Hola, por favor descarga la versión del día de hoy de CF y prueba nuevamente ya que había un pequeño problema en esta.

SAlu2

DESCARGE EL CF Y TERMINO EL PROCESO DEWSPUES RESETIE LA MAQUINA Y EL ZONEALARM EMPESO EL SCANEO Y DETECTO EL VIRUS TODAVIA SIGUE AHI NO SE QUE PASA CON ESTA MAQUINA ESPERO ME PUEDAS AYUDAR GRACIAS ESTE ES EL REPORTE DEL CF.



ComboFix 07-12-15.5 - winxp 2007-12-15 10:07:58.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.617 [GMT -5:00]
Running from: C:\Documents and Settings\winxp\Local Settings\Temporary Internet Files\Content.IE5\HJRDL70A\ComboFix[2].exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\winxp\Application Data\FunWebProducts
C:\Documents and Settings\winxp\Application Data\inst.exe
C:\Program Files\internet explorer\msimg32.dll
C:\WINDOWS\b129.exe.bin
C:\WINDOWS\pack.epk
C:\WINDOWS\system32\dqtujssbwr.dat
C:\WINDOWS\system32\dqtujssbwr_nav.dat
C:\WINDOWS\system32\dqtujssbwr_navps.dat
C:\WINDOWS\system32\nsgB35.dll
C:\WINDOWS\wr.txt

.
((((((((((((((((((((((((( Files Created from 2007-11-15 to 2007-12-15 )))))))))))))))))))))))))))))))
.

2007-12-14 18:30 . 2007-12-14 18:39 3,913,830,400 --a------ C:\THE REEF.ISO
2007-12-14 18:18 . 2007-12-14 18:21 1,439,426,560 --a------ C:\BEE MOVIE.ISO
2007-12-14 18:06 . 2007-12-14 18:16 4,464,152,576 --a------ C:\SURFS UP.ISO
2007-12-14 17:37 . 2007-12-14 17:46 4,082,771,968 --a------ C:\BROTHER BEAR 2.ISO
2007-12-12 18:00 . 2007-12-12 18:33 1,393 --a------ C:\WINDOWS\imsins.BAK
2007-12-08 23:54 . 2007-12-08 23:54 <DIR> d-------- C:\Program Files\DelPSGuard
2007-12-06 21:19 . 2007-12-13 21:42 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-12-06 21:19 . 2007-12-06 21:19 <DIR> d-------- C:\Documents and Settings\winxp\Application Data\SUPERAntiSpyware.com
2007-12-06 21:18 . 2007-12-06 21:18 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-06 20:40 . 2007-12-06 20:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-12-06 20:27 . 2007-12-06 20:27 <DIR> d-------- C:\Program Files\Yahoo!
2007-12-06 20:27 . 2007-12-06 20:27 <DIR> d-------- C:\Program Files\CCleaner
2007-12-04 16:36 . 2007-12-04 16:36 59,229 --a------ C:\WINDOWS\system32\dcads_sidebar_uninstall.exe
2007-12-03 12:13 . 2007-12-03 12:13 282,624 --a------ C:\WINDOWS\system32\dcads_sidebar.dll
2007-12-02 19:39 . 2007-12-02 19:39 <DIR> d-------- C:\Program Files\SlySoft
2007-12-02 19:15 . 2007-12-02 19:15 724,992 --a------ C:\WINDOWS\iun6002.exe
2007-12-02 13:16 . 2007-12-02 13:16 36 ---h----- C:\WINDOWS\system32\swk.ini
2007-12-02 10:40 . 2007-12-13 20:41 8,116 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-12-01 18:17 . 2007-12-01 18:17 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-30 18:28 . 2007-11-30 18:30 <DIR> d-------- C:\Program Files\Windows Live
2007-11-30 18:28 . 2007-11-30 18:30 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2007-11-30 18:27 . 2007-11-30 18:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-11-30 18:00 . 2007-11-30 18:00 <DIR> d-------- C:\Program Files\Windows Live Favorites
2007-11-28 17:42 . 2003-03-18 17:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2007-11-28 17:23 . 2007-11-28 17:29 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2007-11-28 17:23 . 2007-11-28 17:29 1,406 --a------ C:\WINDOWS\system32\Help.ico
2007-11-27 18:32 . 2001-08-17 13:56 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS
2007-11-27 18:32 . 2001-08-17 13:56 7,552 --a--c--- C:\WINDOWS\system32\dllcache\sonypvu1.sys
2007-11-26 13:36 . 2007-12-06 17:04 194,372 --a------ C:\WINDOWS\system32\adssitesuggest_uninstall.exe
2007-11-26 10:51 . 2007-11-26 10:51 327,680 --a------ C:\WINDOWS\system32\adssitesuggest.dll
2007-11-25 01:31 . 2007-11-25 01:31 <DIR> d-------- C:\Program Files\Dcads Advanced Toolbar
2007-11-25 01:31 . 2007-11-25 14:09 <DIR> d-------- C:\Documents and Settings\winxp\Application Data\Dcads Advanced Toolbar
2007-11-25 01:31 . 2007-11-25 01:31 33,088 --a------ C:\WINDOWS\system32\dcadssuggest_uninstall.exe
2007-11-25 01:30 . 2007-11-30 22:43 80,118 --a------ C:\WINDOWS\system32\dcads-remove.exe
2007-11-25 01:30 . 2007-11-25 01:30 40,731 --a------ C:\WINDOWS\system32\superiorads-uninst.exe
2007-11-23 09:24 . 2007-11-23 09:24 327,680 --a------ C:\WINDOWS\system32\dcadssuggest.dll
2007-11-15 18:14 . 2007-11-15 18:14 <DIR> d-------- C:\Documents and Settings\winxp\Application Data\dvdcss

