| |||||||
| Temas Solucionados Casos de HijackThis y Malwares resueltos. (Solo lectura) |
 |
| | Enviar a: | Herramientas |
 | 
22/12/08, 17:47:14
|  |
| |||
| Troyano SENEKA indetectable por KAV (Solucionado) Hola equipo, Siempre he logrado una respuesta cuando postee un problema,. Tengo una PC dual core con 2 GB de RAM y corria Vista sin problemas. Repentinamente se torno lenta, no pude restaurar puntos anteriores y tengo el Kaspersky antivirus instalado. El KAV no me da ninguna indicacion de virus ni malware. Pego aqui el log de hijackthis y despues les solicito revisen los pasos de eliminacion del virus/troyano/malware Seneka que seme pego en el system32 mediante un dll. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:40:57 p.m., on 19/12/2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\SiS VGA Utilities\SiSTray.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe C:\Program Files\C&E\OSD\osd.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe C:\Program Files\VMware\VMware Workstation\vmware-tray.exe C:\Program Files\VMware\VMware Workstation\hqtray.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Babylon\Babylon-Pro\Babylon.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\System32\mobsync.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Windows\system32\SearchFilterHost.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Barra Yahoo! con bloqueador de ventanas emergentes - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O1 - Hosts: ::1 localhost O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Barra Yahoo! con bloqueador de ventanas emergentes - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [SiSTray] %ProgramFiles%\SiS VGA Utilities\SiSTray.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Skytel] Skytel.exe O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKLM\..\Run: [OSD] C:\Program Files\C&E\OSD\osd.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" O4 - HKLM\..\Run: [vmware-tray] "C:\Program Files\VMware\VMware Workstation\vmware-tray.exe" O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files\VMware\VMware Workstation\hqtray.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICIO LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICIO LOCAL') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Servicio de red') O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll O9 - Extra button: Agregar entrada - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Agregar entrada en Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O15 - Trusted Zone: http://prmportal.novell.com O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: \\?\globalroot\systemroot\system32\senekawi.dll O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe -- End of file - 9730 bytes Viendo la hora a la que empezaron los problemas detecte que la linea O20 - AppInit_DLLs: \\?\globalroot\systemroot\system32\senekawi.dll estaba relacionada. Trate de sacarla con el hijack pero me volvia a aparecer. Entre en System32, renombre todos los dll de senekaXX y los que no me dejaba los elimine con el file assasin en reboot. Luego de rebootear, pude eliminar la linea 020 -Appinit del hijackthis. AParentemente el problema se normalizo, al menos el de la pc lenta. Cuales debieran ser los siguientes pasos? que es ese archivo seneka? aparentemente creaba un log con vaya a saber que cosa. Porque el KAV no lo detecto? Gracias!  |
| InfoSpyware | ||
| |
|
23/12/08, 15:59:15
| |
| ||||
| Re: Troyano SENEKA indetectable por KAV Hola, sigue estos pasos: Descarga, actualiza y ejecuta el programa:Descarga CCleaner y ejecútalo usando primero su opción de "Limpiador" para borrar cookies, temporales de Internet y todos los archivos que este te muestre como obsoletos, y luego usa su opción de "Registro" para limpiar todo el registro de Windows (haciendo copia de seguridad).  - Descarga la herramienta ComboFix.exe y guárdala en el escritorio.
Cita:
Saludos  Novedades del Foro | Antivirus Online | Eliminar Malwares | Políticas del Foro | Blog * Ayúdanos haciendo una DONACIÓN para poder seguir Ayudando. * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro. |
|
27/12/08, 22:20:33
| |
| |||
| Re: Troyano SENEKA indetectable por KAV Gpastor, gracias por la ayuda. 1. Malwarebytes ejecutado Ok. 2. cccleaner ejecutado ok. 3 . Combofix, ejecutado y aqui esta el reporte: ComboFix 08-12-24.01 - usuario 2008-12-24 19:01:53.1 - NTFSx86 Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.3082.18.1916.1184 [GMT -3:00] Se ejecuta desde: c:\users\usuario\Desktop\ComboFix.exe * Creado un nuevo punto de restauración . (((((((((((((((((((((((((((((((((((( Otras eliminaciones ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\users\usuario\AppData\Roaming\.# c:\users\usuario\AppData\Roaming\.#\MBX@5A8@23E215 8.### c:\users\usuario\AppData\Roaming\.#\MBX@5A8@23E216 8.### . (((((((((((((((((( Archivos creados desde 2008-11-24 - 2008-12-24 ))))))))))))))))))))))))))))))))) . 2008-12-24 16:10 . 2008-12-24 16:10 <DIR> d-------- c:\users\usuario\AppData\Roaming\Malwarebytes 2008-12-24 16:09 . 2008-12-24 16:09 <DIR> d-------- c:\users\All Users\Malwarebytes 2008-12-24 16:09 . 2008-12-24 16:09 <DIR> d-------- c:\programdata\Malwarebytes 2008-12-24 16:09 . 2008-12-24 16:09 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2008-12-24 16:09 . 2008-12-03 19:59 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys 2008-12-24 16:09 . 2008-12-03 19:59 15,504 --a------ c:\windows\System32\drivers\mbam.sys 2008-12-20 16:33 . 2008-12-20 20:58 <DIR> d-------- c:\users\usuario\AppData\Roaming\Babylon 2008-12-20 16:33 . 2008-12-24 18:58 <DIR> d-------- c:\users\All Users\Babylon 2008-12-20 16:33 . 2008-12-24 18:58 <DIR> d-------- c:\programdata\Babylon 2008-12-20 16:33 . 2008-12-20 16:33 <DIR> d-------- c:\program files\Babylon 2008-12-20 00:32 . 2008-12-20 00:32 <DIR> d-------- c:\users\All Users\WindowsSearch 2008-12-20 00:32 . 2008-12-20 00:32 <DIR> d-------- c:\programdata\WindowsSearch 2008-12-19 20:27 . 2008-12-20 01:21 2,461 --a------ c:\windows\System32\borrar_ex_senekadf.dat 2008-12-19 20:27 . 2008-12-20 01:21 59 --a------ c:\windows\System32\borrar_ex_seneka.dat 2008-12-19 20:16 . 2008-12-20 01:21 13,334 --a------ c:\windows\System32\borrar_ex_senekalog.dat 2008-12-10 23:09 . 2008-12-10 23:10 <DIR> d-------- c:\program files\Hotspot Shield 2008-12-10 00:15 . 2008-10-21 22:22 2,048 --a------ c:\windows\System32\tzres.dll 2008-11-27 10:33 . 2008-10-21 02:25 1,645,568 --a------ c:\windows\System32\connect.dll 2008-11-27 10:33 . 2008-08-28 00:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll 2008-11-27 10:33 . 2008-08-28 00:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll 2008-11-27 10:33 . 2008-08-28 00:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll 2008-11-27 10:33 . 2008-10-22 00:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll 2008-11-26 23:46 . 2008-11-26 23:46 <DIR> d-------- c:\program files\icyradio0.5 . (((((((((((((((((((((((((((((((((((((( Reporte Find3M )))))))))))))))))))))))))))))))))))))))))))))))))) ) . 2008-12-24 21:47 --------- d-----w c:\program files\CCleaner 2008-12-24 19:09 655,392 --sha-w c:\windows\system32\drivers\fidbox2.dat 2008-12-24 19:09 3,320 --sha-w c:\windows\system32\drivers\fidbox2.idx 2008-12-24 13:59 --------- d-----w c:\users\usuario\AppData\Roaming\VMware 2008-12-24 13:58 --------- d-----w c:\programdata\Kaspersky Lab 2008-12-24 13:55 --------- d-----w c:\programdata\VMware 2008-12-24 06:59 4,838,432 --sha-w c:\windows\system32\drivers\fidbox.dat 2008-12-24 06:59 38,880 --sha-w c:\windows\system32\drivers\fidbox.idx 2008-12-23 18:20 --------- d-----w c:\users\usuario\AppData\Roaming\OpenOffice.org2 2008-12-20 15:39 --------- d-----w c:\users\usuario\AppData\Roaming\SolidDocuments 2008-12-10 03:19 --------- d-----w c:\program files\Windows Mail 2008-12-03 21:27 --------- d-----w c:\users\usuario\AppData\Roaming\Skype 2008-12-03 19:08 --------- d-----w c:\users\usuario\AppData\Roaming\skypePM 2008-12-03 03:47 --------- d-----w c:\users\usuario\AppData\Roaming\gtk-2.0 2008-11-21 03:22 --------- d-----w c:\program files\SJLabs 2008-11-21 03:22 --------- d-----w c:\program files\Common Files\Wise Installation Wizard 2008-11-20 16:31 --------- d-----w c:\program files\Mozilla Thunderbird 2008-11-20 02:50 --------- d-----w c:\program files\CounterPath 2008-11-18 03:32 --------- d-----w c:\program files\Trend Micro 2008-11-16 23:52 --------- d-----w c:\programdata\Yahoo! Companion 2008-11-16 23:52 --------- d-----w c:\programdata\FLEXnet 2008-11-16 23:29 --------- d-----w c:\program files\Free PDF to Word Doc Converter 2008-11-15 22:10 --------- d-----w c:\program files\ARAR 2008-11-14 22:52 --------- d-----w c:\program files\VeryPDF PDF2Word v3.0 2008-11-12 