Foro de InfoSpyware - Foro de Hijackthis - Foro de Virus

Hola que tal, bueno necesito un poco de asistencia...para resumirles, en mi univ hay un troyano bastante molesto que se esta propagango rapido, por el debido uso del pendrive mi pc se vio afectada.

No se el nombre especifico del troyano, pero se que estaba atado a un archivo word que me pasaron. El archivo se paso el .exe e inmediatamente lo detecto mi antivirus y lo borro. Sin embargo al parecer ya se poso en mi pc, ya que esta mas lenta, y misteriosamente se han desactivados todas las defensas, como firewall etc, y no me deja reactivarlas....
Buendo gracias de antemando, les dejo mi log


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:03:22 p.m., on 17/10/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Office\OFFICE11\services.exe
C:\Windows\SYSTEM32\taskeng.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Microsoft Office\OFFICE11\*WINWORD.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
C:\Windows\System32\mspaint.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Servicio de red')
O4 - Startup: Adobe Gamma Loader.com
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Agregar entrada - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Agregar entrada en Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Selección inteligente de HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix:
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/VistaMSNPUpldes-es.cab
O16 - DPF: {608FDE48-6C90-4341-B956-CF1DCA60EE22} (SeguriData Control) - https://empresas.bancomercantil.com/MELE/mercantil/activex/SeguriDatav1.0.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Servicio Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Servicio de actualización de Google (gupdate1ca13f1ceb008a8) (gupdate1ca13f1ceb008a8) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\Windows\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\Windows\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\Windows\system32\lktsrv.exe
O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - C:\Program Files\National Instruments\MAX\nimxs.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\Windows\system32\nisvcloc.exe
O23 - Service: OpcEnum - Unknown owner - C:\Windows\SYSTEM32\OpcEnum.exe (file missing)
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10908 bytes

Hola, sigue estos pasos:

Descarga, actualiza y ejecuta el programa:

• Malwarebyte’s AntiMalwares

Descarga CCleaner y ejecútalo usando primero su opción de "Limpiador" para borrar cookies, temporales de Internet y todos los archivos que este te muestre como obsoletos, y luego usa su opción de "Registro" para limpiar todo el registro de Windows (haciendo copia de seguridad).


- Descarga la herramienta ComboFix.exe y guárdala en el escritorio.

• Desactiva temporalmente el Antivirus y/o Antispyware.
• Cierra todas las ventanas abiertas.
• Haz doble clic al archivo ComboFix.exe y sigue las instrucciones.
• Cuando termine, generará un registro en C:\ComboFix.txt.
  • *Nota* Mientras CF este trabajando no mover el mouse ya que pararía su proceso.
  • *Nota* ComboFix puede reiniciar automáticamente el PC para completar el proceso de eliminación.

• Reinicia y pega el reporte de C:\ComboFix.txt en este mismo mensaje.

Saludos

hola! me he encontrado con un detalle al momento de ejecutar combofix...El programa me pide deshabilitar el antivirus de norton, y el de panda...el detalle es ya yo "crei" haberlos desintalados. Queria saber si me puedes redireccionar a un tema en el cual expliquen como eliminar por completo dichas apliaciones, antes de continuar con la operación.

En tu log de Hijackthis sólo veo el Avast en todo caso ejecuta el ComboFix en Modo Seguro y pegas su reporte.

Buenos veamos como va todo, aqui te dejo el log del combofix

ComboFix 09-10-20.03 - Ing. Mirian Brett 21/10/2009 12:39.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.58.3082.18.2037.1135 [GMT -4,5:30]
Running from: c:\users\Ing. Mirian Brett\Downloads\ComboFix.exe
AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
AV: Panda Internet Security 2009 *On-access scanning enabled* (Updated) {4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
FW: Panda Personal Firewall 2009 *enabled* {7B090DC0-8905-4BAF-8040-FD98A41C8FB8}
SP: Norton Internet Security *enabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Panda Internet Security 2009 *enabled* (Updated) {FE6602D3-1E71-4EBB-B4E3-D1C9CBDAF0A1}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2106116234-3385263773-1892920667-500
c:\$recycle.bin\S-1-5-21-3277059121-3226288428-3918228226-500

.
((((((((((((((((((((((((( Files Created from 2009-09-21 to 2009-10-21 )))))))))))))))))))))))))))))))
.

