• Registrarse
  • Iniciar sesión


  • Página 3 de 3 PrimeroPrimero 123
    Resultados 21 al 22 de 22

    Pc lento y otros proble,mas

    Hola SanMar, esta vez si que he podido usar combofix. Lo unico que me lie.. e inverti el orden. Ejecute Mabar y despues combofix. Te paso los reportes. en cuanto al funcionamiento, no es que ...

    1. #21
      Usuario Avatar de eburre
      Registrado
      ago 2009
      Ubicación
      españa
      Mensajes
      2.265

      Re: Pc lento y otros proble,mas

      Hola SanMar, esta vez si que he podido usar combofix. Lo unico que me lie.. e inverti el orden. Ejecute Mabar y despues combofix. Te paso los reportes. en cuanto al funcionamiento, no es que vaya mal, pero noto el pc muy pesado.


      ComboFix 13-04-23.02 - user0 23/04/2013 23:27:01.3.1 - x86
      Microsoft Windows XP Professional 5.1.2600.3.1252.34.3082.18.1023.736 [GMT 2:00]
      Running from: c:\documents and settings\user0\Escritorio\ComboFix.exe
      .
      WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
      .
      .
      ((((((((((((((((((((((((( Files Created from 2013-03-23 to 2013-04-23 )))))))))))))))))))))))))))))))
      .
      .
      5300-10-10 02:06 . 2012-06-02 14:19 45080 ----a-w- c:\windows\system32\wups2.dll
      5300-10-10 02:06 . 2012-06-02 14:19 24088 ----a-w- c:\windows\system32\wucltui.dll.mui
      5300-10-10 02:06 . 2012-06-02 14:19 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui
      5300-10-10 02:06 . 2012-06-02 14:19 15896 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
      2013-11-06 15:15 . 2013-11-06 15:15 -------- d-----w- c:\archivos de programa\VS Revo Group
      2013-04-23 21:15 . 2013-04-23 21:15 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
      2013-04-23 21:15 . 2013-04-23 21:15 -------- d-----w- c:\archivos de programa\Archivos comunes\Java
      2013-04-23 21:14 . 2013-04-04 03:35 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
      2013-04-23 21:02 . 2008-04-14 04:48 221184 ----a-w- c:\windows\system32\wmpns.dll
      2013-04-23 21:02 . 2013-04-23 21:04 -------- d-----w- c:\documents and settings\user0
      .
      .
      .
      (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2013-03-08 20:31 . 2013-03-05 21:35 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
      2013-03-08 20:31 . 2012-03-14 14:15 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
      2013-03-08 20:19 . 2013-03-08 23:02 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
      2013-03-08 20:19 . 2013-03-08 23:02 782240 ----a-w- c:\windows\system32\deployJava1.dll
      2013-02-23 20:01 . 2013-02-23 20:01 30544 ----a-w- c:\windows\system\dib.drv
      2013-02-23 20:01 . 2013-02-23 20:01 133024 ----a-w- c:\windows\system\cncs.dll
      2013-02-12 00:32 . 2008-04-13 21:26 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
      2013-02-05 20:13 . 2008-11-20 19:49 916480 ----a-w- c:\windows\system32\wininet.dll
      2013-02-05 20:13 . 2008-11-20 19:49 43520 ------w- c:\windows\system32\licmgr10.dll
      2013-02-05 20:13 . 2008-11-20 19:49 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
      2013-02-05 05:54 . 2008-11-20 19:48 385024 ------w- c:\windows\system32\html.iec
      2013-01-26 03:55 . 2008-04-14 04:48 552448 ----a-w- c:\windows\system32\oleaut32.dll
      .
      .
      ------- Sigcheck -------
      Note: Unsigned files aren't necessarily malware.
      .
      [-] 2008-11-20 . E8988236B61B732720AC475EBD9F717E . 1572352 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
      .
      ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown
      REGEDIT4
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "SunJavaUpdateSched"="c:\archivos de programa\Archivos comunes\Java\Java Update\jusched.exe" [2013-03-12 253816]
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
      "Z1"="c:\documents and settings\user0\Escritorio\mbar\mbar.exe" [2013-03-23 1398856]
      .
      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
      .
      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
      "_nltide_2"="shell32" [X]
      "_nltide_3"="advpack.dll" [2009-03-08 128512]