19:41 --------- d-----w c:\program files\SolidDocuments 2008-11-05 17:47 --------- d--h--w c:\program files\InstallShield Installation Information 2008-11-04 20:28 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_SynTP_0100 0.Wdf 2008-11-04 20:28 --------- d-----w c:\program files\Synaptics 2008-11-04 19:58 --------- d-----w c:\program files\TouchFreeze 2008-11-04 18:46 --------- d-----w c:\program files\Lavalys 2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll 2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll 2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll 2008-11-01 03:44 28,672 ----a-w c:\windows\System32\Apphlpdm.dll 2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll 2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll 2008-11-01 01:21 4,240,384 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll 2008-10-30 18:10 --------- d-----w c:\program files\WinDirStat 2008-10-29 06:29 2,927,104 ----a-w c:\windows\explorer.exe 2008-10-25 01:21 --------- d-----w c:\program files\PDF Password Remover v3.0 2008-10-24 02:39 --------- d-----w c:\users\usuario\AppData\Roaming\Inkscape 2008-10-24 02:39 --------- d-----w c:\program files\Inkscape 2008-10-21 05:25 296,960 ----a-w c:\windows\System32\gdi32.dll 2008-10-16 21:13 1,809,944 ----a-w c:\windows\System32\wuaueng.dll 2008-10-16 21:12 561,688 ----a-w c:\windows\System32\wuapi.dll 2008-10-16 21:09 51,224 ----a-w c:\windows\System32\wuauclt.exe 2008-10-16 21:09 43,544 ----a-w c:\windows\System32\wups2.dll 2008-10-16 21:08 34,328 ----a-w c:\windows\System32\wups.dll 2008-10-16 20:56 1,524,736 ----a-w c:\windows\System32\wucltux.dll 2008-10-16 20:55 83,456 ----a-w c:\windows\System32\wudriver.dll 2008-10-16 17:08 162,064 ----a-w c:\windows\System32\wuwebv.dll 2008-10-16 16:56 31,232 ----a-w c:\windows\System32\wuapp.exe 2008-10-16 04:47 827,392 ----a-w c:\windows\System32\wininet.dll 2008-06-29 02:23 56 ---ha-w c:\users\All Users\ezsidmv.dat 2008-06-29 02:23 56 ---ha-w c:\programdata\ezsidmv.dat 2008-01-21 02:57 174 --sha-w c:\program files\desktop.ini . ((((((((((((((((((((((((((((((((( Cargando Puntos Reg )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vacías & entradas legítimas predeterminadas no son mostradas REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}] 2008-12-10 23:10 204248 --a------ c:\program files\Hotspot Shield\hssie\HssIE.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-20 1233920] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-20 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "SiSTray"="c:\program files\SiS VGA Utilities\SiSTray.exe" [2007-08-24 552960] "SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-01 630784] "OSD"="c:\program files\C&E\OSD\osd.exe" [2007-08-28 671801] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-04-25 201992] "vmware-tray"="c:\program files\VMware\VMware Workstation\vmware-tray.exe" [2008-05-16 72240] "VMware hqtray"="c:\program files\VMware\VMware Workstation\hqtray.exe" [2008-05-16 55856] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 623992] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416] "Babylon Client"="c:\program files\Babylon\Babylon-Pro\Babylon.exe" [2008-09-01 3563232] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2008-12-03 399504] "RtHDVCpl"="RtHDVCpl.exe" [2007-08-09 c:\windows\RtHDVCpl.exe] "Skytel"="Skytel.exe" [2007-08-03 c:\windows\SkyTel.exe] [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.divxa32"= divxa32.acm [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\senekalight] @="service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules] "{384B241D-8C99-45E7-B4EA-6E0AE47BE699}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "TCP Query User{76EF6FE1-26BF-442E-809D-AA9B4411BC79}c:\\programdata\\kaspersky lab setup files\\kaspersky anti-virus 2009\\english\\setup.exe"= UDP:c:\programdata\kaspersky lab setup files\kaspersky anti-virus 2009\english\setup.exe:Kaspersky Anti-Virus 2009 Setup "UDP Query User{A737C50C-DA21-4357-AF3D-67B4C9E4B9F1}c:\\programdata\\kaspersky lab setup files\\kaspersky anti-virus 2009\\english\\setup.exe"= TCP:c:\programdata\kaspersky lab setup files\kaspersky anti-virus 2009\english\setup.exe:Kaspersky Anti-Virus 2009 Setup "{FF7924B8-FDE1-4DF8-A28C-15F162504D09}"= c:\program files\Skype\Phone\Skype.exe:Skype "{87F7B39A-F914-4F50-AF9D-8D33B16DCD99}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "TCP Query User{A67BA300-A9B9-4BDC-AAB2-A58E02F27096}c:\\program files\\ares\\ares.exe"= UDP:c:\program files\ares\ares.exe:Ares p2p for windows "UDP Query User{273CA485-C288-4FAD-86A1-C9CBAD761B3E}c:\\program files\\ares\\ares.exe"= TCP:c:\program files\ares\ares.exe:Ares p2p for windows "TCP Query User{C463D08E-8661-4CC1-ADCC-14B1412309F2}c:\\program files\\counterpath\\x-lite\\x-lite.exe"= UDP:c:\program files\counterpath\x-lite\x-lite.exe:X-Lite "UDP Query User{0B8BE025-672E-4D2B-99A6-3430A061A11B}c:\\program files\\counterpath\\x-lite\\x-lite.exe"= TCP:c:\program files\counterpath\x-lite\x-lite.exe:X-Lite "TCP Query User{B97533E9-F850-4F47-8D3C-FDEB4C2234B9}c:\\program files\\counterpath\\x-lite\\x-lite.exe"= UDP:c:\program files\counterpath\x-lite\x-lite.exe:X-Lite "UDP Query User{1F529624-DA56-493B-ABB4-0E0D24C5D1A7}c:\\program files\\counterpath\\x-lite\\x-lite.exe"= TCP:c:\program files\counterpath\x-lite\x-lite.exe:X-Lite "TCP Query User{DD1BC74D-3E40-4E11-8FB6-31CE66622B9F}c:\\program files\\counterpath\\eyebeam 1.5\\eyebeam.exe"= UDP:c:\program files\counterpath\eyebeam 1.5\eyebeam.exe:eyeBeam "UDP Query User{DCE91A20-E893-4731-8B4B-8A5A14AB662C}c:\\program files\\counterpath\\eyebeam 1.5\\eyebeam.exe"= TCP:c:\program files\counterpath\eyebeam 1.5\eyebeam.exe:eyeBeam "TCP Query User{0C9185D6-1726-46A2-BCD8-F20DD4E56A6A}c:\\program files\\sjlabs\\sjphone\\sjphone.exe"= UDP:c:\program files\sjlabs\sjphone\sjphone.exe:SJphone "UDP Query User{9DE8A8F0-7633-49BA-9F00-400223C8AAC2}c:\\program files\\sjlabs\\sjphone\\sjphone.exe"= TCP:c:\program files\sjlabs\sjphone\sjphone.exe:SJphone "TCP Query User{26955240-6EA4-42DF-AF5B-7FCA6D06CA63}c:\\program files\\sjlabs\\sjphone\\sjphone.exe"= UDP:c:\program files\sjlabs\sjphone\sjphone.exe:SJphone "UDP Query User{FF373D7E-5F9E-4C3D-AB7C-903A7E5B3412}c:\\program files\\sjlabs\\sjphone\\sjphone.exe"= TCP:c:\program files\sjlabs\sjphone\sjphone.exe:SJphone "TCP Query User{37C65D92-1841-41A5-96D4-D62FD4ACA1B2}c:\\users\\usuario\\desktop\\icyradio 0.5\\icyradio.exe"= UDP:c:\users\usuario\desktop\icyradio0.5\icyradio. exe:icyradio.exe "UDP Query User{B49CC902-38BF-43B3-876B-266E807914D5}c:\\users\\usuario\\desktop\\icyradio 0.5\\icyradio.exe"= TCP:c:\users\usuario\desktop\icyradio0.5\icyradio. exe:icyradio.exe "TCP Query User{7AA5DD1E-C053-4F18-8653-0D33930DAF08}c:\\program files\\counterpath\\eyebeam 1.5\\eyebeam.exe"= UDP:c:\program files\counterpath\eyebeam 1.5\eyebeam.exe:eyeBeam "UDP Query User{4B03B7A1-A7EB-43FE-ADE8-1D81EF64A7B3}c:\\program files\\counterpath\\eyebeam 1.5\\eyebeam.exe"= TCP:c:\program files\counterpath\eyebeam 1.5\eyebeam.exe:eyeBeam R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784] R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2008-03-26 20496] R2 MBAMService;MBAMService;"c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe" [2008-12-24 170640] R3 MBAMProtector;MBAMProtector;\??\c:\windows\system3 2\drivers\mbam.sys [2008-12-24 15504] R3 SiS6350;SiS6350;c:\windows\system32\DRIVERS\SISGRK MD.sys [2008-04-18 452096] R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSGB6.sys [2008-04-18 46592] S2 senekalight;senekalight;c:\windows\system32\svchos t.exe -k netsvcs [2008-01-20 21504] S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2008-04-18 283136] S3 usb2vcom;USB to Serial Bridge Controller;c:\windows\system32\Drivers\usb2vcom.sy s [2008-09-20 27616] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs senekalight *Newly Created Service* - CATCHME *Newly Created Service* - MBAMPROTECTOR *Newly Created Service* - PROCEXP90 . Contenido de carpeta 'Tareas Programadas' 2008-12-24 c:\windows\Tasks\Comprobar actualizaciones de Windows Live Toolbar.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 06:20] . - - - - HUÉRFANOS ELIMINADOS - - - - HKCU-Run-eyeBeam SIP Client - (no file) ************************************************** ************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-24 19:04:33 Windows 6.0.6001 Service Pack 1 NTFS escaneando procesos ocultos ... escaneando entradas ocultas de autostart ... escaneando archivos ocultos ... c:\users\usuario\AppData\Local\Temp\catchme.dll 53248 bytes executable el escaneo se completo con exito archivos ocultos: 1 ************************************************** ************************ . Tiempo completado: 2008-12-24 19  59ComboFix-quarantined-files.txt 2008-12-24 22 56Pre-Run: 46,245,548,032 bytes libres Post-Run: 51,608,477,696 bytes libres 192 --- E O F --- 2008-12-22 22:30:26 Me queda esa duda: que era el seneka que mencione en primer lugar? Notar que aparece en el reporte como senekalight en dos lineas. "S2 senekalight;senekalight;c:\windows\system32\svchos t.exe -k netsvcs [2008-01-20 21504]" "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs senekalight" Que hago con la carpeta QOOBOX creada por el ComboFix.? Gracias por la ayuda y espero nuevas instrucciones. Saludos Última edición por gmorph fecha: 27/12/08 a las 22:33:46. Razón: agregar comentarios |