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2007-12-14 23:49 --------- d-----w C:\Documents and Settings\winxp\Application Data\Vso
2007-12-14 23:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-12-14 22:19 --------- d-----w C:\Program Files\eMule
2007-12-12 12:56 --------- d-----w C:\Documents and Settings\winxp\Application Data\LimeWire
2007-12-03 00:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\SlySoft
2007-12-03 00:42 99,904 ----a-w C:\WINDOWS\system32\drivers\AnyDVD.sys.bak
2007-12-03 00:42 99,904 ----a-w C:\WINDOWS\system32\drivers\AnyDVD.sys
2007-12-03 00:40 34,308 ----a-w C:\WINDOWS\system32\Chip.dll
2007-12-01 22:19 69,974 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2007_12_01_17_04_50_small.dmp.zi p
2007-12-01 22:19 68,194 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2007_12_01_17_04_45_small.dmp.zi p
2007-12-01 04:24 --------- d-----w C:\Program Files\LimeWire
2007-11-30 23:31 --------- d-----w C:\Program Files\MSN Messenger
2007-11-30 23:01 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-11-21 15:19 6,820,024 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2007-11-21 15:19 144,288 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_11_19_14_16_20_small.dmp.zip
2007-11-15 23:36 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-10 03:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\DFX
2007-11-03 18:43 --------- d-----w C:\Program Files\Java
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 22:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-22 00:10 92,672 ----a-w C:\WINDOWS\system32\KillBox.exe
2007-10-18 16:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll
2007-10-17 17:23 10,752 ----a-w C:\WINDOWS\system32\WhoisCL.exe
2007-10-12 11:07 24,450,662 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_10_11_23_36_26_full.dmp. zip
2007-09-24 22:41 20,693,280 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_09_24_08_31_15_full.dmp. zip
2007-08-08 22:07 56,105 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_08_08_18_07_36_small.dmp.zip
2007-08-07 12:21 42,970 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2007_08_07_08_18_05_small.dmp.zi p
2007-07-18 13:56 550,912 ----a-w C:\WINDOWS\inf\DVD.BIN
2007-07-08 01:39 21,233,976 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_07_07_20_33_57_full.dmp. zip
2007-07-08 01:39 21,188,507 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_07_07_20_33_49_full.dmp. zip
2007-07-08 01:38 21,126,132 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_07_07_20_33_35_full.dmp. zip
2007-04-28 18:43 47,360 ----a-w C:\Documents and Settings\winxp\Application Data\pcouffin.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"DW4"="C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" [2007-03-16 06:51]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-08-06 17:35]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [2007-12-02 19:42]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 07:57]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-04-28 13:45]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-01-08 13:29]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.e xe" [2006-01-12 15:40]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 13:42]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

