 |
 | 
12/08/08, 16:16:22
|  |
| |||
| Re: Comine.exe - Varios Problemas / Ayuda! Ningún apuro si mal que mal, es un favor el que me estás haciendo :)      |
|
13/08/08, 05:12:39
| |
| ||||
| Re: Comine.exe - Varios Problemas / Ayuda! Para lograr una buena desinfeccion, dividiremos el proceso en 2 partes, esta sera la primera....  1.-Abrir el Notepad (Bloc de Notas)
Código: File::
C:\WINDOWS\system32\comine.exe
C:\Archivos de programa\smubvcks.txt
C:\AutoRun.inf
C:\WINDOWS\system32\drivers\gvuucxv.sys
I:\fooool.exe
Driver::
gvuucxv
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KWatch9x.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KWatchX.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\LDPROMENU]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\LDSCAN]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\loaddll.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\lockdown2000.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\lockdownadvanced.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\lookout.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\luall.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\lucomserver.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\LUSPT]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MagicSet.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcafee]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MCAGENT]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcconsol.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MCMNHDLR]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MCTOOL]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MCUPDATE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MCVSRTE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MCVSSHLD]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MGHTML]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MINILOG]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mmqczj.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mmsk.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Monitor.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\moolive.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MPFSERVICE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mpftray.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msconfig.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MWATCH]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\n32scan.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\N32scanw.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\navapsvc.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\navapw32.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NAVENGNAVEX15]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\navlu32.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\navnt.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\navrunr.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\navsched.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NAVSetup.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\navw.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\navw32.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\navwnt.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ndd32]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NeoWatchLog]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\netutils]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nisserv.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nisum.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nmain.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nod32krn.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nod32krn.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\normist.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\notstart.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\npscheck]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\npssvc]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nsched32.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Nspclean.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ntrtscan]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NTVDM]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NTXconfig]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nupgrade.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nvc95.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NVSVC32]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NWService]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NWTOOL16]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\offguard.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\outpost.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PADMIN]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\padmin.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pav.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pavcl.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pavmail.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pavproxy]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Pavsched.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Pavw.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pcciomon.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pccmain.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pccwin97]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pccwin98.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pcfwallicon.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pcntmon]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pcscan]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\per.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\perd.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\persfw.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pertsk.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\perupd.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pervac.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pervacd.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PFW.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pfwagent.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pfwcon.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PFWLiveUpdate.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\POP3TRAP]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\POPROXY]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PORTMONITOR]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pqremove.com]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PROCESSMONITOR]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\procexp]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PROGRAMAUDITOR]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pview95]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pview95.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\QHSET.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rapapp.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Ras.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Rav.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rav7.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rav7win.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RavCopy.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RavMon.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RavMonD.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RavStore.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RavStub.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ravt08.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RavTask.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\REALMON]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RegClean.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\regedit.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\regedt32.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\regmon.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rescue.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rfwcfg.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RfwMain.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rfwolusr.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rfwProxy.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rfwsrv.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RsAgent.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Rsaupd.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RTVSCN95]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RULAUNCH]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\runiep.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\safelive.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\safeweb.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sbserv]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\scan32.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\scan95.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\scanpm.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\scrscan.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\serv95.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sfc.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\shcfg32.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\smartassistant.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SmartUp.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\smc.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sphinx.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SPYXX]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SREng.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SREngPS.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SS3EDIT]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sweep95.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SweepNet]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SWNETSUP]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\symlcsvc.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SymProxySvc]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SYMTRAY]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\syscheck.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Syscheck2.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SysSafe.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TAUMON]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\tbscan.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\tca.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TCM]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TDS - 3 ]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\tds2 - 98.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\tds2 - nt.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TFAK]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\th.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\th32.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\th32upd.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\thav.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\thd.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\thd32.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\thmail.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ToolsUp.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TrojanDetector.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Trojanwall.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TrojDie.kxp]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\UIHost.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\UmxAgent.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\UmxAttachment.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\UmxCfg.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\UmxFwHlp.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\UmxPol.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\UpLive.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vbcmserv]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VbCons]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VCONTROL.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VET32.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vet95.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vet98.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vettray.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VIR - HELP]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VPC32]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VPTRAY]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Vscan40.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vsecomr.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vshwin32.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VSMAIN]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vsmon]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vsscan40.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vsstat.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\WATCHDOG]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\webscan.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\webscanx.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\WEBTRAP]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\wfindv32.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\WGFE95]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\WIMMUN32]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\WoptiClean.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options \WrAdmin]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\WrCtrl]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ZAP.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ZAPD.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ZAPPRG.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\zapro.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ZAPS.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ZCAP.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\zlclient.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\zonealarm.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\zxsweep.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\_avp32.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\_avpcc.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\_avpm.exe]
[-HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{c79ea710-85a0-11dc-b4fd-0050ba86a1ff}]
[-HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{e4fa2543-2e45-11db-b2fc-0050ba86a1ff}]
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\comine]
4.- Arrastrar y soltar el archivo CFScript.txt dentro del archivo ComboFix.exe como lo muestra la animación de abajo. Esto activara ComboFix nuevamente.  5.- Descargue  Malwarebytes' Anti-Malware y guárdelo en un lugar conveniente.
