 |
| |||||||
| Foro Oficial de HijackThis en español Analizamos tu log de HijackThis para eliminar Hijackers, Spyware, Adware, ToolBars, Virus, Troyanos y Malwares en gral. Antes lea las Políticas del Foro de HijackThis. |
 |
| | Herramientas |
 | 
27/09/07, 18:05:47
|  |
| |||
| Solicito ayuda contra trojan.crypt.cfi.ahz Hola Mucho les agradecería me puedieran ayudar a eliminar un virus que el Bitdefender encontró en un Server, indicándome que estaba infectado con el virus: trojan.crypt.cfi.ahz El Bitdefender no lo pudo eliminar ni mover a cuarentena. El server es un Windows Small Business Server 2003, y lo que provocó dicho bicho fué que me tiró por completo el servicio de DNS y DHCP y alentó de manera considerable al servidor. Al correr el Spybot en modo a prueba de fallos me mostró los siguientes mensajes: HKEY_USERS\S-1-5-18\SYSTEM\CurrentControlSet\Control\Lsa HKEY_USERS\DEFAULT\SYSTEM\CurrentControlSet\Contro l\Lsa Les muestro el log del Hijack This: Logfile of HijackThis v1.99.1 Scan saved at 6:23:57 PM, on 9/25/2007 Platform: Windows 2003 (WinNT 5.02.3790) MSIE: Internet Explorer v6.00 (6.00.3790.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Softwin\BDReg\bdregsvr2.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\system32\Dfssvc.exe C:\WINDOWS\System32\dns.exe C:\WINDOWS\system32\svchost.exe C:\program files\internet explorer\IEXPLORE.EXE C:\WINDOWS\System32\svchost.exe c:\windows\x\ln\sscansvc.exe C:\Program Files\Microsoft SQL Server\MSSQL$SHAREPOINT\Binn\sqlservr.exe C:\PROGRA~1\MICROS~3\MSSQL\binn\sqlservr.exe C:\WINDOWS\system32\ntfrs.exe C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\pageserver.exe C:\WINDOWS\system32\mmc.exe C:\WINDOWS\system32\WinVNC.exe C:\Program Files\Common Files\Softwin\bdlogd.exe C:\Program Files\Common Files\Softwin\BDScheduler.exe C:\Program Files\Common Files\Softwin\Stats\BDstat.exe C:\WINDOWS\system32\tcpsvcs.exe C:\Program Files\Microsoft CRM\Server\bin\CrmSecurityService.exe C:\WINDOWS\system32\mqsvc.exe C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe C:\Program Files\Common Files\Softwin\bdlived.exe C:\Program Files\Common Files\Softwin\bdscand.exe C:\Program Files\Softwin\BitDefender for File Servers\bdfs.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Softwin\Console\bdconsole.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\system32\cidaemon.exe C:\PROGRA~1\FREEDO~1\fdm.exe C:\WINDOWS\system32\zstatus.exe C:\Documents and Settings\Administrator\My Documents\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/hardAdmin.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://companyweb/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://companyweb O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Common Files\Softwin\Console\bdconsole.exe" O4 - HKLM\..\Run: [smtpsrv] C:\Program Files\Advanced SMTP Server\SMTPServer.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Startup: Server Management.lnk = ? O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O14 - IERESET.INF: START_PAGE_URL=http://companyweb O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/spanish/kavwebscan_unicode.cab O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {C41B5AC8-0EC2-44B5-9570-D2459A43D10B} (Microsoft CRM Import) - http://crm/Tools/BulkImport/BulkImport.cab O16 - DPF: {D30CA0FD-1CA0-11D4-AC78-006008A9A8BC} (WebBasedClientInstall Class) - file://C:\Users Shared Folders\Nexis\Productos\Symantec Antivirus Corporate Edition 10\Symantec Antivirus Corporate Edition 10\Tools\WebInst\webinst.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4367/mcfscan.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = nexis.local O17 - HKLM\Software\..\Telephony: DomainName = nexis.local O17 - HKLM\System\CCS\Services\Tcpip\..\{BEBF6A8B-8B8D-491A-BBE0-8C9595D62862}: NameServer = 200.23.242.196 200.23.242.202 O17 - HKLM\System\CCS\Services\Tcpip\..