Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ComboFix Ayuda


  • Please log in to reply
1 reply to this topic

#1 dupagust

dupagust

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:48 PM

Posted 29 May 2012 - 11:52 PM

Buenas noches como están.. Le preste mi laptop a un familiar y no se que le hizo y necesito ayuda por favor. esta full virus. me bloqueo los programas como firewall, me inabilito en antivirus, no ejecuta el CMD, me bloqueo la opción de restaurar sistema y no me permite formatearla porque es una mini laptop siragon, y cuando trato de formatearla por el pendrive me convierte los archivos en acceso directo. necesito ayuda.

ESTOS SON LOS RESULTADOS QUE ME DIO ESTE PROGRAMA COMBOFIX

NECESITO SU AYUDA POR FAVOR. GRACIAS


ComboFix 12-05-29.01 - Administrador 18/03/2013 22:32:10.1.1 - x86 DSREPAIR
Microsoft Windows XP Professional 5.1.2600.2.1252.54.3082.18.959.701 [GMT -3:00]
Running from: d:\downloads\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrador\27F6461627473796E696D64614\winlogon.exe
c:\documents and settings\Administrador\selqeq.exe
c:\documents and settings\Administrador\winlogon.exe
c:\documents and settings\NetworkService\winlogon.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_usnjsvc
.
.
((((((((((((((((((((((((( Files Created from 2013-02-19 to 2013-03-19 )))))))))))))))))))))))))))))))
.
.
2013-03-19 01:41 . 2013-03-19 01:41 -------- d-----w- c:\windows\system32\wbem\snmp
2013-03-19 01:41 . 2013-03-19 01:41 -------- d-----w- c:\windows\system32\xircom
2013-03-19 01:41 . 2013-03-19 01:41 -------- d-----w- c:\archivos de programa\microsoft frontpage
2013-03-18 15:07 . 2013-03-18 15:07 -------- d-----w- c:\documents and settings\Administrador\Datos de programa\RegistryKeys
2013-03-18 15:07 . 2013-03-18 15:07 -------- d-----w- c:\documents and settings\Administrador\Datos de programa\PC Speed Maximizer
2013-03-18 14:49 . 2013-03-18 14:49 -------- d-----w- c:\archivos de programa\NortonInstaller
2013-03-18 12:55 . 2013-03-18 14:39 -------- d-----w- c:\archivos de programa\GridinSoft Trojan Killer
2013-03-18 12:44 . 2013-03-18 12:44 -------- d-----w- c:\archivos de programa\PC Speed Maximizer
2013-03-18 12:35 . 2006-06-29 16:07 14048 ------w- c:\windows\system32\spmsg2.dll
2013-03-18 12:31 . 2013-03-18 12:35 -------- d-----w- c:\windows\system32\XPSViewer
2013-03-18 12:31 . 2013-03-18 12:31 -------- d-----w- c:\archivos de programa\MSBuild
2013-03-18 12:31 . 2013-03-18 12:31 -------- d-----w- c:\archivos de programa\Reference Assemblies
2013-03-18 12:31 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2013-03-18 12:30 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2013-03-18 12:30 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2013-03-18 12:30 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2013-03-18 12:30 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2013-03-18 12:30 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2013-03-18 12:30 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2013-03-18 12:30 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2013-03-18 12:30 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2013-03-18 12:28 . 2013-03-18 12:36 -------- d-----w- c:\documents and settings\Administrador\Configuración local\Datos de programa\Google
2013-03-18 12:26 . 2013-03-18 12:26 -------- d-----w- c:\archivos de programa\MSXML 6.0
2013-03-18 11:19 . 2013-03-18 11:19 -------- d-----w- c:\archivos de programa\FileASSASSIN
2013-03-18 10:08 . 2013-03-18 10:08 -------- d-----w- c:\documents and settings\Administrador\Datos de programa\SUPERAntiSpyware.com
2013-03-18 10:07 . 2013-03-18 10:08 -------- d-----w- c:\archivos de programa\SUPERAntiSpyware
2013-03-18 10:07 . 2013-03-18 10:07 -------- d-----w- c:\documents and settings\All Users\Datos de programa\SUPERAntiSpyware.com
2013-03-18 07:59 . 2013-03-18 07:59 -------- d-----w- c:\documents and settings\All Users\Datos de programa\NortonInstaller
2013-03-18 05:25 . 2013-03-18 05:25 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-18 05:25 . 2013-03-18 05:25 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-18 04:56 . 2013-03-18 04:57 -------- d-----w- c:\documents and settings\Administrador\Datos de programa\XnView
2013-03-18 03:29 . 2013-03-18 03:29 -------- d-----w- c:\archivos de programa\Lavalys
2013-03-18 03:28 . 2013-03-18 03:28 -------- d-----w- c:\archivos de programa\everest
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-21 01:18 . 2013-03-18 04:48 97208 ----a-w- c:\archivos de programa\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 122512 ----a-w- c:\archivos de programa\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-05-21 3905920]
"SPMTray"="c:\archivos de programa\PC Speed Maximizer\SPMTray.exe" [2011-06-10 203920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2008-06-04 53248]
"VTTrayp"="VTtrayp.exe" [2008-06-04 176128]
"SkyTel"="SkyTel.EXE" [2008-06-04 1826816]
"RTHDCPL"="RTHDCPL.EXE" [2008-06-04 16844800]
