Tema: Problema Virtumonde!!!
Ver Mensaje Individual
  post #8 (permalink)  
Antiguo 06/05/08, 23:46:34
ebalo ebalo está offline
Usuario
  
Registrado: abr 2006
Ubicación: Chile
Mensajes: 12
Re: Problema Virtumonde!!!
Acá va el reporte de ComboFix:

ComboFix 08-05-01.3 - Administrador 2008-05-06 23:31:06.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.3082.18.87 [GMT -4:00]
Se ejecuta desde: C:\Documents and Settings\Administrador\Escritorio\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrador\Escritorio\CFScript.txt
* Creado un nuevo punto de restauración
* Resident AV is active


ADVERTENCIA - ESTE EQUIPO NO TIENE INSTALADA LA CONSOLA DE RECUPERACION!

FILE ::
C:\WINDOWS\imsins.BAK
C:\WINDOWS\inf\G-Buster.exe
C:\WINDOWS\inf\msimn.exe
C:\WINDOWS\inf\ok.exe
C:\WINDOWS\inf\taskmgr.exe
.

(((((((((((((((((((((((((((((((((((( Otras eliminaciones )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\imsins.BAK
C:\WINDOWS\inf\G-Buster.exe
C:\WINDOWS\inf\msimn.exe
C:\WINDOWS\inf\ok.exe
C:\WINDOWS\inf\taskmgr.exe

.
(((((((((((((((((( Archivos creados desde 2008-04-07 - 2008-05-07 )))))))))))))))))))))))))))))))))
.

2008-05-04 23:21 . 2008-05-04 23:22 <DIR> d-------- C:\f4dc47e72423952e008b19c528
2008-05-03 22:51 . 2008-03-20 04:09 1,845,376 --------- C:\WINDOWS\system32\dllcache\win32k.sys
2008-05-03 22:51 . 2007-11-07 05:28 726,528 --------- C:\WINDOWS\system32\dllcache\lsasrv.dll
2008-05-03 22:51 . 2007-10-30 13:20 360,064 --------- C:\WINDOWS\system32\dllcache\tcpip.sys
2008-05-03 22:51 . 2007-12-18 05:51 179,584 --------- C:\WINDOWS\system32\dllcache\mrxdav.sys
2008-05-03 22:51 . 2008-02-20 01:35 148,992 --------- C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-05-03 22:51 . 2008-02-20 01:35 45,568 --------- C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-05-03 22:48 . 2008-05-04 21:29 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Configura ción local
2008-05-03 22:48 . 2008-05-04 21:29 <DIR> d-------- C:\Documents and Settings\NetworkService\Configuración local
2008-05-03 22:48 . 2008-05-04 21:29 <DIR> d-------- C:\Documents and Settings\LocalService\Configuración local
2008-05-03 22:48 . 2008-05-04 21:29 <DIR> d-------- C:\Documents and Settings\Administrador\Configuración local
2008-05-03 22:38 . 2008-05-03 22:38 <DIR> d-------- C:\WINDOWS\system32\xircom
2008-05-03 22:38 . 2008-05-03 22:38 <DIR> d-------- C:\WINDOWS\system32\oobe
2008-05-03 22:38 . 2008-05-03 22:38 <DIR> d-------- C:\WINDOWS\srchasst
2008-05-03 22:38 . 2008-05-03 22:38 <DIR> d-------- C:\WINDOWS\msagent
2008-05-03 22:38 . 2008-05-03 22:38 <DIR> d-------- C:\Archivos de programa\microsoft frontpage
2008-05-03 21:33 . 2008-05-03 21:33 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\SUPERAntiSpyware.com
2008-05-03 21:32 . 2008-05-03 21:32 <DIR> d-------- C:\Documents and Settings\Administrador\Datos de programa\SUPERAntiSpyware.com
2008-05-03 21:32 . 2008-05-03 22:05 <DIR> d-------- C:\Archivos de programa\SUPERAntiSpyware
2008-04-27 02:21 . 2008-04-27 02:21 <DIR> d-------- C:\VundoFix Backups
2008-04-27 01:34 . 2008-04-27 01:34 244 --ah----- C:\sqmnoopt05.sqm
2008-04-27 01:34 . 2008-04-27 01:34 232 --ah----- C:\sqmdata05.sqm
2008-04-21 21:49 . 2008-05-03 17:09 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-21 21:49 . 2008-04-21 21:49 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-19 00:04 . 2008-04-19 00:12 <DIR> d-------- C:\Archivos de programa\DivX
2008-04-19 00:02 . 2008-04-19 00:05 691 --a------ C:\WINDOWS\mozver.dat

