Que Archivos Elimino Con El Hijackthis? [Archivo]

Ver la Versión Completa : Que Archivos Elimino Con El Hijackthis?

mirchuk

12/02/08, 15:10:45

Hola, tengo el win 32 bho y no puedo eliminarlo, ya le pasé el AVAST como antivirus y todos los programas que por acá dicen pero al usar el Hijackthis no se que eliminar, agradecería si alguien m puede ayudar por favor ya que a cada rato me sale que estoy infectado y cuando abro alguna pagina no hace mas que salirme publicidad, saludos y muchas gracias.-
Aqui pego el reporte del HIJACKTHIS:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:07:51 p.m., on 12/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\toshiba\ivp\ism\pinger.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.infobae.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Notebook Maximizer] C:\Program Files\Notebook Maximizer\maximizer_startup.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Policies\Explorer\Run: [Windows Printing Driver] WinPrint.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: Descargar con Star Downloader - C:\Program Files\Star Downloader\sdie.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by112fd.bay112.hotmail.msn.com/resources/MsnPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CFC80089-18F8-4068-B402-2E481AF49936}: NameServer = 192.168.1.1
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe

--
End of file - 7957 bytes

MUCHAS GRACIAS POR MOLESTARSE EN LEER MI TEMA, SALUDOS.-

ElPiedra

13/02/08, 20:53:34

mirchuk

14/02/08, 14:22:18

Hola mirchuk, te doy la bienvenida al Foro de InfoSpyware.

Para limpiar el malware de "Malware Delf.BHO " se requiere eliminar unas librerías que no se pueden quitar manualmente y para esto tendremos que usar ComboFix en dos fases, la primera detectara y en la segunda te daremos los archivos a limpiar.

Descarga CCleaner (http://www.forospyware.com/t105564.html) y ejecútalo usando primero su opción de "Limpiador" para borrar cookies, temporales de Internet y todos los archivos que este te muestre como obsoletos, y luego usa su opción de "Registro" para limpiar todo el registro de Windows (haciendo copia de seguridad).

.:cf_icon:. - Descarga la herramienta ComboFix.exe (http://www.forospyware.com/sUBs/ComboFix.exe) y guárdala en el escritorio.
Desactiva temporalmente el Antivirus y/o Antispyware.
Cierra todas las ventanas abiertas.
Hacele doble clic al archivo combofix.exe y seguí las instrucciones.
Cuando termine, generara un registro en C:\ComboFix.txt.

*Nota* Mientras CF este trabajando no mover el mouse ya que pararía su proceso.
*Nota* ComboFix puede reiniciar automáticamente el PC para completar el proceso de eliminación.

Pega el reporte de ComboFix.txt en este mismo mensaje.

Reinicia y nos contas los resultados.

Salu2

Hola, muchisimas gracias por tu ayuda, aqui te paso el reporte, creo que quedó bien, lo unico que cuando paso el antivirusnod32 tira como que hay virus en la carpeta que creó el combofix, la QooBox, pero por lo que dice el antivirus no pasa nada. Aquí te paso el reporte del combofix y decime si quedó todo solucionado para vos, un abrazo y muchisimas gracias por la ayuda. Tambien quisiera le hagas llegar mi agradecimiento a Matabufalez ya que solucioné mi otro inconveniente con el Ewido y haciendo todo lo que me dijo, no se los doy yo os saludos porque está cerrado mi tema, saludos nuevamente.-

ComboFix 08-02-14.1 -2008-02-13 22:31:56.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600[GMT -3:00]
Running from: C:\Documents and Settings\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\ulovidmd.dll
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\ayadd.ini
C:\WINDOWS\system32\ayadd.ini2
C:\WINDOWS\system32\byspqkrv.dll
C:\WINDOWS\system32\cbadd.ini
C:\WINDOWS\system32\cbadd.ini2
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\ebxacfib.ini
C:\WINDOWS\system32\jyknxmxc.dll
C:\WINDOWS\system32\lfdotats.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\micr0st.dll
C:\WINDOWS\system32\mlnmp.ini
C:\WINDOWS\system32\mlnmp.ini2
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pmnlm.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\statodfl.dll
C:\WINDOWS\system32\ulovidmd.dll
C:\WINDOWS\system32\ulovidmd.dllbox
C:\WINDOWS\system32\uunlpqad.dll
C:\WINDOWS\system32\vrkqpsyb.ini
C:\WINDOWS\system32\wanpacket.dll
C:\WINDOWS\system32\wpcap.dll
C:\WINDOWS\system32\xhzybwvs.dllbox
C:\WINDOWS\system32\yayvtur.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_NPF
-------\NPF

((((((((((((((((((((((((( Files Created from 2008-01-14 to 2008-02-14 )))))))))))))))))))))))))))))))
.

