Tema: Vundo, virtumonde y metajuan (Solucionado)
Ver Mensaje Individual
  #3 (permalink)  
Antiguo 09/05/08, 12:59:47
jesanchez79 jesanchez79 está offline
Usuario
  
Registrado: may 2008
Ubicación: Mex,
Mensajes: 2
Re: Vundo, virtumonde y metajuan
de antemano muchas gracias por tu ayuda en mi problema, pues ya realize todo lo que me dijiste y creo que ya no hay virus, te dejo los reportes de malwarebytes anti-malware y Combofix y me comentas si aun queda algo que deba preocuparme.

Gracias !



Malwarebytes' Anti-Malware 1.12
Versión de la Base de Datos: 731

Tipo de examen : Examen Rápido
Objetos examinados: 32341
Tiempo transcurrido: 15 minute(s), 40 second(s)

Procesos en Memoria Infectados: 0
Módulos en Memoria Infectados: 0
Claves del Registro Infectadas: 0
Valores del Registro Infectados: 0
Elementos de Datos del Registro Infectados: 0
Carpetas Infectadas: 0
Ficheros Infectados: 0

Procesos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Módulos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Claves del Registro Infectadas:
(No se han detectado elementos maliciosos)

Valores del Registro Infectados:
(No se han detectado elementos maliciosos)

Elementos de Datos del Registro Infectados:
(No se han detectado elementos maliciosos)

Carpetas Infectadas:
(No se han detectado elementos maliciosos)

Ficheros Infectados:
(No se han detectado elementos maliciosos)

-----------------------------------------

ComboFix 08-05-08.1 - user 2008-05-09 10:49:50.1 - NTFSx86
Running from: C:\Documents and Settings\user\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\user\Application Data\Adssite Advanced Toolbar
C:\Documents and Settings\user\Application Data\Adssite Advanced Toolbar\selected.xml
C:\Program Files\Adssite Advanced Toolbar
C:\Program Files\Adssite Advanced Toolbar\buttons.xml
C:\Program Files\Adssite Advanced Toolbar\search.xml
C:\Program Files\Adssite Advanced Toolbar\uninstall.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\adetigfj.dll
C:\WINDOWS\system32\bsnzafqa.bin
C:\WINDOWS\system32\cfg.dat
C:\WINDOWS\system32\ciiyilta.ini
C:\WINDOWS\system32\dfnqrpts.ini
C:\WINDOWS\system32\fudkrgvd.ini
C:\WINDOWS\system32\kuvbwjng.ini
C:\WINDOWS\system32\lTwHknnn.ini
C:\WINDOWS\system32\lTwHknnn.ini2
C:\WINDOWS\system32\mnuhoykf.ini
C:\WINDOWS\system32\npfhoypi.ini
C:\WINDOWS\system32\pbgpqonm.ini
C:\WINDOWS\system32\pgrrxoce.ini
C:\WINDOWS\system32\pllittpf.ini
C:\WINDOWS\system32\rfbbhvmi.ini
C:\WINDOWS\system32\rjcsytss.ini
C:\WINDOWS\system32\tpnoourw.ini
C:\WINDOWS\system32\uipboaak.ini
C:\WINDOWS\system32\vbnpjcll.ini
C:\WINDOWS\system32\weyftvsh.dll

.
((((((((((((((((((((((((( Files Created from 2008-04-09 to 2008-05-09 )))))))))))))))))))))))))))))))
.