.
(((((((((((((((((((((((((((((((((((((( Reporte Find3M )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
2008-05-04 02:28 --------- d-----w C:\Archivos de programa\CCleaner
2008-05-04 01:32 --------- d-----w C:\Archivos de programa\Archivos comunes\Wise Installation Wizard
2008-04-21 21:45 --------- d-----w C:\Archivos de programa\Windows Live Safety Center
2008-04-19 22:21 --------- d-----w C:\Archivos de programa\Windows Media Connect 2
2008-04-08 01:06 --------- d-----w C:\Documents and Settings\Administrador\Datos de programa\MegauploadToolbar
2008-04-02 23:31 --------- d-----w C:\Archivos de programa\Zylom Games
2008-04-02 23:30 --------- d-----w C:\Documents and Settings\All Users\Datos de programa\Zylom
2008-04-02 00:19 --------- d-----w C:\Documents and Settings\All Users\Datos de programa\DVD Shrink
2008-03-26 00:25 --------- d-----w C:\Documents and Settings\Administrador\Datos de programa\Apple Computer
2008-03-25 20:22 --------- d--h--w C:\Archivos de programa\InstallShield Installation Information
2008-03-25 20:21 --------- d-----w C:\Archivos de programa\QuickTime
2008-03-25 20:19 --------- d-----w C:\Documents and Settings\All Users\Datos de programa\Apple Computer
2008-03-25 20:18 --------- d-----w C:\Archivos de programa\Archivos comunes\InstallShield
2008-03-18 23:46 --------- d-----w C:\Archivos de programa\MySpace
2008-03-07 18:10 --------- d-----w C:\Archivos de programa\Disney Interactive
.

------- Sigcheck -------

2007-07-29 08:46 579072 237fb93c6b4330d8ee7d2448cf71c5ed C:\WINDOWS\system32\user32.dll

2007-07-29 08:46 2061824 fda9504c4993043ef75ad2f59cd6daba C:\WINDOWS\system32\ntkrnlpa.exe

2007-07-29 08:46 2184576 61bdb2667827d484604c9a09248d6223 C:\WINDOWS\system32\ntoskrnl.exe

2007-07-29 08:45 953856 e9c19fd131d46eb3ef52b7a31ef33a90 C:\WINDOWS\explorer.exe
2007-07-29 08:45 1035776 dbb6b75cc6cb2cf8ec0bafca08aed6be C:\WINDOWS\XPize\Backup\explorer.exe

