Foro de Spyware - Ver Mensaje Individual - van abriendo ventanas de publicidad continuamente (Solucionado)

Tema: van abriendo ventanas de publicidad continuamente (Solucionado)

Ver Mensaje Individual

post #3 (permalink)

09/05/08, 10:34:49

SP2

Colaborador

Registrado: ene 2005

Ubicación: España

Mensajes: 67

Re: Log

Hola!! ya he realizado todos los pasos que me has indicado. Ahí va el log que me pediste.

ComboFix 08-05-08.1 - MARÍA 2008-05-09 16:20:03.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.3082.18.1256 [GMT 2:00]
Se ejecuta desde: C:\Users\MARÍA\Desktop\ComboFix.exe
* Creado un nuevo punto de restauración
.

(((((((((((((((((((((((((((((((((((( Otras eliminaciones )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\Users\MARÍA\AppData\Local\sejxbjyb.dat
C:\Users\MARÍA\AppData\Local\sejxbjyb.exe
C:\Users\MARÍA\AppData\Local\sejxbjyb_nav.dat
C:\Users\MARÍA\AppData\Local\sejxbjyb_navps.dat
c:\users\maría\appdata\local\sejxbjyb.exe
C:\Windows\system32\nvs2.inf

.
(((((((((((((((((( Archivos creados desde 2008-04-09 - 2008-05-09 )))))))))))))))))))))))))))))))))
.

