Foro de InfoSpyware - Foro de Hijackthis - Foro de Virus

Hola muchachos,
se me infectó la laptop con un troyano que pude eliminar siguiendo las politicas del foro (pasando el superantispyware y demás) pero no me anda el windows defender (tengo el windows vista) ni la internet inalámbrica. Residentevil me sugirió que instalara el ComboFix dado que no podía correr el Hijack This y una vez que lo hice y guardé el Log, pude correr el HiJack This y tambien tengo el log.
Acto seguido, paso a pegarles aqui ambos registros a ver si pueden ayudarme puesto que sigo sin windows defender ni internet inalámbrica. Disculpen que no siga con Residentevil pues él me sugirió que pegara los reportes aquí porque está con mucho trabajo.
Gracias y espero poder solucionar mi problema!!
Saludos,
Claudia.


Log ComboFix

FILE ::
C:\WINDOWS\system32\drivers\mdelk.exe
.

(((((((((((((((((( Archivos creados desde 2008-05-05 - 2008-06-05 )))))))))))))))))))))))))))))))))
.

2008-06-02 17:43 . 2008-06-04 05:20 <DIR> d-------- C:\Program Files\ESET
2008-06-02 17:43 . 2008-06-02 17:43 512,096 --a------ C:\Windows\System32\drivers\amon.sys
2008-06-02 17:43 . 2008-06-02 17:43 298,104 --a------ C:\Windows\System32\imon.dll
2008-06-02 17:43 . 2008-06-02 17:43 15,424 --a------ C:\Windows\System32\drivers\nod32drv.sys
2008-06-02 12:46 . 2008-06-02 12:46 <DIR> d-------- C:\Users\Claudia\DoctorWeb
2008-06-02 12:36 . 2008-06-02 12:36 <DIR> d-------- C:\Users\Claudia\AppData\Roaming\Malwarebytes
2008-06-02 12:35 . 2008-06-02 12:35 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-06-02 12:35 . 2008-06-02 12:35 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-05-31 12:50 . 2008-05-31 12:50 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-29 12:12 . 2008-05-29 12:13 <DIR> d-------- C:\Program Files\Dictionary
2008-05-28 20:07 . 2008-06-04 07:22 69 --a------ C:\Windows\NeroDigital.ini
2008-05-27 13:31 . 2008-05-27 13:55 921,624 --a------ C:\snp2sxp-001.raw
2008-05-27 10:18 . 2008-05-27 10:18 <DIR> d-------- C:\Program Files\CCleaner
2008-05-27 10:05 . 2008-05-29 05:36 <DIR> d-a------ C:\Users\All Users\TEMP
2008-05-27 10:05 . 2008-05-29 05:36 <DIR> d-a------ C:\ProgramData\TEMP
2008-05-27 09:49 . 2005-08-25 18:19 115,920 --a------ C:\Windows\System32\MSINET.OCX
2008-05-27 09:48 . 2008-05-27 09:48 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-05-27 09:48 . 2008-05-27 09:48 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com
2008-05-27 09:47 . 2008-05-27 09:47 <DIR> d-------- C:\Users\Claudia\AppData\Roaming\SUPERAntiSpyware. com