2004-08-19 09:42 30208 84ad8e1b758c1abea80cfcc087be0ed3 C:\WINDOWS\system32\ctfmon.exe
2004-08-19 09:42 15360 25ecfa69af1563fde8dfd31f9954497a C:\WINDOWS\XPize\Backup\ctfmon.exe
.
((((((((((((((((((((((((((((( snapshot_2008-05-04_21.29.20.57 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-04 22:29:02 69,120 ----a-w C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0. 0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2008-05-05 03:26:25 69,120 ----a-w C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0. 0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2008-05-04 22:29:12 72,192 ----a-w C:\WINDOWS\assembly\GAC_32\ISymWrapper\2.0.0.0__b0 3f5f7f11d50a3a\ISymWrapper.dll
+ 2008-05-05 03:26:33 72,192 ----a-w C:\WINDOWS\assembly\GAC_32\ISymWrapper\2.0.0.0__b0 3f5f7f11d50a3a\ISymWrapper.dll
- 2008-05-04 22:28:43 4,444,160 ----a-w C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5 c561934e089\mscorlib.dll
+ 2008-05-05 03:26:06 4,444,160 ----a-w C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5 c561934e089\mscorlib.dll
- 2008-05-04 22:29:15 483,840 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data.OracleClien t\2.0.0.0__b77a5c561934e089\System.Data.OracleClie nt.dll
+ 2008-05-05 03:26:36 483,840 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data.OracleClien t\2.0.0.0__b77a5c561934e089\System.Data.OracleClie nt.dll
- 2008-05-04 22:28:52 3,036,160 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b7 7a5c561934e089\System.Data.dll
+ 2008-05-05 03:26:15 3,036,160 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b7 7a5c561934e089\System.Data.dll
- 2008-05-04 22:29:19 258,048 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServic es\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServ ices.dll
+ 2008-05-05 03:26:39 258,048 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServic es\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServ ices.dll
- 2008-05-04 22:29:19 113,664 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServic es\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServ ices.Wrapper.dll
+ 2008-05-05 03:26:39 113,664 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServic es\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServ ices.Wrapper.dll
- 2008-05-04 22:29:13 261,120 ----a-w C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0 .0.0__b77a5c561934e089\System.Transactions.dll
+ 2008-05-05 03:26:34 261,120 ----a-w C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0 .0.0__b77a5c561934e089\System.Transactions.dll
- 2008-05-04 22:28:49 5,431,296 ----a-w C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03 f5f7f11d50a3a\System.Web.dll
+ 2008-05-05 03:26:12 5,431,296 ----a-w C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03 f5f7f11d50a3a\System.Web.dll
- 2008-05-04 22:28:59 10,752 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0 __b03f5f7f11d50a3a\Accessibility.dll
+ 2008-05-05 03:26:22 10,752 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0 __b03f5f7f11d50a3a\Accessibility.dll
- 2008-05-04 22:28:50 507,904 ----a-w C:\WINDOWS\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0_ _b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2008-05-05 03:26:13 507,904 ----a-w C:\WINDOWS\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0_ _b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2008-05-04 22:29:02 13,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b0 3f5f7f11d50a3a\cscompmgd.dll
+ 2008-05-05 03:26:25 13,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b0 3f5f7f11d50a3a\cscompmgd.dll
- 2008-05-04 22:29:07 8,192 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0_ _b03f5f7f11d50a3a\IEExecRemote.dll
+ 2008-05-05 03:26:28 8,192 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0_ _b03f5f7f11d50a3a\IEExecRemote.dll
- 2008-05-04 22:29:09 77,824 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5 f7f11d50a3a\IEHost.dll
+ 2008-05-05 03:26:30 77,824 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5 f7f11d50a3a\IEHost.dll
- 2008-05-04 22:29:10 6,656 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f 5f7f11d50a3a\IIEHost.dll
+ 2008-05-05 03:26:30 6,656 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f 5f7f11d50a3a\IIEHost.dll
- 2008-05-04 22:29:20 348,160 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engin e\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine .dll
+ 2008-05-05 03:26:40 348,160 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engin e\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine .dll
- 2008-05-04 22:29:21 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Frame work\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Fra mework.dll
+ 2008-05-05 03:26:41 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Frame work\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Fra mework.dll
- 2008-05-04 22:29:22 655,360 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks \2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.d ll
+ 2008-05-05 03:26:43 655,360 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks \2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.d ll
- 2008-05-04 22:29:23 77,824 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utili ties\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Uti lities.dll
+ 2008-05-05 03:26:43 77,824 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utili ties\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Uti lities.dll
- 2008-05-04 22:29:10 749,568 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript\8.0 .0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2008-05-05 03:26:31 749,568 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript\8.0 .0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2008-05-04 22:29:08 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic .Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Micr osoft.VisualBasic.Compatibility.Data.dll
+ 2008-05-05 03:26:29 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic .Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Micr osoft.VisualBasic.Compatibility.Data.dll
- 2008-05-04 22:29:05 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic .Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft .VisualBasic.Compatibility.dll
+ 2008-05-05 03:26:28 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic .Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft .VisualBasic.Compatibility.dll
- 2008-05-04 22:29:16 28,672 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic .Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBas ic.Vsa.dll
+ 2008-05-05 03:26:36 28,672 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic .Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBas ic.Vsa.dll
- 2008-05-04 22:29:04 671,744 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic \8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.d ll
+ 2008-05-05 03:26:27 671,744 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic \8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.d ll
- 2008-05-04 22:28:45 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\8.0 .0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2008-05-05 03:26:08 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\8.0 .0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2008-05-04 22:29:18 12,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa.Vb.Code DOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.V sa.Vb.CodeDOMProcessor.dll
+ 2008-05-05 03:26:38 12,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa.Vb.Code DOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.V sa.Vb.CodeDOMProcessor.dll
- 2008-05-04 22:29:03 32,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0 __b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2008-05-05 03:26:26 32,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0 __b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2008-05-04 22:29:03 7,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0 .0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2008-05-05 03:26:26 7,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0 .0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2008-05-04 22:29:11 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03 f5f7f11d50a3a\sysglobl.dll
+ 2008-05-05 03:26:32 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03 f5f7f11d50a3a\sysglobl.dll
- 2008-05-04 22:29:12 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration. Install\2.0.0.0__b03f5f7f11d50a3a\System.Configura tion.Install.dll
+ 2008-05-05 03:26:32 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration. Install\2.0.0.0__b03f5f7f11d50a3a\System.Configura tion.Install.dll
- 2008-05-04 22:28:51 425,984 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\ 2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2008-05-05 03:26:14 425,984 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\ 2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2008-05-04 22:28:53 741,376 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Data.SqlXml\2. 0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2008-05-05 03:26:16 741,376 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Data.SqlXml\2. 0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2008-05-04 22:28:54 933,888 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Deployment\2.0 .0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2008-05-05 03:26:17 933,888 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Deployment\2.0 .0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2008-05-04 22:29:24 5,070,848 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Design\2.0.0.0 __b03f5f7f11d50a3a\System.Design.dll
+ 2008-05-05 03:26:45 5,070,848 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Design\2.0.0.0 __b03f5f7f11d50a3a\System.Design.dll
- 2008-05-04 22:29:21 188,416 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServi ces.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.Dir ectoryServices.Protocols.dll
+ 2008-05-05 03:26:42 188,416 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServi ces.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.Dir ectoryServices.Protocols.dll
- 2008-05-04 22:29:00 401,408 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServi ces\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServ ices.dll
+ 2008-05-05 03:26:22 401,408 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServi ces\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServ ices.dll
- 2008-05-04 22:29:17 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.Design \2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.d ll
+ 2008-05-05 03:26:37 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.Design \2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.d ll
- 2008-05-04 22:28:45 630,784 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0. 0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2008-05-05 03:26:08 630,784 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0. 0__b03f5f7f11d50a3a\System.Drawing.dll
- 2008-05-04 22:29:18 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0 .0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2008-05-05 03:26:39 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0 .0.0__b03f5f7f11d50a3a\System.Management.dll
- 2008-05-04 22:29:16 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Messaging\2.0. 0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2008-05-05 03:26:37 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Messaging\2.0. 0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2008-05-04 22:29:14 299,008 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoti ng\2.0.0.0__b77a5c561934e089\System.Runtime.Remoti ng.dll
+ 2008-05-05 03:26:35 299,008 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoti ng\2.0.0.0__b77a5c561934e089\System.Runtime.Remoti ng.dll
- 2008-05-04 22:29:14 131,072 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serial ization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\ System.Runtime.Serialization.Formatters.Soap.dll
+ 2008-05-05 03:26:34 131,072 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serial ization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\ System.Runtime.Serialization.Formatters.Soap.dll
- 2008-05-04 22:28:46 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Security\2.0.0 .0__b03f5f7f11d50a3a\System.Security.dll
+ 2008-05-05 03:26:09 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Security\2.0.0 .0__b03f5f7f11d50a3a\System.Security.dll
- 2008-05-04 22:28:47 114,688 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess \2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.d ll
+ 2008-05-05 03:26:10 114,688 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess \2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.d ll
- 2008-05-04 22:28:58 884,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile\2.0 .0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2008-05-05 03:26:20 884,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile\2.0 .0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2008-05-04 22:28:58 90,112 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.RegularExp ressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.Regu larExpressions.dll
+ 2008-05-05 03:26:21 90,112 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.RegularExp ressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.Regu larExpressions.dll
- 2008-05-04 22:28:56 839,680 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2 .0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2008-05-05 03:26:19 839,680 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2 .0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2008-05-04 22:29:01 5,013,504 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\ 2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2008-05-05 03:26:24 5,013,504 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\ 2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2008-05-04 22:28:48 2,068,480 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b 77a5c561934e089\System.XML.dll
+ 2008-05-05 03:26:11 2,068,480 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b 77a5c561934e089\System.XML.dll
- 2008-05-04 22:28:55 3,076,096 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5 c561934e089\System.dll
+ 2008-05-05 03:26:18 3,076,096 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5 c561934e089\System.dll
- 2008-05-05 01:20:46 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-07 03:34:41 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-05-05 01:15:30 63,528 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-05-07 03:29:07 63,528 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-05-05 01:15:30 82,892 ----a-w C:\WINDOWS\system32\perfc00A.dat
+ 2008-05-07 03:29:07 82,892 ----a-w C:\WINDOWS\system32\perfc00A.dat
- 2008-05-05 01:15:30 406,328 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-05-07 03:29:07 406,328 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-05-05 01:15:30 469,078 ----a-w C:\WINDOWS\system32\perfh00A.dat
+ 2008-05-07 03:29:07 469,078 ----a-w C:\WINDOWS\system32\perfh00A.dat
- 2008-05-04 22:29:07 8,192 ----a-w C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a 3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2008-05-05 03:26:28 8,192 ----a-w C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a 3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2008-05-04 22:29:19 258,048 ----a-w C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b0 3f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2008-05-05 03:26:39 258,048 ----a-w C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b0 3f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2008-05-04 22:29:19 113,664 ----a-w C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b0 3f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2008-05-05 03:26:39 113,664 ----a-w C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b0 3f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Cargando Puntos Reg ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* entradas vac¡as & entradas leg¡timas predeterminadas no son mostradas