|
27/12/08, 22:54:31
| |
| ||||
| Re: Troyano SENEKA indetectable por KAV ComboFix detectó y eliminó ya algunos Malwares, pero todavía quedaron algunas cosas para sacar, sigue estos pasos: 1.-Abrir el Notepad
2.- Ahora copia y pega este código dentro del Notepad Código HTML: KillAll:: Registry:: [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\senekalight] NetSvcs:: senekalight 4.- Arrastrar y soltar el archivo CFScript.txt dentro del archivo ComboFix.exe como lo muestra la animación de abajo. Esto activara ComboFix nuevamente.  Reinicia y nos cuentas los resultados. junto con un nuevo reporte de ComboFix y uno de Hijackthis. Saludos PDTA: Qoobox es como la cuarentena de CF por lo que no hagas nada con él, ya luego te daré otras indicaciones al respecto. Novedades del Foro | Antivirus Online | Eliminar Malwares | Políticas del Foro | Blog * Ayúdanos haciendo una DONACIÓN para poder seguir Ayudando. * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro. |
|
27/12/08, 23:44:13
| |
| |||
| Re: Troyano SENEKA indetectable por KAV Hice lo que me indicaste. Cuando arrastre el CFScript.txt me dijo que el ComboFix tenia una nueva actualizacion, asi que lo actualizo. Luego ejecuto y este es el log de Hijackthis y the ComboFix. Lamentablemente olvide cerrar el antivirus. Igualmente te pego los logs y espero tus nuevas instrucciones. Si debo repetir el proceso me lo indicas. No se si ejecuto el CFSript debido a esto y la actualizacion. Gracias por la ayuda nuevamente ComboFix 08-12-26.03 - usuario 2008-12-28 0:17:57.2 - NTFSx86 Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.3082.18.1916.1069 [GMT -3:00] Se ejecuta desde: c:\users\usuario\Desktop\ComboFix.exe Comando de interruptores utilizados :: c:\users\usuario\Desktop\CFScript.txt AV: Kaspersky Anti-Virus *On-access scanning disabled* (Outdated) * Creado un nuevo punto de restauración . (((((((((((((((((( Archivos creados desde 2008-11-28 - 2008-12-28 ))))))))))))))))))))))))))))))))) . 2008-12-24 16:10 . 2008-12-24 16:10 <DIR> d-------- c:\users\usuario\AppData\Roaming\Malwarebytes 2008-12-24 16:09 . 2008-12-24 16:09 <DIR> d-------- c:\users\All Users\Malwarebytes 2008-12-24 16:09 . 2008-12-24 16:09 <DIR> d-------- c:\programdata\Malwarebytes 2008-12-24 16:09 . 2008-12-24 16:09 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2008-12-24 16:09 . 2008-12-03 19:59 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys 2008-12-24 16:09 . 2008-12-03 19:59 15,504 --a------ c:\windows\System32\drivers\mbam.sys 2008-12-20 16:33 . 2008-12-20 20:58 <DIR> d-------- c:\users\usuario\AppData\Roaming\Babylon 2008-12-20 16:33 . 2008-12-28 00:23 <DIR> d-------- c:\users\All Users\Babylon 2008-12-20 16:33 . 2008-12-28 00:23 <DIR> d-------- c:\programdata\Babylon 2008-12-20 16:33 . 2008-12-20 16:33 <DIR> d-------- c:\program files\Babylon 2008-12-20 00:32 . 2008-12-20 00:32 <DIR> d-------- c:\users\All Users\WindowsSearch 2008-12-20 00:32 . 2008-12-20 00:32 <DIR> d-------- c:\programdata\WindowsSearch 2008-12-19 20:27 . 2008-12-20 01:21 2,461 --a------ c:\windows\System32\borrar_ex_senekadf.dat 2008-12-19 20:27 . 2008-12-20 01:21 59 --a------ c:\windows\System32\borrar_ex_seneka.dat 2008-12-19 20:16 . 2008-12-20 01:21 13,334 --a------ c:\windows\System32\borrar_ex_senekalog.dat 2008-12-10 23:09 . 2008-12-10 23:10 <DIR> d-------- c:\program files\Hotspot Shield 2008-12-10 00:15 . 2008-10-21 22:22 2,048 --a------ c:\windows\System32\tzres.dll . (((((((((((((((((((((((((((((((((((((( Reporte Find3M )))))))))))))))))))))))))))))))))))))))))))))))))) ) . 2008-12-28 03:23 --------- d-----w c:\programdata\Kaspersky Lab 2008-12-28 03:22 --------- d-----w c:\users\usuario\AppData\Roaming\VMware 2008-12-28 03:22 --------- d-----w c:\programdata\VMware 2008-12-28 03:21 663,584 --sha-w c:\windows\system32\drivers\fidbox2.dat 2008-12-28 03:21 4,838,432 --sha-w c:\windows\system32\drivers\fidbox.dat 2008-12-28 03:21 38,880 --sha-w c:\windows\system32\drivers\fidbox.idx 2008-12-28 03:21 3,348 --sha-w c:\windows\system32\drivers\fidbox2.idx 2008-12-24 21:47 --------- d-----w c:\program files\CCleaner 2008-12-23 18:20 --------- d-----w c:\users\usuario\AppData\Roaming\OpenOffice.org2 2008-12-20 15:39 --------- d-----w c:\users\usuario\AppData\Roaming\SolidDocuments 2008-12-10 03:19 --------- d-----w c:\program files\Windows Mail 2008-12-03 21:27 --------- d-----w c:\users\usuario\AppData\Roaming\Skype 2008-12-03 19:08 --------- d-----w c:\users\usuario\AppData\Roaming\skypePM 2008-12-03 03:47 --------- d-----w c:\users\usuario\AppData\Roaming\gtk-2.0 2008-11-27 02:46 --------- d-----w c:\program files\icyradio0.5 2008-11-21 03:22 --------- d-----w c:\program files\SJLabs 2008-11-21 03:22 --------- d-----w c:\program files\Common Files\Wise Installation Wizard 2008-11-20 16:31 --------- d-----w c:\program files\Mozilla Thunderbird 2008-11-20 02:50 --------- d-----w c:\program files\CounterPath 2008-11-18 03:32 --------- d-----w c:\program files\Trend Micro 2008-11-16 23:52 --------- d-----w c:\programdata\Yahoo! Companion 2008-11-16 23:52 --------- d-----w c:\programdata\FLEXnet 2008-11-16 23:29 --------- d-----w c:\program files\Free PDF to Word Doc Converter 2008-11-15 22:10 --------- d-----w c:\program files\ARAR 2008-11-14 22:52 --------- d-----w c:\program files\VeryPDF PDF2Word v3.0 2008-11-12 19:41 --------- d-----w c:\program files\SolidDocuments 2008-11-05 17:47 --------- d--h--w c:\program files\InstallShield Installation Information 2008-11-04 20:28 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_SynTP_0100 0.Wdf 2008-11-04 20:28 --------- d-----w c:\program files\Synaptics 2008-11-04 19:58 --------- d-----w c:\program files\TouchFreeze 2008-11-04 18:46 --------- d-----w c:\program files\Lavalys 2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll 2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll 2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll 2008-11-01 03:44 28,672 ----a-w c:\windows\System32\Apphlpdm.dll 2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll 2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll 2008-11-01 01:21 4,240,384 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll 2008-10-30 18:10 --------- d-----w c:\program files\WinDirStat 2008-10-29 06:29 2,927,104 ----a-w c:\windows\explorer.exe 2008-10-22 03:57 241,152 ----a-w c:\windows\System32\PortableDeviceApi.dll 2008-10-21 05:25 296,960 ----a-w c:\windows\System32\gdi32.dll 2008-10-21 05:25 1,645,568 ----a-w c:\windows\System32\connect.dll 2008-10-16 21:13 1,809,944 ----a-w c:\windows\System32\wuaueng.dll 2008-10-16 21:12 561,688 ----a-w c:\windows\System32\wuapi.dll 2008-10-16 21:09 51,224 ----a-w c:\windows\System32\wuauclt.exe 2008-10-16 21:09 43,544 ----a-w c:\windows\System32\wups2.dll 2008-10-16 21:08 34,328 ----a-w c:\windows\System32\wups.dll 2008-10-16 20:56 1,524,736 ----a-w c:\windows\System32\wucltux.dll 2008-10-16 20:55 83,456 ----a-w c:\windows\System32\wudriver.dll 2008-10-16 17:08 162,064 ----a-w c:\windows\System32\wuwebv.dll 2008-10-16 16:56 31,232 ----a-w c:\windows\System32\wuapp.exe 2008-10-16 04:47 827,392 ----a-w c:\windows\System32\wininet.dll 2008-06-29 02:23 56 ---ha-w c:\users\All Users\ezsidmv.dat 2008-06-29 02:23 56 ---ha-w c:\programdata\ezsidmv.dat 2008-01-21 02:57 174 --sha-w c:\program files\desktop.ini . ((((((((((((((((((((((((((((( snapshot@2008-12-24_19.04.58.59 ))))))))))))))))))))))))))))))))))))))))) . - 2008-12-24 13:58:40 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT + 2008-12-28 03:22:48 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT + 2008-12-28 03:22:48 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat .LOG1 - 2008-12-24 13:59:29 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.D AT + 2008-12-28 03:23:10 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.D AT + 2008-12-28 03:23:10 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.d at.LOG1 - 2008-12-24 13:55:12 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at + 2008-12-28 03:22:32 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at - 2008-12-24 13:55:12 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2008-12-28 