PDA

Ver la Versión Completa : troyano Vundo

PN1976
05/02/08, 11:19:29
Hola!!

muchachos, necesito de su ayuda, plis!!!

hace poco corri el ad-aware (lavasoft) y me detecto un troyano "VirtuMonde", he tratado de eliminarlo de diversas maneras pero no funciona.

1.- con adaware (indica que lo elimina)
2.- RemoveIt (no lo puede eliminar)
3.- FileAssasin (no lo puede eliminar)
4.- VundoFix (no lo puede eliminar)
5.- SuperAntiSpyware (indica que lo elimina)

Tengo instalado el McaFee como antivirus

Todos ellos en modo normal de Windows y en modo a prueba de fallos. A veces me indica que lo ha eliminado, pero despues scaneo de nuevo y ahi esta.

He intentado los pasos basicos de borrar las entradas del bicho en el registro (en modo a prueba de fallos y con la opcion de "restaurar sistema " desactivada), pero vuelven a aparecer.

Les agradeceria mucho su ayuda.
xao
MarinTai
05/02/08, 11:22:32
Hola, prueba con Unlocker!
Suerte! Ya nos comentas.
Salu2!
axl456
05/02/08, 18:46:38
realiza lo siguiente:

Descarga la herramienta ComboFix (http://www.forospyware.com/sUBs/ComboFix.exe).
Has doble click en el archivo combofix.exe y sigue los avisos, es IMPORTANTE que para que trabaje correctamente no utilices ninguna otra aplicacion mientras él analiza.
Cuando termine este generara un reporte el cual debes pegar aqui.
Nota* Puede que algunos Antivirus como Panda detecten un falso positivo en ComboFix pero no hay que preocuparse por esto.


nos dejas el reporte de combofix :Bien:
PN1976
05/02/08, 19:02:39
Hola.

Trabaje con el Unlocker y hasta el momento vamos bien.

Pase el VundoFix, el superAntispyware, y no encontraron nada.

Por si acaso, voy a correr AdAware y el antivirus Mcafee. Cuando termine, les cuento.

Gracias :biggrin:
PN1976
05/02/08, 20:57:51
Hola

Termine de revisar con AdAware y Con Mcafee, no encontraron nada.

Ejecute el ComboFix y el log es el siguiente. Desde ya, muchas gracias, no sabia que hacer.



[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\OneCard]