Salu2! Lisa, los vampiros son seres inventados, como los duendes, los gremlins y los esquimales.(Homero S.) Novedades del Foro | Antivirus Online | Eliminar Malwares | Políticas del Foro | Blog * Ayúdanos haciendo una DONACIÓN para poder seguir Ayudando. * Para evitar Virus y Spywares al navegar por internet, USE FIREFOX !! * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro. |
|
13/08/08, 15:42:31
| |
| |||
| Re: Comine.exe - Varios Problemas / Ayuda! Veamos, log del ComboFix después de agregar CFScript.txt: ComboFix 08-08-12.01 - Alfito 2008-08-13 11:50:11.3 - NTFSx86 Se ejecuta desde: C:\Documents and Settings\Alfito\Escritorio\ComboFix.exe Command switches used :: C:\Documents and Settings\Alfito\Escritorio\CFScript.txt * Creado un nuevo punto de restauración * Resident AV is active ADVERTENCIA - ESTE EQUIPO NO TIENE INSTALADA LA CONSOLA DE RECUPERACION! FILE :: C:\Archivos de programa\smubvcks.txt C:\AutoRun.inf C:\WINDOWS\system32\comine.exe C:\WINDOWS\system32\drivers\gvuucxv.sys I:\fooool.exe . (((((((((((((((((((((((((((((((((((( Otras eliminaciones ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Archivos de programa\smubvcks.txt C:\autorun.inf C:\WINDOWS\system32\comine.exe C:\WINDOWS\system32\drivers\gvuucxv.sys D:\AutoRun.inf E:\AutoRun.inf . (((((((((((((((((( Archivos creados desde 2008-07-13 - 2008-08-13 ))))))))))))))))))))))))))))))))) . 2008-08-12 19:21 . 2008-08-12 19:22 12,892,289 --a------ C:\metallica-cyanide.mp3 2008-08-11 21:39 . 2008-08-12 14:26 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Configura ción local 2008-08-11 21:39 . 2008-08-12 14:26 <DIR> d-------- C:\Documents and Settings\NetworkService\Configuración local 2008-08-11 21:39 . 2008-08-12 14:26 <DIR> d-------- C:\Documents and Settings\LocalService\Configuración local 2008-08-11 21:39 . 2008-08-12 14:26 <DIR> d-------- C:\Documents and Settings\Alfito\Configuración local 2008-08-11 21:39 . 2008-08-12 14:26 <DIR> d-------- C:\Documents and Settings\Administrador\Configuración local 2008-08-11 16:09 . 2008-08-11 16:09 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\SUPERAntiSpyware.com 2008-08-11 16:08 . 2008-08-11 16:08 <DIR> d-------- C:\Documents and Settings\Alfito\Datos de programa\SUPERAntiSpyware.com 2008-08-11 16:08 . 2008-08-11 19:26 <DIR> d-------- C:\Archivos de programa\SUPERAntiSpyware 2008-08-11 15:42 . 2008-08-11 15:42 <DIR> d-------- C:\Archivos de programa\CCleaner 2008-08-11 15:26 . 2008-08-11 15:26 <DIR> d-------- C:\Documents and Settings\Alfito\DoctorWeb 2008-08-11 13:20 . 2008-08-11 13:20 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\Malwarebytes 2008-08-11 13:20 . 2008-08-11 13:20 <DIR> d-------- C:\Documents and Settings\Alfito\Datos de programa\Malwarebytes 2008-08-11 13:20 . 2008-08-11 13:20 <DIR> d-------- C:\Archivos de programa\Malwarebytes' Anti-Malware 2008-08-11 13:20 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-08-11 13:20 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-08-11 12:51 . 2003-09-06 16:55 57,556 --a------ C:\WINDOWS\guard.bmp 2008-08-11 12:50 . 2008-08-11 15:21 <DIR> d-------- C:\Archivos de programa\RegRunSuite 2008-08-11 00:11 . 2008-08-11 00:11 2,298,277 --a------ C:\61711013f58bd50daac95bb48c24cffb.mp3 2008-08-10 11:12 . 2008-08-10 11:12 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\TuneUp Software 2008-08-10 11:12 . 2008-08-10 11:12 <DIR> d-------- C:\Documents and Settings\Alfito\Datos de programa\TuneUp Software 2008-08-10 11:12 . 2008-08-10 11:12 354,560 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe 2008-08-10 11:12 . 2008-04-04 14:51 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll 2008-08-10 11:11 . 2008-08-10 11:12 <DIR> d-------- C:\Archivos de programa\TuneUp Utilities 2008 2008-08-10 11:11 . 2008-08-11 16:08 <DIR> d-------- C:\Archivos de programa\Archivos comunes\Wise Installation Wizard 2008-08-09 14:29 . 2008-08-09 15:04 6,496,256 --a------ C:\7606dbe671fed75f73877263e70aa10b.mp3 2008-08-07 20:58 . 2008-08-07 20:58 2,708,019 --a------ C:\a48b38679d64b7f477072df6afbd5de7.mp3 2008-08-07 20:57 . 2008-08-07 20:58 3,607,238 --a------ C:\cfeefb5fe8e44d38fba69f0f5fe3fa1e.mp3 2008-08-07 16:37 . 2008-08-07 16:46 197,213,176 --a------ C:\mansfield.zip 2008-08-07 15:35 . 2008-08-07 15:35 160,317 --a------ C:\asddddd.JPG 2008-08-07 14:48 . 2008-08-11 12:23 <DIR> d-------- C:\SBPCI 2008-08-06 22:28 . 2008-08-06 22:50 10,231,244 --a------ C:\ads.wav 2008-08-05 12:07 . 2007-04-17 05:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat 2008-08-05 12:07 . 2007-03-08 01:10 1,040,384 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui 2008-08-05 12:07 . 2008-04-23 00:16 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2008-08-05 12:07 . 2008-04-23 00:16 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll 2008-08-05 12:07 . 2008-04-22 03:39 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-08-05 12:06 . 2008-04-23 00:16 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll 2008-08-05 12:06 . 2008-04-23 00:16 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll 2008-08-05 12:06 . 