2009-10-21 17:20 . 2009-10-21 17:20 -------- d-----w- c:\users\Ing. Mirian Brett\AppData\Local\temp
2009-10-21 17:20 . 2009-10-21 17:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-10-18 23:21 . 2009-10-18 23:21 -------- d-----w- c:\users\Ing. Mirian Brett\AppData\Roaming\Malwarebytes
2009-10-18 23:21 . 2009-09-10 19:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-18 23:21 . 2009-10-18 23:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-18 23:21 . 2009-10-18 23:21 -------- d-----w- c:\programdata\Malwarebytes
2009-10-18 23:21 . 2009-09-10 19:23 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-17 05:22 . 2009-10-17 05:23 -------- d-----w- c:\users\Ing. Mirian Brett\AppData\Roaming\HpUpdate
2009-10-17 05:22 . 2009-10-17 05:22 -------- d-----w- c:\windows\Hewlett-Packard
2009-10-17 05:11 . 2008-01-02 19:37 188416 ----a-w- c:\windows\system32\igfxres.dll
2009-10-16 04:01 . 2009-05-08 12:53 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-10-16 04:01 . 2009-09-10 16:48 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-16 04:01 . 2009-08-27 12:40 834048 ----a-w- c:\windows\system32\wininet.dll
2009-10-16 04:00 . 2009-08-27 13:29 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-16 04:00 . 2009-08-04 12:34 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-10-16 04:00 . 2009-08-04 12:34 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-10-16 03:55 . 2009-09-04 11:41 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-10-16 03:55 . 2009-09-14 09:29 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-09 22:01 . 2004-05-18 23:46 39936 ----a-w- c:\windows\system32\huffyuv.dll
2009-10-09 22:01 . 1997-04-07 22:49 391680 ----a-w- c:\windows\system32\I263_32.drv
2009-10-09 22:01 . 2007-06-09 09:44 564224 ----a-w- c:\windows\system32\x264vfw.dll
2009-10-09 22:01 . 2006-04-02 18:17 630784 ----a-w- c:\windows\system32\vp7vfw.dll
2009-10-09 22:01 . 2004-12-10 13:33 438272 ----a-w- c:\windows\system32\vp6vfw.dll
2009-10-09 22:01 . 1998-11-18 19:03 144384 ----a-w- c:\windows\system32\Iacenc.dll
2009-10-09 00:21 . 2009-10-01 14:59 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-03 19:15 . 2009-10-13 20:53 -------- d-----w- c:\users\Ing. Mirian Brett\AppData\Roaming\Microchip
2009-10-03 18:42 . 2009-10-03 18:42 -------- d-----w- c:\users\Ing. Mirian Brett\{b03d55e4-9e13-4af1-8020-870ae55ba927}
2009-10-03 18:36 . 2009-10-03 18:41 -------- d-----w- c:\program files\Microchip
2009-10-03 15:48 . 2009-02-05 21:06 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-10-03 15:48 . 2009-02-05 21:06 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-10-03 15:48 . 2009-02-05 21:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-10-03 15:48 . 2009-02-05 21:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-10-03 15:48 . 2009-02-05 21:04 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-10-03 15:47 . 2009-02-05 21:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe
2009-10-03 15:47 . 2009-02-05 21:06 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2009-10-03 15:47 . 2009-10-03 15:47 -------- d-----w- c:\program files\Alwil Software
2009-10-03 15:27 . 2009-10-03 15:27 -------- d-----w- c:\users\Ing. Mirian Brett\AppData\Local\Labcenter Electronics
2009-10-03 01:23 . 2009-10-03 01:23 -------- d-----w- c:\program files\Common Files\Labcenter Electronics
2009-10-03 01:22 . 2009-10-03 01:22 -------- d-----w- c:\users\Ing. Mirian Brett\AppData\Roaming\InstallShield
2009-10-02 22:13 . 2009-10-02 22:13 -------- d-----w- c:\program files\Labcenter Electronics
2009-10-01 04:21 . 2009-10-01 04:21 -------- d-----w- c:\program files\HI-TECH Software
2009-10-01 02:19 . 2009-10-16 00:16 -------- d-----w- c:\program files\Common Files\Merge Modules
2009-10-01 02:16 . 2009-10-01 02:16 -------- d-----w- c:\programdata\National Instruments
2009-10-01 01:37 . 2009-10-01 01:37 -------- d-----w- C:\VXIpnp
2009-10-01 01:37 . 2009-10-15 22:43 -------- d-----w- c:\windows\system32\cvirte
2009-10-01 01:37 . 2009-10-16 00:22 -------- d-----w- c:\program files\National Instruments
2009-09-21 22:57 . 2009-09-21 22:57 -------- d-----w- c:\users\Ing. Mirian Brett\AppData\Roaming\GanymedeNet