[hkey_classes_root\applications\iexplore.exe\shell\ open\command]
@="\"C:\\Archivos de programa\\Internet Explorer\\IEXPLORE.EXE\" %1"
[hkey_classes_root\ftp\shell\open\command]
@="\"C:\\Archivos de programa\\Internet Explorer\\IEXPLORE.EXE\" %1"
[hkey_classes_root\htmlfile\shell\open\command]
@="\"C:\\Archivos de programa\\Internet Explorer\\IEXPLORE.EXE\" -nohome"
[hkey_classes_root\htmlfile\shell\opennew\command]
@="\"C:\\Archivos de programa\\Internet Explorer\\IEXPLORE.EXE\" %1"
[hkey_classes_root\http\shell\open\command]
@="\"C:\\Archivos de programa\\Internet Explorer\\IEXPLORE.EXE\" -nohome"
[hkey_classes_root\internetshortcut\shell\open\comm and]
@="rundll32.exe shdocvw.dll,OpenURL %l"
[hkey_classes_root\scriptletfile\shell\generate typelib\command]
@="\"C:\\WINDOWS\\system32\\rundll32.exe\" C:\\WINDOWS\\system32\\scrobj.dll,GenerateTypeLib %1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"Shell"="Explorer.exe"
"ntdll.dll"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\installer\folders]
"C:\\WINDOWS\\Installer\\{87BD957E-9C5B-4061-9CC5-A08D124BDB84}\\"=-
"C:\\WINDOWS\\system32\\SursenLiveUpdate\\"=-
[hkey_local_machine\software\clients\startmenuinter net\iexplore.exe\shell\open\command]
@="\"C:\\Archivos de programa\\Internet Explorer\\IEXPLORE.EXE\" %1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\SharedDlls]
"C:\\Archivos de programa\\Archivos comunes\\WinAntiVirus Pro 2007\\WAPChk.dll"=-
"C:\\Archivos de programa\\Archivos comunes\\AVSystemCare\\UGaChk.dll"=-
"C:\\WINDOWS\\system32\\pc.dll"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\policies\explorer\run]
[hkey_users\.default\software\microsoft\windows\cur rentversion\policies\explorer\run]
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\ERSvc]
"DependOnService"=hex(7):52,70,63,53,73,00,00
"Description"="Allows error reporting for services and applictions running in non-standard environments."
"DisplayName"="Error Reporting Service"
"ErrorControl"=dword:00000000
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53, 79,73,74,65,6d,33,\
32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20 ,6e,65,74,73,76,63,73,00
"ObjectName"="LocalSystem"
"Start"=dword:00000002
"Type"=dword:00000020
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\ERSvc\Parameters]
"ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53, 79,73,74,65,6d,\
33,32,5c,65,72,73,76,63,2e,64,6c,6c,00
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\ERSvc\Enum]
"0"="Root\\LEGACY_ERSVC\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\dmserver\Parameters]
"ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53, 79,73,74,65,6d,\
33,32,5c,64,6d,73,65,72,76,65,72,2e,64,6c,6c,00
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\SharedAccess]
"Type"=dword:00000020
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\SharedAccess\Enum]
"0"="Root\\LEGACY_SHAREDACCESS\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\SharedAccess\Epoch]
"Epoch"=dword:00002cd5
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\SharedAccess\Parameters]
"ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53, 79,73,74,65,6d,\
33,32,5c,69,70,6e,61,74,68,6c,70,2e,64,6c,6c,00
[-HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\AuthorizedApplications\List]
"C:\WINDOWS\\system32\\sessmgr.exe"="C:\WINDOWS\\system32\\sessmgr.exe:*:enabled:@xpsp2 res.dll,-22019"
[-HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List]
"C:\WINDOWS\\system32\\sessmgr.exe"="C:\WINDOWS\\system32\\sessmgr.exe:*:enabled:@xpsp2 res.dll,-22019"
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\SharedAccess\Setup]
"ServiceUpgrade"=dword:00000001
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\SharedAccess\Setup\InterfacesUnfirewalledAtUpda te]
"All"=dword:00000001
[-HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\GloballyOpenPorts\List]
"139:TCP"="139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002"
"1900:UDP"="1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008"
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\CiSvc]
"DependOnService"=hex(7):52,50,43,53,53,00,00
"Description"="Indexes contents and properties of files on local and remote computers; provides rapid access to files through flexible querying language."
"DisplayName"="Indexing Service"
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73, 79,73,74,65,6d,33,\
32,5c,63,69,73,76,63,2e,65,78,65,00
"ObjectName"="LocalSystem"
"Start"=dword:00000003
"Type"=dword:00000120
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\CiSvc\Enum]
"0"="Root\\LEGACY_CISVC\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001
[-HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\UPS\Parameters]
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\UPS]
"Description"="Manages an uninterruptible power supply (UPS) connected to the computer."
"DisplayName"="Uninterruptible Power Supply"
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53, 79,73,74,65,6d,33,\
32,5c,75,70,73,2e,65,78,65,00
"ObjectName"="NT AUTHORITY\\LocalService"
"Start"=dword:00000003
"Type"=dword:00000010
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\wscsvc]
"Type"=dword:00000020
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53, 79,73,74,65,6d,33,\
32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20 ,6e,65,74,73,76,63,73,00
"DependOnService"=hex(7):52,70,63,53,73,00,77,69,6e,6d,67,6d,74,00, 00
"ObjectName"="LocalSystem"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\wscsvc\Parameters]
"ServiceDll"=hex(2):25,53,59,53,54,45,4d,52,4f,4f,54,25,5c,73, 79,73,74,65,6d,\
33,32,5c,77,73,63,73,76,63,2e,64,6c,6c,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\wscsvc\Enum]
"0"="Root\\LEGACY_WSCSVC\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\ALG]
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53, 79,73,74,65,6d,33,\
32,5c,61,6c,67,2e,65,78,65,00
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\securityproviders]
"securityproviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=-
[-hkey_current_user\software\microsoft\windows\curre ntversion\ext\stats\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[-hkey_classes_root\clsid\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[-hkey_classes_root\interface\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[-hkey_classes_root\typelib\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[-hkey_local_machine\software\microsoft\windows\curr entversion\explorer\browser helper objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[-hkey_local_machine\software\microsoft\internet explorer\activex compatibility\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[-hkey_local_machine\software\microsoft\internet explorer\toolbar\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[-hkey_current_user\software\microsoft\internet explorer\explorer bars\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[-hkey_local_machine\software\microsoft\active setup\installed components\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[-hkey_local_machine\software\microsoft\internet explorer\explorer bars\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[-hkey_local_machine\software\microsoft\internet explorer\extensions\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\sharedtaskscheduler]
"{7E853D72-626A-48EC-A868-BA8D5E23E045}"=-
[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{7E853D72-626A-48EC-A868-BA8D5E23E045}"=-
[hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser]
"{7E853D72-626A-48EC-A868-BA8D5E23E045}"=-
[hkey_current_user\software\microsoft\internet explorer\extensions\cmdmapping]
"{7E853D72-626A-48EC-A868-BA8D5E23E045}"=-