2008-02-13 22:13 . 2008-02-13 22:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\RH_Backups
2008-02-13 22:04 . 2008-02-13 22:17 <DIR> d-------- C:\Program Files\RegistryFix
2008-02-13 19:02 . 2008-02-13 19:02 <DIR> d-------- C:\WINDOWS\LastGood.Tmp
2008-02-13 19:02 . 2008-02-13 19:02 <DIR> d-------- C:\Program Files\ESET
2008-02-13 19:02 . 2008-02-13 19:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-02-13 17:35 . 2008-02-13 17:35 334,336 --a------ C:\WINDOWS\system32\F1E.tmp
2008-02-13 17:01 . 2008-02-13 17:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\sentinel
2008-02-13 16:57 . 2008-02-13 16:57 <DIR> d-------- C:\Program Files\Panda Security
2008-02-13 16:40 . 2008-02-13 16:40 170 --a------ C:\WINDOWS\AvDetected.ini
2008-02-13 16:22 . 2008-02-13 18:54 <DIR> d-------- C:\Program Files\Common Files\Panda Software
2008-02-13 14:38 . 2008-02-13 15:14 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-02-13 14:38 . 2008-02-13 15:00 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-02-13 14:38 . 2008-02-13 15:00 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-02-13 14:38 . 2008-02-13 15:00 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-02-12 16:20 . 2008-02-12 16:21 <DIR> d-------- C:\Program Files\DelPSGuard
2008-02-12 15:40 . 2008-02-12 15:40 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-12 13:40 . 2008-02-12 14:01 <DIR> d-------- C:\VundoFix Backups
2008-02-12 12:37 . 2008-02-12 12:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-12 12:35 . 2008-02-13 15:16 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-02-12 12:35 . 2008-02-12 12:35 <DIR> d-------- C:\Documents and Settings\Application Data\SUPERAntiSpyware.com
2008-02-10 04:24 . 2008-02-10 04:24 138,752 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-02-09 18:52 . 2008-02-11 00:36 <DIR> d-------- C:\Program Files\Spyware Terminator
2008-02-09 18:52 . 2008-02-11 00:05 <DIR> d-------- C:\Documents and Settings\.........\Application Data\Spyware Terminator
2008-02-09 18:52 . 2008-02-11 00:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-02-08 17:01 . 2008-02-08 17:01 <DIR> d-------- C:\Documents and Settings\FAVIO MIRCHUK\Application Data\Malwarebytes
2008-02-08 17:01 . 2008-02-08 17:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-02-08 12:37 . 2008-02-08 18:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-02-08 12:37 . 2008-02-08 12:37 25,600 --a------ C:\Documents and Settings\............\usbsermptxp.sys
2008-02-08 12:37 . 2008-02-08 12:37 22,768 --a------ C:\WINDOWS\system32\drivers\usbsermpt.sys
2008-02-08 12:37 . 2008-02-08 12:37 22,768 --a------ C:\Documents and Settings\.............\usbsermpt.sys
2008-02-08 12:34 . 2004-08-03 23:08 25,600 --a------ C:\WINDOWS\system32\drivers\usbser.sys
2008-02-08 12:34 . 2004-08-03 23:08 25,600 --a--c--- C:\WINDOWS\system32\dllcache\usbser.sys
2008-02-03 17:07 . 2008-02-03 18:08 37,473 --a------ C:\WINDOWS\system32\muzika.xm
2008-02-03 16:27 . 2008-02-03 16:27 37,888 --a------ C:\WINDOWS\system32\rar.exe
2008-01-29 21:41 . 2008-01-29 22:09 <DIR> d-------- C:\Program Files\Star Downloader
2008-01-28 23:39 . 2008-01-28 23:39 1,158 --a------ C:\WINDOWS\mozver.dat
2008-01-28 23:17 . 2008-02-10 04:22 <DIR> d-------- C:\download
2008-01-28 23:12 . 2008-01-29 21:20 <DIR> d-------- C:\Program Files\WellGet