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-10-19 01:04 . 2008-07-09 19:28 -------- d-----w- c:\program files\Warcraft III
2009-10-17 01:22 . 2006-11-02 15:41 245468 ----a-w- c:\windows\system32\perfh00A.dat
2009-10-17 01:22 . 2006-11-02 15:41 129720 ----a-w- c:\windows\system32\perfc00A.dat
2009-10-16 13:27 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-10-16 13:12 . 2007-07-17 20:53 -------- d-----w- c:\programdata\Microsoft Help
2009-10-16 13:07 . 2007-07-17 20:52 -------- d-----w- c:\program files\Microsoft Works
2009-10-09 22:01 . 2008-03-22 04:17 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-10-09 17:57 . 2009-09-07 02:44 -------- d-----w- c:\program files\Transcribe!
2009-10-03 18:42 . 2007-07-17 19:55 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-17 00:33 . 2007-07-17 21:39 -------- d-----w- c:\program files\Java
2009-09-16 04:37 . 2008-07-11 19:00 -------- d-----w- c:\users\Ing. Mirian Brett\AppData\Roaming\Hamachi
2009-09-15 22:12 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Sidebar
2009-09-15 22:12 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Calendar
2009-09-15 22:12 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Photo Gallery
2009-09-15 22:12 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Collaboration
2009-09-15 22:12 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Defender
2009-09-15 22:10 . 2009-09-15 22:10 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_ 00.Wdf
2009-09-10 00:11 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2009-09-10 00:11 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2009-09-09 07:37 . 2009-03-16 16:33 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-09 04:36 . 2009-09-09 04:36 -------- d-----w- c:\users\Ing. Mirian Brett\AppData\Roaming\GTek
2009-09-09 04:35 . 2007-07-17 20:59 -------- d-----w- c:\program files\HP
2009-09-09 04:34 . 2007-07-17 20:08 -------- d-----w- c:\program files\Hewlett-Packard
2009-09-07 02:26 . 2009-09-07 02:25 -------- d-----w- c:\programdata\WinZip
2009-09-01 17:16 . 2009-09-01 17:16 -------- d-----w- c:\program files\Trend Micro
2009-09-01 15:21 . 2009-08-23 00:03 -------- d-----w- c:\program files\Electronic Arts
2009-08-30 04:55 . 2009-08-30 04:55 -------- d-----w- c:\users\Ing. Mirian Brett\AppData\Roaming\Digsby
2009-08-30 04:49 . 2009-08-30 04:49 -------- d-----w- c:\programdata\Winferno
2009-08-29 00:59 . 2009-08-29 00:59 -------- d-----w- c:\programdata\Messenger Plus!
2009-08-29 00:52 . 2009-08-29 00:52 -------- d-----w- c:\program files\Messenger Plus! Live
2009-08-29 00:27 . 2009-09-03 17:10 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14 . 2009-09-03 17:10 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-28 17:21 . 2009-08-28 17:21 -------- d-----w- c:\programdata\LightScribe
2009-08-28 17:11 . 2009-08-23 00:38 -------- d-----w- c:\programdata\Electronic Arts
2009-08-28 16:57 . 2009-08-28 16:57 -------- d-----w- c:\users\Ing. Mirian Brett\AppData\Roaming\muvee Technologies
2009-08-28 16:57 . 2009-08-28 16:57 -------- d-----w- c:\programdata\muvee Technologies