R3 MusCDriverV32;MusCDriverV32;C:\WINDOWS\system32\dr ivers\MusCDriverV32.sys
S3 ess;ESS Audio Driver (WDM);C:\WINDOWS\system32\drivers\ess.sys
S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys
S4 FreezeScreenSaver;FreezeScreenSaver;C:\WINDOWS\sys tem32\FreezeScreenSaver.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-12-14 22:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2007-12-11 19:55:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-15 15:11:01 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
************************************************** ************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-15 10:11:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2007-12-15 10:11:40
.
2007-12-12 23:35:47 --- E O F ---

Hola, ComboFix detecto y elimino ya algunos Malwares, pero todavía le quedaron algunas cosas para sacar siguiendo estos pasos:

1.-Abrir el Notepad

• Clic en INICIO > EJECUTAR >
• Y ahí pones notepad.exe y ACEPTAR

2.- Ahora copia y pega estos archivos dentro del Notepad

3.- Graba este archivo con el nombre CFScript.txt

4.- Arrastra y soltar el archivo CFScript.txt dentro del archivo ComboFix.exe como lo muestra la animación de abajo. Esto activara ComboFix nuevamente.

• Reinicia tu PC y nos dejas un el nuevo reporte de ComboFix, comentándonos como esta funcionado todo actualmente?

Salu2

QUE TAL PIEDRA AQUI ESTA EL LOGO DE CF ESPERO Q CON ESTA SE SOLUCIONE MI COMPUTADORA AQUI TE LO DEJO PARA Q LO CHEQUES
SALUDOS.


ComboFix 07-12-19.2 - winxp 2007-12-18 19:40:41.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.524 [GMT -5:00]
Running from: C:\Documents and Settings\winxp\Local Settings\Temporary Internet Files\Content.IE5\NSAHESUV\ComboFix[1].exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-11-19 to 2007-12-19 )))))))))))))))))))))))))))))))
.