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
      c:\windows\system32\dumprep 0 -k [X]
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware]
      2012-12-14 15:49 512360 ----a-w- c:\archivos de programa\Malwarebytes' Anti-Malware\mbamgui.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
      2012-12-14 15:49 512360 ----a-w- c:\archivos de programa\Malwarebytes' Anti-Malware\mbamgui.exe
      .
      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "%windir%\\system32\\sessmgr.exe"=
      .
      R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [23/04/2013 23:15 35144]
      S2 MBAMScheduler;MBAMScheduler;c:\archivos de programa\Malwarebytes' Anti-Malware\mbamscheduler.exe [19/12/2012 19:36 398184]
      S2 MBAMService;MBAMService;c:\archivos de programa\Malwarebytes' Anti-Malware\mbamservice.exe [19/12/2012 19:36 682344]
      S3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys --> c:\windows\system32\drivers\massfilter.sys [?]
      S3 massfilter_hs;USB Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys --> c:\windows\system32\drivers\massfilter_hs.sys [?]
      S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [19/12/2012 19:36 21104]
      S3 USBZTECCID;ZTE USB Smartcard Driver;c:\windows\system32\DRIVERS\ZTEusbccid.sys --> c:\windows\system32\DRIVERS\ZTEusbccid.sys [?]
      S3 ZTEusbMB;ZTE NMEAExt2 Port;c:\windows\system32\DRIVERS\ZTEusbnmeaext2.sys --> c:\windows\system32\DRIVERS\ZTEusbnmeaext2.sys [?]
      S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys --> c:\windows\system32\DRIVERS\ZTEusbnet.sys [?]
      .
      --- Other Services/Drivers In Memory ---
      .
      *NewlyCreated* - JAVAQUICKSTARTERSERVICE
      *NewlyCreated* - MBAMCHAMELEON
      .
      Contents of the 'Scheduled Tasks' folder
      .
      2001-12-31 c:\windows\Tasks\GlaryInitialize.job
      - c:\archivos de programa\Glary Utilities\initialize.exe [2013-03-08 20:09]
      .
      .
      ------- Supplementary Scan -------
      .
      uStart Page = hxxp://www.google.es/
      TCP: Interfaces\{A345AB88-17D0-4BED-B15B-B545138B1954}: NameServer = 80.58.61.250,80.58.61.254
      .
      - - - - ORPHANS REMOVED - - - -
      .
      Toolbar-Locked - (no file)
      MSConfigStartUp-Adobe ARM - c:\archivos de programa\Archivos comunes\Adobe\ARM\1.0\AdobeARM.exe
      .
      .
      .
      **************************************************************************
      .
      catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
      Rootkit scan 2013-04-23 23:30
      Windows 5.1.2600 Service Pack 3 NTFS
      .
      scanning hidden processes ...
      .
      scanning hidden autostart entries ...
      .
      scanning hidden files ...
      .
      scan completed successfully
      hidden files: 0
      .
      **************************************************************************
      .
      --------------------- LOCKED REGISTRY KEYS ---------------------
      .
      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
      @Denied: (A 2) (Everyone)
      @="FlashBroker"
      "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
      "Enabled"=dword:00000001
      .
      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
      @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
      @Denied: (A 2) (Everyone)
      @="IFlashBroker5"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
      @="{00020424-0000-0000-C000-000000000046}"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      "Version"="1.0"
      .
      --------------------- DLLs Loaded Under Running Processes ---------------------
      .
      - - - - - - - > 'explorer.exe'(3296)
      c:\windows\system32\WININET.dll
      c:\windows\system32\webcheck.dll
      .
      - - - - - - - > 'explorer.exe'(400)
      c:\windows\system32\WININET.dll
      c:\windows\system32\webcheck.dll
      .
      Completion time: 2013-04-23 23:31:49
      ComboFix-quarantined-files.txt 2013-04-23 21:31
      ComboFix2.txt 2002-01-04 15:32
      .
      Pre-Run: 17.950.605.312 bytes libres
      Post-Run: 17.987.887.104 bytes libres
      .
      - - End Of File - - B8A9E5BAA13767B7F456736F6F0A8AEE