2009-08-25 00:19 . 2009-08-25 00:19 -------- d-----w- c:\users\Ing. Mirian Brett\AppData\Roaming\Apple Computer
2009-08-25 00:19 . 2009-08-25 00:18 -------- d-----w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-08-25 00:19 . 2009-08-25 00:18 -------- d-----w- c:\program files\iTunes
2009-08-25 00:18 . 2009-08-25 00:18 -------- d-----w- c:\program files\iPod
2009-08-25 00:18 . 2009-08-25 00:12 -------- d-----w- c:\program files\Common Files\Apple
2009-08-25 00:18 . 2009-08-25 00:15 -------- d-----w- c:\programdata\Apple Computer
2009-08-25 00:17 . 2009-08-25 00:17 -------- d-----w- c:\program files\Bonjour
2009-08-25 00:16 . 2009-08-25 00:16 -------- d-----w- c:\program files\QuickTime
2009-08-25 00:15 . 2009-08-25 00:15 -------- d-----w- c:\program files\Apple Software Update
2009-08-25 00:12 . 2009-08-25 00:12 -------- d-----w- c:\programdata\Apple
2009-08-18 04:03 . 2009-08-18 04:03 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-14 16:27 . 2009-09-08 19:13 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 15:53 . 2009-09-08 19:13 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49 . 2009-09-08 19:13 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49 . 2009-09-08 19:13 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49 . 2009-09-08 19:13 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49 . 2009-09-08 19:13 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49 . 2009-09-08 19:13 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49 . 2009-09-08 19:13 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49 . 2009-09-08 19:13 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48 . 2009-09-08 19:13 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-08-14 13:48 . 2009-09-08 19:13 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-07-25 09:53 . 2009-01-30 02:34 411368 ----a-w- c:\windows\system32\deploytk.dll
2005-10-12 19:34 . 2005-10-12 19:34 131072 ----a-w- c:\program files\internet explorer\plugins\LV80ActiveXControl.dll
2006-05-03 09:06 . 2008-04-26 01:30 163328 --sh--r- c:\windows\System32\flvDX.dll
2007-02-21 10:47 . 2008-04-26 01:30 31232 --sh--r- c:\windows\System32\msfDX.dll
2007-12-17 12:43 . 2008-04-26 01:30 27648 --sh--w- c:\windows\System32\Smab0.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-06-11 184320]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-02 166424]
"Persistence"="c:\windows\system32\igfxpers.ex e" [2008-01-02 133656]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 80896]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-11-07 159744]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp. exe" [2009-02-05 81000]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Wind ows^Start Menu^Programs^Startup^Update Scheduler for Proteus Professional 7.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Update Scheduler for Proteus Professional 7.lnk
backup=c:\windows\pss\Update Scheduler for Proteus Professional 7.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):ac,dc,c7,b9,52,36,ca,01