[-hkey_current_user\software\microsoft\windows\curre ntversion\ext\stats\{f6389e40-e497-4773-b067-7adfc05dbcee}]
[-hkey_classes_root\clsid\{f6389e40-e497-4773-b067-7adfc05dbcee}]
[-hkey_classes_root\interface\{f6389e40-e497-4773-b067-7adfc05dbcee}]
[-hkey_classes_root\typelib\{f6389e40-e497-4773-b067-7adfc05dbcee}]
[-hkey_local_machine\software\microsoft\windows\curr entversion\explorer\browser helper objects\{f6389e40-e497-4773-b067-7adfc05dbcee}]
[-hkey_local_machine\software\microsoft\internet explorer\activex compatibility\{f6389e40-e497-4773-b067-7adfc05dbcee}]
[-hkey_local_machine\software\microsoft\internet explorer\toolbar\{f6389e40-e497-4773-b067-7adfc05dbcee}]
[-hkey_current_user\software\microsoft\internet explorer\explorer bars\{f6389e40-e497-4773-b067-7adfc05dbcee}]
[-hkey_local_machine\software\microsoft\active setup\installed components\{f6389e40-e497-4773-b067-7adfc05dbcee}]
[-hkey_local_machine\software\microsoft\internet explorer\explorer bars\{f6389e40-e497-4773-b067-7adfc05dbcee}]
[-hkey_local_machine\software\microsoft\internet explorer\extensions\{f6389e40-e497-4773-b067-7adfc05dbcee}]
[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\sharedtaskscheduler]
"{f6389e40-e497-4773-b067-7adfc05dbcee}"=-
[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{f6389e40-e497-4773-b067-7adfc05dbcee}"=-
[hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser]
"{f6389e40-e497-4773-b067-7adfc05dbcee}"=-
[hkey_current_user\software\microsoft\internet explorer\extensions\cmdmapping]
"{f6389e40-e497-4773-b067-7adfc05dbcee}"=-