\{CFC6DE91-D54D-406D-9592-32F762EE3852}: NameServer = 10.0.0.1 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = nexis.local O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = nexis.local O20 - Winlogon Notify: NavLogon - C:\WINDOWS\ O21 - SSODL: odb_set - {D7396574-1D58-48F5-80DA-28F47E1E55B5} - odbcmr32.dll (file missing) O23 - Service: BitDefender for File Servers (BDFS) - Unknown owner - C:\Program Files\Softwin\BitDefender for File Servers\bdfs.exe O23 - Service: BitDefender Update (BDLIVED) - Softwin SRL - C:\Program Files\Common Files\Softwin\bdlived.exe O23 - Service: BitDefender Logging Service (BDLOGD) - Softwin SRL - C:\Program Files\Common Files\Softwin\bdlogd.exe O23 - Service: BitDefender Registry v2 (BDREGISTRY) - Unknown owner - C:\Program Files\Common Files\Softwin\BDReg\bdregsvr2.exe O23 - Service: BitDefender Scanning Service (BDSCAND) - Softwin SRL - C:\Program Files\Common Files\Softwin\bdscand.exe O23 - Service: BitDefender Scheduler (BDScheduler) - Unknown owner - C:\Program Files\Common Files\Softwin\BDScheduler.exe O23 - Service: BitDefender Statistics 2 (BDSTATSRV2) - Unknown owner - C:\Program Files\Common Files\Softwin\Stats\BDstat.exe O23 - Service: Crystal Cache Server (CacheServer) - Unknown owner - C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\cacheserver.exe" -service -name SBS.cacheserver -cache -nops -deleteCache -ns SBS -restart (file missing) O23 - Service: Crystal APS (CrystalAPS) - Unknown owner - C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\CrystalAPS.exe" -service -name SBS.aps -restart -threads 50 (file missing) O23 - Service: Crystal Event Server (CrystalEventServer) - Unknown owner - C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\EventServer.exe" -service -name SBS.eventserver -ns SBS -restart (file missing) O23 - Service: Crystal Input File Repository Server (CrystalInputFileServer) - Unknown owner - C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\inputfileserver.exe" -service -name Input.SBS -ns SBS -restart (file missing) O23 - Service: Crystal Output File Repository Server (CrystalOutputFileServer) - Unknown owner - C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\outputfileserver.exe" -service -name Output.SBS -ns SBS -restart (file missing) O23 - Service: Dns Config (Dnscfg) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSINFO\iedw.exe O23 - Service: Crystal Report Job Server (JobServer_Report) - Unknown owner - C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\JobServer.exe" -service -name SBS.report -ns SBS -objectType CrystalEnterprise.Report -lib procReport -restart (file missing) O23 - Service: GFI LANguard N.S.S. Scheduled Scans Service (lnss_sscans) - GFI Software Ltd. - c:\windows\x\ln\sscansvc.exe O23 - Service: Crystal Page Server (pageserver) - Unknown owner - C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\pageserver.exe" -service -name SBS.pageserver -ns SBS -restart (file missing) O23 - Service: Symantec Central Quarantine (qserver) - Unknown owner - C:\PROGRA~1\Symantec\QUARAN~1\Server\qserver.exe (file missing) O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: Smart Crad Service (Smart Crad) - Unknown owner - C:\WINDOWS\system32\conine.exe (file missing) O23 - Service: sqltec - Unknown owner - C:\WINDOWS\system32\drivers\etc\0sec\SQLsecurity.e xe (file missing) O23 - Service: Crystal Web Component Server (WebCompServer) - Unknown owner - C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\WebCompServer.exe" -service -name SBS.WCS -ns SBS -restart (file missing) O23 - Service: Windows - Unknown owner - C:\WINDOWS\system32\jfu81.exe (file missing) O23 - Service: winswos - Unknown owner - C:\WINDOWS\system32\boot.exe O23 - Service: VNC Server (winvnc) - Unknown owner - C:\WINDOWS\system32\WinVNC.exe" -service (file missing) He buscado ya bastante por la red y no he encontrado respuesta de esto. De antemano les agradezco su amable apoyo para soulucionar este caso. Quedo en espera de sus respuestas.      |
|
28/09/07, 12:14:28
| |
| ||||
