• Registrarse
  • Iniciar sesión


  • Resultados 1 al 2 de 2

    No puedo eliminar el Troyano Win32/sirefef.ch

    Resumen del tema: No puedo eliminar el Troyano Win32/sirefef.ch - Hola Damian, hice lo que me dijiste y este es el reporte de ComboFix: ComboFix 11-12-25.03 - Ordenador 26/12/2011 11:43:52.4.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.34.3082.18.3581.2208 [GMT 1:00] Running from: c:\users\Ordenador\Downloads\ComboFix.exe Command switches ...

    1. #1
      Usuario Avatar de alexbaico
      Registrado
      dic 2011
      Ubicación
      aca
      Mensajes
      1

      No puedo eliminar el Troyano Win32/sirefef.ch

      Hola Damian, hice lo que me dijiste y este es el reporte de ComboFix:

      ComboFix 11-12-25.03 - Ordenador 26/12/2011 11:43:52.4.2 - x64
      Microsoft Windows 7 Home Premium 6.1.7601.1.1252.34.3082.18.3581.2208 [GMT 1:00]
      Running from: c:\users\Ordenador\Downloads\ComboFix.exe
      Command switches used :: c:\users\Ordenador\Desktop\CFScript.txt
      AV: ESET NOD32 Antivirus 4.0 *Enabled/Outdated* {CB0F8167-5331-BA19-698E-64816B6801A5}
      SP: ESET NOD32 Antivirus 4.0 *Enabled/Outdated* {706E6083-750B-B597-533E-5FF310EF4B18}
      SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
      .
      .
      ((((((((((((((((((((((((( Files Created from 2011-11-26 to 2011-12-26 )))))))))))))))))))))))))))))))
      .
      .
      2011-12-26 10:48 . 2011-12-26 10:48 -------- d-----w- c:\users\Default\AppData\Local\temp
      2011-12-25 12:45 . 2011-12-25 12:45 -------- d-----w- C:\_OTM
      2011-12-24 01:26 . 2011-11-28 17:51 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
      2011-12-24 01:26 . 2011-11-28 17:53 304472 ----a-w- c:\windows\system32\drivers\aswSP.sys
      2011-12-24 01:25 . 2011-11-28 17:52 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys
      2011-12-24 01:25 . 2011-11-28 17:52 58712 ----a-w- c:\windows\system32\drivers\aswTdi.sys
      2011-12-24 01:25 . 2011-11-28 17:54 591192 ----a-w- c:\windows\system32\drivers\aswSnx.sys
      2011-12-24 01:25 . 2011-11-28 17:52 66904 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
      2011-12-24 01:25 . 2011-11-28 18:01 256960 ----a-w- c:\windows\system32\aswBoot.exe
      2011-12-24 01:24 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr
      2011-12-24 01:24 . 2011-11-28 18:01 199816 ----a-w- c:\windows\SysWow64\aswBoot.exe
      2011-12-24 01:24 . 2011-12-24 01:24 -------- d-----w- c:\programdata\AVAST Software
      2011-12-24 01:24 . 2011-12-24 01:24 -------- d-----w- c:\program files\AVAST Software
      2011-12-23 23:59 . 2011-12-23 23:59 -------- d--h--w- c:\programdata\Common Files
      2011-12-23 23:59 . 2011-12-25 13:30 -------- d-----w- c:\programdata\MFAData
      2011-12-23 19:53 . 2011-12-23 19:53 -------- d-----w- c:\programdata\Office Genuine Advantage
      2011-12-19 23:32 . 2011-12-19 23:32 -------- d-----w- c:\windows\system32\Macromed
      2011-12-19 21:59 . 2011-12-19 21:59 -------- d-sh--w- c:\windows\system32\%APPDATA%
      .
      .
      .
      (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2011-12-26 10:50 . 2009-12-09 17:07 25640 ----a-w- c:\windows\gdrv.sys
      2011-12-20 19:35 . 2011-06-22 21:29 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
      2011-11-05 17:21 . 2011-11-05 17:21 419840 ----a-w- c:\windows\system32\systemcpl.dll
      2011-11-05 14:46 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
      2011-11-05 14:46 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
      2011-10-07 04:16 . 2011-11-04 14:01 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A9957EDB-CCBA-4E77-8322-1072F5A9B2EF}\mpengine.dll
      2011-10-01 03:25 . 2011-10-13 13:15 1638912 ----a-w- c:\windows\system32\mshtml.tlb
      2011-10-01 02:42 . 2011-10-13 13:15 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
      .
      .
      ((((((((((((((((((((((((((((( SnapShot@2011-12-25_15.22.07 )))))))))))))))))))))))))))))))))))))))))
      .
      - 2009-07-14 04:54 . 2011-12-25 14:51 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
      + 2009-07-14 04:54 . 2011-12-26 10:50 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
      + 2009-07-14 04:54 . 2011-12-26 10:50 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
      - 2009-07-14 04:54 . 2011-12-25 14:51 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
      - 2009-07-14 04:54 . 2011-12-25 14:51 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
      + 2009-07-14 04:54 . 2011-12-26 10:50 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
      + 2009-12-06 18:41 . 2011-12-26 09:55 47228 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
      + 2009-07-14 05:10 . 2011-12-26 09:55 44942 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
      + 2009-12-06 18:31 . 2011-12-26 09:55 15006 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3005798315-2384965141-998619169-1001_UserData.bin
      + 2009-12-06 18:24 . 2011-12-26 09:53 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
      - 2009-12-06 18:24 . 2011-12-25 14:52 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
      - 2009-12-06 18:24 . 2011-12-25 14:52 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
      + 2009-12-06 18:24 . 2011-12-26 09:53 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
      + 2009-12-06 18:24 . 2011-12-26 09:53 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
      - 2009-12-06 18:24 . 2011-12-25 14:52 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
      + 2009-12-06 18:24 . 2011-12-26 10:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
      - 2009-12-06 18:24 . 2011-12-25 15:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
      - 2009-12-06 18:24 . 2011-12-25 15:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
      + 2009-12-06 18:24 . 2011-12-26 10:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
      - 2011-12-25 14:51 . 2011-12-25 14:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
      + 2011-12-26 10:49 . 2011-12-26 10:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
      + 2011-12-26 10:49 . 2011-12-26 10:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
      - 2011-12-25 14:51 . 2011-12-25 14:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
      - 2009-07-14 05:01 . 2011-12-25 14:50 252572 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
      + 2009-07-14 05:01 . 2011-12-26 10:48 252572 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
      + 2009-12-07 02:35 . 2011-12-25 23:18 253340 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3005798315-2384965141-998619169-1001-12288.dat
      - 2009-12-07 02:35 . 2011-12-25 12:59 253340 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3005798315-2384965141-998619169-1001-12288.dat
      .
      ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown
      REGEDIT4
      .
      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 1688872]
      "NokiaOviSuite2"="c:\program files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2011-09-01 966712]
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
      "NokiaMServer"="c:\program files (x86)\Common Files\Nokia\MPlatform\NokiaMServer" [X]
      "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
      "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-04 98304]
      "BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