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-02-14 01:26 --------- d-----w C:\Documents and Settings\............\Application Data\Skype
2008-02-13 19:38 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-13 17:21 --------- d-----w C:\Program Files\FrostWire
2008-02-13 15:51 --------- d-----w C:\Program Files\Google
2008-02-13 15:50 --------- d-----w C:\Documents and Settings\.............\Application Data\Lavasoft
2008-02-13 15:33 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-13 15:28 --------- d-----w C:\Program Files\Pure Networks
2008-02-13 15:14 --------- d-----w C:\Program Files\Total Video Converter
2008-02-13 15:14 --------- d-----w C:\Program Files\Sonic
2008-02-12 15:35 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-09 22:49 --------- d-----w C:\Program Files\IMMonitor
2008-02-07 06:31 --------- d-----w C:\Program Files\Incomplete
2008-01-27 02:13 --------- d-----w C:\Documents an Settings\-.\Application Data\FrostWire
2008-01-19 00:13 --------- d-----w C:\Program Files\eMule
2007-12-21 11:21 33,800 ----a-w C:\WINDOWS\system32\drivers\epfwtdir.sys
2007-12-21 11:20 30,216 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys
2007-12-21 11:19 39,944 ----a-w C:\WINDOWS\system32\drivers\eamon.sys
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-10-08 00:45 57,344 ----a-w C:\Documents and Settings\lametritonus.dll
2007-10-08 00:45 162,304 ----a-w C:\Documents and Settings\lame_enc.dll
2007-02-01 04:12 81,920 ----a-w C:\Documents and Settings\Application Data\ezpinst.exe
2007-02-01 04:12 47,360 ----a-w C:\Documents and Settings\Application Data\pcouffin.sys
2006-05-24 15:06 0 ----a-w C:\Documents and Settings\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 04:32 65536]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:00 15360]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-05-15 15:40 20421672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"TCtryIOHook"="TCtrlIOHook.exe" [2005-08-06 00:02 28672 C:\WINDOWS\system32\TCtrlIOHook.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-07-06 01:05 344064]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2004-03-24 02:40 196608]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2005-04-12 20:18 184320]
"AGRSMMSG"="AGRSMMSG.exe" [2005-04-12 20:17 88358 C:\WINDOWS\agrsmmsg.exe]
"HWSetup"="C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-05-01 17:45 28672]
"SVPWUTIL"="C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2004-05-01 17:45 65536]
"Tvs"="C:\Program Files\Toshiba\Tvs\TvsTray.exe" [2005-04-05 20:25 73728]
"CeEKEY"="C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [2005-06-30 14:05 671744]
"TPSMain"="TPSMain.exe" [2005-05-31 21:16 282624 C:\WINDOWS\system32\TPSMain.exe]
"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-09-07 18:03 1077301]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-26 20:13 122880]
"TPNF"="C:\Program Files\TOSHIBA\TouchPad\TPTray.exe" [2005-06-08 19:51 53248]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-17 21:37 151552]
"Notebook Maximizer"="C:\Program Files\Notebook Maximizer\maximizer_startup.exe" [2004-05-25 18:35 28672]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 10:33 122941]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 08:21 1443072]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2005-08-16 21:09:37 155648]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer\run]
"Windows Printing Driver"= WinPrint.exe

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xhzybwvs]
xhzybwvs.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
"PVR Agent"=C:\Program Files\KWorld Multimedia\PVR Plus\TVR\Scheduled.exe
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime

R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfw tdir.sys [2007-12-21 08:21]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-02-10 04:24]
R1 TPwSav;Common Driver;C:\WINDOWS\system32\Drivers\TPwSav.sys [2005-06-03 23:49]
R2 UxTuneUp;Ampliación del diseño de TuneUp;C:\WINDOWS\System32\svchost.exe [2004-08-04 09:00]
S1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\DRIVERS\ShlDrv51.sys []
S2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys []
S3 USB28xxBGA;USB 2861 Device;C:\WINDOWS\system32\DRIVERS\emBDA.sys [2006-02-08 02:12]
S3 USB28xxOEM;USB 28xx OEM Filter;C:\WINDOWS\system32\DRIVERS\emOEM.sys [2006-02-08 02:12]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{0a1e7e3e-9ad8-11dc-9575-0011f57e8a95}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{114ce0ec-160f-11dc-9514-0011f57e8a95}]
\Shell\Auto\command - MSOCache\doWTP_RESTORE.exe -autorun
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MSOCache\doWTP_RESTORE.exe -autorun