2008-04-23 00:16 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll 2008-08-05 12:06 . 2008-04-23 00:16 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2008-08-03 17:43 . 2008-08-06 10:50 <DIR> d-------- C:\WINDOWS\system32\es-es 2008-08-03 17:43 . 2008-08-03 17:43 <DIR> d-------- C:\WINDOWS\system32\es 2008-08-03 17:43 . 2008-08-03 17:43 <DIR> d-------- C:\WINDOWS\system32\bits 2008-08-03 17:43 . 2008-08-03 17:43 <DIR> d-------- C:\WINDOWS\l2schemas 2008-08-03 17:22 . 2008-08-03 17:44 <DIR> d-------- C:\WINDOWS\EHome 2008-08-03 17:06 . 2008-04-13 22:18 712,704 --------- C:\WINDOWS\system32\windowscodecs.dll 2008-08-03 17:06 . 2008-04-13 22:18 346,112 --------- C:\WINDOWS\system32\windowscodecsext.dll 2008-08-03 17:06 . 2008-04-13 22:18 276,992 --------- C:\WINDOWS\system32\wmphoto.dll 2008-08-03 17:06 . 2008-04-13 22:18 69,120 --------- C:\WINDOWS\system32\wlanapi.dll 2008-08-03 17:05 . 2008-04-13 22:18 290,304 --------- C:\WINDOWS\system32\rhttpaa.dll 2008-08-03 17:05 . 2008-04-13 22:18 76,800 --------- C:\WINDOWS\system32\qutil.dll 2008-08-03 17:05 . 2008-04-13 22:18 61,952 --------- C:\WINDOWS\system32\rasqec.dll 2008-08-03 17:05 . 2008-04-13 22:18 53,248 --------- C:\WINDOWS\system32\tsgqec.dll 2008-08-03 17:05 . 2008-04-13 22:18 50,688 --------- C:\WINDOWS\system32\tspkg.dll 2008-08-03 17:05 . 2008-04-13 22:19 32,768 --------- C:\WINDOWS\system32\setupn.exe 2008-08-03 17:05 . 2008-04-13 14:40 10,240 --------- C:\WINDOWS\system32\drivers\sffp_mmc.sys 2008-08-03 17:03 . 2008-04-13 22:18 397,312 --------- C:\WINDOWS\system32\mmcex.dll 2008-08-03 17:03 . 2008-04-13 22:18 184,320 --------- C:\WINDOWS\system32\microsoft.managementconsole.dl l 2008-08-03 17:03 . 2008-04-13 22:18 106,496 --------- C:\WINDOWS\system32\mmcfxcommon.dll 2008-08-03 17:03 . 2008-04-13 22:19 33,792 --------- C:\WINDOWS\system32\mmcperf.exe 2008-08-03 17:01 . 2008-04-13 22:18 651,264 --------- C:\WINDOWS\system32\dot3ui.dll 2008-08-03 11:21 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys 2008-08-01 13:03 . 2008-08-01 13:03 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-08-01 13:03 . 2008-08-01 13:03 1,409 --a------ C:\WINDOWS\QTFont.for 2008-07-31 00:25 . 2008-07-31 00:25 57,882 --a------ C:\asdff.JPG 2008-07-24 23:36 . 2008-07-26 04:36 2,846,720 --a------ C:\the ramones - what i like about you.mp3 . (((((((((((((((((((((((((((((((((((((( Reporte Find3M )))))))))))))))))))))))))))))))))))))))))))))))))) ) . 2008-08-13 15:58 --------- d-----w C:\Documents and Settings\Alfito\Datos de programa\DMCache 2008-08-12 23:40 --------- d-----w C:\Documents and Settings\Alfito\Datos de programa\uTorrent 2008-08-11 19:48 --------- d-----w C:\Documents and Settings\All Users\Datos de programa\Spybot - Search & Destroy 2008-08-10 01:26 --------- d-----w C:\Archivos de programa\Steam 2008-08-10 01:01 --------- d-----w C:\Archivos de programa\sXe Injected 2008-08-03 15:19 --------- d-----w C:\Archivos de programa\Panda Security 2008-07-23 21:21 --------- d-----w C:\Archivos de programa\Quake2 2008-07-21 23:23 --------- d---a-w C:\Documents and Settings\All Users\Datos de programa\TEMP 2008-06-20 17:47 248,320 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2008-06-18 03:55 --------- d-----w C:\Archivos de programa\Opera 2008-06-14 17:33 272,512 ------w C:\WINDOWS\system32\drivers\bthport.sys 2008-05-17 06:36 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll 2007-08-09 03:30 132,242 ----a-w C:\Documents and Settings\All Users\Datos de programa\firstlsp.reg.dat . ((((((((((((((((((((((((((((( snapshot@2008-08-11_21.36.12.55 ))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((( Cargando Puntos Reg )))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* entradas vac¡as & entradas leg¡timas predeterminadas no son mostradas [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 22:18 15360] "IDMan"="C:\Archivos de programa\Internet Download Manager\IDMan.exe" [2007-06-17 11:16 896768] "updateMgr"="C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472] "AlcoholAutomount"="C:\Archivos de programa\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-05-06 21:09 4608] "SUPERAntiSpyware"="C:\Archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-06-04 00:05 1510640] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "ATICCC"="C:\Archivos de programa\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41 45056] "VisualTooltip"="C:\WINDOWS\VIPv3\VIPtooltip\Visua lToolTip.exe" [2006-01-17 19:15 319488] "nod32kui"="C:\Archivos de programa\Eset\nod32kui.exe" [2007-08-09 00:18 949376] "EnsoniqMixer"="C:\WINDOWS\system32\starter.ex e" [2000-02-09 06:50 32768] "CloneCDTray"="C:\Archivos de programa\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 15:21 57344] "QuickTime Task"="C:\Archivos de programa\QuickTime Alternative\qttask.exe" [2006-10-25 18:58 282624] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-13 22:18 15360] [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer] "MaxRecentDocs"= 11 (0xb) "NoStartMenuMFUprogramsList"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Archivos de programa\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2007-04-19 13:41 294912 C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv] 2007-04-28 01:02 176128 C:\ARCHIV~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.ACDV"= ACDV.dll "VIDC.X264"= x264vfw.dll "vidc.3IV2"= 3ivxVfWCodec.dll "vidc.ffds"= C:\ARCHIV~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll [HKLM\~\startupfolder\C:^Documents and Settings^Alfito^Menú Inicio^Programas^Inicio^Y'z ToolBar.lnk] path=C:\Documents and Settings\Alfito\Menú Inicio\Programas\Inicio\Y'z ToolBar.lnk backup=C:\WINDOWS\pss\Y'z ToolBar.