| Re: Solicito ayuda contra trojan.crypt.cfi.ahz Hola Ianhos, te doy la bienvenida al Foro de InfoSpyware Estas usando una versión antigua de HijackThis, por lo que descarga y ejecuta la nueva versión de HijackThis 2.0.2 para generar y dejarnos un nuevo log en este mismo mensaje. Salu2 En preparativos por la llegada del "Huracán - IKE"" Novedades del Foro | Antivirus Online | Eliminar Malwares | Políticas del Foro | Blog * Ayúdanos haciendo una DONACIÓN para poder seguir Ayudando. * Para evitar Virus y Spywares al navegar por internet, USE FIREFOX !! * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro. |
|
28/09/07, 14:52:06
| |
| |||
| Re: Solicito ayuda contra trojan.crypt.cfi.ahz De acuerdo, abajo pongo el log que arrojó la versión 2.0.2 del Jijack This: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:33:07 PM, on 9/28/2007 Platform: Windows 2003 (WinNT 5.02.3790) MSIE: Internet Explorer v6.00 (6.00.3790.0000) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Softwin\BDReg\bdregsvr2.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\system32\Dfssvc.exe C:\WINDOWS\System32\dns.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe c:\windows\x\ln\sscansvc.exe C:\Program Files\Microsoft SQL Server\MSSQL$SHAREPOINT\Binn\sqlservr.exe C:\PROGRA~1\MICROS~3\MSSQL\binn\sqlservr.exe C:\WINDOWS\system32\ntfrs.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\mmc.exe C:\WINDOWS\system32\WinVNC.exe C:\Program Files\Common Files\Softwin\bdlogd.exe C:\Program Files\Common Files\Softwin\BDScheduler.exe C:\Program Files\Common Files\Softwin\Stats\BDstat.exe C:\WINDOWS\system32\tcpsvcs.exe C:\Program Files\Microsoft CRM\Server\bin\CrmSecurityService.exe C:\WINDOWS\system32\mqsvc.exe C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe C:\Program Files\Common Files\Softwin\bdlived.exe C:\Program Files\Common Files\Softwin\bdscand.exe C:\Program Files\Softwin\BitDefender for File Servers\bdfs.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Softwin\Console\bdconsole.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\program files\internet explorer\IEXPLORE.EXE C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\rdpclip.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\PROGRA~1\FREEDO~1\fdm.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/hardAdmin.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://companyweb/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://companyweb O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Common Files\Softwin\Console\bdconsole.exe" O4 - HKLM\..\Run: [smtpsrv] C:\Program Files\Advanced SMTP Server\SMTPServer.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [Microsoft Corporaticn SQL Handler] sqlhandler.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunServices: [ATI Video Driver Control] atigfx.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunServices: [Microsoft Live Messenger] rBot.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Microsoft Corporaticn SQL Handler] sqlhandler.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\RunServices: [ATI Video Driver Control] atigfx.exe (User 'Default user') O4 - Startup: Server Management.lnk = ? O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O14 - IERESET.INF: START_PAGE_URL=http://companyweb O15 - ESC Trusted Zone: http://www.apple.com O15 - ESC Trusted Zone: http://*.windowsupdate.com O15 - ESC Trusted Zone: http://*.windowsupdate.com (HKLM) O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/spanish/kavwebscan_unicode.cab O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {C41B5AC8-0EC2-44B5-9570-D2459A43D10B} (Microsoft CRM Import) - http://crm/Tools/BulkImport/BulkImport.cab O16 - DPF: {D30CA0FD-1CA0-11D4-AC78-006008A9A8BC} (WebBasedClientInstall Class) - file://C:\Users Shared Folders\Nexis\Productos\Symantec Antivirus Corporate Edition 10\Symantec Antivirus Corporate Edition 10\Tools\WebInst\webinst.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4367/mcfscan.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = nexis.local O17 - HKLM\Software\..\Telephony: DomainName = nexis.local O17 - HKLM\System\CCS\Services\Tcpip\..\{BEBF6A8B-8B8D-491A-BBE0-8C9595D62862}: NameServer = 200.23.242.196 200.23.242.202 O17 - HKLM\System\CCS\Services\Tcpip\..