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{2814372c-a40b-11dc-957b-0011f57e8a95}]
\Shell\Auto\command - E:\MSOCache\doWTP_RESTORE_0.exe -autorun
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MSOCache\doWTP_RESTORE_0.exe -autorun

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{2e97fcb0-1c56-11dc-951d-0011f57e8a95}]
\Shell\1\Command - RUNAUT~1\autorun.pif
\Shell\2\Command - RUNAUT~1\autorun.pif
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RUNAUT~1\autorun.pif

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{5566caaa-073f-11dc-9503-0011f57e8a95}]
\Shell\Auto\command - fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{8d0ac8e3-18f2-11dc-9515-0011f57e8a95}]
\Shell\Auto\command - E:\MSOCache\doWTP_RESTORE.exe -autorun
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MSOCache\doWTP_RESTORE.exe -autorun

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{8d0ac8e8-18f2-11dc-9515-0011f57e8a95}]
\Shell\Auto\command - E:\MSOCache\doWTP_RESTORE.exe -autorun
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MSOCache\doWTP_RESTORE.exe -autorun

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{dbd1ca4d-1dc1-11dc-9521-0011f57e8a95}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Setup.pif

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{f3e452e3-82ec-11db-9454-0011f57e8a95}]
\Shell\Auto\command - F:\MSOCache\doWTP_RESTORE_0.exe -autorun
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MSOCache\doWTP_RESTORE_0.exe -autorun

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{f97479e6-cb70-11db-94ab-0011f57e8a95}]
\Shell\Auto\command - fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{fba0e0ca-fa44-11db-94f2-0011f57e8a95}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2008-02-08 20:17:35 C:\WINDOWS\Tasks\Mantenimiento con 1 clic.job"
- C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
.
************************************************** ************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-13 22:38:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ACS.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\imapi.exe
.
************************************************** ************************
.
Completion time: 2008-02-13 22:41:40 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-14 01:41:34
.
2008-02-13 15:18:42 --- E O F ---

ElPiedra

14/02/08, 15:45:39

Hola, ComboFix detecto y elimino ya algunos Malwares, pero todavía le quedaron algunas cosas para sacar siguiendo estos pasos:

A) - Abrir el Notepad (Bloc de Notas)

Ir a INICIO > EJECUTAR >
Y ahí pones notepad.exe y ACEPTAR

B) - Ahora copia y pega estos archivos dentro del Notepad

Registry::
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer\run]
"Windows Printing Driver"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xhzybwvs]
[-HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{0a1e7e3e-9ad8-11dc-9575-0011f57e8a95}]
[-HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{114ce0ec-160f-11dc-9514-0011f57e8a95}]
[-HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{2814372c-a40b-11dc-957b-0011f57e8a95}]
[-HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{2e97fcb0-1c56-11dc-951d-0011f57e8a95}]
[-HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{5566caaa-073f-11dc-9503-0011f57e8a95}]
[-HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{8d0ac8e3-18f2-11dc-9515-0011f57e8a95}]
[-HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{8d0ac8e8-18f2-11dc-9515-0011f57e8a95}]
[-HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{dbd1ca4d-1dc1-11dc-9521-0011f57e8a95}]
[-HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{f3e452e3-82ec-11db-9454-0011f57e8a95}]
[-HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{f97479e6-cb70-11db-94ab-0011f57e8a95}]
[-HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{fba0e0ca-fa44-11db-94f2-0011f57e8a95}]

C) - Graba este archivo con el nombre CFScript.txt y déjalo en tu escritorio.

D) - Arrastrar y soltar el archivo CFScript.txt dentro del archivo ComboFix.exe como lo muestra la animación de abajo. Esto activara ComboFix nuevamente.

http://www.forospyware.com/images/adv/CFScript.gif

Reinicia tu PC y nos dejas un el nuevo reporte de ComboFix, comentándonos como esta funcionado todo actualmente?

Salu2