      "ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
      "ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]
      "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
      "TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2010-12-27 274608]
      "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
      "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
      "RegistrarUsrDNIeCertStoreDLL"="c:\dnie\udcs.exe" [2009-03-02 39424]
      "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-07-19 421736]
      "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
      "ConsentPromptBehaviorAdmin"= 0 (0x0)
      "ConsentPromptBehaviorUser"= 3 (0x3)
      "EnableLUA"= 0 (0x0)
      "EnableUIADesktopToggle"= 0 (0x0)
      "PromptOnSecureDesktop"= 0 (0x0)
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
      [BU]
      .
      [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
      Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
      .
      R2 DES2 Service;DES2 Service for Energy Saving.;c:\program files (x86)\Gigabyte\EnergySaver2\des2svr.exe [x]
      R2 gupdate;Servicio Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-21 136176]
      R2 hasplms;Sentinel HASP License Manager;c:\windows\system32\hasplms.exe -run [x]
      R3 gupdatem;Servicio de Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-21 136176]
      R3 NANMp50a64;NANMp50a64 NDIS Protocol Driver;c:\windows\system32\Drivers\NANMp50a64.sys [x]
      R3 NANSp50a64;NANSp50a64 NDIS Protocol Driver;c:\windows\system32\Drivers\NANSp50a64.sys [x]
      R3 S3XXx64;SCR3xx USB SmartCardReader64;c:\windows\system32\DRIVERS\S3XXx64.sys [x]
      R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
      R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
      R3 WatAdminSvc;Servicio de tecnologías de activación de Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
      S1 aswSnx;aswSnx; [x]
      S1 aswSP;aswSP; [x]
      S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys [x]
      S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
      S2 aswFsBlk;aswFsBlk; [x]
      S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
      S2 ES lite Service;ES lite Service for program management.;c:\program files (x86)\Gigabyte\EasySaver\ESSVR.EXE [2009-03-02 68136]
      S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
      .
      .
      Contents of the 'Scheduled Tasks' folder
      .
      2011-12-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
      - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-21 17:33]
      .
      2011-12-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
      - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-21 17:33]
      .
      2011-12-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3005798315-2384965141-998619169-1001Core.job
      - c:\users\Ordenador\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-06 18:54]
      .
      2011-12-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3005798315-2384965141-998619169-1001UA.job
      - c:\users\Ordenador\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-06 18:54]
      .
      .
      --------- x86-64 -----------
      .
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
      @="{472083B0-C522-11CF-8763-00608CC02F24}"
      [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
      2011-11-28 18:01 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-11-17 9608224]
      "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
      .
      ------- Supplementary Scan -------
      .
      uLocal Page = c:\windows\system32\blank.htm
      mLocal Page = c:\windows\SysWOW64\blank.htm
      uInternet Settings,ProxyOverride = *.local
      IE: E&xportar a Microsoft Excel - c:\progra~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
      TCP: Interfaces\{94FE32D7-0D8E-4CCE-AB2D-C5959EBA476C}: NameServer = 192.168.1.1
      FF - ProfilePath - c:\users\Ordenador\AppData\Roaming\Mozilla\Firefox\Profiles\v19ku2xf.default\
      FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
      .
      .
      --------------------- LOCKED REGISTRY KEYS ---------------------
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
      @Denied: (A 2) (Everyone)
      @="FlashBroker"
      "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
      "Enabled"=dword:00000001
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
      @Denied: (A 2) (Everyone)
      @="Shockwave Flash Object"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
      "ThreadingModel"="Apartment"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
      @="0"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
      @="ShockwaveFlash.ShockwaveFlash.10"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
      @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
      @="1.0"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
      @="ShockwaveFlash.ShockwaveFlash"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
      @Denied: (A 2) (Everyone)
      @="Macromedia Flash Factory Object"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
      "ThreadingModel"="Apartment"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
      @="FlashFactory.FlashFactory.1"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
      @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
      @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
      @="1.0"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
      @="FlashFactory.FlashFactory"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
      @Denied: (A 2) (Everyone)
      @="IFlashBroker4"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
      @="{00020424-0000-0000-C000-000000000046}"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      "Version"="1.0"
      .
      [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
      "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
      00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
      .
      [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      .
      [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      .
      [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      .
      [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
      @Denied: (Full) (Everyone)
      .
      ------------------------ Other Running Processes ------------------------
      .
      c:\program files\AVAST Software\Avast\AvastSvc.exe
      c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
      c:\program files (x86)\Bonjour\mDNSResponder.exe
      c:\program files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe
      c:\program files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
      c:\program files (x86)\PC Connectivity Solution\ServiceLayer.exe
      c:\program files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
      c:\program files (x86)\Common Files\Java\Java Update\jucheck.exe
      .
      **************************************************************************
      .
      Completion time: 2011-12-26 11:55:27 - machine was rebooted
      ComboFix-quarantined-files.txt 2011-12-26 10:55
      ComboFix2.txt 2011-12-25 15:23
      ComboFix3.txt 2011-12-23 22:30
      .
      Pre-Run: 373.915.172.864 bytes libres
      Post-Run: 373.510.828.032 bytes libres
      .
      - - End Of File - - E1704FDCEAEF38C3C2139B4CFA01E55B