03:22:32 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2008-12-24 13:55:12 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat + 2008-12-28 03:22:32 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat - 2008-12-24 22:01:44 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.da t + 2008-12-28 03:17:01 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.da t + 2008-12-26 19:26:51 2,456 ----a-w c:\windows\System32\networklist\icons\{7D24AF20-3AC9-4844-A644-B23D86C914A3}_24.bin + 2008-12-26 19:26:51 4,280 ----a-w c:\windows\System32\networklist\icons\{7D24AF20-3AC9-4844-A644-B23D86C914A3}_32.bin + 2008-12-26 19:26:51 9,560 ----a-w c:\windows\System32\networklist\icons\{7D24AF20-3AC9-4844-A644-B23D86C914A3}_48.bin - 2008-12-24 14:00:10 11,540 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1766036100-3191353462-366942756-1000_UserData.bin + 2008-12-28 01:33:10 11,592 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1766036100-3191353462-366942756-1000_UserData.bin - 2008-12-24 14:00:09 71,482 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics _SystemData.bin + 2008-12-28 01:33:10 71,730 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics _SystemData.bin - 2008-12-24 14:00:07 42,846 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnos tics_SystemData.bin + 2008-12-28 03:05:55 43,330 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnos tics_SystemData.bin . ((((((((((((((((((((((((((((((((( Cargando Puntos Reg )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vacías & entradas legítimas predeterminadas no son mostradas REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}] 2008-12-10 23:10 204248 --a------ c:\program files\Hotspot Shield\hssie\HssIE.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-20 1233920] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-20 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "SiSTray"="c:\program files\SiS VGA Utilities\SiSTray.exe" [2007-08-24 552960] "SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-01 630784] "OSD"="c:\program files\C&E\OSD\osd.exe" [2007-08-28 671801] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-04-25 201992] "vmware-tray"="c:\program files\VMware\VMware Workstation\vmware-tray.exe" [2008-05-16 72240] "VMware hqtray"="c:\program files\VMware\VMware Workstation\hqtray.exe" [2008-05-16 55856] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 623992] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416] "Babylon Client"="c:\program files\Babylon\Babylon-Pro\Babylon.exe" [2008-09-01 3563232] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2008-12-03 399504] "RtHDVCpl"="RtHDVCpl.exe" [2007-08-09 c:\windows\RtHDVCpl.exe] "Skytel"="Skytel.exe" [2007-08-03 c:\windows\SkyTel.exe] [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.divxa32"= divxa32.acm [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\senekalight] @="service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules] "{384B241D-8C99-45E7-B4EA-6E0AE47BE699}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "TCP Query User{76EF6FE1-26BF-442E-809D-AA9B4411BC79}c:\\programdata\\kaspersky lab setup files\\kaspersky anti-virus 2009\\english\\setup.exe"= UDP:c:\programdata\kaspersky lab setup files\kaspersky anti-virus 2009\english\setup.exe:Kaspersky Anti-Virus 2009 Setup "UDP Query User{A737C50C-DA21-4357-AF3D-67B4C9E4B9F1}c:\\programdata\\kaspersky lab setup files\\kaspersky anti-virus 2009\\english\\setup.exe"= TCP:c:\programdata\kaspersky lab setup files\kaspersky anti-virus 2009\english\setup.exe:Kaspersky Anti-Virus 2009 Setup "{FF7924B8-FDE1-4DF8-A28C-15F162504D09}"= c:\program files\Skype\Phone\Skype.exe:Skype "{87F7B39A-F914-4F50-AF9D-8D33B16DCD99}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "TCP Query User{A67BA300-A9B9-4BDC-AAB2-A58E02F27096}c:\\program files\\ares\\ares.exe"= UDP:c:\program files\ares\ares.exe:Ares p2p for windows "UDP Query User{273CA485-C288-4FAD-86A1-C9CBAD761B3E}c:\\program files\\ares\\ares.exe"= TCP:c:\program files\ares\ares.exe:Ares p2p for windows "TCP Query User{C463D08E-8661-4CC1-ADCC-14B1412309F2}c:\\program files\\counterpath\\x-lite\\x-lite.exe"= UDP:c:\program files\counterpath\x-lite\x-lite.exe:X-Lite "UDP Query User{0B8BE025-672E-4D2B-99A6-3430A061A11B}c:\\program files\\counterpath\\x-lite\\x-lite.exe"= TCP:c:\program files\counterpath\x-lite\x-lite.exe:X-Lite "TCP Query User{B97533E9-F850-4F47-8D3C-FDEB4C2234B9}c:\\program files\\counterpath\\x-lite\\x-lite.exe"= UDP:c:\program files\counterpath\x-lite\x-lite.exe:X-Lite "UDP Query User{1F529624-DA56-493B-ABB4-0E0D24C5D1A7}c:\\program files\\counterpath\\x-lite\\x-lite.exe"= TCP:c:\program files\counterpath\x-lite\x-lite.exe:X-Lite "TCP Query User{DD1BC74D-3E40-4E11-8FB6-31CE66622B9F}c:\\program files\\counterpath\\eyebeam 1.5\\eyebeam.exe"= UDP:c:\program files\counterpath\eyebeam 1.5\eyebeam.exe:eyeBeam "UDP Query User{DCE91A20-E893-4731-8B4B-8A5A14AB662C}c:\\program files\\counterpath\\eyebeam 1.5\\eyebeam.exe"= TCP:c:\program files\counterpath\eyebeam 1.5\eyebeam.exe:eyeBeam "TCP Query User{0C9185D6-1726-46A2-BCD8-F20DD4E56A6A}c:\\program files\\sjlabs\\sjphone\\sjphone.exe"= UDP:c:\program files\sjlabs\sjphone\sjphone.exe:SJphone "UDP Query User{9DE8A8F0-7633-49BA-9F00-400223C8AAC2}c:\\program files\\sjlabs\\sjphone\\sjphone.exe"= TCP:c:\program files\sjlabs\sjphone\sjphone.exe:SJphone "TCP Query User{26955240-6EA4-42DF-AF5B-7FCA6D06CA63}c:\\program files\\sjlabs\\sjphone\\sjphone.exe"= UDP:c:\program files\sjlabs\sjphone\sjphone.exe:SJphone "UDP Query User{FF373D7E-5F9E-4C3D-AB7C-903A7E5B3412}c:\\program files\\sjlabs\\sjphone\\sjphone.exe"= TCP:c:\program files\sjlabs\sjphone\sjphone.exe:SJphone "TCP Query User{37C65D92-1841-41A5-96D4-D62FD4ACA1B2}c:\\users\\usuario\\desktop\\icyradio 0.5\\icyradio.exe"= UDP:c:\users\usuario\desktop\icyradio0.5\icyradio. exe:icyradio.exe "UDP Query User{B49CC902-38BF-43B3-876B-266E807914D5}c:\\users\\usuario\\desktop\\icyradio 0.5\\icyradio.exe"= TCP:c:\users\usuario\desktop\icyradio0.5\icyradio. exe:icyradio.exe "TCP Query User{7AA5DD1E-C053-4F18-8653-0D33930DAF08}c:\\program files\\counterpath\\eyebeam 1.5\\eyebeam.exe"= UDP:c:\program files\counterpath\eyebeam 1.5\eyebeam.exe:eyeBeam "UDP Query User{4B03B7A1-A7EB-43FE-ADE8-1D81EF64A7B3}c:\\program files\\counterpath\\eyebeam 1.5\\eyebeam.exe"= TCP:c:\program files\counterpath\eyebeam 1.5\eyebeam.exe:eyeBeam R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784] R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2008-03-26 20496] R2 MBAMService;MBAMService;"c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe" [2008-12-24 170640] R3 MBAMProtector;MBAMProtector;\??\c:\windows\system3 2\drivers\mbam.sys [2008-12-24 15504] R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2008-04-18 283136] R3 SiS6350;SiS6350;c:\windows\system32\DRIVERS\SISGRK MD.sys [2008-04-18 452096] R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSGB6.sys [2008-04-18 46592] S2 senekalight;senekalight;c:\windows\system32\svchos t.exe -k netsvcs [2008-01-20 21504] S3 usb2vcom;USB to Serial Bridge Controller;c:\windows\system32\Drivers\usb2vcom.sy s [2008-09-20 27616] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs senekalight . Contenido de carpeta 'Tareas Programadas' 2008-12-28 c:\windows\Tasks\Comprobar actualizaciones de Windows Live Toolbar.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 06:20] . ************************************************** ************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-28 00:22:58 Windows 6.0.6001 Service Pack 1 NTFS escaneando procesos ocultos ... escaneando entradas ocultas de autostart ... escaneando archivos ocultos ... el escaneo se completo con exito archivos ocultos: 0 ************************************************** ************************ . ------------------------ Otros procesos en ejecución ------------------------ . c:\windows\System32\audiodg.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Hotspot Shield\bin\openvpnas.exe c:\program files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe c:\windows\System32\vmnat.exe c:\program files\VMware\VMware Workstation\vmware-authd.exe c:\windows\System32\vmnetdhcp.exe c:\windows\System32\WUDFHost.exe c:\windows\System32\conime.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\System32\wbem\unsecapp.exe c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe c:\program files\Synaptics\SynTP\SynTPHelper.exe c:\windows\servicing\TrustedInstaller.exe . ************************************************** ************************ . Tiempo completado: 2008-12-28 0:30:45 - Reiniciando la máquina ComboFix-quarantined-files.txt 2008-12-28 03:30:30 ComboFix2.txt 2008-12-24 22:11:00 Pre-Run: 48,770,011,136 bytes libres Post-Run: 48,433,709,056 bytes libres 222 --- E O F --- 2008-12-22 22:30:26 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:36:15 a.m., on 28/12/2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\conime.exe C:\Program Files\SiS VGA Utilities\SiSTray.