Foro de Spyware - Ver Mensaje Individual - Desaparecer Trojan-spy.win32@mx

Tema: Desaparecer Trojan-spy.win32@mx

Ver Mensaje Individual

post #15 (permalink)

19/05/08, 18:04:06

dbzaf

Usuario

Registrado: dic 2007

Ubicación: estados unidos

Mensajes: 40

Re: Desaparecer Trojan-spy.win32@mx

hola q tal aqui esta el nuevo logo de combofix

ComboFix 08-05-15.2 - winxp 2008-05-19 17:55:15.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.573 [GMT -4:00]
Running from: C:\Documents and Settings\winxp\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\winxp\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-04-19 to 2008-05-19 )))))))))))))))))))))))))))))))
.

2008-05-14 21:05 . 2008-05-14 21:06 <DIR> d-------- C:\!KillBox
2008-05-14 17:55 . 2008-05-14 17:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adsl Software Limited
2008-05-04 15:48 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-05-04 15:47 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-05-04 15:47 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-05-04 15:47 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-04-27 20:24 . 2008-04-27 20:24 1,160 --a------ C:\WINDOWS\mozver.dat
2008-04-27 16:30 . 2008-04-27 16:30 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-04-22 17:55 . 2008-04-22 17:55 <DIR> d-------- C:\Documents and Settings\winxp\Application Data\J River
2008-04-21 18:01 . 2008-04-21 18:01 <DIR> d-------- C:\Program Files\J River

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-05-18 04:32 --------- d-----w C:\Documents and Settings\winxp\Application Data\LimeWire
2008-05-16 19:29 12,186,445 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-05-14 02:43 --------- d-----w C:\Program Files\MSN Messenger
2008-05-04 23:15 --------- d-----w C:\Documents and Settings\winxp\Application Data\Vso
2008-05-04 23:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-04-29 13:16 --------- d-----w C:\Program Files\DivX
2008-04-28 01:02 5,054,464 ----a-w C:\WINDOWS\Internet Logs\xDB2A.tmp
2008-04-28 01:02 1,574,400 ----a-w C:\WINDOWS\Internet Logs\xDB29.tmp
2008-04-24 00:42 --------- d-----w C:\Program Files\LimeWire
2008-04-24 00:34 --------- d-----w C:\Program Files\eMule
2008-04-23 11:32 5,008,384 ----a-w C:\WINDOWS\Internet Logs\xDB28.tmp
2008-04-22 21:47 5,006,336 ----a-w C:\WINDOWS\Internet Logs\xDB27.tmp
2008-04-22 21:47 4,137,472 ----a-w C:\WINDOWS\Internet Logs\xDB26.tmp
2008-04-13 23:32 --------- d-----w C:\Program Files\Yahoo!
2008-04-13 23:32 --------- d-----w C:\Program Files\IObit
2008-04-13 23:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-04-13 23:26 --------- d-----w C:\Program Files\MSBuild
2008-04-13 23:21 --------- d-----w C:\Program Files\Reference Assemblies
2008-04-13 23:08 --------- d-----w C:\Program Files\Java
2008-04-10 15:48 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-04-10 02:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-04-06 22:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-06 00:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-04-04 23:10 --------- d-----w C:\Program Files\Me.dium
2008-04-04 23:01 --------- d-----w C:\Program Files\3D Live Pool
2008-04-04 22:23 --------- d-----w C:\Program Files\Neoact
2008-04-02 22:26 --------- d-----w C:\Program Files\Samsung
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-26 22:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-26 22:00 --------- d-----w C:\Program Files\Windows Live
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 04:07 --------- d-----w C:\Program Files\Picasa2
2008-03-19 03:18 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-19 03:18 --------- d-----w C:\Documents and Settings\winxp\Application Data\Reallusion
2008-03-19 03:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2008-03-12 17:10 633,344 ------w C:\WINDOWS\system32\gpprefcl.dll
2008-03-04 04:47 4,429,824 ----a-w C:\WINDOWS\Internet Logs\xDB25.tmp
2008-03-04 04:47 3,734,016 ----a-w C:\WINDOWS\Internet Logs\xDB24.tmp
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-21 02:05 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-02-21 02:05 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-02-21 02:05 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-02-21 02:05 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2008-02-21 02:05 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2008-02-21 02:05 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2008-02-21 02:05 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-02-21 02:04 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-02-21 02:04 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-02-21 02:04 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-02-21 02:04 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-02-21 02:04 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-02-21 02:04 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-02-21 02:04 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-02-21 02:04 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-02-21 02:04 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-02-21 02:04 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-02-21 02:04 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-02-21 02:04 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-02-21 02:03 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-02-21 02:03 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2007-07-18 13:56 550,912 ----a-w C:\WINDOWS\inf\DVD.BIN
2007-04-28 18:43 47,360 ----a-w C:\Documents and Settings\winxp\Application Data\pcouffin.sys
.

((((((((((((((((((((((((((((( snapshot@2008-05-15_18.59.56.07 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-15 22:46:29 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-19 21:45:11 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-04-06 02:56:22 19,836,024 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-05-09 21:35:04 16,863,864 ----a-w C:\WINDOWS\system32\MRT.exe
- 2008-05-14 20:51:01 9,076,888 ----a-w C:\WINDOWS\system32\ZoneLabs\spyware.dat
+ 2008-05-17 23:03:18 9,110,176 ----a-w C:\WINDOWS\system32\ZoneLabs\spyware.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"DW4"="C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" [2007-03-16 07:51 715888]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-08-06 18:35 68856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00 15360]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-04-10 11:48 1481968]
"WinSpywareProtect (ver. 5.1)"="C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\WinSpywareProtect.exe" [2008-05-14 17:55 1338880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 08:57 143360]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-04-28 14:45 949376]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 17:05 919016]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.e xe" [2006-01-12 16:40 155648]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 14:42 267064]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-03-14 15:46:11 125624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 14:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= divxa32.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\LimeWire\\LimeWire.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"6346:TCP"= 6346:TCP:limewireport
"6364:TCP"= 6364:TCP:limewireport

R3 MusCDriverV32;MusCDriverV32;C:\WINDOWS\system32\dr ivers\MusCDriverV32.sys [2007-07-19 14:58]
S3 ess;ESS Audio Driver (WDM);C:\WINDOWS\system32\drivers\ess.sys [2001-08-17 12:19]
S4 FreezeScreenSaver;FreezeScreenSaver;C:\WINDOWS\sys tem32\FreezeScreenSaver.exe []

.
Contents of the 'Scheduled Tasks' folder
"2008-05-09 21:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-04-29 18:55:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-18 06:11:01 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
************************************************** ************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-19 17:59:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

************************************************** ************************
.
Completion time: 2008-05-19 18:01:54
ComboFix-quarantined-files.txt 2008-05-19 22:01:45
ComboFix2.txt 2008-05-15 23:01:00

Pre-Run: 42,784,702,464 bytes free
Post-Run: 43,226,169,344 bytes free

163 --- E O F --- 2008-05-18 06:20:06