      Buen dia. Permitanme meter bocado en este post. (lamentablemente no es para ayudar)

      Tengo al parecer el mismo trojano. Me lo detecta el nod32 en la memoria, no lo puede eliminar, los navegadores parecen funcionar bien, salvo porque cada tanto me abre el firefox una pestaña con una pagina que no anda.

      Si me pueden ayudar, cuales serian los primeros pasos a seguir?

      Desde ya muchas gracias.

    2. #2
      Moderador Gral.
      Avatar de Leosolari
      Registrado
      jun 2007
      Ubicación
      Argentina
      Mensajes
      53.111

      Re: No puedo eliminar el Troyano Win32/sirefef.ch

      Hola alexbaico



      Descargá TDSSKiller a Tu escritorio.


      Desconectá Tu ordenador de Internet (Desenchufá el cable).


      Ejecutá TDSSKiller tal cual lo indica Su manual.


      Cuando la Herramienta termine Su trabajo, Reiniciá el ordenador y conectate nuevamente a Internet.


      Volves con su reporte y Nos comentas como sigue el ordenador ahora.


      Saludos

      `·.¸¸.·´´¯`··._.· ·.¸¸.·´´¯`··._.· No Desesperes.....Seguí Luchando `·.¸¸.·´´¯`··._.· ·.¸¸.·´´¯`··._.·

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.