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares] C:\Archivos de programa\Ares\Ares.exe [BU] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint] --a------ 2005-12-04 20:39 461584 C:\Archivos de programa\Microsoft IntelliPoint\ipoint.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2006-10-30 09:36 256576 C:\Archivos de programa\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2006-01-12 16:40 155648 C:\Archivos de programa\Archivos comunes\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2006-10-25 18:58 282624 C:\Archivos de programa\QuickTime Alternative\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] --a------ 2004-11-02 20:24 32768 C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2007-09-25 01:11 132496 C:\Archivos de programa\Java\jre1.6.0_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2007-07-03 21:18 68856 C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolba rNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VIPv3_Auto_Update] --a------ 2006-09-08 15:54 23723 C:\WINDOWS\VIPv3\CheckForUpdates.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "NBService"=3 (0x3) "usnjsvc"=3 (0x3) "rpcapd"=3 (0x3) "PnkBstrA"=2 (0x2) "PDEngine"=3 (0x3) "PDAgent"=2 (0x2) "gusvc"=3 (0x3) [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\utorrent.exe"= "C:\\Archivos de programa\\Messenger\\msmsgs.exe"= "C:\\Archivos de programa\\iTunes\\iTunes.exe"= "C:\\Archivos de programa\\The All-Seeing Eye\\eye.exe"= "C:\\Archivos de programa\\Quake2\\aq2.exe"= "C:\\Archivos de programa\\Teamspeak2_RC2 Server\\server_windows.exe"= "C:\\Archivos de programa\\Steam\\Steam.exe"= "C:\\Ratio Master\\RatioMaster.exe"= "C:\\WINDOWS\\system32\\dpvsetup.exe"= "C:\\Archivos de programa\\MSN Messenger\\msnmsgr.exe"= "C:\\Archivos de programa\\MSN Messenger\\livecall.exe"= "C:\\Documents and Settings\\All Users\\Datos de programa\\NexonUS\\NGM\\NGM.exe"= "C:\\Archivos de programa\\SHOUTcast\\sc_serv.exe"= "C:\\Archivos de programa\\Quake2\\r1q2.exe"= "C:\\Archivos de programa\\Quake2\\dedicated.exe"= "C:\\Archivos de programa\\Opera\\Opera.exe"= "C:\\Archivos de programa\\Steam\\steamapps\\gorerotten@hotmail.com \\counter-strike\\hl.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "E:\\Warcraft III\\war3.exe"= R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboo t.sys [2008-06-19 17:24] R2 UxTuneUp;TuneUp Ampliación del thema;C:\WINDOWS\System32\svchost.exe [2008-04-13 22:19] R2 wwEngineSvc;Window Washer Engine;C:\Archivos de programa\Webroot\Washer\WasherSvc.exe [2007-11-26 14:47] S0 Partizan;Partizan;C:\WINDOWS\system32\drivers\Part izan.sys [] S3 ddsxeiservice;ddsxeiservice2;C:\Archivos de programa\sXe Injected\ddsxei.sys [2008-08-03 22:32] S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2006-10-17 14:09] S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.ex e [2008-08-10 11:12] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{c79ea710-85a0-11dc-b4fd-0050ba86a1ff}] \Shell\AutoRun\command - I:\fooool.exe \Shell\explore\Command - I:\fooool.exe \Shell\open\Command - I:\fooool.exe [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{e4fa2543-2e45-11db-b2fc-0050ba86a1ff}] \Shell\AutoRun\command - I:\comine.exe \Shell\Explore\Command - I:\comine.exe \Shell\Open\Command - I:\comine.exe . Contenido de carpeta 'Tareas Programadas' 2008-08-13 C:\WINDOWS\Tasks\1-Click Maintenance.job - C:\Archivos de programa\TuneUp Utilities 2008\OneClickStarter.exe [2008-04-16 09:59] 2008-05-12 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Archivos de programa\Apple Software Update\SoftwareUpdate.exe [2006-10-10 17:13] . ************************************************** ************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-13 11:57:29 Windows 5.1.2600 Service Pack 3 NTFS escaneando procesos ocultos ... escaneando entradas ocultas de autostart ... escaneando archivos ocultos ... el escaneo se completo con exito archivos ocultos: 0 ************************************************** ************************ . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ati2evxx.exe C:\WINDOWS\system32\ati2evxx.exe C:\Archivos de programa\ESET\nod32krn.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\wscntfy.exe C:\Archivos de programa\Internet Download Manager\IEMonitor.exe . ************************************************** ************************ . Tiempo completado: 2008-08-13 12:14:40 - machine was rebooted [Alfito] ComboFix-quarantined-files.txt 2008-08-13 16:14:10 ComboFix2.txt 2008-08-12 18:25:55 ComboFix3.txt 2008-08-12 01:39:27 Pre-Run: 4,568,272,896 bytes libres Post-Run: 4,581,253,120 bytes libres 256 --- E O F --- 2008-08-06 14:51:06 Última edición por Susvourtre fecha: 13/08/08 a las 15:47:03. |