2007-12-16 13:19 . 2007-12-16 13:22 <DIR> d-------- C:\Documents and Settings\winxp\Application Data\Move Networks
2007-12-08 23:54 . 2007-12-08 23:54 <DIR> d-------- C:\Program Files\DelPSGuard
2007-12-06 21:19 . 2007-12-13 21:42 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-12-06 21:19 . 2007-12-06 21:19 <DIR> d-------- C:\Documents and Settings\winxp\Application Data\SUPERAntiSpyware.com
2007-12-06 21:18 . 2007-12-06 21:18 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-06 20:40 . 2007-12-06 20:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-12-06 20:27 . 2007-12-06 20:27 <DIR> d-------- C:\Program Files\Yahoo!
2007-12-06 20:27 . 2007-12-06 20:27 <DIR> d-------- C:\Program Files\CCleaner
2007-12-04 16:36 . 2007-12-04 16:36 59,229 --a------ C:\WINDOWS\system32\dcads_sidebar_uninstall.exe
2007-12-03 12:13 . 2007-12-03 12:13 282,624 --a------ C:\WINDOWS\system32\dcads_sidebar.dll
2007-12-02 19:39 . 2007-12-02 19:39 <DIR> d-------- C:\Program Files\SlySoft
2007-12-02 19:15 . 2007-12-02 19:15 724,992 --a------ C:\WINDOWS\iun6002.exe
2007-12-02 13:16 . 2007-12-02 13:16 36 ---h----- C:\WINDOWS\system32\swk.ini
2007-12-02 10:40 . 2007-12-13 20:41 8,116 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-12-01 18:17 . 2007-12-01 18:17 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-30 18:28 . 2007-11-30 18:30 <DIR> d-------- C:\Program Files\Windows Live
2007-11-30 18:28 . 2007-11-30 18:30 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2007-11-30 18:27 . 2007-11-30 18:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-11-30 18:00 . 2007-11-30 18:00 <DIR> d-------- C:\Program Files\Windows Live Favorites
2007-11-28 17:42 . 2003-03-18 17:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2007-11-28 17:23 . 2007-11-28 17:29 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2007-11-28 17:23 . 2007-11-28 17:29 1,406 --a------ C:\WINDOWS\system32\Help.ico
2007-11-27 18:32 . 2001-08-17 13:56 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS
2007-11-27 18:32 . 2001-08-17 13:56 7,552 --a--c--- C:\WINDOWS\system32\dllcache\sonypvu1.sys
2007-11-26 13:36 . 2007-12-06 17:04 194,372 --a------ C:\WINDOWS\system32\adssitesuggest_uninstall.exe
2007-11-26 10:51 . 2007-11-26 10:51 327,680 --a------ C:\WINDOWS\system32\adssitesuggest.dll
2007-11-25 01:31 . 2007-11-25 01:31 <DIR> d-------- C:\Program Files\Dcads Advanced Toolbar
2007-11-25 01:31 . 2007-11-25 14:09 <DIR> d-------- C:\Documents and Settings\winxp\Application Data\Dcads Advanced Toolbar
2007-11-25 01:31 . 2007-11-25 01:31 33,088 --a------ C:\WINDOWS\system32\dcadssuggest_uninstall.exe
2007-11-25 01:30 . 2007-11-30 22:43 80,118 --a------ C:\WINDOWS\system32\dcads-remove.exe
2007-11-25 01:30 . 2007-11-25 01:30 40,731 --a------ C:\WINDOWS\system32\superiorads-uninst.exe
2007-11-23 09:24 . 2007-11-23 09:24 327,680 --a------ C:\WINDOWS\system32\dcadssuggest.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2007-12-19 00:38 --------- d-----w C:\Documents and Settings\winxp\Application Data\Vso
2007-12-19 00:07 --------- d-----w C:\Program Files\eMule
2007-12-18 23:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ahead
2007-12-18 01:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-12-16 01:49 --------- d-----w C:\Documents and Settings\winxp\Application Data\LimeWire
2007-12-15 15:22 8,506,910 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2007-12-03 00:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\SlySoft
2007-12-03 00:42 99,904 ----a-w C:\WINDOWS\system32\drivers\AnyDVD.sys.bak
2007-12-03 00:42 99,904 ----a-w C:\WINDOWS\system32\drivers\AnyDVD.sys
2007-12-03 00:40 34,308 ----a-w C:\WINDOWS\system32\Chip.dll
2007-12-01 22:19 69,974 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2007_12_01_17_04_50_small.dmp.zi p
2007-12-01 22:19 68,194 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2007_12_01_17_04_45_small.dmp.zi p
2007-12-01 04:24 --------- d-----w C:\Program Files\LimeWire
2007-11-30 23:31 --------- d-----w C:\Program Files\MSN Messenger
2007-11-30 23:01 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-11-21 15:19 144,288 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_11_19_14_16_20_small.dmp.zip
2007-11-15 23:36 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-15 23:14 --------- d-----w C:\Documents and Settings\winxp\Application Data\dvdcss
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-10 03:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\DFX
2007-11-03 18:43 --------- d-----w C:\Program Files\Java
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 22:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-22 00:10 92,672 ----a-w C:\WINDOWS\system32\KillBox.exe
2007-10-18 16:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll
2007-10-17 17:23 10,752 ----a-w C:\WINDOWS\system32\WhoisCL.exe
2007-10-12 11:07 24,450,662 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_10_11_23_36_26_full.dmp. zip
2007-09-24 22:41 20,693,280 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_09_24_08_31_15_full.dmp. zip
2007-08-08 22:07 56,105 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_08_08_18_07_36_small.dmp.zip
2007-08-07 12:21 42,970 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2007_08_07_08_18_05_small.dmp.zi p
2007-07-18 13:56 550,912 ----a-w C:\WINDOWS\inf\DVD.BIN
2007-07-08 01:39 21,233,976 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_07_07_20_33_57_full.dmp. zip
2007-07-08 01:39 21,188,507 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_07_07_20_33_49_full.dmp. zip
2007-07-08 01:38 21,126,132 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_07_07_20_33_35_full.dmp. zip
2007-04-28 18:43 47,360 ----a-w C:\Documents and Settings\winxp\Application Data\pcouffin.sys
.