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe C:\Program Files\VMware\VMware Workstation\vmware-tray.exe C:\Program Files\VMware\VMware Workstation\hqtray.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Babylon\Babylon-Pro\Babylon.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\System32\mobsync.exe C:\Windows\Explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Barra Yahoo! con bloqueador de ventanas emergentes - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Barra Yahoo! con bloqueador de ventanas emergentes - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [SiSTray] %ProgramFiles%\SiS VGA Utilities\SiSTray.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Skytel] Skytel.exe O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKLM\..\Run: [OSD] C:\Program Files\C&E\OSD\osd.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" O4 - HKLM\..\Run: [vmware-tray] "C:\Program Files\VMware\VMware Workstation\vmware-tray.exe" O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files\VMware\VMware Workstation\hqtray.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll O9 - Extra button: Agregar entrada - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Agregar entrada en Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O15 - Trusted Zone: http://prmportal.novell.com O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe -- End of file - 9513 bytes Última edición por gmorph fecha: 27/12/08 a las 23:55:22. Razón: agregar comentarios |
|
28/12/08, 00:12:14
| |
| ||||
| Re: Troyano SENEKA indetectable por KAV mmmm algo habrás hecho mal  Te recomiendo repetir el proceso de mi anterior mensaje y pegas un nuevo reporte de ComboFix. En todo caso tu log de Hijackthis está limpio, coméntanos como va todo. Novedades del Foro | Antivirus Online | Eliminar Malwares | Políticas del Foro | Blog * Ayúdanos haciendo una DONACIÓN para poder seguir Ayudando. * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro. |
|
28/12/08, 00:32:56
| |
| |||
| Re: Troyano SENEKA indetectable por KAV un comentario adicional, en tu script anterior mencionas: Registry:: [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\senekalight] Entre "Contro" y la letra "l" existe un espacio, es esto correcto? gRACIAS |
|
28/12/08, 01:02:28
| |
| |||
| Re: Troyano SENEKA indetectable por KAV Corrigiendo lo que asumo es un espacio de mas, corri el script y este es el nuevo log. Si bien ya desaparecio la linea que me indicaste en el script, todavia aparece la que dice : S2 senekalight;senekalight;c:\windows\system32\svchos t.exe -k netsvcs [2008-01-20 21504] y la que dice.. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs senekalight Pego el log completo. Gracias ComboFix 08-12-26.03 - usuario 2008-12-28 1:39:57.3 - NTFSx86 Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.3082.18.1916.1125 [GMT -3:00] Se ejecuta desde: c:\users\usuario\Desktop\ComboFix.exe Comando de interruptores utilizados :: c:\users\usuario\Desktop\CFScript.txt AV: Kaspersky Anti-Virus *On-access scanning disabled* (Outdated) * Creado un nuevo punto de restauración . (((((((((((((((((( Archivos creados desde 2008-11-28 - 2008-12-28 ))))))))))))))))))))))))))))))))) . 2008-12-24 16:10 . 2008-12-24 16:10 <DIR> d-------- c:\users\usuario\AppData\Roaming\Malwarebytes 2008-12-24 16:09 . 2008-12-24 16:09 <DIR> d-------- c:\users\All Users\Malwarebytes 2008-12-24 16:09 . 2008-12-24 16:09 <DIR> d-------- c:\programdata\Malwarebytes 2008-12-24 16:09 . 2008-12-24 16:09 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2008-12-24 16:09 . 2008-12-03 19:59 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys 2008-12-24 16:09 . 2008-12-03 19:59 15,504 --a------ c:\windows\System32\drivers\mbam.sys 2008-12-20 16:33 . 2008-12-20 20:58 <DIR> d-------- c:\users\usuario\AppData\Roaming\Babylon 2008-12-20 16:33 . 2008-12-28 01:45 <DIR> d-------- c:\users\All Users\Babylon 2008-12-20 16:33 . 2008-12-28 01:45 <DIR> d-------- c:\programdata\Babylon 2008-12-20 16:33 . 2008-12-20 16:33 <DIR> d-------- c:\program files\Babylon 2008-12-20 00:32 . 2008-12-20 00:32 <DIR> d-------- c:\users\All Users\WindowsSearch 2008-12-20 00:32 . 2008-12-20 00:32 <DIR> d-------- c:\programdata\WindowsSearch 2008-12-19 20:27 . 2008-12-20 01:21 2,461 --a------ c:\windows\System32\borrar_ex_senekadf.dat 2008-12-19 20:27 . 2008-12-20 01:21 59 --a------ c:\windows\System32\borrar_ex_seneka.dat 2008-12-19 20:16 . 2008-12-20 01:21 13,334 --a------ c:\windows\System32\borrar_ex_senekalog.dat 2008-12-10 23:09 . 2008-12-10 23:10 <DIR> d-------- c:\program files\Hotspot Shield 2008-12-10 00:15 . 2008-10-21 22:22 2,048 --a------ c:\windows\System32\tzres.dll . (((((((((((((((((((((((((((((((((((((( Reporte Find3M )))))))))))))))))))))))))))))))))))))))))))))))))) ) . 2008-12-28 04:45 --------- d-----w c:\programdata\Kaspersky Lab 2008-12-28 04:44 --------- d-----w c:\users\usuario\AppData\Roaming\VMware 2008-12-28 04:43 --------- d-----w c:\programdata\VMware 2008-12-28 04:42 663,584 --sha-w c:\windows\system32\drivers\fidbox2.dat 2008-12-28 04:42 4,838,432 --sha-w c:\windows\system32\drivers\fidbox.dat 2008-12-28 04:42 38,880 --sha-w c:\windows\system32\drivers\fidbox.idx 2008-12-28 04:42 3,348 --sha-w c:\windows\system32\drivers\fidbox2.idx 2008-12-24 21:47 --------- d-----w c:\program files\CCleaner 2008-12-23 18:20 --------- d-----w c:\users\usuario\AppData\Roaming\OpenOffice.org2 2008-12-20 15:39 --------- d-----w c:\users\usuario\AppData\Roaming\SolidDocuments 2008-12-10 03:19 --------- d-----w c:\program files\Windows Mail 2008-12-03 21:27 --------- d-----w c:\users\usuario\AppData\Roaming\Skype 2008-12-03 19:08 --------- d-----w c:\users\usuario\AppData\Roaming\skypePM 2008-12-03 03:47 --------- d-----w c:\users\usuario\AppData\Roaming\gtk-2.0 2008-11-27 02:46 --------- d-----w c:\program files\icyradio0.5 2008-11-21 03:22 --------- d-----w c:\program files\SJLabs 2008-11-21 03:22 --------- d-----w c:\program files\Common Files\Wise Installation Wizard 2008-11-20 16:31 --------- d-----w c:\program files\Mozilla Thunderbird 2008-11-20 02:50 --------- d-----w c:\program files\CounterPath 2008-11-18 03:32 --------- d-----w c:\program files\Trend Micro 2008-11-16 23:52 --------- d-----w c:\programdata\Yahoo! Companion 2008-11-16 23:52 --------- d-----w c:\programdata\FLEXnet 2008-11-16 23:29 --------- d-----w c:\program files\Free PDF to Word Doc Converter 2008-11-15 22:10 --------- d-----w c:\program files\ARAR 2008-11-14 22:52 --------- d-----w c:\program files\VeryPDF PDF2Word v3.0 2008-11-12 19:41 --------- d-----w c:\program files\SolidDocuments 2008-11-05 17:47 --------- d--h--w c:\program files\InstallShield Installation Information 2008-11-04 20:28 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_SynTP_0100 0.Wdf 2008-11-04 20:28 --------- d-----w c:\program files\Synaptics 2008-11-04 19:58 --------- d-----w c:\program files\TouchFreeze 2008-11-04 18:46 --------- d-----w c:\program files\Lavalys 2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll 2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll 2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll 2008-11-01 03:44 28,672 ----a-w c:\windows\System32\Apphlpdm.dll 2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll 2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll 2008-11-01 01:21 4,240,384 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll 2008-10-30 18:10 --------- d-----w c:\program files\WinDirStat 2008-10-29 06:29 2,927,104 ----a-w c:\windows\explorer.exe 2008-10-22 03:57 241,152 ----a-w c:\windows\System32\PortableDeviceApi.dll 2008-10-21 05:25 296,960 ----a-w c:\windows\System32\gdi32.dll 2008-10-21 05:25 1,645,568 ----a-w c:\windows\System32\connect.dll 2008-10-16 21:13 1,809,944 ----a-w c:\windows\System32\wuaueng.dll 2008-10-16 21:12 561,688 ----a-w c:\windows\System32\wuapi.dll 2008-10-16 21:09 51,224 ----a-w c:\windows\System32\wuauclt.exe 2008-10-16 21:09 43,544 ----a-w c:\windows\System32\wups2.dll 2008-10-16 21:08 34,328 ----a-w c:\windows\System32\wups.dll 2008-10-16 20:56 1,524,736 ----a-w c:\windows\System32\wucltux.dll 2008-10-16 20:55 83,456 ----a-w c:\windows\System32\wudriver.dll 2008-10-16 17:08 162,064 ----a-w c:\windows\System32\wuwebv.dll 2008-10-16 16:56 31,232 ----a-w c:\windows\System32\wuapp.exe 2008-10-16 04:47 827,392 ----a-w c:\windows\System32\wininet.dll 2008-06-29 02:23 56 ---ha-w c:\users\All Users\ezsidmv.dat 2008-06-29 02:23 56 ---ha-w c:\programdata\ezsidmv.dat 2008-01-21 