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [03/10/2009 11:18 a.m. 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswF sBlk.sys [03/10/2009 11:18 a.m. 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\as wMonFlt.sys [03/10/2009 11:17 a.m. 51792]
R2 SSPORT;SSPORT;c:\windows\System32\drivers\SSPORT.S YS [13/02/2009 07:15 p.m. 5120]
S2 gupdate1ca13f1ceb008a8;Servicio de actualización de Google (gupdate1ca13f1ceb008a8);c:\program files\Google\Update\GoogleUpdate.exe [02/08/2009 11:50 p.m. 133104]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssflt r.sys [16/03/2009 12:02 p.m. 55280]
S3 fsssvc;Windows Live Protección Infantil;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 04:38 p.m. 533360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-10-21 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-03 03:50]

2009-10-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-03 04:20]

2009-10-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-03 04:20]

2009-10-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3277059121-3226288428-3918228226-1000Core.job
- c:\users\Ing. Mirian Brett\AppData\Local\Google\Update\GoogleUpdate.exe [2009-06-27 23:04]

2009-10-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3277059121-3226288428-3918228226-1000UA.job
- c:\users\Ing. Mirian Brett\AppData\Local\Google\Update\GoogleUpdate.exe [2009-06-27 23:04]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1854633
uInternet Settings,ProxyOverride = *.local
IE: E&xportar a Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: bancomercantil.com\www
DPF: {608FDE48-6C90-4341-B956-CF1DCA60EE22} - hxxps://empresas.bancomercantil.com/MELE/mercantil/activex/SeguriDatav1.0.cab
FF - ProfilePath - c:\users\Ing. Mirian Brett\AppData\Roaming\Mozilla\Firefox\Profiles\271 4juvg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1854633&SearchSource=3&q={s earchTerms}
FF - prefs.js: browser.search.selectedEngine - shARES Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://es-ES.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:es-ES:official
FF - plugin: c:\program files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dl l
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPLV80Win32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPROULETTE.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Ing. Mirian Brett\AppData\Local\Google\Update\1.2.183.7\npGoog leOneClick8.dll
FF - plugin: c:\users\Ing. Mirian Brett\AppData\Roaming\Mozilla\Firefox\Profiles\271 4juvg.default\extensions\{38AB6A6C-CC4C-4f9e-A3DD-3C5681EF18A1}\plugins\npsoe.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
.
------- File Associations -------
.
inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-ares - c:\program files\Ares\Ares.exe



************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-21 12:50
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-10-21 12:53
ComboFix-quarantined-files.txt 2009-10-21 17:23

Pre-Run: 49.286.754.304 bytes libres
Post-Run: 49.237.401.600 bytes libres

- - End Of File - - 59C1A5712C3900914BC8E0884FB02F3E

ComboFix ya se encargó de eliminar la infección, coméntanos como está funcionando el sistema ahora.

Hola. Practicamente se han solucionado los problemas sin embargo quedan restantes aun 2 detalles.El primero es q no puedo acceder al windows defender, me sale una ventana con el siguiente texto "No se pudo inciar la aplicación: 0x80070006. Controlador no válido". Tampoco puedo acceder a la configuración de actualizaciones automáticas de Windows, que me hace referencia al error código: 80070424 "Windows update encontró un error desconocido"

Para terminar solo te quedaría quitar CF de la siguiente manera:

• Ir a Inicio > Ejecutar
• Escribir lo siguiente: ComboFix /u como muestra la imagen debajo:
  
  
  • 

Esto realizara las siguientes tareas:

• Se borraran:
  • ComboFix: sus archivos y carpetas.
  • VundoFix: copias de seguridad (si está presente)
  • La carpeta C:\Deckard (si está presente)
  • La carpeta C: _OtMoveIt (si está presente)
• Restablece la configuración del reloj.
• Ocultar extensiones de archivo (si es necesario.)
• Oculta los archivos que estaban ocultos
• Reactiva el "Restaurar Sistema"

Con respecto al problema que mencionas sigue estos pasos.

Seguimos pendientes.

Saludos

Hola bueno la verdad que intente con el codigo del tema que me colocastes y no me sirvio. ...si te sirve de algo, tambien tengo problema con el bloqueador de programas de inicio del windows vista...me remite al error 0x80070006, creo que es el mismo al que me referi anteriormente con el windows defender.

--------------------------EDIT------------------------------------------

Hola, he investigado por el foro y encontre que los problemas relacionados a este error son muy comunes y al parecer no hay soluciones aparentes.

Entonces investigue por mis propios medios y encontre una informacion interesante en la siguiente pagina. (Me disculpan sin es ilegal o va contra lasa reglas postear dicho link)

http://nibbish.blogspot.com/2008/07/i-fix-things-windows-defender-corrupt.html

Entonces, tal vez lo puedan chequear y dar un voto de confianza. Gracias.

Sería cuestión de probar la solución que ahí proponen, es un archivo reg que permite añadir algunos valores al registro del sistema.