((((((((((((((((((((((((((((( snapshot@2007-12-15_10.11.03.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-12-16 05:01:43 25,622 ----a-r C:\WINDOWS\Installer\{7D1928D2-26FA-45FA-A4DD-A876D7293818}\fifapc.exe
- 2007-12-14 02:38:23 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat
+ 2007-12-18 06:12:19 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"DW4"="C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" [2007-03-16 06:51]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-08-06 17:35]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [2007-12-02 19:42]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 07:57]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-04-28 13:45]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-01-08 13:29]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.e xe" [2006-01-12 15:40]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 13:42]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

R3 MusCDriverV32;MusCDriverV32;C:\WINDOWS\system32\dr ivers\MusCDriverV32.sys [2007-07-19 13:58]
S3 ess;ESS Audio Driver (WDM);C:\WINDOWS\system32\drivers\ess.sys [2001-08-17 11:19]
S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys [2007-09-06 12:28]
S4 FreezeScreenSaver;FreezeScreenSaver;C:\WINDOWS\sys tem32\FreezeScreenSaver.exe []

.
Contents of the 'Scheduled Tasks' folder
"2007-12-14 22:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2007-12-18 19:55:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-19 00:11:03 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
************************************************** ************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-18 19:44:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2007-12-18 19:45:22
C:\ComboFix2.txt ... 2007-12-15 10:11
.
2007-12-12 23:35:47 --- E O F ---

Hola, ComboFix ya se encargo de eliminar los archivos de malwares encontrados en tu PC, por lo que tendrías que comentarnos como esta funcionado todo luego de reiniciar ?

Salu2

SI LO SIENTO OLVIDE PONER Q CUANDO SCANEO MI COMPUTADORA SIGUE
APARECIENDO EL TROJAN DOWNLOADER ALGO ASI SE ESCRIBE Y CUANDO ESTOY EN EL INTERNET ES LENTA AL ABRIR UNAS PAQUINAS Y OTRAS NO LAS HABRE SE QUEDA CONGUELADA NO SE SI ESTO SE DEBA A Q CASI SIEMPRE ESTOY BAJANDO PELICULAS O MUSICA, Y CUANDO PRENDO MI MAQUINA SE TARDA EN ABRIR EL PROGRAMA DEL TIEMPO, EL NOD32,EL MESSENGER Y EL ANTISPYWARE TODO ESTE INICIO TARDA ENTRE 5 MIN. A
8 MIN. NO SE SI SEA NORMAL PERO ANTES LOS ABRIA AL INSTANTE, A EL VIRUS SIGUE ALLI O POR LO MENOS EL NOMBRE SIGUE APARECIENDO CUANDO SCANEO LA MAQUINA CON ZONEALARM; ESPERO Q CON ESTO ME PUEDAS DECIR Q ES LO Q PASA CON MI COMPUTADORA Y Q MAS PUEDO HACERLE PARA TENER LA MISMA VELOCIDAD PARA ABRIR LOS PROGRAMAS COMO ANTES GRACIAS Y SALUDOS.

Hola, hacele un escaneo con Kaspersky Antivirus online y dejanos también el reporte de tu Antivirus que te esta detectando esa infección.

Salu2

aqui esta el scan de kaspersky y con respecto al reporte del zone alarm no se como sacar un reporte tambien te dejo el reporte del antispyware detecta un archivo nose si es un virus.


lunes, 24 de diciembre de 2007 10:18:20
Sistema operativo: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner versión: 5.0.84.1
Ultima actualización: 24/12/2007
Registros en la base antivirus: 461198


Configuración del análisis
Analizar usando las siguientes bases standard
Analizar archivos verdadero
Analizar bases de correo verdadero

Objetivo a analizar Mi PC
A:\
C:\
D:\
E:\

Estadísticas
Número de objeros analizados 28244
Virus encontrados 0
Objetos infectados 0 / 0
Objetos sospechosos 0
Duración del análisis 00:22:06