02:57 174 --sha-w c:\program files\desktop.ini . ((((((((((((((((((((((((((((( snapshot@2008-12-24_19.04.58.59 ))))))))))))))))))))))))))))))))))))))))) . - 2008-12-24 13:55:02 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive0.dat + 2008-12-28 04:42:57 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive0.dat - 2008-12-24 13:58:40 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT + 2008-12-28 04:43:41 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT + 2008-12-28 04:43:41 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat .LOG1 - 2008-12-24 13:59:29 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.D AT + 2008-12-28 04:43:41 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.D AT + 2008-12-28 04:43:41 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.d at.LOG1 - 2008-12-24 13:55:12 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at + 2008-12-28 04:43:07 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at - 2008-12-24 13:55:12 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2008-12-28 04:43:07 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2008-12-24 13:55:12 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat + 2008-12-28 04:43:07 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat - 2008-12-24 22:01:44 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.da t + 2008-12-28 04:39:40 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.da t + 2008-12-26 19:26:51 2,456 ----a-w c:\windows\System32\networklist\icons\{7D24AF20-3AC9-4844-A644-B23D86C914A3}_24.bin + 2008-12-26 19:26:51 4,280 ----a-w c:\windows\System32\networklist\icons\{7D24AF20-3AC9-4844-A644-B23D86C914A3}_32.bin + 2008-12-26 19:26:51 9,560 ----a-w c:\windows\System32\networklist\icons\{7D24AF20-3AC9-4844-A644-B23D86C914A3}_48.bin - 2008-12-24 14:00:10 11,540 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1766036100-3191353462-366942756-1000_UserData.bin + 2008-12-28 04:28:26 11,592 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1766036100-3191353462-366942756-1000_UserData.bin - 2008-12-24 14:00:09 71,482 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics _SystemData.bin + 2008-12-28 04:28:26 71,746 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics _SystemData.bin - 2008-12-24 14:00:07 42,846 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnos tics_SystemData.bin + 2008-12-28 03:05:55 43,330 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnos tics_SystemData.bin . ((((((((((((((((((((((((((((((((( Cargando Puntos Reg )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vacías & entradas legítimas predeterminadas no son mostradas REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}] 2008-12-10 23:10 204248 --a------ c:\program files\Hotspot Shield\hssie\HssIE.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-20 1233920] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-20 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "SiSTray"="c:\program files\SiS VGA Utilities\SiSTray.exe" [2007-08-24 552960] "SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-01 630784] "OSD"="c:\program files\C&E\OSD\osd.exe" [2007-08-28 671801] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-04-25 201992] "vmware-tray"="c:\program files\VMware\VMware Workstation\vmware-tray.exe" [2008-05-16 72240] "VMware hqtray"="c:\program files\VMware\VMware Workstation\hqtray.exe" [2008-05-16 55856] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 623992] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416] "Babylon Client"="c:\program files\Babylon\Babylon-Pro\Babylon.exe" [2008-09-01 3563232] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2008-12-03 399504] "RtHDVCpl"="RtHDVCpl.exe" [2007-08-09 c:\windows\RtHDVCpl.exe] "Skytel"="Skytel.exe" [2007-08-03 c:\windows\SkyTel.exe] [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.divxa32"= divxa32.acm [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules] "{384B241D-8C99-45E7-B4EA-6E0AE47BE699}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "TCP Query User{76EF6FE1-26BF-442E-809D-AA9B4411BC79}c:\\programdata\\kaspersky lab setup files\\kaspersky anti-virus 2009\\english\\setup.exe"= UDP:c:\programdata\kaspersky lab setup files\kaspersky anti-virus 2009\english\setup.exe:Kaspersky Anti-Virus 2009 Setup "UDP Query User{A737C50C-DA21-4357-AF3D-67B4C9E4B9F1}c:\\programdata\\kaspersky lab setup files\\kaspersky anti-virus 2009\\english\\setup.exe"= TCP:c:\programdata\kaspersky lab setup files\kaspersky anti-virus 2009\english\setup.exe:Kaspersky Anti-Virus 2009 Setup "{FF7924B8-FDE1-4DF8-A28C-15F162504D09}"= c:\program files\Skype\Phone\Skype.exe:Skype "{87F7B39A-F914-4F50-AF9D-8D33B16DCD99}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "TCP Query User{A67BA300-A9B9-4BDC-AAB2-A58E02F27096}c:\\program files\\ares\\ares.exe"= UDP:c:\program files\ares\ares.exe:Ares p2p for windows "UDP Query User{273CA485-C288-4FAD-86A1-C9CBAD761B3E}c:\\program files\\ares\\ares.exe"= TCP:c:\program files\ares\ares.exe:Ares p2p for windows "TCP Query User{C463D08E-8661-4CC1-ADCC-14B1412309F2}c:\\program files\\counterpath\\x-lite\\x-lite.exe"= UDP:c:\program files\counterpath\x-lite\x-lite.exe:X-Lite "UDP Query User{0B8BE025-672E-4D2B-99A6-3430A061A11B}c:\\program files\\counterpath\\x-lite\\x-lite.exe"= TCP:c:\program files\counterpath\x-lite\x-lite.exe:X-Lite "TCP Query User{B97533E9-F850-4F47-8D3C-FDEB4C2234B9}c:\\program files\\counterpath\\x-lite\\x-lite.exe"= UDP:c:\program files\counterpath\x-lite\x-lite.exe:X-Lite "UDP Query User{1F529624-DA56-493B-ABB4-0E0D24C5D1A7}c:\\program files\\counterpath\\x-lite\\x-lite.exe"= TCP:c:\program files\counterpath\x-lite\x-lite.exe:X-Lite "TCP Query User{DD1BC74D-3E40-4E11-8FB6-31CE66622B9F}c:\\program files\\counterpath\\eyebeam 1.5\\eyebeam.exe"= UDP:c:\program files\counterpath\eyebeam 1.5\eyebeam.exe:eyeBeam "UDP Query User{DCE91A20-E893-4731-8B4B-8A5A14AB662C}c:\\program files\\counterpath\\eyebeam 1.5\\eyebeam.exe"= TCP:c:\program files\counterpath\eyebeam 1.5\eyebeam.exe:eyeBeam "TCP Query User{0C9185D6-1726-46A2-BCD8-F20DD4E56A6A}c:\\program files\\sjlabs\\sjphone\\sjphone.exe"= UDP:c:\program files\sjlabs\sjphone\sjphone.exe:SJphone "UDP Query User{9DE8A8F0-7633-49BA-9F00-400223C8AAC2}c:\\program files\\sjlabs\\sjphone\\sjphone.exe"= TCP:c:\program files\sjlabs\sjphone\sjphone.exe:SJphone "TCP Query User{26955240-6EA4-42DF-AF5B-7FCA6D06CA63}c:\\program files\\sjlabs\\sjphone\\sjphone.exe"= UDP:c:\program files\sjlabs\sjphone\sjphone.exe:SJphone "UDP Query User{FF373D7E-5F9E-4C3D-AB7C-903A7E5B3412}c:\\program files\\sjlabs\\sjphone\\sjphone.exe"= TCP:c:\program files\sjlabs\sjphone\sjphone.exe:SJphone "TCP Query User{37C65D92-1841-41A5-96D4-D62FD4ACA1B2}c:\\users\\usuario\\desktop\\icyradio 0.5\\icyradio.exe"= UDP:c:\users\usuario\desktop\icyradio0.5\icyradio. exe:icyradio.exe "UDP Query User{B49CC902-38BF-43B3-876B-266E807914D5}c:\\users\\usuario\\desktop\\icyradio 0.5\\icyradio.exe"= TCP:c:\users\usuario\desktop\icyradio0.5\icyradio. exe:icyradio.exe "TCP Query User{7AA5DD1E-C053-4F18-8653-0D33930DAF08}c:\\program files\\counterpath\\eyebeam 1.5\\eyebeam.exe"= UDP:c:\program files\counterpath\eyebeam 1.5\eyebeam.exe:eyeBeam "UDP Query User{4B03B7A1-A7EB-43FE-ADE8-1D81EF64A7B3}c:\\program files\\counterpath\\eyebeam 1.5\\eyebeam.exe"= TCP:c:\program files\counterpath\eyebeam 1.5\eyebeam.exe:eyeBeam R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784] R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2008-03-26 20496] R2 MBAMService;MBAMService;"c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe" [2008-12-24 170640] R3 MBAMProtector;MBAMProtector;\??\c:\windows\system3 2\drivers\mbam.sys [2008-12-24 15504] R3 SiS6350;SiS6350;c:\windows\system32\DRIVERS\SISGRK MD.sys [2008-04-18 452096] R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSGB6.sys [2008-04-18 46592] S2 senekalight;senekalight;c:\windows\system32\svchos t.exe -k netsvcs [2008-01-20 21504] S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2008-04-18 283136] S3 usb2vcom;USB to Serial Bridge Controller;c:\windows\system32\Drivers\usb2vcom.sy s [2008-09-20 27616] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs senekalight . Contenido de carpeta 'Tareas Programadas' 2008-12-28 c:\windows\Tasks\Comprobar actualizaciones de Windows Live Toolbar.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 06:20] . ************************************************** ************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-28 01:43:52 Windows 6.0.6001 Service Pack 1 NTFS escaneando procesos ocultos ... escaneando entradas ocultas de autostart ... escaneando archivos ocultos ... el escaneo se completo con exito archivos ocultos: 0 ************************************************** ************************ . ------------------------ Otros procesos en ejecución ------------------------ . c:\windows\System32\audiodg.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Hotspot Shield\bin\openvpnas.exe c:\program files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe c:\windows\System32\vmnat.exe c:\program files\VMware\VMware Workstation\vmware-authd.exe c:\windows\System32\vmnetdhcp.exe c:\windows\System32\WUDFHost.exe c:\windows\System32\conime.exe c:\windows\System32\wbem\unsecapp.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe c:\program files\Synaptics\SynTP\SynTPHelper.exe c:\windows\servicing\TrustedInstaller.exe c:\windows\System32\dllhost.exe . ************************************************** ************************ . Tiempo completado: 2008-12-28 1:52:06 - Reiniciando la máquina [usuario] ComboFix-quarantined-files.txt 2008-12-28 04:52:00 ComboFix2.txt 2008-12-24 22:11:00 Pre-Run: 47,468,896,256 bytes libres Post-Run: 47,178,035,200 bytes libres 223 --- E O F --- 2008-12-22 22:30:26 |