\{CFC6DE91-D54D-406D-9592-32F762EE3852}: NameServer = 10.0.0.1 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = nexis.local O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = nexis.local O21 - SSODL: odb_set - {D7396574-1D58-48F5-80DA-28F47E1E55B5} - odbcmr32.dll (file missing) O23 - Service: BitDefender for File Servers (BDFS) - Unknown owner - C:\Program Files\Softwin\BitDefender for File Servers\bdfs.exe O23 - Service: BitDefender Update (BDLIVED) - Softwin SRL - C:\Program Files\Common Files\Softwin\bdlived.exe O23 - Service: BitDefender Logging Service (BDLOGD) - Softwin SRL - C:\Program Files\Common Files\Softwin\bdlogd.exe O23 - Service: BitDefender Registry v2 (BDREGISTRY) - Unknown owner - C:\Program Files\Common Files\Softwin\BDReg\bdregsvr2.exe O23 - Service: BitDefender Scanning Service (BDSCAND) - Softwin SRL - C:\Program Files\Common Files\Softwin\bdscand.exe O23 - Service: BitDefender Scheduler (BDScheduler) - Unknown owner - C:\Program Files\Common Files\Softwin\BDScheduler.exe O23 - Service: BitDefender Statistics 2 (BDSTATSRV2) - Unknown owner - C:\Program Files\Common Files\Softwin\Stats\BDstat.exe O23 - Service: Crystal Cache Server (CacheServer) - Crystal Decisions - C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\cacheserver.exe O23 - Service: Crystal APS (CrystalAPS) - Crystal Decisions - C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\CrystalAPS.exe O23 - Service: Crystal Event Server (CrystalEventServer) - Crystal Decisions - C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\EventServer.exe O23 - Service: Crystal Input File Repository Server (CrystalInputFileServer) - Crystal Decisions - C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\inputfileserver.exe O23 - Service: Crystal Output File Repository Server (CrystalOutputFileServer) - Crystal Decisions - C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\outputfileserver.exe O23 - Service: Dns Config (Dnscfg) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSINFO\iedw.exe O23 - Service: Crystal Report Job Server (JobServer_Report) - Crystal Decisions - C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\JobServer.exe O23 - Service: GFI LANguard N.S.S. Scheduled Scans Service (lnss_sscans) - GFI Software Ltd. - c:\windows\x\ln\sscansvc.exe O23 - Service: Crystal Page Server (pageserver) - Crystal Decisions - C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\pageserver.exe O23 - Service: Symantec Central Quarantine (qserver) - Unknown owner - C:\PROGRA~1\Symantec\QUARAN~1\Server\qserver.exe (file missing) O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Smart Crad Service (Smart Crad) - Unknown owner - C:\WINDOWS\system32\conine.exe (file missing) O23 - Service: sqltec - Unknown owner - C:\WINDOWS\system32\drivers\etc\0sec\SQLsecurity.e xe (file missing) O23 - Service: Crystal Web Component Server (WebCompServer) - Crystal Decisions - C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\WebCompServer.exe O23 - Service: Windows - Unknown owner - C:\WINDOWS\system32\jfu81.exe (file missing) O23 - Service: winswos - Unknown owner - C:\WINDOWS\system32\boot.exe O23 - Service: VNC Server (winvnc) - AT&T Research Labs Cambridge - C:\WINDOWS\system32\WinVNC.exe -- End of file - 9805 bytes Muchas gracias viejo. Saludos. |
|
29/09/07, 16:00:27
| |
| ||||
| Re: Solicito ayuda contra trojan.crypt.cfi.ahz Hola Ianhos, Descarga CCleaner y ejecútalo usando primero su opción de "Limpiador" para borrar cookies, temporales de Internet y todos los archivos que este te muestre como obsoletos, y luego usa su opción de "Registro" para limpiar todo el registro de Windows (haciendo copia de seguridad). Descarga, actualiza y ejecuta
Reinicia y nos contas los resultados. Salu2 En preparativos por la llegada del "Huracán - IKE"" Novedades del Foro | Antivirus Online | Eliminar Malwares | Políticas del Foro | Blog * Ayúdanos haciendo una DONACIÓN para poder seguir Ayudando. * Para evitar Virus y Spywares al navegar por internet, USE FIREFOX !! * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro. |
|
04/10/07, 13:02:57
| |
| |||
