| Re: Desaparecer Trojan-spy.win32@mx
perdon olvide pegarlo pero aqui esta
ComboFix 08-05-15.2 - winxp 2008-05-15 18:54:21.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.565 [GMT -4:00]
Running from: C:\Documents and Settings\winxp\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\winxp\Favorites\Online Security Test.url
C:\Program Files\Dcads Advanced Toolbar
C:\Program Files\Dcads Advanced Toolbar\buttons.xml
C:\Program Files\Dcads Advanced Toolbar\search.xml
C:\Program Files\Dcads Advanced Toolbar\toolbar.dll
C:\Program Files\Dcads Advanced Toolbar\uninstall.exe
C:\Program Files\NetProject
C:\Program Files\NetProject\myd.ico
C:\Program Files\NetProject\mym.ico
C:\Program Files\NetProject\myp.ico
C:\Program Files\NetProject\myv.ico
C:\Program Files\NetProject\ot.ico
C:\Program Files\NetProject\ts.ico
C:\WINDOWS\system32\adssitesuggest.dll
C:\WINDOWS\system32\dcads-remove.exe
C:\WINDOWS\system32\dcadssuggest.dll
C:\WINDOWS\system32\netjr32.dll
.
((((((((((((((((((((((((( Files Created from 2008-04-15 to 2008-05-15 )))))))))))))))))))))))))))))))
.
2008-05-14 21:05 . 2008-05-14 21:06 <DIR> d-------- C:\!KillBox
2008-05-14 17:55 . 2008-05-14 17:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adsl Software Limited
2008-05-04 15:48 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-05-04 15:47 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-05-04 15:47 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-05-04 15:47 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-04-27 20:24 . 2008-04-27 20:24 1,160 --a------ C:\WINDOWS\mozver.dat
2008-04-27 16:30 . 2008-04-27 16:30 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-04-22 17:55 . 2008-04-22 17:55 <DIR> d-------- C:\Documents and Settings\winxp\Application Data\J River
2008-04-21 18:01 . 2008-04-21 18:01 <DIR> d-------- C:\Program Files\J River
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-05-14 02:43 --------- d-----w C:\Program Files\MSN Messenger
2008-05-10 21:30 --------- d-----w C:\Documents and Settings\winxp\Application Data\LimeWire
2008-05-04 23:15 --------- d-----w C:\Documents and Settings\winxp\Application Data\Vso
2008-05-04 23:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-04-29 13:16 --------- d-----w C:\Program Files\DivX
2008-04-28 01:02 5,054,464 ----a-w C:\WINDOWS\Internet Logs\xDB2A.tmp
2008-04-28 01:02 1,574,400 ----a-w C:\WINDOWS\Internet Logs\xDB29.tmp
2008-04-24 00:42 --------- d-----w C:\Program Files\LimeWire
2008-04-24 00:34 --------- d-----w C:\Program Files\eMule
2008-04-23 11:32 5,008,384 ----a-w C:\WINDOWS\Internet Logs\xDB28.tmp
2008-04-22 21:47 5,006,336 ----a-w C:\WINDOWS\Internet Logs\xDB27.tmp
2008-04-22 21:47 4,137,472 ----a-w C:\WINDOWS\Internet Logs\xDB26.tmp
2008-04-13 23:32 --------- d-----w C:\Program Files\Yahoo!
2008-04-13 23:32 --------- d-----w C:\Program Files\IObit
2008-04-13 23:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-04-13 23:26 --------- d-----w C:\Program Files\MSBuild
2008-04-13 23:21 --------- d-----w C:\Program Files\Reference Assemblies
2008-04-13 23:08 --------- d-----w C:\Program Files\Java
2008-04-10 15:48 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-04-10 02:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-04-06 22:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-06 00:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-04-04 23:10 --------- d-----w C:\Program Files\Me.dium
2008-04-04 23:01 --------- d-----w C:\Program Files\3D Live Pool
2008-04-04 22:23 --------- d-----w C:\Program Files\Neoact
2008-04-02 22:26 --------- d-----w C:\Program Files\Samsung
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-26 22:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-26 22:00 --------- d-----w C:\Program Files\Windows Live
2008-03-23 14:55 10,319,931 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 04:07 --------- d-----w C:\Program Files\Picasa2
2008-03-19 03:18 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-19 03:18 --------- d-----w C:\Documents and Settings\winxp\Application Data\Reallusion
2008-03-19 03:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2008-03-15 21:13 --------- d-----w C:\Program Files\Macrogaming
2008-03-15 01:46 --------- d-----w C:\Program Files\Traduce Gratis
2008-03-12 17:10 633,344 ------w C:\WINDOWS\system32\gpprefcl.dll
2008-03-04 04:47 4,429,824 ----a-w C:\WINDOWS\Internet Logs\xDB25.tmp
2008-03-04 04:47 3,734,016 ----a-w C:\WINDOWS\Internet Logs\xDB24.tmp
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-21 02:05 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-02-21 02:05 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-02-21 02:05 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-02-21 02:05 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2008-02-21 02:05 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2008-02-21 02:05 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2008-02-21 02:05 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-02-21 02:04 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-02-21 02:04 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-02-21 02:04 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-02-21 02:04 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-02-21 02:04 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-02-21 02:04 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-02-21 02:04 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-02-21 02:04 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-02-21 02:04 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-02-21 02:04 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-02-21 02:04 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-02-21 02:04 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-02-21 02:03 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-02-21 02:03 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2007-07-18 13:56 550,912 ----a-w C:\WINDOWS\inf\DVD.BIN
2007-04-28 18:43 47,360 ----a-w C:\Documents and Settings\winxp\Application Data\pcouffin.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"DW4"="C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" [2007-03-16 07:51 715888]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-08-06 18:35 68856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00 15360]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-04-10 11:48 1481968]
"WinSpywareProtect (ver. 5.1)"="C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\WinSpywareProtect.exe" [2008-05-14 17:55 1338880]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 08:57 143360]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-04-28 14:45 949376]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 17:05 919016]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.e xe" [2006-01-12 16:40 155648]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 14:42 267064]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-03-14 15:46:11 125624]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 14:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= divxa32.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"6346:TCP"= 6346:TCP:limewireport
"6364:TCP"= 6364:TCP:limewireport
R3 MusCDriverV32;MusCDriverV32;C:\WINDOWS\system32\dr ivers\MusCDriverV32.sys [2007-07-19 14:58]
S3 ess;ESS Audio Driver (WDM);C:\WINDOWS\system32\drivers\ess.sys [2001-08-17 12:19]
S4 FreezeScreenSaver;FreezeScreenSaver;C:\WINDOWS\sys tem32\FreezeScreenSaver.exe []
.
Contents of the 'Scheduled Tasks' folder
"2008-05-09 21:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-04-29 18:55:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-15 01:11:02 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
************************************************** ************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-15 18:57:59
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
Completion time: 2008-05-15 19:00:59
ComboFix-quarantined-files.txt 2008-05-15 23:00:43
Pre-Run: 45,020,811,264 bytes free
Post-Run: 45,034,029,056 bytes free
176 --- E O F --- 2008-05-14 03:24:57  |