2008-05-27 09:47 . 2008-05-29 05:43 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-05-27 09:47 . 2008-05-27 09:47 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-25 19:38 . 2008-05-25 19:38 1,012 --a------ C:\Windows\PRISM3.CNF
2008-05-25 19:37 . 2008-05-25 19:38 5,184 --a------ C:\Windows\Prism.clp
2008-05-25 19:37 . 2008-05-25 19:37 38 --a------ C:\Windows\ssprism3.qxt
2008-05-25 19:25 . 2008-05-25 19:25 <DIR> d-------- C:\Program Files\Common Files\snp2std
2008-05-25 18:14 . 2008-05-25 18:14 <DIR> d-------- C:\Windows\System32\Kaspersky Lab
2008-05-25 17:27 . 2008-05-25 17:37 <DIR> d-------- C:\Users\All Users\avg8
2008-05-25 17:27 . 2008-05-25 17:37 <DIR> d-------- C:\ProgramData\avg8
2008-05-25 17:27 . 2008-05-25 17:27 <DIR> d-------- C:\Program Files\AVG
2008-05-25 16:54 . 2008-05-25 16:54 151 --a------ C:\Windows\PhotoSnapViewer.INI
2008-05-25 16:49 . 2008-05-25 16:49 <DIR> d-------- C:\Program Files\Zone Labs
2008-05-25 16:49 . 2003-10-16 14:11 70 --ah----- C:\Windows\System32\drivers\vsconfig.xml
2008-05-25 16:48 . 2008-05-27 10:24 <DIR> d-------- C:\Windows\Internet Logs
2008-05-25 16:33 . 2008-05-25 16:33 <DIR> d-------- C:\Users\All Users\Kaspersky Lab Setup Files
2008-05-25 16:33 . 2008-05-25 16:33 <DIR> d-------- C:\ProgramData\Kaspersky Lab Setup Files
2008-05-25 12:06 . 2008-05-25 12:06 <DIR> d-------- C:\Temp\Kaspersky
2008-05-25 11:09 . 2008-05-28 03:32 268 --ah----- C:\sqmdata19.sqm
2008-05-25 11:09 . 2008-05-28 03:32 244 --ah----- C:\sqmnoopt19.sqm
2008-05-25 11:05 . 2008-05-28 02:21 268 --ah----- C:\sqmdata18.sqm
2008-05-25 11:05 . 2008-05-28 02:21 244 --ah----- C:\sqmnoopt18.sqm
2008-05-25 11:01 . 2008-05-27 14:27 268 --ah----- C:\sqmdata17.sqm
2008-05-25 11:01 . 2008-05-27 14:27 244 --ah----- C:\sqmnoopt17.sqm
2008-05-25 10:55 . 2008-05-27 12:25 268 --ah----- C:\sqmdata16.sqm
2008-05-25 10:55 . 2008-05-27 12:25 244 --ah----- C:\sqmnoopt16.sqm
2008-05-25 10:42 . 2008-05-27 12:21 268 --ah----- C:\sqmdata15.sqm
2008-05-25 10:42 . 2008-05-27 12:21 244 --ah----- C:\sqmnoopt15.sqm
2008-05-25 10:35 . 2008-05-27 12:17 268 --ah----- C:\sqmdata14.sqm
2008-05-25 10:35 . 2008-05-27 12:17 244 --ah----- C:\sqmnoopt14.sqm
2008-05-24 22:50 . 2008-05-27 11:37 268 --ah----- C:\sqmdata13.sqm
2008-05-24 22:50 . 2008-05-27 11:37 244 --ah----- C:\sqmnoopt13.sqm
2008-05-24 22:39 . 2008-05-27 10:43 268 --ah----- C:\sqmdata12.sqm
2008-05-24 22:39 . 2008-05-27 10:43 244 --ah----- C:\sqmnoopt12.sqm
