Foro de Spyware - Ver Mensaje Individual - Ayuda con virus (Solucionado)

Tema: Ayuda con virus (Solucionado)

Ver Mensaje Individual

post #3 (permalink)

04/08/08, 21:29:01

roseds76

Usuario

Registrado: jul 2008

Ubicación: Colombia

Mensajes: 5

Re: Ayuda con virus

Hola, gracias por responderme tan rápido, llegue a mi casa y aplique lo que me dijeron, adjunto dejo el log que genero la herramienta

ComboFix 08-08-04.01 - roseds76 2008-08-04 19:02:23.1 - NTFSx86 MINIMAL

Running from: C:\combofix\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
ADS - svchost.exe: deleted 23552 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\invitado\Start Menu\NOCREDITCARD.lnk
C:\WINDOWS\glok+serv.config
C:\WINDOWS\system32\alog.txt
C:\WINDOWS\system32\drivers\2a9bbda3.sys
C:\WINDOWS\system32\xd.txt
C:\WINDOWS\Temp\815844247.exe
C:\WINDOWS\Temp\83545052.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_GLOK+4268-68C9
-------\Legacy_ICF
-------\Service_glok+4268-68c9
-------\Service_icf
-------\Service_2a9bbda3

((((((((((((((((((((((((( Files Created from 2008-07-05 to 2008-08-05 )))))))))))))))))))))))))))))))
.

2008-08-04 18:45 . 2008-08-04 18:45 <DIR> d-------- C:\Program Files\CCleaner
2008-08-02 23:01 . 2008-08-02 23:01 <DIR> d-------- C:\Program Files\ESET
2008-08-02 23:01 . 2008-08-02 23:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-08-02 22:50 . 2008-08-02 22:50 2 --a------ C:\606084700
2008-08-02 14:29 . 2008-08-02 14:29 <DIR> d-------- C:\!KillBox
2008-08-02 12:04 . 2008-08-02 12:04 <DIR> d-------- C:\Documents and Settings\roseds76\Application Data\Malwarebytes
2008-08-02 12:04 . 2008-08-02 12:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-31 19:13 . 2008-07-31 19:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-31 19:12 . 2008-08-02 22:34 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-07-31 19:12 . 2008-08-02 22:34 <DIR> d-------- C:\Documents and Settings\roseds76\Application Data\SUPERAntiSpyware.com
2008-07-31 19:06 . 2008-07-31 19:06 15,278 --a------ C:\WINDOWS\system32\nmesrvc_core_2008_7_31_19_6_8. dmp
2008-07-31 18:52 . 2008-08-04 18:38 <DIR> d-------- C:\Program Files\DelPSGuard
2008-07-31 18:46 . 2008-07-31 18:50 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-31 18:25 . 2008-07-31 18:25 15,278 --a------ C:\WINDOWS\system32\nmesrvc_core_2008_7_31_18_25_4 4.dmp
2008-07-30 23:02 . 2008-08-03 10:49 1,242 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-30 23:01 . 2008-07-31 18:29 <DIR> d-------- C:\smf
2008-07-29 23:12 . 2008-07-29 23:12 29 --a------ C:\WINDOWS\system32\tuqygdah.tmp
2008-07-29 23:11 . 2008-07-29 23:11 8,192 --a------ C:\WINDOWS\system32\wpx54.cpx
2008-07-23 00:49 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-07-23 00:47 . 2008-07-23 00:49 <DIR> d-------- C:\Program Files\Java
2008-07-23 00:37 . 2008-07-23 00:37 <DIR> d-------- C:\Program Files\Common Files\Java
2008-07-17 23:52 . 2008-07-17 23:52 0 -rahs---- C:\khn
2008-07-06 20:15 . 2008-07-06 20:15 0 -rahs---- C:\hk2