Bombre del objeto infectado Nombre del virus Última acción
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked saltado

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked saltado

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked saltado

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked saltado

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked saltado

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked saltado

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked saltado

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked saltado

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked saltado

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked saltado

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked saltado

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked saltado

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked saltado

C:\Documents and Settings\winxp\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SUPERAN TISPYWARE.LOG Object is locked saltado

C:\Documents and Settings\winxp\Cookies\index.dat Object is locked saltado

C:\Documents and Settings\winxp\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked saltado

C:\Documents and Settings\winxp\Local Settings\Application Data\Microsoft\Messenger\a-grev-le@hotmail.com\SharingMetadata\Logs\Dfsr00005.log Object is locked saltado

C:\Documents and Settings\winxp\Local Settings\Application Data\Microsoft\Messenger\a-grev-le@hotmail.com\SharingMetadata\pending.dat Object is locked saltado

C:\Documents and Settings\winxp\Local Settings\Application Data\Microsoft\Messenger\a-grev-le@hotmail.com\SharingMetadata\Working\database_6A 10_9633_1096_5EB\dfsr.db Object is locked saltado

C:\Documents and Settings\winxp\Local Settings\Application Data\Microsoft\Messenger\a-grev-le@hotmail.com\SharingMetadata\Working\database_6A 10_9633_1096_5EB\fsr.log Object is locked saltado

C:\Documents and Settings\winxp\Local Settings\Application Data\Microsoft\Messenger\a-grev-le@hotmail.com\SharingMetadata\Working\database_6A 10_9633_1096_5EB\fsrtmp.log Object is locked saltado

C:\Documents and Settings\winxp\Local Settings\Application Data\Microsoft\Messenger\a-grev-le@hotmail.com\SharingMetadata\Working\database_6A 10_9633_1096_5EB\tmp.edb Object is locked saltado

C:\Documents and Settings\winxp\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked saltado

C:\Documents and Settings\winxp\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked saltado

C:\Documents and Settings\winxp\Local Settings\Application Data\Microsoft\Windows Live Contacts\a-grev-le@hotmail.com\real\members.stg Object is locked saltado

C:\Documents and Settings\winxp\Local Settings\Application Data\Microsoft\Windows Live Contacts\a-grev-le@hotmail.com\shadow\members.stg Object is locked saltado

C:\Documents and Settings\winxp\Local Settings\History\History.IE5\index.dat Object is locked saltado

C:\Documents and Settings\winxp\Local Settings\History\History.IE5\MSHist012007122420071 225\index.dat Object is locked saltado

C:\Documents and Settings\winxp\Local Settings\Temp\~DF12A7.tmp Object is locked saltado

C:\Documents and Settings\winxp\Local Settings\Temp\~DF12C9.tmp Object is locked saltado

C:\Documents and Settings\winxp\Local Settings\Temp\~DF1BD4.tmp Object is locked saltado

C:\Documents and Settings\winxp\Local Settings\Temp\~DF1BEA.tmp Object is locked saltado

C:\Documents and Settings\winxp\Local Settings\Temp\~DFCC2F.tmp Object is locked saltado

C:\Documents and Settings\winxp\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked saltado