|
13/08/08, 15:44:06
| |
| |||
| Re: Comine.exe - Varios Problemas / Ayuda! Ahora el log del Malwarebytes' Anti-Malware: Malwarebytes' Anti-Malware 1.24 Versión de la Base de Datos: 1042 Windows 5.1.2600 Service Pack 3 14:40:30 13-08-2008 mbam-log-8-13-2008 (14-40-30).txt Tipo de examen : Examen Completo (A:\|C:\|D:\|E:\|F:\|G:\|) Objetos examinados: 145139 Tiempo transcurrido: 2 hour(s), 16 minute(s), 0 second(s) Procesos en Memoria Infectados: 0 Módulos en Memoria Infectados: 0 Claves del Registro Infectadas: 0 Valores del Registro Infectados: 0 Elementos de Datos del Registro Infectados: 0 Carpetas Infectadas: 0 Ficheros Infectados: 5 Procesos en Memoria Infectados: (No se han detectado elementos maliciosos) Módulos en Memoria Infectados: (No se han detectado elementos maliciosos) Claves del Registro Infectadas: (No se han detectado elementos maliciosos) Valores del Registro Infectados: (No se han detectado elementos maliciosos) Elementos de Datos del Registro Infectados: (No se han detectado elementos maliciosos) Carpetas Infectadas: (No se han detectado elementos maliciosos) Ficheros Infectados: C:\WINDOWS\system32\tuvus.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ursts.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\qopmm.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\qoppq.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\explorer.backup (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully. |
|
13/08/08, 15:46:02
| |
| |||
| Re: Comine.exe - Varios Problemas / Ayuda! Nuevas cosas: Se me abre el NOD32, puedo abrir regedit, puedo ver archivos ocultos, pero todavía sigue el comine.exe en el PC, parece que no se eliminó por completo. Intenté abrir el DrWeb-CureIt pero sigue con el mismo error (setup.exe y drwtsn32.exe) En los archivos marcados como "ocultos" sigue el comine.exe y otros archivos extraños, los cuales no fueron detectados por el Anti-Malware ni por el ComboFix. Pregunta: Me falta probar si es que puedo iniciar el PC en modo seguro, si llegase a funcionar, que programas uso? utilizo de nuevo el ComboFix? Malwarebytes? CCleaner? etc? |
|
13/08/08, 16:31:08
| |
| ||||
| Re: Comine.exe - Varios Problemas / Ayuda! Hola Susvourtre, Afortunadamente, tienes errores, que se pueden repara facilmente, por lo que yo preferiaria, desinfectar primero el pc y despues reparar esos errores... 1.-Abrir el Notepad (Bloc de Notas)
Código: KillALL::
File::
I:\fooool.exe
I:\comine.exe
Driver::
gvuucxv
Registry::
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c79ea710-85a0-11dc-b4fd-0050ba86a1ff}]
"\Shell\AutoRun\command"=-
"\Shell\explore\Command"=-
"\Shell\open\Command"=-
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e4fa2543-2e45-11db-b2fc-0050ba86a1ff}]
"\Shell\AutoRun\command"=-
"\Shell\Explore\Command"=-
"\Shell\Open\Comman"=-
4.- Arrastrar y soltar el archivo CFScript.txt dentro del archivo ComboFix.exe como lo muestra la animación de abajo. Esto activara ComboFix nuevamente. 5.- Descarga RegUnlocker en el Escritorio
Lisa, los vampiros son seres inventados, como los duendes, los gremlins y los esquimales.(Homero S.) Novedades del Foro | Antivirus Online | Eliminar Malwares | Políticas del Foro | Blog * Ayúdanos haciendo una DONACIÓN para poder seguir Ayudando. * Para evitar Virus y Spywares al navegar por internet, USE FIREFOX !! * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro. Última edición por Angel Doze fecha: 24/09/08 a las 02:02:03. |
|
13/08/08, 17:31:42
| |
| |||
| Re: Comine.exe - Varios Problemas / Ayuda! Log de ComboFix: ComboFix 08-08-12.01 - Alfito 2008-08-13 15:58:25.4 - NTFSx86 Se ejecuta desde: C:\Documents and Settings\Alfito\Escritorio\ComboFix.exe Command switches used :: C:\Documents and Settings\Alfito\Escritorio\CFScript.txt * Creado un nuevo punto de restauración * Resident AV is active ADVERTENCIA - ESTE EQUIPO NO TIENE INSTALADA LA CONSOLA DE RECUPERACION! FILE :: I:\comine.exe I:\fooool.exe . (((((((((((((((((( Archivos creados desde 2008-07-13 - 2008-08-13 ))))))))))))))))))))))))))))))))) . 2008-08-12 19:21 . 2008-08-12 19:22 12,892,289 --a------ C:\metallica-cyanide.mp3 2008-08-11 21:39 . 2008-08-13 12:14 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Configura ción local 2008-08-11 21:39 . 2008-08-13 12:14 <DIR> d-------- C:\Documents and Settings\NetworkService\Configuración local 2008-08-11 21:39 . 2008-08-13 12:14 <DIR> d-------- C:\Documents and Settings\LocalService\Configuración local 2008-08-11 21:39 . 2008-08-13 12:14 <DIR> d-------- C:\Documents and Settings\Alfito\Configuración local 2008-08-11 21:39 . 2008-08-13 12:14 <DIR> d-------- C:\Documents and Settings\Administrador\Configuración local 2008-08-11 16:09 . 2008-08-11 16:09 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\SUPERAntiSpyware.com 2008-08-11 16:08 . 2008-08-11 16:08 <DIR> d-------- C:\Documents and Settings\Alfito\Datos de programa\SUPERAntiSpyware.com 2008-08-11 16:08 . 