| Re: Solicito ayuda contra trojan.crypt.cfi.ahz Ok. He aqui el log del Combofix.exe ComboFix 07-10-02.2 - Administrator 2007-10-02 20:12:55.2 - NTFSx86 Microsoft(R) Windows(R) Server 2003 for Small Business Server 5.2.3790.0.1252.1.1033.18.431 [GMT -5:00] Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2007-09-03 to 2007-10-03 ))))))))))))))))))))))))))))))) . 2007-10-02 19:18 1,470,281 --a------ C:\ComboFix.exe 2007-10-02 10:52 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-10-01 17:59 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2007-10-01 17:59 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-10-01 17:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2007-10-01 17:59 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com 2007-10-01 13:12 <DIR> d-------- C:\Program Files\CCleaner 2007-09-28 13:32 <DIR> d-------- C:\Program Files\Trend Micro 2007-09-27 18:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx 2007-09-20 11:59 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\WinRAR 2007-09-18 17:18 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab 2007-09-17 20:46 578,560 --a------ C:\WINDOWS\system32\JavaM.exe 2007-09-13 09:17 647,168 --a------ C:\WINDOWS\system32\Down(1).exe 2007-09-09 11:31 <DIR> d-------- C:\Program Files\WinPcap 2007-09-09 11:26 <DIR> d-------- C:\WINDOWS\x 2007-09-09 10:38 86,016 --a------ C:\WINDOWS\system32\pslist.exe 2007-09-09 10:38 45,056 --a------ C:\WINDOWS\system32\omnithread_rt.dll 2007-09-09 10:38 32,768 --a------ C:\WINDOWS\system32\VNCHooks.dll 2007-09-09 10:38 32,256 --a------ C:\WINDOWS\system32\ntrights.exe 2007-09-09 10:38 208,896 --a------ C:\WINDOWS\system32\WinVNC.exe 2007-09-09 10:38 2,209 --a------ C:\WINDOWS\system32\VNCHooks_Settings.reg 2007-09-09 10:38 176,128 --a------ C:\WINDOWS\system32\vncviewer.exe 2007-09-09 10:38 16,896 --a------ C:\WINDOWS\system32\fscan.exe 2007-09-09 10:38 131,072 --a------ C:\WINDOWS\system32\psshutdown.exe 2007-09-05 17:27 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2007-09-04 04:45 44,779 --a------ C:\WINDOWS\system32\wis.exe 2007-09-03 05:44 607,232 ---hs---- C:\WINDOWS\system32\_iedw.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2007-10-01 19:45 --------- d-------- C:\Documents and Settings\Administrator\Application Data\Free Download Manager 2007-10-01 13:28 --------- d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-09-06 15:43 --------- d-------- C:\Program Files\Common Files\InstallShield 2007-09-06 13:16 --------- d-------- C:\Program Files\Media Key 2007-09-01 05:08 647168 --a------ C:\WINDOWS\system32\boot.exe 2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll 2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll 2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe 2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll 2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll 2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll 2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll 2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll 2006-12-21 19:35:16 297 --sha-r C:\WINDOWS\system32\drivers\etc\0sec\Cleaner.bat 2005-12-13 03:00:16 6,656 --sha-r C:\WINDOWS\system32\drivers\etc\0sec\cygcrypt-0.dll 2003-04-22 01:47:04 68,016 --sha-r C:\WINDOWS\system32\drivers\etc\0sec\cygregex.dll 2006-01-21 00:29:00 1,805,448 --sha-r C:\WINDOWS\system32\drivers\etc\0sec\cygwin1.dll 2007-03-06 07:04:08 1,102 --sha-r C:\WINDOWS\system32\drivers\etc\0sec\SQLsecurity.s ys 2007-03-06 07:03:57 33,387 --sha-r C:\WINDOWS\system32\drivers\etc\0sec\syztem.dll 2006-12-21 20:19:28 155,698 --sha-r C:\WINDOWS\system32\drivers\etc\0sec\update.