C:\Documents and Settings\winxp\ntuser.dat Object is locked saltado

C:\Documents and Settings\winxp\NTUSER.DAT.LOG Object is locked saltado

C:\Documents and Settings\winxp\UserData\index.dat Object is locked saltado

C:\Program Files\ESET\cache\CACHE.NDB Object is locked saltado

C:\Program Files\ESET\logs\virlog.dat Object is locked saltado

C:\Program Files\ESET\logs\warnlog.dat Object is locked saltado

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked saltado

C:\WINDOWS\Debug\PASSWD.LOG Object is locked saltado

C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked saltado

C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked saltado

C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked saltado

C:\WINDOWS\Internet Logs\tvDebug.log Object is locked saltado

C:\WINDOWS\Internet Logs\WINXP-E274B5061.ldb Object is locked saltado

C:\WINDOWS\SchedLgU.Txt Object is locked saltado

C:\WINDOWS\SoftwareDistribution\ReportingEvents.lo g Object is locked saltado

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked saltado

C:\WINDOWS\system32\config\default Object is locked saltado

C:\WINDOWS\system32\config\default.LOG Object is locked saltado

C:\WINDOWS\system32\config\Internet.evt Object is locked saltado

C:\WINDOWS\system32\config\SAM Object is locked saltado

C:\WINDOWS\system32\config\SAM.LOG Object is locked saltado

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked saltado

C:\WINDOWS\system32\config\SECURITY Object is locked saltado

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked saltado

C:\WINDOWS\system32\config\software Object is locked saltado

C:\WINDOWS\system32\config\software.LOG Object is locked saltado

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked saltado

C:\WINDOWS\system32\config\system Object is locked saltado

C:\WINDOWS\system32\config\system.LOG Object is locked saltado

C:\WINDOWS\system32\h323log.txt Object is locked saltado

C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked saltado

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked saltado

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked saltado

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked saltado

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MA P Object is locked saltado

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MA P Object is locked saltado

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DAT A Object is locked saltado

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked saltado

C:\WINDOWS\Temp\ZLT026f3.TMP Object is locked saltado

C:\WINDOWS\Temp\ZLT06b8e.TMP Object is locked saltado

C:\WINDOWS\WindowsUpdate.log Object is locked saltado

Análisis completado.






SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/24/2007 at 10:29 AM

Application Version : 3.9.1008

Core Rules Database Version : 3259
Trace Rules Database Version: 1270

Scan type : Quick Scan
Total Scan Time : 00:06:22

Memory items scanned : 415
Memory threats detected : 0
Registry items scanned : 609
Registry threats detected : 0
File items scanned : 8184
File threats detected : 61