2008-08-11 19:26 <DIR> d-------- C:\Archivos de programa\SUPERAntiSpyware 2008-08-11 15:42 . 2008-08-11 15:42 <DIR> d-------- C:\Archivos de programa\CCleaner 2008-08-11 15:26 . 2008-08-11 15:26 <DIR> d-------- C:\Documents and Settings\Alfito\DoctorWeb 2008-08-11 13:20 . 2008-08-11 13:20 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\Malwarebytes 2008-08-11 13:20 . 2008-08-11 13:20 <DIR> d-------- C:\Documents and Settings\Alfito\Datos de programa\Malwarebytes 2008-08-11 13:20 . 2008-08-11 13:20 <DIR> d-------- C:\Archivos de programa\Malwarebytes' Anti-Malware 2008-08-11 13:20 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-08-11 13:20 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-08-11 12:51 . 2003-09-06 16:55 57,556 --a------ C:\WINDOWS\guard.bmp 2008-08-11 12:50 . 2008-08-11 15:21 <DIR> d-------- C:\Archivos de programa\RegRunSuite 2008-08-11 00:11 . 2008-08-11 00:11 2,298,277 --a------ C:\61711013f58bd50daac95bb48c24cffb.mp3 2008-08-10 11:12 . 2008-08-10 11:12 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\TuneUp Software 2008-08-10 11:12 . 2008-08-10 11:12 <DIR> d-------- C:\Documents and Settings\Alfito\Datos de programa\TuneUp Software 2008-08-10 11:12 . 2008-08-10 11:12 354,560 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe 2008-08-10 11:12 . 2008-04-04 14:51 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll 2008-08-10 11:11 . 2008-08-10 11:12 <DIR> d-------- C:\Archivos de programa\TuneUp Utilities 2008 2008-08-10 11:11 . 2008-08-11 16:08 <DIR> d-------- C:\Archivos de programa\Archivos comunes\Wise Installation Wizard 2008-08-09 14:29 . 2008-08-09 15:04 6,496,256 --a------ C:\7606dbe671fed75f73877263e70aa10b.mp3 2008-08-07 20:58 . 2008-08-07 20:58 2,708,019 --a------ C:\a48b38679d64b7f477072df6afbd5de7.mp3 2008-08-07 20:57 . 2008-08-07 20:58 3,607,238 --a------ C:\cfeefb5fe8e44d38fba69f0f5fe3fa1e.mp3 2008-08-07 16:37 . 2008-08-07 16:46 197,213,176 --a------ C:\mansfield.zip 2008-08-07 15:35 . 2008-08-07 15:35 160,317 --a------ C:\asddddd.JPG 2008-08-07 14:48 . 2008-08-11 12:23 <DIR> d-------- C:\SBPCI 2008-08-06 22:28 . 2008-08-06 22:50 10,231,244 --a------ C:\ads.wav 2008-08-05 12:07 . 2007-04-17 05:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat 2008-08-05 12:07 . 2007-03-08 01:10 1,040,384 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui 2008-08-05 12:07 . 2008-04-23 00:16 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2008-08-05 12:07 . 2008-04-23 00:16 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll 2008-08-05 12:07 . 2008-04-22 03:39 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-08-05 12:06 . 2008-04-23 00:16 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll 2008-08-05 12:06 . 2008-04-23 00:16 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll 2008-08-05 12:06 . 2008-04-23 00:16 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll 2008-08-05 12:06 . 2008-04-23 00:16 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2008-08-03 17:43 . 2008-08-06 10:50 <DIR> d-------- C:\WINDOWS\system32\es-es 2008-08-03 17:43 . 2008-08-03 17:43 <DIR> d-------- C:\WINDOWS\system32\es 2008-08-03 17:43 . 2008-08-03 17:43 <DIR> d-------- C:\WINDOWS\system32\bits 2008-08-03 17:43 . 2008-08-03 17:43 <DIR> d-------- C:\WINDOWS\l2schemas 2008-08-03 17:22 . 2008-08-03 17:44 <DIR> d-------- C:\WINDOWS\EHome 2008-08-03 17:06 . 2008-04-13 22:18 712,704 --------- C:\WINDOWS\system32\windowscodecs.dll 2008-08-03 17:06 . 2008-04-13 22:18 346,112 --------- C:\WINDOWS\system32\windowscodecsext.dll 2008-08-03 17:06 . 2008-04-13 22:18 276,992 --------- C:\WINDOWS\system32\wmphoto.dll 2008-08-03 17:06 . 2008-04-13 22:18 69,120 --------- C:\WINDOWS\system32\wlanapi.dll 2008-08-03 17:05 . 2008-04-13 22:18 290,304 --------- C:\WINDOWS\system32\rhttpaa.dll 2008-08-03 17:05 . 2008-04-13 22:18 76,800 --------- C:\WINDOWS\system32\qutil.dll 2008-08-03 17:05 . 2008-04-13 22:18 61,952 --------- C:\WINDOWS\system32\rasqec.dll 2008-08-03 17:05 . 2008-04-13 22:18 53,248 --------- C:\WINDOWS\system32\tsgqec.dll 2008-08-03 17:05 . 2008-04-13 22:18 50,688 --------- C:\WINDOWS\system32\tspkg.dll 2008-08-03 17:05 . 2008-04-13 22:19 32,768 --------- C:\WINDOWS\system32\setupn.exe 2008-08-03 17:05 . 2008-04-13 14:40 10,240 --------- C:\WINDOWS\system32\drivers\sffp_mmc.sys 2008-08-03 17:03 . 2008-04-13 22:18 397,312 --------- C:\WINDOWS\system32\mmcex.dll 2008-08-03 17:03 . 2008-04-13 22:18 184,320 --------- C:\WINDOWS\system32\microsoft.managementconsole.dl l 2008-08-03 17:03 . 2008-04-13 22:18 106,496 --------- C:\WINDOWS\system32\mmcfxcommon.dll 2008-08-03 17:03 . 2008-04-13 22:19 33,792 --------- C:\WINDOWS\system32\mmcperf.exe 2008-08-03 17:01 . 2008-04-13 22:18 651,264 --------- C:\WINDOWS\system32\dot3ui.dll 2008-08-03 11:21 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys 2008-08-01 13:03 . 2008-08-01 13:03 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-08-01 13:03 . 2008-08-01 13:03 1,409 --a------ C:\WINDOWS\QTFont.for 2008-07-31 00:25 . 2008-07-31 00:25 57,882 --a------ C:\asdff.JPG 2008-07-24 23:36 . 