[hkey_classes_root\applications\iexplore.exe\shell\ open\command]
@="\"C:\\Archivos de programa\\Internet Explorer\\IEXPLORE.EXE\" %1"
[hkey_classes_root\ftp\shell\open\command]
@="\"C:\\Archivos de programa\\Internet Explorer\\IEXPLORE.EXE\" %1"
[hkey_classes_root\htmlfile\shell\open\command]
@="\"C:\\Archivos de programa\\Internet Explorer\\IEXPLORE.EXE\" -nohome"
[hkey_classes_root\htmlfile\shell\opennew\command]
@="\"C:\\Archivos de programa\\Internet Explorer\\IEXPLORE.EXE\" %1"
[hkey_classes_root\http\shell\open\command]
@="\"C:\\Archivos de programa\\Internet Explorer\\IEXPLORE.EXE\" -nohome"
[hkey_classes_root\internetshortcut\shell\open\comm and]
@="rundll32.exe shdocvw.dll,OpenURL %l"
[hkey_classes_root\scriptletfile\shell\generate typelib\command]
@="\"C:\\WINDOWS\\system32\\rundll32.exe\" C:\\WINDOWS\\system32\\scrobj.dll,GenerateTypeLib %1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"Shell"="Explorer.exe"
"ntdll.dll"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\installer\folders]
"C:\\WINDOWS\\Installer\\{87BD957E-9C5B-4061-9CC5-A08D124BDB84}\\"=-
"C:\\WINDOWS\\system32\\SursenLiveUpdate\\"=-
[hkey_local_machine\software\clients\startmenuinter net\iexplore.exe\shell\open\command]
@="\"C:\\Archivos de programa\\Internet Explorer\\IEXPLORE.EXE\" %1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\SharedDlls]
"C:\\Archivos de programa\\Archivos comunes\\WinAntiVirus Pro 2007\\WAPChk.dll"=-
"C:\\Archivos de programa\\Archivos comunes\\AVSystemCare\\UGaChk.dll"=-
"C:\\WINDOWS\\system32\\pc.dll"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\policies\explorer\run]
[hkey_users\.default\software\microsoft\windows\cur rentversion\policies\explorer\run]
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\ERSvc]
"DependOnService"=hex(7):52,70,63,53,73,00,00
"Description"="Allows error reporting for services and applictions running in non-standard environments."
"DisplayName"="Error Reporting Service"
"ErrorControl"=dword:00000000
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53, 79,73,74,65,6d,33,\
32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20 ,6e,65,74,73,76,63,73,00
"ObjectName"="LocalSystem"
"Start"=dword:00000002
"Type"=dword:00000020
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\ERSvc\Parameters]
"ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53, 79,73,74,65,6d,\
33,32,5c,65,72,73,76,63,2e,64,6c,6c,00
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\ERSvc\Enum]
"0"="Root\\LEGACY_ERSVC\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\dmserver\Parameters]
"ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53, 79,73,74,65,6d,\
33,32,5c,64,6d,73,65,72,76,65,72,2e,64,6c,6c,00
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\SharedAccess]
"Type"=dword:00000020
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\SharedAccess\Enum]
"0"="Root\\LEGACY_SHAREDACCESS\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\SharedAccess\Epoch]
"Epoch"=dword:00002cd5
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\SharedAccess\Parameters]
"ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53, 79,73,74,65,6d,\
33,32,5c,69,70,6e,61,74,68,6c,70,2e,64,6c,6c,00
[-HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\AuthorizedApplications\List]
"C:\WINDOWS\\system32\\sessmgr.exe"="C:\WINDOWS\\system32\\sessmgr.exe:*:enabled:@xpsp2 res.dll,-22019"
[-HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List]
"C:\WINDOWS\\system32\\sessmgr.exe"="C:\WINDOWS\\system32\\sessmgr.exe:*:enabled:@xpsp2 res.dll,-22019"
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\SharedAccess\Setup]
"ServiceUpgrade"=dword:00000001
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\SharedAccess\Setup\InterfacesUnfirewalledAtUpda te]
"All"=dword:00000001
[-HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\GloballyOpenPorts\List]
"139:TCP"="139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002"
"1900:UDP"="1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008"
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\CiSvc]
"DependOnService"=hex(7):52,50,43,53,53,00,00
"Description"="Indexes contents and properties of files on local and remote computers; provides rapid access to files through flexible querying language."
"DisplayName"="Indexing Service"
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73, 79,73,74,65,6d,33,\
32,5c,63,69,73,76,63,2e,65,78,65,00
"ObjectName"="LocalSystem"
"Start"=dword:00000003
"Type"=dword:00000120
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\CiSvc\Enum]
"0"="Root\\LEGACY_CISVC\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001
[-HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\UPS\Parameters]
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\UPS]
"Description"="Manages an uninterruptible power supply (UPS) connected to the computer."
"DisplayName"="Uninterruptible Power Supply"
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53, 79,73,74,65,6d,33,\
32,5c,75,70,73,2e,65,78,65,00
"ObjectName"="NT AUTHORITY\\LocalService"
"Start"=dword:00000003
"Type"=dword:00000010
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\wscsvc]
"Type"=dword:00000020
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53, 79,73,74,65,6d,33,\
32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20 ,6e,65,74,73,76,63,73,00
"DependOnService"=hex(7):52,70,63,53,73,00,77,69,6e,6d,67,6d,74,00, 00
"ObjectName"="LocalSystem"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\wscsvc\Parameters]
"ServiceDll"=hex(2):25,53,59,53,54,45,4d,52,4f,4f,54,25,5c,73, 79,73,74,65,6d,\
33,32,5c,77,73,63,73,76,63,2e,64,6c,6c,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\wscsvc\Enum]
"0"="Root\\LEGACY_WSCSVC\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\ALG]
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53, 79,73,74,65,6d,33,\
32,5c,61,6c,67,2e,65,78,65,00
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\securityproviders]
"securityproviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=-
axl456
05/02/08, 21:04:53
lo que acabas de colocar no es el reporte del combofix :negar:

el reporte de combofix se encuentra en un archivo de texto que encontraras en C:\ y se llama Combofix.txt

© Copyright 2005 - 2008 InfoSpyware ® Todos los derechos reservados.
InfoSpyware Security Blog