2008-05-24 22:37 . 2008-05-27 10:28 268 --ah----- C:\sqmdata11.sqm
2008-05-24 22:37 . 2008-05-27 10:28 244 --ah----- C:\sqmnoopt11.sqm
2008-05-24 22:33 . 2008-05-27 10:20 268 --ah----- C:\sqmdata10.sqm
2008-05-24 22:33 . 2008-05-27 10:20 244 --ah----- C:\sqmnoopt10.sqm
2008-05-24 22:14 . 2008-05-27 10:13 268 --ah----- C:\sqmdata09.sqm
2008-05-24 22:14 . 2008-05-27 10:13 244 --ah----- C:\sqmnoopt09.sqm
2008-05-24 20:54 . 2008-05-27 09:50 268 --ah----- C:\sqmdata08.sqm
2008-05-24 20:54 . 2008-05-27 09:50 244 --ah----- C:\sqmnoopt08.sqm
2008-05-24 20:46 . 2008-05-25 19:50 268 --ah----- C:\sqmdata07.sqm
2008-05-24 20:46 . 2008-05-25 19:50 244 --ah----- C:\sqmnoopt07.sqm
2008-05-24 20:43 . 2007-04-03 16:24 <DIR> d-------- C:\Temp\nod32 2.7 para windows vista con serial
2008-05-24 20:40 . 2008-05-25 19:26 268 --ah----- C:\sqmdata06.sqm
2008-05-24 20:40 . 2008-05-25 19:26 244 --ah----- C:\sqmnoopt06.sqm
2008-05-24 20:18 . 2008-05-24 20:18 <DIR> d-------- C:\Program Files\Ashampoo
2008-05-24 20:17 . 2007-09-11 19:32 <DIR> d-------- C:\Temp\Ashampoo.WinOptimizer.v4.41.WinAll.Incl.Ke yGen-NeoX
2008-05-24 20:14 . 2008-05-25 17:55 268 --ah----- C:\sqmdata05.sqm
2008-05-24 20:14 . 2008-05-25 17:55 244 --ah----- C:\sqmnoopt05.sqm
2008-05-22 22:25 . 2008-05-25 16:45 268 --ah----- C:\sqmdata04.sqm
2008-05-22 22:25 . 2008-05-25 16:45 244 --ah----- C:\sqmnoopt04.sqm
2008-05-22 22:21 . 2008-05-25 12:27 268 --ah----- C:\sqmdata03.sqm
2008-05-22 22:21 . 2008-05-25 12:27 244 --ah----- C:\sqmnoopt03.sqm
2008-05-22 22:14 . 2008-05-25 12:22 268 --ah----- C:\sqmdata02.sqm
2008-05-22 22:14 . 2008-05-25 12:22 244 --ah----- C:\sqmnoopt02.sqm
2008-05-22 22:10 . 2008-05-25 12:19 268 --ah----- C:\sqmdata01.sqm
2008-05-22 22:10 . 2008-05-25 12:19 244 --ah----- C:\sqmnoopt01.sqm
2008-05-22 22:04 . 2008-05-25 12:13 268 --ah----- C:\sqmdata00.sqm
2008-05-22 22:04 . 2008-05-25 12:13 244 --ah----- C:\sqmnoopt00.sqm
2008-05-22 22:01 . 2008-06-05 06:13 54,156 --ah----- C:\Windows\QTFont.qfn
2008-05-22 22:01 . 2008-05-22 22:01 1,409 --a------ C:\Windows\QTFont.for
2008-05-22 21:42 . 2008-05-22 21:42 <DIR> d-------- C:\Users\Claudia\AppData\Roaming\LingvoSoft
2008-05-19 23:51 . 2008-05-19 23:51 <DIR> d-------- C:\Program Files\DataDoctorRecovery
2008-05-19 23:39 . 2008-05-19 23:39 <DIR> d-------- C:\Temp\Recovery pendrive
2008-05-07 20:23 . 2008-05-07 20:23 <DIR> d-------- C:\Users\All Users\Xerox
2008-05-07 20:23 . 2008-05-07 20:23 <DIR> d-------- C:\ProgramData\Xerox
2008-05-07 20:13 . 2004-08-09 17:43 94,208 --a------ C:\Windows\amcap.exe