|
29/12/08, 12:42:09
| |
| |||
| Re: Troyano SENEKA indetectable por KAV Hola Gpastor. Pego el nuevo logg de Combofix, cuando ejecute el script con Netsvc. Aprentemente tenia una "S" de mas. Sigue apareciendo la linea S2. Espero tus nuevas instrucciones. Gracias ComboFix 08-12-26.03 - usuario 2008-12-29 13:45:28.4 - NTFSx86 Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.3082.18.1916.1227 [GMT -3:00] Se ejecuta desde: c:\users\usuario\Desktop\ComboFix.exe Comando de interruptores utilizados :: c:\users\usuario\Desktop\CFscript.txt AV: Kaspersky Anti-Virus *On-access scanning disabled* (Outdated) * Creado un nuevo punto de restauración . (((((((((((((((((( Archivos creados desde 2008-11-28 - 2008-12-29 ))))))))))))))))))))))))))))))))) . 2008-12-24 16:10 . 2008-12-24 16:10 <DIR> d-------- c:\users\usuario\AppData\Roaming\Malwarebytes 2008-12-24 16:09 . 2008-12-24 16:09 <DIR> d-------- c:\users\All Users\Malwarebytes 2008-12-24 16:09 . 2008-12-24 16:09 <DIR> d-------- c:\programdata\Malwarebytes 2008-12-24 16:09 . 2008-12-24 16:09 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2008-12-24 16:09 . 2008-12-03 19:59 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys 2008-12-24 16:09 . 2008-12-03 19:59 15,504 --a------ c:\windows\System32\drivers\mbam.sys 2008-12-20 16:33 . 2008-12-20 20:58 <DIR> d-------- c:\users\usuario\AppData\Roaming\Babylon 2008-12-20 16:33 . 2008-12-29 13:49 <DIR> d-------- c:\users\All Users\Babylon 2008-12-20 16:33 . 2008-12-29 13:49 <DIR> d-------- c:\programdata\Babylon 2008-12-20 16:33 . 2008-12-20 16:33 <DIR> d-------- c:\program files\Babylon 2008-12-20 00:32 . 2008-12-20 00:32 <DIR> d-------- c:\users\All Users\WindowsSearch 2008-12-20 00:32 . 2008-12-20 00:32 <DIR> d-------- c:\programdata\WindowsSearch 2008-12-19 20:27 . 2008-12-20 01:21 2,461 --a------ c:\windows\System32\borrar_ex_senekadf.dat 2008-12-19 20:27 . 2008-12-20 01:21 59 --a------ c:\windows\System32\borrar_ex_seneka.dat 2008-12-19 20:16 . 2008-12-20 01:21 13,334 --a------ c:\windows\System32\borrar_ex_senekalog.dat 2008-12-10 23:09 . 2008-12-10 23:10 <DIR> d-------- c:\program files\Hotspot Shield 2008-12-10 00:15 . 2008-10-21 22:22 2,048 --a------ c:\windows\System32\tzres.dll . (((((((((((((((((((((((((((((((((((((( Reporte Find3M )))))))))))))))))))))))))))))))))))))))))))))))))) ) . 2008-12-29 16:49 --------- d-----w c:\users\usuario\AppData\Roaming\VMware 2008-12-29 16:49 --------- d-----w c:\programdata\Kaspersky Lab 2008-12-29 16:48 --------- d-----w c:\programdata\VMware 2008-12-29 16:47 663,584 --sha-w c:\windows\system32\drivers\fidbox2.dat 2008-12-29 16:47 4,838,432 --sha-w c:\windows\system32\drivers\fidbox.dat 2008-12-29 16:47 38,880 --sha-w c:\windows\system32\drivers\fidbox.idx 2008-12-29 16:47 3,348 --sha-w c:\windows\system32\drivers\fidbox2.idx 2008-12-29 16:24 --------- d-----w c:\users\usuario\AppData\Roaming\SolidDocuments 2008-12-24 21:47 --------- d-----w c:\program files\CCleaner 2008-12-23 18:20 --------- d-----w c:\users\usuario\AppData\Roaming\OpenOffice.org2 2008-12-10 03:19 --------- d-----w c:\program files\Windows Mail 2008-12-03 21:27 --------- d-----w c:\users\usuario\AppData\Roaming\Skype 2008-12-03 19:08 --------- d-----w c:\users\usuario\AppData\Roaming\skypePM 2008-12-03 03:47 --------- d-----w c:\users\usuario\AppData\Roaming\gtk-2.0 2008-11-27 02:46 --------- d-----w c:\program files\icyradio0.5 2008-11-21 03:22 --------- d-----w c:\program files\SJLabs 2008-11-21 03:22 --------- d-----w c:\program files\Common Files\Wise Installation Wizard 2008-11-20 16:31 --------- d-----w c:\program files\Mozilla Thunderbird 2008-11-20 02:50 --------- d-----w c:\program files\CounterPath 2008-11-18 03:32 --------- d-----w c:\program files\Trend Micro 2008-11-16 23:52 --------- d-----w c:\programdata\Yahoo! Companion 2008-11-16 23:52 --------- d-----w c:\programdata\FLEXnet 2008-11-16 23:29 --------- d-----w c:\program files\Free PDF to Word Doc Converter 2008-11-15 22:10 --------- d-----w c:\program files\ARAR 2008-11-14 22:52 --------- d-----w c:\program files\VeryPDF PDF2Word v3.0 2008-11-12 19:41 --------- d-----w c:\program files\SolidDocuments 2008-11-05 17:47 --------- d--h--w c:\program files\InstallShield Installation Information 2008-11-04 20:28 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_SynTP_0100 0.Wdf 2008-11-04 20:28 --------- d-----w c:\program files\Synaptics 2008-11-04 19:58 --------- d-----w c:\program files\TouchFreeze 2008-11-04 18:46 --------- d-----w c:\program files\Lavalys 2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll 2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll 2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll 2008-11-01 03:44 28,672 ----a-w c:\windows\System32\Apphlpdm.dll 2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll 2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll 2008-11-01 01:21 4,240,384 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll 2008-10-30 18:10 --------- d-----w c:\program files\WinDirStat 2008-10-29 06:29 2,927,104 ----a-w c:\windows\explorer.exe 2008-10-22 03:57 241,152 ----a-w c:\windows\System32\PortableDeviceApi.dll 2008-10-21 05:25 296,960 ----a-w c:\windows\System32\gdi32.dll 2008-10-21 05:25 1,645,568 ----a-w c:\windows\System32\connect.dll 2008-10-16 21:13 1,809,944 ----a-w c:\windows\System32\wuaueng.dll 2008-10-16 21:12 561,688 ----a-w c:\windows\System32\wuapi.dll 2008-10-16 21:09 51,224 ----a-w c:\windows\System32\wuauclt.exe 2008-10-16 21:09 43,544 ----a-w c:\windows\System32\wups2.dll 2008-10-16 21:08 34,328 ----a-w c:\windows\System32\wups.dll 2008-10-16 20:56 1,524,736 ----a-w c:\windows\System32\wucltux.dll 2008-10-16 20:55 83,456 ----a-w c:\windows\System32\wudriver.dll 2008-10-16 17:08 162,064 ----a-w c:\windows\System32\wuwebv.dll 2008-10-16 16:56 31,232 ----a-w c:\windows\System32\wuapp.exe 2008-10-16 04:47 827,392 ----a-w c:\windows\System32\wininet.dll 2008-06-29 02:23 56 ---ha-w c:\users\All Users\ezsidmv.dat 2008-06-29 02:23 56 ---ha-w c:\programdata\ezsidmv.dat 2008-01-21 02:57 174 --sha-w c:\program files\desktop.ini . ((((((((((((((((((((((((((((( snapshot@2008-12-24_19.04.58.59 ))))))))))))))))))))))))))))))))))))))))) . - 2008-12-24 13:58:40 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT + 2008-12-29 16:48:59 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT - 2008-12-24 13:59:29 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.D AT + 2008-12-29 16:49:27 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.D AT + 2008-12-29 16:49:27 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.d at.LOG1 - 2008-12-24 13:55:12 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at + 2008-12-29 14:06:01 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at - 2008-12-24 13:55:12 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2008-12-29 14:06:01 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2008-12-24 13:55:12 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat + 2008-12-29 14:06:01 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat - 2008-12-24 22:01:44 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.da t + 2008-12-29 16:45:09 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.da t + 2008-12-26 19:26:51 2,456 ----a-w c:\windows\System32\networklist\icons\{7D24AF20-3AC9-4844-A644-B23D86C914A3}_24.bin + 2008-12-26 19:26:51 4,280 ----a-w c:\windows\System32\networklist\icons\{7D24AF20-3AC9-4844-A644-B23D86C914A3}_32.bin + 2008-12-26 19:26:51 9,560 ----a-w c:\windows\System32\networklist\icons\{7D24AF20-3AC9-4844-A644-B23D86C914A3}_48.bin - 2008-12-24 14:00:10 11,540 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1766036100-3191353462-366942756-1000_UserData.bin + 2008-12-29 14:08:00 11,872 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1766036100-3191353462-366942756-1000_UserData.bin - 2008-12-24 14:00:09 71,482 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics _SystemData.bin + 2008-12-29 14:08:00 71,770 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics _SystemData.bin - 2008-12-24 14:00:07 42,846 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnos tics_SystemData.bin + 2008-12-29 14:07:58 43,668 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnos tics_SystemData.bin . ((((((((((((((((((((((((((((((((( Cargando Puntos Reg )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vacías & entradas legítimas predeterminadas no son mostradas REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}] 2008-12-10 23:10 204248 --a------ c:\program files\Hotspot Shield\hssie\HssIE.