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "BDMCon"="C:\Program Files\Common Files\Softwin\Console\bdconsole.exe" [2006-08-22 16:13] "smtpsrv"="C:\Program Files\Advanced SMTP Server\SMTPServer.exe" [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2003-09-10 14:27] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2004-05-12 01:03] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06] [HKEY_USERS\.default\software\microsoft\windows\cur rentversion\runservices] "ATI Video Driver Control"=atigfx.exe "Microsoft Windows Socketx32 Services"=winsockx32.exe "Microsoft Windows Services Edt"=dllrun32.exe "Microsoft Corporaticn SQL Handler"=sqlhandler.exe "Microsoft Live Messenger"=rBot.exe [HKEY_USERS\.default\software\microsoft\windows\cur rentversion\run] "Microsoft Corporaticn SQL Handler"=sqlhandler.exe "Microsoft Live Messenger"=rBot.exe C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2004-06-23 11:23:28] C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ Server Management.lnk - C:\Program Files\Microsoft Windows Small Business Server\Administration\LaunchConsole.exe [2003-09-10 18:44:18] C:\Documents and Settings\elozano\Start Menu\Programs\Startup\ Server Management.lnk - C:\Program Files\Microsoft Windows Small Business Server\Administration\LaunchConsole.exe [2003-09-10 18:44:18] C:\Documents and Settings\nsalazar\Start Menu\Programs\Startup\ Server Management.lnk - C:\Program Files\Microsoft Windows Small Business Server\Administration\LaunchConsole.exe [2003-09-10 18:44:18] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2004-06-23 11:23:28] [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system] "disablecad"=0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer] "ShowSuperHidden"=1 (0x1) "NoWelcomeScreen"=1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer] "DisallowRun"=1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies\explorer] "StartMenuLogOff"=1 (0x1) "DisallowRun"=1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer\disallowrun] "Protected system files1"=avgupsvc.exe "Protected system files2"=avgamsvr.exe "Protected system files3"=avgcc.exe "Protected system files4"=nod32kui.exe "Protected system files5"=nod32krn.exe "Protected system files6"=ccSetMgr.exe "Protected system files7"=ccEvtMgr.exe "Protected system files8"=DefWatch.exe "Protected system files9"=SavRoam.exe "Protected system files10"=Rtvscan.exe "Protected system files11"=VPTray.exe "Protected system files12"=ccApp.exe "Protected system files13"=AluSchedulerSvc.exe "Protected system files14"=nod32.exe "Protected system files15"=nod32ra.exe "Protected system files16"=UpdaterUI.exe "Protected system files17"=tbmon.exe "Protected system files18"=Mcshield.exe "Protected system files19"=SHSTAT.exe "Protected system files20"=ashMaiSv.exe "Protected system files21"=ashServ.exe "Protected system files22"=ashWebSv.exe "Protected system files23"=aswUpdSv.exe "Protected system files24"=AVGUARD.exe "Protected system files25"=AVWUPSRV.exe "Protected system files26"=avscan.exe "Protected system files27"=guardgui.exe "Protected system files28"=VxMon.exe "Protected system files29"=AVGNT.exe "Protected system files30"=avgemc.exe "Protected system files31"=avp.exe "Protected system files32"=avp.com [HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies\explorer\disallowrun] "Protected system files1"=avgupsvc.exe "Protected system files2"=avgamsvr.exe "Protected system files3"=avgcc.exe "Protected system files4"=nod32kui.exe "Protected system files5"=nod32krn.exe "Protected system files6"=ccSetMgr.exe "Protected system files7"=ccEvtMgr.exe "Protected system files8"=DefWatch.exe "Protected system files9"=SavRoam.exe "Protected system files10"=Rtvscan.exe "Protected system files11"=VPTray.exe "Protected system files12"=ccApp.exe "Protected system files13"=AluSchedulerSvc.exe "Protected system files14"=nod32.exe "Protected system files15"=nod32ra.exe "Protected system files16"=UpdaterUI.exe "Protected system files17"=tbmon.exe "Protected system files18"=Mcshield.exe "Protected system files19"=SHSTAT.exe "Protected system files20"=ashMaiSv.exe "Protected system files21"=ashServ.exe "Protected system files22"=ashWebSv.exe "Protected system files23"=aswUpdSv.exe "Protected system files24"=AVGUARD.exe "Protected system files25"=AVWUPSRV.exe "Protected system files26"=avscan.exe "Protected system files27"=guardgui.exe "Protected system files28"=VxMon.exe "Protected system files29"=AVGNT.exe "Protected system files30"=avgemc.exe "Protected system files31"=avp.exe "Protected system files32"=avp.com [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad] "odb_set"= {D7396574-1D58-48F5-80DA-28F47E1E55B5} - odbcmr32.dll [ ] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa] "Notification Packages"= RASSFM KDCSVC WDIGEST scecli dsrestor [HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\securityproviders] SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, pwdssp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\sacsvr] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\SBCore] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Smart Crad] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\wd.