.
(((((((((((((((((((((((((((((((((((((( Reporte Find3M )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
2008-06-05 09:13 13,119 ----a-w C:\Users\Claudia\AppData\Roaming\nvModes.dat
2008-05-31 15:22 --------- d-----w C:\Users\Claudia\AppData\Roaming\Skype
2008-05-31 12:44 --------- d-----w C:\Users\Claudia\AppData\Roaming\skypePM
2008-05-27 12:39 --------- d-----w C:\Program Files\Bonjour
2008-05-25 22:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-14 23:36 39,424 ----a-w C:\Windows\zipinst.exe
2008-04-10 01:40 --------- d-----w C:\Program Files\3D Home Architect
2008-04-10 01:33 --------- d-----w C:\ProgramData\Cadsoft
2008-04-10 01:31 --------- d-----w C:\Program Files\Common Files\Cadsoft
2008-03-14 23:48 32 ----a-w C:\Users\All Users\ezsid.dat
2008-03-14 23:48 32 ----a-w C:\ProgramData\ezsid.dat
2006-11-02 12:50 174 --sha-w C:\Program Files\desktop.ini
.

------- Sigcheck -------

.
((((((((((((((((((((((((((((( snapshot@2008-06-04_ 5.34.52.51 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-04 08:32:14 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-06-05 09:25:14 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-06-04 08:32:44 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-06-05 09:25:43 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-06-05 09:25:43 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat .LOG1
- 2008-06-04 08:32:44 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.D AT
+ 2008-06-05 09:25:43 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.D AT
+ 2008-06-05 09:25:43 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.d at.LOG1
- 2008-06-03 10:18:52 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
+ 2008-06-05 08:36:15 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
- 2008-06-03 10:18:52 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-06-05 08:36:15 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-06-03 10:18:52 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
+ 2008-06-05 08:36:15 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
- 2008-06-04 08:20:19 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.da t
+ 2008-06-05 09:04:10 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.da t
- 2008-06-04 07:32:51 103,924 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-06-05 09:17:48 103,924 ----a-w C:\Windows\System32\perfc009.dat
- 2008-06-04 07:32:51 122,196 ----a-w C:\Windows\System32\perfc00A.dat
+ 2008-06-05 09:17:48 122,196 ----a-w C:\Windows\System32\perfc00A.dat
- 2008-06-04 07:32:51 610,142 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-06-05 09:17:48 610,142 ----a-w C:\Windows\System32\perfh009.dat
- 2008-06-04 07:32:52 687,582 ----a-w C:\Windows\System32\perfh00A.dat
+ 2008-06-05 09:17:48 687,582 ----a-w C:\Windows\System32\perfh00A.dat
- 2008-06-04 07:28:28 5,936 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3438894305-4050150090-66905472-1000_UserData.bin
+ 2008-06-05 09:15:14 6,248 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3438894305-4050150090-66905472-1000_UserData.bin
- 2008-06-04 07:28:27 48,708 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics _SystemData.bin
+ 2008-06-05 09:15:14 48,960 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics _SystemData.bin
- 2008-06-04 07:28:20 29,508 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnos tics_SystemData.bin
+ 2008-06-05 09:15:12 29,850 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnos tics_SystemData.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Cargando Puntos Reg ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* entradas vac¡as & entradas leg¡timas predeterminadas no son mostradas

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 09:36 201728]
"WInUpdate16"="C:\udate32.exe" [ ]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-29 05:43 1510640]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2006-11-02 09:35 1196032]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 19:03 152872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"tsnp2std"="C:\Windows\tsnp2std.exe" [2006-05-22 10:37 262144]
"snp2std"="C:\Windows\vsnp2std.exe" [2006-05-15 15:52 675840]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2006-12-06 18:37 69216]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 15:27 385024]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-02-27 11:26 90191]
"NvMediaCenter"="C:\Windows\system32\NvMcTray. dll" [2007-02-27 11:26 81920]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-02-27 11:26 7770112]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 22:55 54832]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [2004-09-09 20:14 439808]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-06-02 17:43 949376]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2008-01-26 21:12:53 49254]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-01-26 21:23:37 113664]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 16:05:56 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableLUA"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-29 05:43 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3438894305-4050150090-66905472-1000]
"EnableNotificationsRef"=dword:00000006

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"{508A8B0E-C2BC-424E-866B-B315B984104D}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{A0DA289F-7A71-4EF5-B1C4-DA2FFE099FE0}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{4F6B4D85-9F67-414B-A829-5BC3C202EAC7}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{F8343A95-E1D7-4E71-BC3D-5F1B43679F20}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{FB898E20-9556-4F47-9DB4-FEE70B4C3065}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{E74C8AAB-4BD9-481A-BB8C-4F98E593B54F}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{034E5D57-099A-4191-84C0-035EDBE38807}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{00268884-58F9-44ED-9541-E0A52FC65E19}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{620FAA67-D03E-4CDA-A009-BEF3CD10670A}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{74299CE8-8F00-4601-BF6E-27AABD78822F}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{CB2A5341-C6A1-42C7-B8C7-18F9A6B8D9F1}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{03419CD0-4D6C-49F2-B995-467E18F40B4A}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{425E9B5D-EC27-46A7-8968-8CD49EA0C973}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|S vc=DFSR:Allow inbound TCP traffic|

R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl [2006-11-02 16:51]
R3 BCM43XV;Controlador de adaptador de red 802.11 extensible Broadcom;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 04:30]
S3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\Windows\system32\DRIVERS\snp2sxp.sys [2006-06-07 10:34]

.
************************************************** ************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-05 06:26:03
Windows 6.0.6000 NTFS

escaneando procesos ocultos ...

escaneando entradas ocultas de autostart ...

escaneando archivos ocultos ...