2008-05-09 09:02 . 2008-05-09 10:48 30,208 --a------ C:\PROLEC Inhouse Report 05-08.xls
2008-05-08 18:20 . 2008-05-08 18:20 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-08 18:20 . 2008-05-08 18:20 <DIR> d-------- C:\Documents and Settings\user\Application Data\Malwarebytes
2008-05-08 18:20 . 2008-05-08 18:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-08 18:20 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-08 18:20 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-07 15:38 . 2008-05-07 12:28 13,142 --a------ C:\G2191 BOL accs #P4808.pdf
2008-05-07 15:38 . 2008-05-07 12:28 13,141 --a------ C:\G2191 BOL accs #P4803.pdf
2008-05-07 15:38 . 2008-05-07 12:28 13,141 --a------ C:\G2191 BOL accs #P4802.pdf
2008-05-07 15:38 . 2008-05-07 12:28 13,136 --a------ C:\G2191 BOL spare parts #F79.pdf
2008-05-07 08:40 . 2008-05-08 19:12 30,720 --a------ C:\PROLEC Inhouse Report 05-07.xls
2008-05-06 12:40 . 2008-05-06 12:40 279 --a------ C:\Shortcut to Local Disk (C).lnk
2008-05-06 08:51 . 2008-05-06 18:56 30,720 --a------ C:\PROLEC Inhouse Report 05-06.xls
2008-05-03 09:51 . 2008-05-03 13:20 30,720 --a------ C:\PROLEC Inhouse Report 05-03.xls
2008-05-02 16:49 . 2008-05-02 16:49 15 --a------ C:\WINDOWS\system32\b81f12be
2008-05-02 12:15 . 2008-05-02 12:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-02 12:14 . 2008-05-02 12:14 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-05-02 12:14 . 2008-05-02 12:14 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-02 12:14 . 2008-05-02 12:14 <DIR> d-------- C:\Documents and Settings\user\Application Data\SUPERAntiSpyware.com
2008-05-02 12:08 . 2008-05-02 12:08 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-02 08:39 . 2008-05-02 18:30 30,720 --a------ C:\PROLEC Inhouse Report 05-02.xls
2008-05-01 19:17 . 2008-05-09 09:59 58,368 --a------ C:\PROLEC MAY.08.xls
2008-05-01 09:49 . 2008-05-02 08:37 30,208 --a------ C:\PROLEC Inhouse Report 05-01.xls
2008-04-30 18:00 . 2008-04-30 18:00 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-04-30 10:32 . 2008-04-30 10:32 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-04-30 10:32 . 2008-01-04 20:34 163,696 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2008-04-30 10:32 . 2008-01-04 20:34 23,920 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2008-04-30 10:32 . 2008-01-04 20:34 21,872 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2008-04-30 10:32 . 2008-01-04 20:34 20,336 --a------ C:\WINDOWS\system32\drivers\SSFS0BB9.sys
2008-04-30 10:31 . 2008-04-30 10:31 <DIR> d-------- C:\Program Files\Webroot
2008-04-30 10:31 . 2008-04-30 10:31 <DIR> d-------- C:\Documents and Settings\user\Application Data\Webroot
2008-04-30 10:31 . 2008-04-30 10:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-04-30 10:31 . 2008-01-04 20:56 1,526,640 --a------ C:\WINDOWS\WRSetup.dll
2008-04-30 09:07 . 2008-05-01 09:48 30,720 --a------ C:\PROLEC Inhouse Report 04-30.xls
2008-04-29 09:18 . 2008-04-29 19:01 30,720 --a------ C:\PROLEC Inhouse Report 04-29.xls
2008-04-28 12:27 . 2008-04-28 12:27 164 --a------ C:\install.dat
2008-04-28 12:24 . 2008-04-28 12:24 14,546,304 --a------ C:\SpySweeperSNRSetup_ES.exe
2008-04-28 09:29 . 2008-04-28 20:32 30,720 --a------ C:\PROLEC Inhouse Report 04-28.xls
2008-04-26 13:14 . 2008-04-26 13:14 6,144 --ahs---- C:\WINDOWS\system32\access.ctl
2008-04-26 13:02 . 2008-04-26 13:09 <DIR> d-------- C:\Program Files\ExpressZIP
2008-04-26 09:59 . 2008-04-26 13:55 30,208 --a------ C:\PROLEC Inhouse Report 04-26.xls
2008-04-25 09:24 . 2008-04-25 18:48 30,720 --a------ C:\PROLEC Inhouse Report 04-25.xls
2008-04-24 17:15 . 2008-04-24 17:15 <DIR> d-------- C:\Program Files\Alwil Software
2008-04-24 09:19 . 2008-04-24 19:14 30,720 --a------ C:\PROLEC Inhouse Report 04-24.xls
2008-04-23 17:21 . 2008-04-23 17:21 95 --a------ C:\WINDOWS\wininit.ini
2008-04-23 11:28 . 2008-04-23 12:04 <DIR> d-------- C:\Program Files\Disk Cleaner
2008-04-23 08:54 . 2008-04-23 18:33 30,720 --a------ C:\PROLEC Inhouse Report 04-23.xls
2008-04-22 12:10 . 2008-04-30 12:12 <DIR> d-------- C:\WINDOWS\system32\gzmrotate
2008-04-22 09:51 . 2008-04-22 09:41 2,834,413 --a------ C:\Quirofano_Muguerza.zip
2008-04-22 09:17 . 2008-04-22 18:12 30,720 --a------ C:\PROLEC Inhouse Report 04-22.xls
2008-04-21 09:17 . 2008-04-21 18:25 30,720 --a------ C:\PROLEC Inhouse Report 04-21.xls
2008-04-19 09:54 . 2008-04-19 13:29 31,232 --a------ C:\PROLEC Inhouse Report 04-19.xls
2008-04-18 12:41 . 2008-04-18 12:26 109,677 --a------ C:\edo cta imss mar08.jpg
2008-04-18 10:43 . 2008-05-09 08:54 109,738 --a------ C:\WINDOWS\BMbb2c33ac.xml
2008-04-18 09:01 . 2008-04-18 17:25 30,208 --a------ C:\PROLEC Inhouse Report 04-18.xls
2008-04-17 08:49 . 2008-04-17 18:35 30,208 --a------ C:\PROLEC Inhouse Report 04-17.xls
2008-04-16 16:18 . 2008-04-16 16:18 60,928 --a------ C:\Documents and Settings\user\zip32.dll
2008-04-16 16:18 . 2008-04-16 16:18 0 --a------ C:\Documents and Settings\user\CC.dll
2008-04-15 09:25 . 2008-04-16 18:31 30,208 --a------ C:\PROLEC Inhouse Report 04-15.xls
2008-04-14 09:56 . 2008-04-14 18:27 30,208 --a------ C:\PROLEC Inhouse Report 04-14.xls
2008-04-12 09:49 . 2008-04-14 09:47 30,720 --a------ C:\PROLEC Inhouse Report 04-12.xls
2008-04-11 09:01 . 2008-04-12 09:48 30,208 --a------ C:\PROLEC Inhouse Report 04-11.xls
2008-04-10 09:05 . 2008-04-10 18:24 30,720 --a------ C:\PROLEC Inhouse Report 04-10.xls
2008-04-09 09:21 . 2008-04-09 18:43 30,208 --a------ C:\PROLEC Inhouse Report 04-09.xls