      MBAR.LOG

      Malwarebytes Anti-Rootkit BETA 1.05.0.1001
      Malwarebytes : Free anti-malware download

      Database version: v2013.04.23.07

      Windows XP Service Pack 3 x86 NTFS
      Internet Explorer 8.0.6001.18702
      user0 :: USER-741468BC2D [administrator]

      23/04/2013 23:22:25
      mbar-log-2013-04-23 (23-22-25).txt

      Scan type: Quick scan
      Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
      Scan options disabled:
      Objects scanned: 24331
      Time elapsed: 6 minute(s), 35 second(s)

      Memory Processes Detected: 0
      (No malicious items detected)

      Memory Modules Detected: 0
      (No malicious items detected)

      Registry Keys Detected: 0
      (No malicious items detected)

      Registry Values Detected: 0
      (No malicious items detected)

      Registry Data Items Detected: 0
      (No malicious items detected)

      Folders Detected: 0
      (No malicious items detected)

      Files Detected: 0
      (No malicious items detected)

      (end)


      SYSTEM.LOG

      ---------------------------------------
      Malwarebytes Anti-Rootkit BETA 1.05.0.1001

      (c) Malwarebytes Corporation 2011-2012

      OS version: 5.1.2600 Windows XP Service Pack 3 x86

      Account is Administrative

      Internet Explorer version: 8.0.6001.18702

      File system is: NTFS
      Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
      CPU speed: 2.200000 GHz
      Memory total: 1072414720, free: 759222272