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-20 1233920] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-20 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "SiSTray"="c:\program files\SiS VGA Utilities\SiSTray.exe" [2007-08-24 552960] "SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-01 630784] "OSD"="c:\program files\C&E\OSD\osd.exe" [2007-08-28 671801] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-04-25 201992] "vmware-tray"="c:\program files\VMware\VMware Workstation\vmware-tray.exe" [2008-05-16 72240] "VMware hqtray"="c:\program files\VMware\VMware Workstation\hqtray.exe" [2008-05-16 55856] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 623992] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416] "Babylon Client"="c:\program files\Babylon\Babylon-Pro\Babylon.exe" [2008-09-01 3563232] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2008-12-03 399504] "RtHDVCpl"="RtHDVCpl.exe" [2007-08-09 c:\windows\RtHDVCpl.exe] "Skytel"="Skytel.exe" [2007-08-03 c:\windows\SkyTel.exe] [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.divxa32"= divxa32.acm [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules] "{384B241D-8C99-45E7-B4EA-6E0AE47BE699}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "TCP Query User{76EF6FE1-26BF-442E-809D-AA9B4411BC79}c:\\programdata\\kaspersky lab setup files\\kaspersky anti-virus 2009\\english\\setup.exe"= UDP:c:\programdata\kaspersky lab setup files\kaspersky anti-virus 2009\english\setup.exe:Kaspersky Anti-Virus 2009 Setup "UDP Query User{A737C50C-DA21-4357-AF3D-67B4C9E4B9F1}c:\\programdata\\kaspersky lab setup files\\kaspersky anti-virus 2009\\english\\setup.exe"= TCP:c:\programdata\kaspersky lab setup files\kaspersky anti-virus 2009\english\setup.exe:Kaspersky Anti-Virus 2009 Setup "{FF7924B8-FDE1-4DF8-A28C-15F162504D09}"= c:\program files\Skype\Phone\Skype.exe:Skype "{87F7B39A-F914-4F50-AF9D-8D33B16DCD99}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "TCP Query User{A67BA300-A9B9-4BDC-AAB2-A58E02F27096}c:\\program files\\ares\\ares.exe"= UDP:c:\program files\ares\ares.exe:Ares p2p for windows "UDP Query User{273CA485-C288-4FAD-86A1-C9CBAD761B3E}c:\\program files\\ares\\ares.exe"= TCP:c:\program files\ares\ares.exe:Ares p2p for windows "TCP Query User{C463D08E-8661-4CC1-ADCC-14B1412309F2}c:\\program files\\counterpath\\x-lite\\x-lite.exe"= UDP:c:\program files\counterpath\x-lite\x-lite.exe:X-Lite "UDP Query User{0B8BE025-672E-4D2B-99A6-3430A061A11B}c:\\program files\\counterpath\\x-lite\\x-lite.exe"= TCP:c:\program files\counterpath\x-lite\x-lite.exe:X-Lite "TCP Query User{B97533E9-F850-4F47-8D3C-FDEB4C2234B9}c:\\program files\\counterpath\\x-lite\\x-lite.exe"= UDP:c:\program files\counterpath\x-lite\x-lite.exe:X-Lite "UDP Query User{1F529624-DA56-493B-ABB4-0E0D24C5D1A7}c:\\program files\\counterpath\\x-lite\\x-lite.exe"= TCP:c:\program files\counterpath\x-lite\x-lite.exe:X-Lite "TCP Query User{DD1BC74D-3E40-4E11-8FB6-31CE66622B9F}c:\\program files\\counterpath\\eyebeam 1.5\\eyebeam.exe"= UDP:c:\program files\counterpath\eyebeam 1.5\eyebeam.exe:eyeBeam "UDP Query User{DCE91A20-E893-4731-8B4B-8A5A14AB662C}c:\\program files\\counterpath\\eyebeam 1.5\\eyebeam.exe"= TCP:c:\program files\counterpath\eyebeam 1.5\eyebeam.exe:eyeBeam "TCP Query User{0C9185D6-1726-46A2-BCD8-F20DD4E56A6A}c:\\program files\\sjlabs\\sjphone\\sjphone.exe"= UDP:c:\program files\sjlabs\sjphone\sjphone.exe:SJphone "UDP Query User{9DE8A8F0-7633-49BA-9F00-400223C8AAC2}c:\\program files\\sjlabs\\sjphone\\sjphone.exe"= TCP:c:\program files\sjlabs\sjphone\sjphone.exe:SJphone "TCP Query User{26955240-6EA4-42DF-AF5B-7FCA6D06CA63}c:\\program files\\sjlabs\\sjphone\\sjphone.exe"= UDP:c:\program files\sjlabs\sjphone\sjphone.exe:SJphone "UDP Query User{FF373D7E-5F9E-4C3D-AB7C-903A7E5B3412}c:\\program files\\sjlabs\\sjphone\\sjphone.exe"= TCP:c:\program files\sjlabs\sjphone\sjphone.exe:SJphone "TCP Query User{37C65D92-1841-41A5-96D4-D62FD4ACA1B2}c:\\users\\usuario\\desktop\\icyradio 0.5\\icyradio.exe"= UDP:c:\users\usuario\desktop\icyradio0.5\icyradio. exe:icyradio.exe "UDP Query User{B49CC902-38BF-43B3-876B-266E807914D5}c:\\users\\usuario\\desktop\\icyradio 0.5\\icyradio.exe"= TCP:c:\users\usuario\desktop\icyradio0.5\icyradio. exe:icyradio.exe "TCP Query User{7AA5DD1E-C053-4F18-8653-0D33930DAF08}c:\\program files\\counterpath\\eyebeam 1.5\\eyebeam.exe"= UDP:c:\program files\counterpath\eyebeam 1.5\eyebeam.exe:eyeBeam "UDP Query User{4B03B7A1-A7EB-43FE-ADE8-1D81EF64A7B3}c:\\program files\\counterpath\\eyebeam 1.5\\eyebeam.exe"= TCP:c:\program files\counterpath\eyebeam 1.5\eyebeam.exe:eyeBeam R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784] R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2008-03-26 20496] R2 MBAMService;MBAMService;"c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe" [2008-12-24 170640] R3 MBAMProtector;MBAMProtector;\??\c:\windows\system3 2\drivers\mbam.sys [2008-12-24 15504] R3 SiS6350;SiS6350;c:\windows\system32\DRIVERS\SISGRK MD.sys [2008-04-18 452096] R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSGB6.sys [2008-04-18 46592] S2 senekalight;senekalight;c:\windows\system32\svchos t.exe -k netsvcs [2008-01-20 21504] S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2008-04-18 283136] S3 usb2vcom;USB to Serial Bridge Controller;c:\windows\system32\Drivers\usb2vcom.sy s [2008-09-20 27616] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr . Contenido de carpeta 'Tareas Programadas' 2008-12-29 c:\windows\Tasks\Comprobar actualizaciones de Windows Live Toolbar.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 06:20] 2008-12-29 c:\windows\Tasks\Malwarebytes' Scheduled Scan for usuario.job - c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2008-12-03 19:59] . ************************************************** ************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-29 13:49:09 Windows 6.0.6001 Service Pack 1 NTFS escaneando procesos ocultos ... escaneando entradas ocultas de autostart ... escaneando archivos ocultos ... el escaneo se completo con exito archivos ocultos: 0 ************************************************** ************************ . ------------------------ Otros procesos en ejecución ------------------------ . c:\windows\System32\audiodg.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Hotspot Shield\bin\openvpnas.exe c:\program files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe c:\windows\System32\vmnat.exe c:\windows\System32\vmnetdhcp.exe c:\program files\VMware\VMware Workstation\vmware-authd.exe c:\windows\System32\WUDFHost.exe c:\windows\System32\conime.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\System32\wbem\unsecapp.exe c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe c:\program files\Synaptics\SynTP\SynTPHelper.exe c:\windows\servicing\TrustedInstaller.exe c:\windows\System32\taskmgr.exe c:\windows\System32\dllhost.exe . ************************************************** ************************ . Tiempo completado: 2008-12-29 13:56:36 - Reiniciando la máquina ComboFix-quarantined-files.txt 2008-12-29 16:56:30 ComboFix2.txt 2008-12-24 22:11:00 Pre-Run: 46,869,057,536 bytes libres Post-Run: 46,575,484,928 bytes libres 221 --- E O F --- 2008-12-22 22:30:26 |
|
« Tema Anterior
|
Próximo Tema »
| Herramientas | |
| |
| 
Temas Similares | |
| Tema | Autor | Foro | Respuestas | Último mensaje |
| Troyano Win32/Mebroot.K - Rebelde (Solucionado) | AulaUD | Temas Solucionados | 4 | 19/09/08 06:46:18 |
| Tengo troyano Win32/Mebroot. (solucionado) | Miwako | Temas Solucionados | 17 | 26/08/08 00:10:44 |
| Troyano Wigon. (Solucionado) | wm0023 | Temas Solucionados | 10 | 05/08/08 03:00:33 |
| pa_0028.exe spoolsv32.exe, Explorer se traba (Solucionado) | natasjdc | Temas Solucionados | 11 | 14/07/07 07:11:56 |
| Nuevo Usuario con Varios Virus | Hiei | Foro de Virus y Spywares | 8 | 21/04/07 06:35:43 |
Todas las horas son GMT -4. La hora es 05:49:42.