2008-05-09 12:09 . 2008-05-09 12:09 <DIR> d-------- C:\Program Files\CCleaner
2008-05-07 17:01 . 2008-05-09 12:13 <DIR> d-------- C:\Users\MARÍA\AppData\Roaming\aMule
2008-05-07 17:00 . 2008-05-07 17:00 <DIR> d-------- C:\Program Files\aMule
2008-05-07 11:21 . 2008-05-07 11:21 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-05-05 23:51 . 2008-05-05 23:51 <DIR> d-------- C:\Users\MARÍA\AppData\Roaming\dvdcss
2008-05-04 18:28 . 2008-05-04 18:28 <DIR> d-------- C:\PerfLogs
2008-05-04 17:54 . 2008-01-19 09:33 2,623,488 --a------ C:\WINDOWS\System32\SLsvc.exe
2008-05-04 17:54 . 2008-01-19 09:36 1,541,120 --a------ C:\WINDOWS\System32\onex.dll
2008-05-04 17:51 . 2008-01-19 09:35 9,847,296 --a------ C:\WINDOWS\System32\NlsData000a.dll
2008-05-04 17:50 . 2008-01-19 09:33 8,139,264 --a------ C:\WINDOWS\System32\ssBranded.scr
2008-05-04 17:49 . 2008-01-19 08:06 8,147,456 --a------ C:\WINDOWS\System32\wmploc.DLL
2008-05-04 17:48 . 2008-01-19 09:36 704,512 --a------ C:\WINDOWS\System32\SmiEngine.dll
2008-05-04 17:48 . 2008-01-19 09:36 357,888 --a------ C:\WINDOWS\System32\wbemcomn.dll
2008-05-04 17:48 . 2008-01-19 09:34 305,152 --a------ C:\WINDOWS\System32\msdelta.dll
2008-05-04 17:48 . 2008-01-19 09:34 258,560 --a------ C:\WINDOWS\System32\dpx.dll
2008-05-04 17:48 . 2008-01-19 09:34 246,784 --a------ C:\WINDOWS\System32\drvstore.dll
2008-05-04 17:48 . 2008-01-19 09:36 218,624 --a------ C:\WINDOWS\System32\wdscore.dll
2008-05-04 17:48 . 2006-11-02 11:45 181,760 --a------ C:\WINDOWS\System32\fsquirt.exe
2008-05-04 17:48 . 2008-01-19 09:36 139,264 --a------ C:\WINDOWS\System32\SmiInstaller.dll
2008-05-04 17:48 . 2008-01-19 09:33 130,560 --a------ C:\WINDOWS\System32\PkgMgr.exe
2008-05-04 17:48 . 2008-01-19 09:35 35,328 --a------ C:\WINDOWS\System32\mspatcha.dll
2008-05-04 17:22 . 2008-05-04 17:22 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-05-02 12:39 . 2008-05-02 12:39 <DIR> d-------- C:\Users\All Users\Avira
2008-05-02 12:39 . 2008-05-02 12:39 <DIR> d-------- C:\ProgramData\Avira
2008-05-02 12:39 . 2008-05-02 12:39 <DIR> d-------- C:\Program Files\Avira
2008-04-24 14:26 . 2008-04-24 14:26 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-04-23 12:43 . 2008-02-29 09:11 988,216 --a------ C:\WINDOWS\System32\winload.exe
2008-04-23 12:43 . 2008-02-29 09:11 927,288 --a------ C:\WINDOWS\System32\winresume.exe
2008-04-23 12:43 . 2008-02-22 07:05 615,992 --a------ C:\WINDOWS\System32\ci.dll
2008-04-23 12:43 . 2008-02-29 08:53 378,368 --a------ C:\WINDOWS\System32\srcore.dll
2008-04-23 12:43 . 2008-02-29 06:12 318,464 --a------ C:\WINDOWS\System32\rstrui.exe
2008-04-23 12:43 . 2008-02-29 08:53 46,592 --a------ C:\WINDOWS\System32\setbcdlocale.dll
2008-04-23 12:43 . 2008-02-29 08:53 40,960 --a------ C:\WINDOWS\System32\srclient.dll
2008-04-23 12:43 . 2008-02-29 09:14 19,000 --a------ C:\WINDOWS\System32\kd1394.dll
2008-04-23 12:43 . 2008-02-29 06:12 14,848 --a------ C:\WINDOWS\System32\srdelayed.exe
2008-04-23 12:43 . 2008-02-29 08:35 6,656 --a------ C:\WINDOWS\System32\kbd106n.dll
2008-04-23 12:40 . 2008-04-23 12:40 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-04-23 12:40 . 2008-04-23 12:40 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com
2008-04-23 12:39 . 2008-04-23 12:39 <DIR> d-------- C:\Users\MARÍA\AppData\Roaming\SUPERAntiSpyware.co m
2008-04-23 12:39 . 2008-04-23 12:50 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-04-23 00:23 . 2008-05-02 12:45 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-04-23 00:23 . 2008-05-02 12:45 <DIR> d-------- C:\ProgramData\Lavasoft
2008-04-23 00:22 . 2008-05-02 12:45 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-22 23:32 . 2008-04-22 23:32 <DIR> d-------- C:\Users\All Users\ESET
2008-04-22 23:32 . 2008-04-22 23:32 <DIR> d-------- C:\ProgramData\ESET
2008-04-22 23:32 . 2008-04-23 11:58 <DIR> d-------- C:\Program Files\ESET
2008-04-18 21:00 . 2008-02-22 04:50 1,383,424 --a------ C:\WINDOWS\System32\mshtml.tlb
2008-04-18 21:00 . 2008-02-22 07:01 826,880 --a------ C:\WINDOWS\System32\wininet.dll
2008-04-18 20:59 . 2008-02-29 06:21 2,032,128 --a------ C:\WINDOWS\System32\win32k.sys
2008-04-18 20:59 . 2008-02-22 06:57 295,936 --a------ C:\WINDOWS\System32\gdi32.dll

.
(((((((((((((((((((((((((((((((((((((( Reporte Find3M )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
2008-05-04 16:39 174 --sha-w C:\Program Files\desktop.ini
2008-05-04 16:30 --------- d-----w C:\Program Files\Windows Sidebar
2008-05-04 16:30 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-05-04 16:30 --------- d-----w C:\Program Files\Windows Mail
2008-05-04 16:30 --------- d-----w C:\Program Files\Windows Journal
2008-05-04 16:30 --------- d-----w C:\Program Files\Windows Defender
2008-05-04 16:30 --------- d-----w C:\Program Files\Windows Collaboration
2008-05-04 16:30 --------- d-----w C:\Program Files\Windows Calendar
2008-05-04 16:10 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-05-04 16:10 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-05-04 15:21 --------- d-----w C:\ProgramData\Microsoft Help
2008-04-23 11:24 --------- d-----w C:\Program Files\HP
2008-03-31 21:25 682,496 ----a-w C:\Windows\System32\divx.dll
2008-03-28 17:41 7,680 ----a-w C:\Windows\System32\ff_vfw.dll
2008-03-25 19:10 --------- d-----w C:\Program Files\Microsoft.NET
2008-03-25 19:10 --------- d-----w C:\Program Files\Microsoft Works
2008-03-25 18:46 27,335 ----a-w C:\Users\MARÍA\AppData\Roaming\nvModes.dat
2008-03-25 17:31 --------- d-----w C:\Program Files\MSBuild
2008-03-21 20:30 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2008-03-21 20:28 81,920 ----a-w C:\Windows\System32\dpl100.dll
2008-03-12 17:10 --------- d-----w C:\Program Files\Ares
2008-03-12 17:01 --------- d-----w C:\Program Files\Java
2008-03-11 19:12 --------- d-----w C:\Program Files\BitComet
2008-03-11 18:42 --------- d-----w C:\Users\MARÍA\AppData\Roaming\vlc
2008-03-11 18:41 --------- d-----w C:\Program Files\VideoLAN
2008-03-10 19:43 --------- d-----w C:\ProgramData\eMule
.