2008-07-26 04:36 2,846,720 --a------ C:\the ramones - what i like about you.mp3 . (((((((((((((((((((((((((((((((((((((( Reporte Find3M )))))))))))))))))))))))))))))))))))))))))))))))))) ) . 2008-08-13 20:05 --------- d-----w C:\Documents and Settings\Alfito\Datos de programa\DMCache 2008-08-12 23:40 --------- d-----w C:\Documents and Settings\Alfito\Datos de programa\uTorrent 2008-08-11 19:48 --------- d-----w C:\Documents and Settings\All Users\Datos de programa\Spybot - Search & Destroy 2008-08-10 01:26 --------- d-----w C:\Archivos de programa\Steam 2008-08-10 01:01 --------- d-----w C:\Archivos de programa\sXe Injected 2008-08-03 15:19 --------- d-----w C:\Archivos de programa\Panda Security 2008-07-23 21:21 --------- d-----w C:\Archivos de programa\Quake2 2008-07-21 23:23 --------- d---a-w C:\Documents and Settings\All Users\Datos de programa\TEMP 2008-06-20 17:47 248,320 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2008-06-18 03:55 --------- d-----w C:\Archivos de programa\Opera 2008-06-14 17:33 272,512 ------w C:\WINDOWS\system32\drivers\bthport.sys 2008-05-17 06:36 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll 2007-08-09 03:30 132,242 ----a-w C:\Documents and Settings\All Users\Datos de programa\firstlsp.reg.dat . ((((((((((((((((((((((((((((( snapshot@2008-08-11_21.36.12.55 ))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((( Cargando Puntos Reg )))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* entradas vac¡as & entradas leg¡timas predeterminadas no son mostradas [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 22:18 15360] "IDMan"="C:\Archivos de programa\Internet Download Manager\IDMan.exe" [2007-06-17 11:16 896768] "updateMgr"="C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472] "AlcoholAutomount"="C:\Archivos de programa\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-05-06 21:09 4608] "SUPERAntiSpyware"="C:\Archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-06-04 00:05 1510640] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "ATICCC"="C:\Archivos de programa\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41 45056] "VisualTooltip"="C:\WINDOWS\VIPv3\VIPtooltip\Visua lToolTip.exe" [2006-01-17 19:15 319488] "nod32kui"="C:\Archivos de programa\Eset\nod32kui.exe" [2007-08-09 00:18 949376] "EnsoniqMixer"="C:\WINDOWS\system32\starter.ex e" [2000-02-09 06:50 32768] "CloneCDTray"="C:\Archivos de programa\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 15:21 57344] "QuickTime Task"="C:\Archivos de programa\QuickTime Alternative\qttask.exe" [2006-10-25 18:58 282624] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-13 22:18 15360] [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer] "MaxRecentDocs"= 11 (0xb) "NoStartMenuMFUprogramsList"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Archivos de programa\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2007-04-19 13:41 294912 C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv] 2007-04-28 01:02 176128 C:\ARCHIV~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.ACDV"= ACDV.dll "VIDC.X264"= x264vfw.dll "vidc.3IV2"= 3ivxVfWCodec.dll "vidc.ffds"= C:\ARCHIV~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll [HKLM\~\startupfolder\C:^Documents and Settings^Alfito^Menú Inicio^Programas^Inicio^Y'z ToolBar.lnk] path=C:\Documents and Settings\Alfito\Menú Inicio\Programas\Inicio\Y'z ToolBar.lnk backup=C:\WINDOWS\pss\Y'z ToolBar.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares] C:\Archivos de programa\Ares\Ares.exe [BU] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint] --a------ 2005-12-04 20:39 461584 C:\Archivos de programa\Microsoft IntelliPoint\ipoint.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2006-10-30 09:36 256576 C:\Archivos de programa\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2006-01-12 16:40 155648 C:\Archivos de programa\Archivos comunes\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2006-10-25 18:58 282624 C:\Archivos de programa\QuickTime Alternative\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] --a------ 2004-11-02 20:24 32768 C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2007-09-25 01:11 132496 C:\Archivos de programa\Java\jre1.6.0_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2007-07-03 21:18 68856 C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolba rNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VIPv3_Auto_Update] --a------ 2006-09-08 15:54 23723 C:\WINDOWS\VIPv3\CheckForUpdates.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "NBService"=3 (0x3) "usnjsvc"=3 (0x3) "rpcapd"=3 (0x3) "PnkBstrA"=2 (0x2) "PDEngine"=3 (0x3) "PDAgent"=2 (0x2) "gusvc"=3 (0x3) [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\utorrent.exe"= "C:\\Archivos de programa\\Messenger\\msmsgs.exe"= "C:\\Archivos de programa\\iTunes\\iTunes.exe"= "C:\\Archivos de programa\\The All-Seeing Eye\\eye.exe"= "C:\\Archivos de programa\\Quake2\\aq2.exe"= "C:\\Archivos de programa\\Teamspeak2_RC2 Server\\server_windows.exe"= "C:\\Archivos de programa\\Steam\\Steam.exe"= "C:\\Ratio Master\\RatioMaster.exe"= "C:\\WINDOWS\\system32\\dpvsetup.exe"= "C:\\Archivos de programa\\MSN Messenger\\msnmsgr.exe"= "C:\\Archivos de programa\\MSN Messenger\\livecall.exe"= "C:\\Documents and Settings\\All Users\\Datos de programa\\NexonUS\\NGM\\NGM.exe"= "C:\\Archivos de programa\\SHOUTcast\\sc_serv.exe"= "C:\\Archivos de programa\\Quake2\\r1q2.exe"= "C:\\Archivos de programa\\Quake2\\dedicated.exe"= "C:\\Archivos de programa\\Opera\\Opera.exe"= "C:\\Archivos de programa\\Steam\\steamapps\\gorerotten@hotmail.com \\counter-strike\\hl.