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Media Key.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Media Key.lnk backup=C:\WINDOWS\pss\Media Key.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWPersistentQueuedReport ing] C:\PROGRA~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE -a [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsmqIntCert] regsvr32 /s mqrt.dll R0 crcdisk;CRC Disk Filter Driver;C:\WINDOWS\system32\DRIVERS\crcdisk.sys R0 DfsDriver;DfsDriver;C:\WINDOWS\system32\drivers\Df s.sys R1 kbfilter;Keyboard Filter Driver;C:\WINDOWS\system32\drivers\kbfilter.sys R1 UsbFltr;WayTechUSBFilterDriver;C:\WINDOWS\system32 \drivers\UsbFltr.sys R2 BDFS;BitDefender for File Servers;C:\Program Files\Softwin\BitDefender for File Servers\bdfs.exe /service R2 BDLIVED;BitDefender Update;C:\Program Files\Common Files\Softwin\bdlived.exe /service R2 BDLOGD;BitDefender Logging Service;C:\Program Files\Common Files\Softwin\bdlogd.exe --bdservice R2 BDREGISTRY;BitDefender Registry v2;C:\Program Files\Common Files\Softwin\BDReg\bdregsvr2.exe R2 BDSCAND;BitDefender Scanning Service;C:\Program Files\Common Files\Softwin\bdscand.exe --bdservice R2 BDScheduler;BitDefender Scheduler;C:\Program Files\Common Files\Softwin\BDScheduler.exe R2 BDSTATSRV2;BitDefender Statistics 2;C:\Program Files\Common Files\Softwin\Stats\BDstat.exe /service R2 Dfs;Distributed File System;C:\WINDOWS\system32\Dfssvc.exe R2 DHCPServer;DHCP Server;C:\WINDOWS\system32\tcpsvcs.exe R2 DNS;DNS Server;C:\WINDOWS\System32\dns.exe R2 kdc;Kerberos Key Distribution Center;C:\WINDOWS\System32\lsass.exe R2 lnss_sscans;GFI LANguard N.S.S. Scheduled Scans Service;c:\windows\x\ln\sscansvc.exe R2 MSCRMSecurityService;Microsoft CRM Security Service;"C:\Program Files\Microsoft CRM\Server\bin\CrmSecurityService.exe" R2 MSMQ;Message Queuing;C:\WINDOWS\system32\mqsvc.exe R2 MSSEARCH;Microsoft Search;"C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe" R2 MSSQL$SHAREPOINT;MSSQL$SHAREPOINT;C:\Program Files\Microsoft SQL Server\MSSQL$SHAREPOINT\Binn\sqlservr.exe -sSHAREPOINT R2 NtFrs;File Replication Service;C:\WINDOWS\system32\ntfrs.exe R2 RMCAST;RMCAST (Pgm) Protocol Driver;C:\WINDOWS\system32\DRIVERS\RMCAST.sys R2 SBCore;SBCore Service;C:\WINDOWS\System32\sbscrexe.exe R2 SPTimer;SharePoint Timer Service;"C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\60\BIN\OWSTIMER.EXE" R3 ati2mpad;ati2mpad;C:\WINDOWS\system32\DRIVERS\ati2 mpad.sys R3 MQAC;Message Queuing access control;\??\C:\WINDOWS\system32\drivers\mqac.sys R3 WinHttpAutoProxySvc;WinHTTP Web Proxy Auto-Discovery Service;C:\WINDOWS\system32\svchost.exe -k LocalService S2 Dnscfg;Dns Config;C:\Program Files\Common Files\Microsoft Shared\MSINFO\iedw.exe S2 Smart Crad;Smart Crad Service;C:\WINDOWS\system32\conine.exe conine.ini S2 sqltec;sqltec;C:\WINDOWS\system32\drivers\etc\0sec \SQLsecurity.exe S2 Windows;Windows;C:\WINDOWS\system32\jfu81.exe S2 WINS;Windows Internet Name Service (WINS);C:\WINDOWS\System32\wins.exe S2 winswos;winswos;C:\WINDOWS\system32\boot.exe S3 CrystalEventServer;Crystal Event Server;"C:\Program Files\Microsoft CRM\Crystal Decisions\Enterprise 9\win32_x86\EventServer.exe" -service -name SBS.eventserver -ns SBS -restart S3 mcemgr;mcemgr;\??