el escaneo se completo con exito
archivos ocultos: 0

************************************************** ************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\nod32krn.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Windows\System32\dllhost.exe
.
************************************************** ************************
.
Tiempo completado: 2008-06-05 6:29:28 - machine was rebooted [Claudia]
ComboFix-quarantined-files.txt 2008-06-05 09:29:16
ComboFix2.txt 2008-06-04 08:35:32

11 dirs 54,162,612,224 bytes libres
16 dirs 54,713,348,096 bytes libres


Log HiJackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 05:25:37 p.m., on 02/06/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\tsnp2std.exe
C:\Windows\vsnp2std.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ar.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {870e3b1b-d1c6-4b91-864c-90043cf02e56} - (no file)
R3 - URLSearchHook: Live TV Toolbar - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - C:\Program Files\Live_TV\tbLive.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {870e3b1b-d1c6-4b91-864c-90043cf02e56} - (no file)
O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O2 - BHO: Live TV Toolbar - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - C:\Program Files\Live_TV\tbLive.dll
O3 - Toolbar: (no name) - {870e3b1b-d1c6-4b91-864c-90043cf02e56} - (no file)
O3 - Toolbar: Live TV Toolbar - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - C:\Program Files\Live_TV\tbLive.dll
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [tsnp2std] C:\Windows\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\Windows\vsnp2std.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [drvsyskit] C:\Windows\system32\drivers\hldrrr.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [WInUpdate16] C:\udate32.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Servicio de red')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Search Using Copernic - C:\Program Files\Copernic 2001 Pro\Search Extension.htm
O9 - Extra button: (no name) - {2A465934-E5F0-11D2-91B5-00104B9C4765} - C:\Program Files\Copernic 2001 Pro\Copernic.exe
O9 - Extra 'Tools' menuitem: Launch Copernic 2001 - {2A465934-E5F0-11D2-91B5-00104B9C4765} - C:\Program Files\Copernic 2001 Pro\Copernic.exe
O9 - Extra button: Copernic - {2A465936-E5F0-11D2-91B5-00104B9C4765} - C:\Program Files\Copernic 2001 Pro\Copernic.exe
O9 - Extra button: (no name) - {77BF5300-1474-4EC7-9980-D32B190E9B07} - (no file)
O9 - Extra button: Translate - {99EFB53C-C965-43CF-9F45-52242D134187} - file://C:\Program Files\Copernic 2001 Pro\Translate.htm
O9 - Extra 'Tools' menuitem: &Translate Using Gist-In-Time - {99EFB53C-C965-43CF-9F45-52242D134187} - file://C:\Program Files\Copernic 2001 Pro\Translate.htm
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Servicio Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

Hola clauverce

Paso 1- Descarga, Instala y/o actualiza estos programas: (pero no los ejecutes aun).

• SDFix
• Malwarebytes' Anti-Malware

Paso 2- Con todos los programas cerrados, ejecuta HijackThis y dale a las siguientes entradas:


O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {870e3b1b-d1c6-4b91-864c-90043cf02e56} - (no file)

O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)

O3 - Toolbar: (no name) - {870e3b1b-d1c6-4b91-864c-90043cf02e56} - (no file)

O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)

O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto

O4 - HKCU\..\Run: [drvsyskit] C:\Windows\system32\drivers\hldrrr.exe

O4 - HKCU\..\Run: [WInUpdate16] C:\udate32.exe

O9 - Extra button: (no name) - {77BF5300-1474-4EC7-9980-D32B190E9B07} - (no file)


Paso 3- Ejecuta estas herramientas, de a una:

• SDFix <- Guarda su reporte.
• Malwarebytes' Anti-Malware
  *Nota* Es importante que envíes a "Cuarentena" todo lo que este detecte antes de copiar y pegarnos su reporte.

Paso 4- Descarga CCleaner y ejecútalo usando primero su opción de "Limpiador" para borrar cookies, temporales de Internet y todos los archivos que este te muestre como obsoletos, y luego usa su opción de "Registro" para limpiar todo el registro de Windows (haciendo copia de seguridad).


Paso 5- Reinicia en modo normal y nos dejas los reportes de:

• HijackThis
• SDFix
• Malwarebytes (MBAM)

**Nota**
- Para mayor comodidad imprime los pasos.
- Recuerda regresar y contarnos los resultados.

Salu2