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "E:\\Warcraft III\\war3.exe"= R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboo t.sys [2008-06-19 17:24] R2 UxTuneUp;TuneUp Ampliación del thema;C:\WINDOWS\System32\svchost.exe [2008-04-13 22:19] R2 wwEngineSvc;Window Washer Engine;C:\Archivos de programa\Webroot\Washer\WasherSvc.exe [2007-11-26 14:47] S0 Partizan;Partizan;C:\WINDOWS\system32\drivers\Part izan.sys [] S3 ddsxeiservice;ddsxeiservice2;C:\Archivos de programa\sXe Injected\ddsxei.sys [2008-08-03 22:32] S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2006-10-17 14:09] S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.ex e [2008-08-10 11:12] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{c79ea710-85a0-11dc-b4fd-0050ba86a1ff}] \Shell\AutoRun\command - I:\fooool.exe \Shell\explore\Command - I:\fooool.exe \Shell\open\Command - I:\fooool.exe [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{e4fa2543-2e45-11db-b2fc-0050ba86a1ff}] \Shell\AutoRun\command - I:\comine.exe \Shell\Explore\Command - I:\comine.exe \Shell\Open\Command - I:\comine.exe . Contenido de carpeta 'Tareas Programadas' 2008-08-13 C:\WINDOWS\Tasks\1-Click Maintenance.job - C:\Archivos de programa\TuneUp Utilities 2008\OneClickStarter.exe [2008-04-16 09:59] 2008-05-12 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Archivos de programa\Apple Software Update\SoftwareUpdate.exe [2006-10-10 17:13] . ************************************************** ************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-13 16:05:38 Windows 5.1.2600 Service Pack 3 NTFS escaneando procesos ocultos ... escaneando entradas ocultas de autostart ... escaneando archivos ocultos ... el escaneo se completo con exito archivos ocultos: 0 ************************************************** ************************ . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ati2evxx.exe C:\WINDOWS\system32\ati2evxx.exe C:\Archivos de programa\ESET\nod32krn.exe C:\WINDOWS\system32\wdfmgr.exe C:\Archivos de programa\Internet Download Manager\IEMonitor.exe . ************************************************** ************************ . Tiempo completado: 2008-08-13 16:21:18 - machine was rebooted ComboFix-quarantined-files.txt 2008-08-13 20:20:22 ComboFix2.txt 2008-08-13 16:14:42 ComboFix3.txt 2008-08-12 18:25:55 ComboFix4.txt 2008-08-12 01:39:27 Pre-Run: 4,544,544,768 bytes libres Post-Run: 4,539,899,904 bytes libres 244 --- E O F --- 2008-08-06 14:51:06 |
|
13/08/08, 17:34:11
| |
| |||
| Re: Comine.exe - Varios Problemas / Ayuda! Me anda harto más rápido el PC pero el archivo sigue ahí. PD: creo que cometí un error, quise "des-ocultar" los archivos por si eso es lo que hace que ningún programa los encuentre, el comine.exe desapareció y el nod32 me tiró un aviso y esto puedo rescatar del log: 13-08-2008 16:31:25 AMON file C:\comine.exe probably a variant of Win32/Genetik trojan quarantined - deleted ALF\Alfito Event occurred on a file modified by the application: C:\WINDOWS\Explorer.EXE. The file was moved to quarantine. You may close this window. Error muy grave? Edit: voy a reiniciar a ver que pasa :S Edit2: Reinicié el PC, pasó nada y el comine.exe no está en el disco C:\, será que puedo llegar y eliminar los archivos como si nada? Los siguientes archivos están "ocultos" en el disco C:\: autoexec.bat boot.ini bootfront.ini MSDOS.SYS NTDETECT.COM ntldr pagefile.sys (este se que no lo tengo que borrar) En el disco D:\: autoexec.bat Config.sys BOOTLOG.PRV BOOTLOG.TXT MSDOS.SYS SUHDLOG.DAT comine.exe (obvio que tiene que ser eliminado) VIDEOROM.BIN DRVSPACE.BIN DETLOG.TXT SETUPLOG.TXT IO.SYS SYSTEM.1ST En el disco E:\: comine.exe Puedo borrarlos todos menos el pagefile.sys? Porque, que yo recuerde, ninguno de esos archivos los asigné como ocultos. Última edición por Susvourtre fecha: 13/08/08 a las 17:44:40. |
|
13/08/08, 18:53:49
| |
| ||||
| Re: Comine.exe - Varios Problemas / Ayuda! Hola , Regresa esos archivos que eliminaste, menos el comine.exe, lod demas restauraslos, pues algunos son del sistema y otro no estoy muy seguro, pero por si acaso. Reinicia el ordenador y genera un nuevo reporte de Combofix Salu2! Lisa, los vampiros son seres inventados, como los duendes, los gremlins y los esquimales.(Homero S.) Novedades del Foro | Antivirus Online | Eliminar Malwares | Políticas del Foro | Blog * Ayúdanos haciendo una DONACIÓN para poder seguir Ayudando. * Para evitar Virus y Spywares al navegar por internet, USE FIREFOX !! * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro. |