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"TaskSwitchXP"="C:\Archivos de programa\TaskSwitchXP\TaskSwitchXP.exe" [2006-08-04 18:29 62976]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 09:42 30208]
"AlcoholAutomount"="C:\Archivos de programa\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 06:29 220544]
"SUPERAntiSpyware"="C:\Archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"nod32kui"="C:\Archivos de programa\Eset\nod32kui.exe" [2007-09-10 16:13 949376]
"ATIPTA"="C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-06-10 15:10 339968]
"au"="C:\Archivos de programa\Dealio\DealioAU.exe" [2007-10-09 11:47 492896]
"Ink Monitor"="C:\Archivos de programa\EPSON\Ink Monitor\InkMonitor.exe" [2004-05-05 10:54 262210]
"EPSON Stylus CX3700 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\ 3\E_FATIACL.exe" [2005-02-07 07:00 98304]
"QuickTime Task"="C:\Archivos de programa\QuickTime\qttask.exe" [2008-03-25 16:20 282624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 09:42 30208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
"nltide_3"="advpack.dll" [2008-03-01 08:58 124928 C:\WINDOWS\system32\advpack.dll]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"DisableStatusMessages"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer]
"NoDesktopCleanupWizard"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Archivos de programa\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Archivos de programa\\MSN Messenger\\msnmsgr.exe"=
"C:\\Archivos de programa\\uTorrent\\utorrent.exe"=
"C:\\Documents and Settings\\Administrador\\Mis documentos\\Ares\\Ares.exe"=
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Archivos de programa\\MSN Messenger\\livecall.exe"=
"C:\\Archivos de programa\\eMule\\emule.exe"=