      ------------ Kernel report ------------
      04/23/2013 23:15:22
      ------------ Loaded modules -----------
      \WINDOWS\system32\ntkrnlpa.exe
      \WINDOWS\system32\hal.dll
      \WINDOWS\system32\KDCOM.DLL
      \WINDOWS\system32\BOOTVID.dll
      ACPI.sys
      \WINDOWS\system32\DRIVERS\WMILIB.SYS
      pci.sys
      isapnp.sys
      ViaIde.sys
      \WINDOWS\System32\Drivers\PCIIDEX.SYS
      MountMgr.sys
      ftdisk.sys
      dmload.sys
      dmio.sys
      videX32.sys
      PartMgr.sys
      VolSnap.sys
      atapi.sys
      viamraid.sys
      \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
      disk.sys
      \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
      fltMgr.sys
      sr.sys
      KSecDD.sys
      Ntfs.sys
      NDIS.sys
      Mup.sys
      gagp30kx.sys
      \SystemRoot\system32\DRIVERS\nv4_mini.sys
      \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
      \SystemRoot\system32\DRIVERS\yukonwxp.sys
      \SystemRoot\system32\DRIVERS\imapi.sys
      \SystemRoot\system32\DRIVERS\cdrom.sys
      \SystemRoot\system32\DRIVERS\redbook.sys
      \SystemRoot\system32\DRIVERS\ks.sys
      \SystemRoot\system32\DRIVERS\usbuhci.sys
      \SystemRoot\system32\DRIVERS\USBPORT.SYS
      \SystemRoot\system32\DRIVERS\usbehci.sys
      \SystemRoot\system32\DRIVERS\i8042prt.sys
      \SystemRoot\system32\DRIVERS\kbdclass.sys
      \SystemRoot\system32\DRIVERS\mouclass.sys
      \SystemRoot\system32\DRIVERS\fdc.sys
      \SystemRoot\system32\DRIVERS\serial.sys
      \SystemRoot\system32\DRIVERS\serenum.sys
      \SystemRoot\system32\drivers\smwdm.sys
      \SystemRoot\system32\drivers\portcls.sys
      \SystemRoot\system32\drivers\drmk.sys
      \SystemRoot\system32\drivers\aeaudio.sys
      \SystemRoot\system32\DRIVERS\processr.sys
      \SystemRoot\system32\DRIVERS\audstub.sys
      \SystemRoot\system32\DRIVERS\rasl2tp.sys
      \SystemRoot\system32\DRIVERS\ndistapi.sys
      \SystemRoot\system32\DRIVERS\ndiswan.sys
      \SystemRoot\system32\DRIVERS\raspppoe.sys
      \SystemRoot\system32\DRIVERS\raspptp.sys
      \SystemRoot\system32\DRIVERS\TDI.SYS
      \SystemRoot\system32\DRIVERS\psched.sys
      \SystemRoot\system32\DRIVERS\msgpc.sys
      \SystemRoot\system32\DRIVERS\ptilink.sys
      \SystemRoot\system32\DRIVERS\raspti.sys
      \SystemRoot\system32\DRIVERS\rdpdr.sys
      \SystemRoot\system32\DRIVERS\termdd.sys
      \SystemRoot\system32\DRIVERS\swenum.sys
      \SystemRoot\system32\DRIVERS\update.sys
      \SystemRoot\system32\DRIVERS\mssmbios.sys
      \SystemRoot\System32\Drivers\NDProxy.SYS
      \SystemRoot\system32\DRIVERS\usbhub.sys
      \SystemRoot\system32\DRIVERS\USBD.SYS
      \SystemRoot\system32\DRIVERS\flpydisk.sys
      \SystemRoot\System32\Drivers\Fs_Rec.SYS
      \SystemRoot\System32\Drivers\Null.SYS
      \SystemRoot\System32\Drivers\Beep.SYS
      \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
      \SystemRoot\System32\drivers\vga.sys
      \SystemRoot\System32\Drivers\mnmdd.SYS
      \SystemRoot\System32\DRIVERS\RDPCDD.sys
      \SystemRoot\System32\Drivers\Msfs.SYS
      \SystemRoot\System32\Drivers\Npfs.SYS
      \SystemRoot\system32\DRIVERS\rasacd.sys
      \SystemRoot\system32\DRIVERS\ipsec.sys
      \SystemRoot\system32\DRIVERS\tcpip.sys
      \SystemRoot\system32\DRIVERS\netbt.sys
      \SystemRoot\system32\DRIVERS\ipnat.sys
      \SystemRoot\system32\DRIVERS\wanarp.sys
      \SystemRoot\System32\drivers\ws2ifsl.sys
      \SystemRoot\System32\drivers\afd.sys
      \SystemRoot\system32\DRIVERS\netbios.sys
      \SystemRoot\system32\DRIVERS\rdbss.sys
      \SystemRoot\system32\DRIVERS\mrxsmb.sys
      \SystemRoot\System32\Drivers\Fips.SYS
      \SystemRoot\System32\Drivers\Cdfs.SYS
      \SystemRoot\System32\Drivers\dump_atapi.sys
      \SystemRoot\System32\Drivers\dump_WMILIB.SYS
      \SystemRoot\System32\win32k.sys
      \SystemRoot\System32\drivers\Dxapi.sys
      \SystemRoot\System32\watchdog.sys
      \SystemRoot\System32\drivers\dxg.sys
      \SystemRoot\System32\drivers\dxgthk.sys
      \SystemRoot\system32\DRIVERS\ndisuio.sys
      \SystemRoot\system32\drivers\wdmaud.sys
      \SystemRoot\system32\drivers\sysaudio.sys
      \SystemRoot\system32\DRIVERS\mrxdav.sys
      \SystemRoot\system32\DRIVERS\srv.sys
      \SystemRoot\System32\Drivers\HTTP.sys
      \SystemRoot\System32\TSDDD.dll
      \SystemRoot\System32\nv4_disp.dll
      \SystemRoot\system32\drivers\kmixer.sys
      \SystemRoot\System32\Drivers\Fastfat.SYS
      \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
      \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
      \WINDOWS\system32\ntdll.dll
      ----------- End -----------
      <<<1>>>
      Upper Device Name: \Device\Harddisk0\DR0
      Upper Device Object: 0xffffffff86569ab8
      Upper Device Driver Name: \Driver\Disk\
      Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-3\
      Lower Device Object: 0xffffffff8657ad98
      Lower Device Driver Name: \Driver\atapi\
      Driver name found: atapi
      Initialization returned 0x0
      Load Function returned 0x0
      Downloaded database version: v2013.04.23.07
      Downloaded database version: v2013.04.22.01
      Initializing...
      Done!
      <<<2>>>
      Device number: 0, partition: 1
      Physical Sector Size: 512
      Drive: 0, DevicePointer: 0xffffffff86569ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
      --------- Disk Stack ------
      DevicePointer: 0xffffffff86574e08, DeviceName: Unknown, DriverName: \Driver\PartMgr\
      DevicePointer: 0xffffffff86569ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
      DevicePointer: 0xffffffff8657cf18, DeviceName: \Device\00000057\, DriverName: \Driver\ACPI\
      DevicePointer: 0xffffffff8657ad98, DeviceName: \Device\Ide\IdeDeviceP0T0L0-3\, DriverName: \Driver\atapi\
      ------------ End ----------
      Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
      Upper DeviceData: 0xffffffffe2b96900, 0xffffffff86569ab8, 0xffffffff85e37ab8
      Lower DeviceData: 0xffffffffe1a22668, 0xffffffff8657ad98, 0xffffffff85e32e00
      <<<3>>>
      Volume: C:
      File system type: NTFS
      SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
      Scanning directory: C:\WINDOWS\system32\drivers...
      <<<2>>>
      Device number: 0, partition: 1
      <<<3>>>
      Volume: C:
      File system type: NTFS
      SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
      Done!
      Drive 0
      Scanning MBR on drive 0...
      Inspecting partition table:
      MBR Signature: 55AA
      Disk Signature: 4B5B4B5A