Adware.Tracking Cookie
C:\Documents and Settings\winxp\Cookies\winxp@trafficmp[2].txt
C:\Documents and Settings\winxp\Cookies\winxp@partner2profit[2].txt
C:\Documents and Settings\winxp\Cookies\winxp@ads.us.e-planning[2].txt
C:\Documents and Settings\winxp\Cookies\winxp@stats.rkads[1].txt
C:\Documents and Settings\winxp\Cookies\winxp@maxim.122.2o7[1].txt
C:\Documents and Settings\winxp\Cookies\winxp@crackle[1].txt
C:\Documents and Settings\winxp\Cookies\winxp@tremor.adbureau[2].txt
C:\Documents and Settings\winxp\Cookies\winxp@tgn.122.2o7[1].txt
C:\Documents and Settings\winxp\Cookies\winxp@aps.media.adrevolver[1].txt
C:\Documents and Settings\winxp\Cookies\winxp@bizrate[1].txt
C:\Documents and Settings\winxp\Cookies\winxp@ehg-groupernetworks.hitbox[1].txt
C:\Documents and Settings\winxp\Cookies\winxp@stat.onestat[1].txt
C:\Documents and Settings\winxp\Cookies\winxp@casalemedia[1].txt
C:\Documents and Settings\winxp\Cookies\winxp@msnportal.112.2o7[1].txt
C:\Documents and Settings\winxp\Cookies\winxp@bs.serving-sys[2].txt
C:\Documents and Settings\winxp\Cookies\winxp@media.adrevolver[3].txt
C:\Documents and Settings\winxp\Cookies\winxp@www.googleadservices[1].txt
C:\Documents and Settings\winxp\Cookies\winxp@ads.pointroll[1].txt
C:\Documents and Settings\winxp\Cookies\winxp@ads.adbrite[2].txt
C:\Documents and Settings\winxp\Cookies\winxp@collective-media[1].txt
C:\Documents and Settings\winxp\Cookies\winxp@advertising[2].txt
C:\Documents and Settings\winxp\Cookies\winxp@atdmt[2].txt
C:\Documents and Settings\winxp\Cookies\winxp@hitbox[2].txt
C:\Documents and Settings\winxp\Cookies\winxp@atwola[1].txt
C:\Documents and Settings\winxp\Cookies\winxp@zedo[2].txt
C:\Documents and Settings\winxp\Cookies\winxp@ads.addynamix[2].txt
C:\Documents and Settings\winxp\Cookies\winxp@ads.revsci[1].txt
C:\Documents and Settings\winxp\Cookies\winxp@www.googleadservices[4].txt
C:\Documents and Settings\winxp\Cookies\winxp@rocku.adbureau[1].txt
C:\Documents and Settings\winxp\Cookies\winxp@adrevolver[1].txt
C:\Documents and Settings\winxp\Cookies\winxp@3.adbrite[1].txt
C:\Documents and Settings\winxp\Cookies\winxp@ehg-foxsports.hitbox[2].txt
C:\Documents and Settings\winxp\Cookies\winxp@ads.gametap[1].txt
C:\Documents and Settings\winxp\Cookies\winxp@www.googleadservices[2].txt
C:\Documents and Settings\winxp\Cookies\winxp@metacafe.122.2o7[1].txt
C:\Documents and Settings\winxp\Cookies\winxp@adbrite[2].txt
C:\Documents and Settings\winxp\Cookies\winxp@microsoftwga.112.2o7[1].txt
C:\Documents and Settings\winxp\Cookies\winxp@revsci[1].txt
C:\Documents and Settings\winxp\Cookies\winxp@imrworldwide[2].txt
C:\Documents and Settings\winxp\Cookies\winxp@tacoda[1].txt
C:\Documents and Settings\winxp\Cookies\winxp@adopt.euroclick[2].txt
C:\Documents and Settings\winxp\Cookies\winxp@statcounter[1].txt
C:\Documents and Settings\winxp\Cookies\winxp@ad.yieldmanager[1].txt
C:\Documents and Settings\winxp\Cookies\winxp@247realmedia[1].txt
C:\Documents and Settings\winxp\Cookies\winxp@bluestreak[1].txt
C:\Documents and Settings\winxp\Cookies\winxp@www1.addfreestats[2].txt
C:\Documents and Settings\winxp\Cookies\winxp@fastclick[2].txt
C:\Documents and Settings\winxp\Cookies\winxp@serving-sys[1].txt
C:\Documents and Settings\winxp\Cookies\winxp@realmedia[1].txt
C:\Documents and Settings\winxp\Cookies\winxp@specificclick[1].txt
C:\Documents and Settings\winxp\Cookies\winxp@tradedoubler[1].txt
C:\Documents and Settings\winxp\Cookies\winxp@adv.surinter[1].txt
C:\Documents and Settings\winxp\Cookies\winxp@ads.esmas[1].txt
C:\Documents and Settings\winxp\Cookies\winxp@mediaplex[2].txt
C:\Documents and Settings\winxp\Cookies\winxp@questionmarket[2].txt
C:\Documents and Settings\winxp\Cookies\winxp@www.googleadservices[3].txt
C:\Documents and Settings\winxp\Cookies\winxp@media.adrevolver[1].txt
C:\Documents and Settings\winxp\Cookies\winxp@doubleclick[2].txt
C:\Documents and Settings\winxp\Cookies\winxp@weborama[2].txt
C:\Documents and Settings\winxp\Cookies\winxp@fl01.ct2.comclick[1].txt
C:\Documents and Settings\winxp\Cookies\winxp@tribalfusion[1].txt

pues espero me puedas ayudar gracias saludos.

Hola, el reporte del KAS esta limpio el del SAS lo que encuentre este borralo pero por lo visto son solo cookies y sobre lo que te detecte el ZA, pasa este en modo seguro a ver si puede borrar lo que encuentra o trata de dejarnos exactamente que lo que te sale.

Salu2

Creo Q Con Esto Se Termina Mi Problema Pero Tengo Otro Mi Computadora Tiene Un Virus, Cuando La Prendo Arranca Bien Pero No Puedo Hacer Nada Y Muestra El Escritorio Y Despues Se Reinicia
Solo La Puedo Usar Si Le Pongo La Opcion A Prueva De Fallos Pero En Esta Opcion No Tengo Internet Q Puedo Hacer Espero Me Puedas Ayudar Saludos Y Gracias.