------- Sigcheck -------

.
((((((((((((((((((((((((((((((((( Cargando Puntos Reg ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* entradas vacías & entradas legítimas predeterminadas no son mostradas

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 09:33 1233920]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 09:33 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-19 09:38 1008184]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-16 23:34 634880]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 02:50 1021224]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-09 19:50 4390912 C:\WINDOWS\RtHDVCpl.exe]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 16:37 174872]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-04-23 18:11 176128]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 11:38 159744]
"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 11:54 50696]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 13:18 472776]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 16:12 317128]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 02:29 102400]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24 54840]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-05-01 12:27 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-05-01 12:27 8429568]
"NvMediaCenter"="C:\Windows\system32\NvMcTray. dll" [2007-05-01 12:27 81920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce]
"Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 00:01:50 734872]
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-12-20 13:27:40 719664]
Inicio r pido de Adobe Reader.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 01:48:20 40048]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"{E882AE57-4AB9-4882-BDC7-30B8D03AF09B}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{EDE30B52-1C45-4045-8B4F-3281E57C4019}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{A7DD701E-CA94-460B-9773-E66E8455D482}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{75BC1A7F-0212-4BF5-8680-55B80FCE1BF3}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play
"{5400A00C-E3D8-4920-832F-9EEF7537289D}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"TCP Query User{FC34C605-A684-4A97-87D3-9D1E9DD06678}C:\\program files\\ares\\ares.exe"= UDP:C:\program files\ares\ares.exe:Ares p2p for windows
"UDP Query User{6CD919A8-EE1B-4C67-9695-57671AC0329E}C:\\program files\\ares\\ares.exe"= TCP:C:\program files\ares\ares.exe:Ares p2p for windows
"TCP Query User{3F0ACB0B-AE98-4694-BB5F-E18A5407F9A9}C:\\program files\\amule\\amule.exe"= UDP:C:\program files\amule\amule.exe:amule
"UDP Query User{737D0524-DDED-4EBF-B91E-730AB6A4C1AE}C:\\program files\\amule\\amule.exe"= TCP:C:\program files\amule\amule.exe:amule

R3 btwaudio;Dispositivo de audio Bluetooth;C:\Windows\system32\drivers\btwaudio.sys [2007-01-02 12:45]
R3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2007-01-02 12:45]
R3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwr chid.sys [2007-01-02 12:45]
S3 BCM43XV;Controlador de adaptador de red 802.11 extensible Broadcom;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 09:30]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{0cffb863-d0c5-11dc-92bc-001a6bdf8866}]
\shell\AutoRun\command - F:\x6.bat
\shell\explore\Command - F:\x6.bat
\shell\open\Command - F:\x6.bat

*Newly Created Service* - CATCHME
.
************************************************** ************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-09 16:23:05
Windows 6.0.6001 Service Pack 1 NTFS

escaneando procesos ocultos ...

escaneando entradas ocultas de autostart ...

escaneando archivos ocultos ...

el escaneo se completo con exito
archivos ocultos: 0

************************************************** ************************
.
Tiempo completado: 2008-05-09 16:24:21
ComboFix-quarantined-files.txt 2008-05-09 14:24:17

10 dirs 125,288,914,944 bytes libres
19 dirs 125,261,312,000 bytes libres

181 --- E O F --- 2008-05-09 10:26:40