\C:\WINDOWS\system32\obdwk.sys S3 MSCRMBulkMailService;Microsoft CRM Bulk E-mail Service;C:\Program Files\Microsoft CRM\Server\bin\CrmBulkMailService.exe S3 MSCRMDeletionService;Microsoft CRM Deletion Service;C:\Program Files\Microsoft CRM\Server\bin\CrmDeletionService.exe S3 MSCRMWorkflowService;Microsoft CRM Workflow Service;C:\Program Files\Microsoft CRM\Server\bin\CrmWorkflowService.exe S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys S3 RSoPProv;Resultant Set of Policy Provider;C:\WINDOWS\system32\RSoPProv.exe S3 sacsvr;Special Administration Console Helper;C:\WINDOWS\System32\svchost.exe -k netsvcs S3 SmartCradDrv;SmartCradDrv;\??\C:\WINDOWS\system32\ SmartCradDrv.html S3 SQLAgent$SHAREPOINT;SQLAgent$SHAREPOINT;C:\Program Files\Microsoft SQL Server\MSSQL$SHAREPOINT\Binn\sqlagent.EXE -i SHAREPOINT S3 WLBS;Network Load Balancing;C:\WINDOWS\system32\DRIVERS\wlbs.sys S3 XScanPF;XScanPF;\??\C:\WINDOWS\x\X-Scan-v3.3\dat\xpf.sys S4 ClusDisk;Cluster Disk Driver;C:\WINDOWS\system32\DRIVERS\ClusDisk.sys S4 IsmServ;Intersite Messaging;C:\WINDOWS\System32\ismserv.exe S4 MSPOP3Connector;Microsoft Connector for POP3 Mailboxes;C:\Program Files\Microsoft Windows Small Business Server\Networking\POP3\imbservice.exe S4 TrkSvr;Distributed Link Tracking Server;C:\WINDOWS\system32\svchost.exe -k netsvcs S4 Tssdis;Terminal Services Session Directory;C:\WINDOWS\System32\tssdis.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalService Alerter WebClient LmHosts WinHttpAutoProxySvc NetworkService 6to4 DHCP DnsCache WinErr ERsvc tapisrv Tapisrv regsvc RemoteRegistry swprv swprv HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs AppMgmt AudioSrv Browser CryptSvc DMServer HidServ LanmanServer LanmanWorkstation Messenger Nla NWCWorkstation Sacsvr Schedule Seclogon Themes TrkWks TrkSvr W32Time Wmi WmdmPmSp winmgmt wuauserv BITS ShellHWDetection helpsvc uploadmgr *Newly Created Service* - CATCHME [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}] %SystemRoot%\system32\rundll32.exe iesetup.dll,IEHardenAdmin [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}] %SystemRoot%\system32\rundll32.exe iesetup.dll,IEHardenUser . Contents of the 'Scheduled Tasks' folder "2007-10-02 17:00:18 C:\WINDOWS\Tasks\ShadowCopyVolume{c1cad1fb-c086-11d8-8251-806e6f6e6963}.job" "2007-10-02 03:08:58 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job" . ************************************************** ************************ catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-02 20:13:54 Windows 5.2.3790 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************** ************************ . Completion time: 2007-10-02 20:15:39 C:\ComboFix2.txt ... 2007-10-02 20:05 . --- E O F --- Al reiniciar el server aparentemente funcionaba mejor, pero con el paso del tiempo fue degradando su performance y ahora lo que nos hizo fue que nos desconfiguró la salida a internet, ya que este server hace las veces de Gateway de la red. Quedo atento a tus comentarios. De antemano, gracias. Saludos. |
|
05/10/07, 19:15:16
| |
| ||||
| Re: Solicito ayuda contra trojan.crypt.cfi.ahz Hola, no veo nada en el log de CF, tendrías que ver si iniciando en modo seguro te permite pasar el Antivirus local o probar con alguno de los Antivirus Onlines de la lista. Salu2 En preparativos por la llegada del "Huracán - IKE"" Novedades del Foro | Antivirus Online | Eliminar Malwares | Políticas del Foro | Blog * Ayúdanos haciendo una DONACIÓN para poder seguir Ayudando. * Para evitar Virus y Spywares al navegar por internet, USE FIREFOX !! * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro. |
|
« Tema Anterior
|
Próximo Tema »
| Herramientas | |
|
|
| 
Temas Similares | |
| Tema | Autor | Foro | Respuestas | Último mensaje |
| Solicito su ayuda para configurar outlook | Raven1977 | Foro de Software | 8 | 23/03/07 20:26:46 |
| busco ayuda contra antivermins y pags de juego ke entran en mi pc ! | Darly cant | Foro Oficial de HijackThis en español | 3 | 13/02/07 02:35:58 |
| Ayuda contra posible troyano | susy66 | Foro Oficial de HijackThis en español | 1 | 03/01/07 20:10:29 |
| Solicito vuestra ayuda.... (Solucionado) | OLDMANFUTURE | Temas Solucionados | 2 | 22/12/06 21:42:29 |
| Que tal, se me metio el spysheriff, solicito su opinion y ayuda. (solucionado) | therion_samael | Temas Solucionados | 2 | 17/07/05 17:12:22 |
Todas las horas son GMT -4. La hora es 06:15:19.