      Partition information:

      Partition 0 type is Primary (0x7)
      Partition is ACTIVE.
      Partition starts at LBA: 63 Numsec = 53881947
      Partition file system is NTFS
      Partition is bootable

      Partition 1 type is Extended with LBA (0xf)
      Partition is NOT ACTIVE.
      Partition starts at LBA: 53882010 Numsec = 102398310

      Partition 2 type is Empty (0x0)
      Partition is NOT ACTIVE.
      Partition starts at LBA: 0 Numsec = 0

      Partition 3 type is Empty (0x0)
      Partition is NOT ACTIVE.
      Partition starts at LBA: 0 Numsec = 0

      Disk Size: 80026361856 bytes
      Sector size: 512 bytes

      Scanning physical sectors of unpartitioned space on drive 0 (1-62-156281488-156301488)...
      Done!
      Performing system, memory and registry scan...
      Done!
      Scan finished
      =======================================


      Un saludo y gracias ante todo.

    2. #22
      Ex-Colaboradora Avatar de @SanMar
      Registrado
      jun 2008
      Ubicación
      Argentina
      Mensajes
      22.290

      Re: Pc lento y otros proble,mas

      Hola:


      No se ve nada en los reportes.


      Dado el tiempo transcurrido trae un nuevo reporte de OTL, lo ejecutas como te lo indique la primera vez.


      Salu2.

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    Página 3 de 3 PrimeroPrimero 123