R0 m5289;m5289;C:\WINDOWS\system32\drivers\m5289.sys [2004-12-01 06:49]
R2 UxTuneUp;TuneUp Ampliación del thema;C:\WINDOWS\System32\svchost.exe [2004-08-19 09:43]
R3 ULI5261;ULi Based Ethernet NT Driver;C:\WINDOWS\system32\DRIVERS\ULILAN.SYS [2004-12-31 15:24]
S3 k310bus;Sony Ericsson K310 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\k310bus.sys [2006-03-10 08:03]
S3 usbscan;Controlador de escáner USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2007-07-29 13:47]
S3 USBSTOR;Dispositivo de almacenamiento masivo de datos USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2007-07-29 14:47]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contenido de carpeta 'Tareas Programadas'
"2008-05-02 21:16:53 C:\WINDOWS\Tasks\Mantenimiento con 1 clic.job"
- C:\Archivos de programa\TuneUp Utilities 2007\SystemOptimizer.exe
.
************************************************** ************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-06 23:35:18
Windows 5.1.2600 Service Pack 2 NTFS

escaneando procesos ocultos ...

escaneando entradas ocultas de autostart ...

escaneando archivos ocultos ...

el escaneo se completo con exito
archivos ocultos: 9

************************************************** ************************
.
--------------------- DLLs cargados bajo los procesos en ejecuci¢n ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\Ati2evxx.dll

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Archivos de programa\Eset\pr_imon.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Archivos de programa\Eset\nod32krn.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Archivos de programa\Adobe\Acrobat 6.0\Distillr\acrotray.exe
.
************************************************** ************************
.
Tiempo completado: 2008-05-06 23:43:31 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-07 03:43:26
ComboFix2.txt 2008-05-05 01:29:38
ComboFix3.txt 2008-05-04 02:47:53

12 dirs 120,930,758,656 bytes libres
14 dirs 121,173,835,776 bytes libres

297 --- E O F --- 2008-05-05 03:29:54
Responder Con Cita