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-05-09 15:46 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-05-03 15:24 --------- d-----w C:\Program Files\Project64 v1.5
2008-04-26 17:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-16 21:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2008-04-16 20:55 --------- d-----w C:\Documents and Settings\user\Application Data\LimeWire
2008-04-16 20:43 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-16 20:43 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-04-27 09:09 3,722,389 ----a-w C:\Program Files\Alicia Villarreal - La Que Baje La Guardia.mp3
2007-04-27 08:52 4,455,862 ----a-w C:\Program Files\Yuri - Detras De Mi Ventana.mp3
2007-04-27 08:49 3,608,113 ----a-w C:\Program Files\Yuri - Es ella mas que yo.mp3
2007-04-27 08:43 3,256,782 ----a-w C:\Program Files\Dinora Y La Juventud - El Y Yo.mp3
2007-04-27 08:26 3,924,857 ----a-w C:\Program Files\La Dinastía - Dime Vaquero.mp3
2007-04-27 08:19 3,925,472 ----a-w C:\Program Files\El Gran Silencio - Circulo de Sol.mp3
2007-04-27 08:18 2,999,420 ----a-w C:\Program Files\Lidia Avila-A tu Medida.mp3
2007-04-26 17:44 6,474,587 ----a-w C:\Program Files\La Ley y Ely Guerra - El Duelo.mp3
2007-04-26 17:38 6,519,542 ----a-w C:\Program Files\502-culture_club-karma_chameleon.mp3
2007-04-26 17:21 3,807,516 ----a-w C:\Program Files\Culture Club - Karma Chameleon.mp3
2007-04-26 17:07 3,960,694 ----a-w C:\Program Files\La Sonora Dinamita - Que nadie sepa mi sufrir.MP3
2007-04-26 16:58 3,989,504 ----a-w C:\Program Files\La Sonora Dinamita - Capullo y Sorullo.mp3
2007-04-26 02:36 4,489,299 ----a-w C:\Program Files\La sonora de margarita - La sonora dinamita - Escandalo.mp3
2007-04-25 17:55 3,764,612 ----a-w C:\Program Files\Rumor De Guerra -Hector ''The Father'' Ft Notty -.mp3
2007-04-25 17:35 3,184,161 ----a-w C:\Program Files\Tito 'El Bambino' - Bailarlo.mp3
2007-04-25 17:35 2,782,815 ----a-w C:\Program Files\Hector El Father-Sola (The Bad Boy).mp3
2007-04-25 17:33 3,645,483 ----a-w C:\Program Files\Wisin y Yandel - Pam Pam.mp3
2007-04-25 17:21 3,011,991 ----a-w C:\Program Files\02.Tito ''El Bambino'' Ft Randy - Siente El Boom .mp3
2007-04-25 17:20 5,303,902 ----a-w C:\Program Files\Don Omar Ft Wisin & Yandel - My Space (Los Bandoleros Reloaded) (Www.FlowHot.Net).mp3
2005-10-31 15:56 700,416 ----a-w C:\Program Files\StubInstaller.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 18:43 4670704]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-10-08 08:31 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-10-08 08:27 126976]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-04-08 16:52 48752]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2005-04-17 13:30 85184]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp. exe" [ ]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2008-01-04 20:56 5367664]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [2005-03-31 18:32 263824]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 07:00 53760 C:\WINDOWS\system32\narrator.exe]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
--a------ 2006-11-10 12:49 100056 C:\PROGRA~1\SYMNET~1\SNDMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\ICQLite\\ICQLite.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{590e9301-8887-11dc-8870-923868d64c5c}]
\Shell\Auto\command - setup.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL setup.exe

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-05-08 18:30:00 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job"
- C:\PROGRA~1\NORTON~1\NAVW32.exe
"2008-05-08 20:34:22 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
************************************************** ************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-09 10:52:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2008-05-09 10:54:38
ComboFix-quarantined-files.txt 2008-05-09 15:54:09

Pre-Run: 33,035,812,864 bytes free
Post-Run: 33,030,201,344 bytes free

202 --- E O F --- 2008-04-10 14:15:23
Responder Con Cita