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-08-04 23:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-04 23:41 --------- d-----w C:\Program Files\FlashGet
2008-08-03 16:25 --------- d-----w C:\Program Files\Symantec
2008-08-03 16:25 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-08-03 04:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-07-30 01:35 --------- d-----w C:\Program Files\eMule
2008-07-29 02:13 50,000 ----a-w C:\Documents and Settings\roseds76\Application Data\GDIPFONTCACHEV1.DAT
2008-07-18 17:27 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-06-30 14:49 --------- d-----w C:\Program Files\JetAudio
2008-06-25 01:59 --------- d-----w C:\Program Files\Free PDF to Word Doc Converter
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-10 23:56 34,312 ----a-w C:\WINDOWS\system32\drivers\epfwtdir.sys
2008-06-10 23:48 53,256 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys
2008-06-10 23:47 39,944 ----a-w C:\WINDOWS\system32\drivers\eamon.sys
2008-06-10 03:59 --------- d-----w C:\Documents and Settings\roseds76\Application Data\mIRC
2008-06-10 03:44 --------- d-----w C:\Program Files\mIRC
2008-05-22 01:03 35,840 ----a-w C:\Documents and Settings\invitado\Application Data\GDIPFONTCACHEV1.DAT
2008-05-06 12:27 471,408 ----a-w C:\asesoftware.zip
2006-05-06 16:42 7,260,160 ----a-w C:\Program Files\mozilla firefox\plugins\libvlc.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\M SConfig.exe" [2004-08-04 05:00 158208]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):6c,6f,67,6f,6e,75,69,2e,65,78,65,0 0,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 16:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= DivXa32.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\winhp42.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\winip52.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
--a------ 2006-12-14 11:49 938496 C:\Program Files\Ares\Ares.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dell quickset]
--a------ 2005-03-04 11:26 606208 C:\Program Files\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dellsupport]
--a------ 2007-03-15 11:09 460784 C:\Program Files\DellSupport\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dellsupportcenter]
--a------ 2007-11-15 10:23 202544 C:\Program Files\Dell Support Center\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
--a------ 2004-12-06 01:05 127035 C:\WINDOWS\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
--a------ 2007-11-15 10:24 16384 C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dvdlauncher]
--------- 2005-02-23 16:19 53248 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui]
--a------ 2008-06-10 18:52 1447168 C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hotkeyscmds]
--a------ 2005-02-15 15:02 126976 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
--a------ 2005-02-15 15:02 155648 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\intelwireless]
--a------ 2004-10-30 14:59 385024 C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\isuspm startup]
--a------ 2004-07-27 16:50 221184 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\isusscheduler]
--a------ 2004-07-27 16:50 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pcmservice]
--------- 2004-04-11 20:15 290816 C:\Program Files\Dell\Media Experience\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\quicktime task]
--a------ 2007-02-11 22:26 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sunjavaupdatesched]
--a------ 2008-06-10 04:27 144784 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wellphone directsync - schedulesync]
--a------ 2005-12-20 10:13 45056 C:\PROGRA~1\WELLPH~1\SCHEDU~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"xmlprov"=2 (0x2)
"WZCSVC"=2 (0x2)
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)
"WmiApSrv"=2 (0x2)
"Wmi"=2 (0x2)
"WmdmPmSN"=2 (0x2)
"WLANKEEPER"=2 (0x2)
"winmgmt"=2 (0x2)
"WebClient"=2 (0x2)
"w32time"=2 (0x2)
"VSS"=2 (0x2)
"usnjsvc"=2 (0x2)
"upnphost"=2 (0x2)
"TrkWks"=2 (0x2)
"TlntSvr"=3 (0x3)
"Themes"=2 (0x2)
"TermService"=3 (0x3)
"TapiSrv"=2 (0x2)
"SysmonLog"=2 (0x2)
"SymWSC"=3 (0x3)
"SwPrv"=3 (0x3)
"stisvc"=2 (0x2)
"SSDPSRV"=2 (0x2)
"srservice"=2 (0x2)
"sprtsvc_dellsupportcenter"=2 (0x2)
"Spooler"=2 (0x2)
"SPBBCSvc"=3 (0x3)
"ShellHWDetection"=2 (0x2)
"SharedAccess"=2 (0x2)
"SENS"=2 (0x2)
"seclogon"=2 (0x2)
"Schedule"=2 (0x2)
"SCardSvr"=2 (0x2)
"SamSs"=2 (0x2)
"S24EventMonitor"=2 (0x2)
"RSVP"=2 (0x2)
"RemoteRegistry"=3 (0x3)
"RemoteAccess"=2 (0x2)
"RegSrvc"=2 (0x2)
"RDSessMgr"=2 (0x2)
"RasMan"=2 (0x2)
"RasAuto"=2 (0x2)
"ProtectedStorage"=2 (0x2)
"PolicyAgent"=2 (0x2)
"PlugPlay"=2 (0x2)
"ose"=3 (0x3)
"NtmsSvc"=2 (0x2)
"NtLmSsp"=2 (0x2)
"Nla"=2 (0x2)
"NICCONFIGSVC"=2 (0x2)
"Netman"=2 (0x2)
"Netlogon"=2 (0x2)
"NetDDEdsdm"=2 (0x2)
"NetDDE"=2 (0x2)
"MSIServer"=2 (0x2)
"MSDTC"=2 (0x2)
"mnmsrvc"=3 (0x3)
"Messenger"=2 (0x2)
"LmHosts"=2 (0x2)
"lanmanworkstation"=2 (0x2)
"lanmanserver"=3 (0x3)
"ImapiService"=2 (0x2)
"IDriverT"=2 (0x2)
"icf"=2 (0x2)
"HTTPFilter"=2 (0x2)
"HidServ"=2 (0x2)
"helpsvc"=2 (0x2)
"Fax"=2 (0x2)
"FastUserSwitchingCompatibility"=2 (0x2)
"EvtEng"=2 (0x2)
"EventSystem"=2 (0x2)
"Eventlog"=2 (0x2)
"ERSvc"=2 (0x2)
"ekrn"=2 (0x2)
"ehttpsrv"=2 (0x2)
"DSBrokerService"=2 (0x2)
"Dnscache"=2 (0x2)
"dmserver"=2 (0x2)
"dmadmin"=2 (0x2)
"Dhcp"=2 (0x2)
"CryptSvc"=2 (0x2)
"COMSysApp"=2 (0x2)
"clr_optimization_v2.0.50727_32"=3 (0x3)
"ClipSrv"=2 (0x2)
"CiSvc"=2 (0x2)
"Browser"=2 (0x2)
"BITS"=2 (0x2)
"AudioSrv"=2 (0x2)
"aspnet_state"=2 (0x2)
"AppMgmt"=2 (0x2)
"ALG"=2 (0x2)
"Alerter"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\FlashGet\\flashget.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=

