:29]
S1 Wbutton;Wbutton;C:\WINDOWS\system32\drivers\Wbutto n.sys []
S3 USBSTOR;Dispositivo de almacenamiento masivo de datos USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{30ceb790-ca15-11dc-939f-0014a45a6b4a}]
\Shell\AutoRun\command - F:\nideiect.com
\Shell\explore\Command - F:\nideiect.com
\Shell\open\Command - F:\nideiect.com
*Newly Created Service* - SROSA
.
Contenido de carpeta 'Tareas Programadas'
"2008-05-05 13:31:58 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Archivos de programa\Symantec\LiveUpdate\NDETECT.EXE
"2008-03-28 18:00:02 C:\WINDOWS\Tasks\Norton AntiVirus - Analizar el equipo - Talleres nuñez.job" |