R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfw tdir.sys [2008-06-10 18:56]
S0 winip52;winip52;C:\WINDOWS\system32\Drivers\Winip5 2.sys []
S3 UsbSagCom;SAGEM Full USB Driver;C:\WINDOWS\system32\DRIVERS\UsbSagCom.sys [2006-03-27 04:29]
S3 w300bus;Sony Ericsson W300 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\w300bus.sys [2005-12-28 12:46]
S3 winhp42;winhp42;C:\WINDOWS\System32\drivers\Winhp4 2.sys []
S4 OracleClientCache80;OracleClientCache80;C:\orant\B IN\ONRSD80.EXE [2000-10-27 14:45]
S4 OracleJobSchedulerORCL;OracleJobSchedulerORCL;c:\o racle_10g\Bin\extjob.exe ORCL []
S4 OracleOraDb10g_home1TNSListener;OracleOraDb10g_hom e1TNSListener;C:\oracle\product\10.2.0\db_1\BIN\TN SLSNR []
S4 OracleOraDb10g_home2iSQL*Plus;OracleOraDb10g_home2 iSQL*Plus;C:\ORACLE_10G\bin\isqlplussvc.exe [2005-08-16 01:23]
S4 OracleOraDb10g_home2TNSListener;OracleOraDb10g_hom e2TNSListener;C:\ORACLE_10G\BIN\TNSLSNR []
S4 OracleServiceORCL;OracleServiceORCL;c:\oracle_10g\ bin\ORACLE.EXE ORCL []
.
- - - - ORPHANS REMOVED - - - -

BHO-{FBF85A20-FF88-4C46-90FB-B023E5C4ECA0} - (no file)
HKLM-Explorer_Run-lsas - C:\WINDOWS\lsas.exe
ShellExecuteHooks-{FBF85A20-FF88-4C46-90FB-B023E5C4ECA0} - (no file)
MSConfigStartUp-ccapp - C:\Program Files\Common Files\Symantec Shared\ccApp.exe

.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\roseds76\Application Data\Mozilla\Firefox\Profiles\zpzx2puk.default\

************************************************** ************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-04 19

40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\O racleOraDb10g_home1TNSListener]
"ImagePath"="C:\oracle\product\10.2.0\db_1\BIN\TNS LSNR "

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\O racleOraDb10g_home2TNSListener]
"ImagePath"="C:\ORACLE_10G\BIN\TNSLSNR "
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
.
************************************************** ************************
.
Completion time: 2008-08-04 19:17:10 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-05 00:17:06

Pre-Run: 7,444,107,264 bytes free
Post-Run: 6,857,248,768 bytes free

276 --- E O F --- 2008-03-13 12:05:30