"GrooveMonitor"="c:\archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"avast"="c:\archivos de programa\Alwil Software\Avast5\avastUI.exe" [2011-09-06 3722416]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2010-05-04 124928]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\archivos de programa\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\archivos de programa\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiSpyWareDisableNotify"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Archivos de programa\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Archivos de programa\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Archivos de programa\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Archivos de programa\\Microsoft Office\\Office12\\ONENOTE.EXE"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [04/12/2011 01:34 p.m. 715248]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [04/12/2011 04:33 p.m. 320856]
R1 SASDIFSV;SASDIFSV;c:\archivos de programa\SUPERAntiSpyware\sasdifsv.sys [22/07/2011 01:27 p.m. 12880]
R1 SASKUTIL;SASKUTIL;c:\archivos de programa\SUPERAntiSpyware\SASKUTIL.SYS [12/07/2011 06:55 p.m. 67664]
R2 !SASCORE;SAS Core Service;c:\archivos de programa\SUPERAntiSpyware\SASCore.exe [11/08/2011 08:38 p.m. 116608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [04/12/2011 04:33 p.m. 20568]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [07/12/2012 09:16 a.m. 73216]
R3 VNWLNDIS;VIA Networking Technologies PCI-Cardbus Wireless LAN Adapter NT Driver;c:\windows\system32\drivers\VNWL5B.sys [04/12/2011 02:29 p.m. 135680]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [04/12/2011 04:33 p.m. 442200]
S2 HWDeviceService.exe;HWDeviceService.exe;c:\documents and settings\All Users\Datos de programa\DatacardService\HWDeviceService.exe [14/03/2011 12:27 p.m. 271712]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [18/03/2013 02:25 a.m. 257696]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [07/12/2012 09:16 a.m. 102784]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [13/11/2012 05:25 p.m. 235392]
S3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\drivers\ewdcsc.sys [13/11/2012 05:25 p.m. 25856]
S3 hwmobile;Huawei CDMA Handset USB Modem and USB Serial;c:\windows\system32\drivers\hwusbser.sys [05/12/2011 08:09 p.m. 101376]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys --> c:\windows\system32\DRIVERS\ewusbdev.sys [?]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys --> c:\windows\system32\DRIVERS\ewusbfake.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\archivos de programa\Mozilla Maintenance Service\maintenanceservice.exe [18/03/2013 01:48 a.m. 129976]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-18 05:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://fi56cppml7k16qb.directorio-w.com
uLocal Page = hxxp://dap77ogo9jslc8z.directorio-w.com
uDefault_Search_URL = hxxp://plj19gwn1k36o32.directorio-w.com
mLocal Page = hxxp://p9cp682013sy180.directorio-w.com
mStart Page = hxxp://73nr5530g711t7r.directorio-w.com
uInternet Connection Wizard,ShellNext = hxxp://google.e/
uInternet Settings,ProxyOverride = *.local
IE: E&xportar a Microsoft Excel - c:\archiv~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 200.44.32.12 200.11.248.12
FF - ProfilePath - c:\documents and settings\Administrador\Datos de programa\Mozilla\Firefox\Profiles\s5swqfcn.default\
FF - prefs.js: browser.startup.homepage - hxxp://e2mkwe747xw5qdb.directorio-w.com
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-35553535F4C4F434 - c:\documents and settings\Administrador\27F6461627473796E696D64614\winlogon.exe
HKLM-Run-35553535F4C4F434 - c:\documents and settings\Administrador\27F6461627473796E696D64614\winlogon.exe
AddRemove-DIGITEL 3G - c:\program files\DIGITEL 3G\uninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-03-18 22:43
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(776)
c:\archivos de programa\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'winlogon.exe'(2716)
c:\windows\system32\wininet.dll
.
- - - - - - - > 'explorer.exe'(3556)
c:\windows\system32\WININET.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\archivos de programa\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\VTTimer.exe
c:\windows\system32\VTtrayp.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\WgaTray.exe
c:\archivos de programa\Alwil Software\Avast5\setup\avast.setup
.
**************************************************************************
.
Completion time: 2013-03-18 22:49:43 - machine was rebooted
ComboFix-quarantined-files.txt 2013-03-19 01:49
.
Pre-Run: 73.117.786.112 bytes libres
Post-Run: 73.906.208.768 bytes libres
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 9B987BF875D942663875EB123140531A

Mod Edit: I sent a PM to OP and he returned the following English translation via PM to me:

Good morning .. My laptop is full of viruses. I'm not allowed to perform any activity
I block programs like firewall, antivirus inabilito me,
not run the CMD, I lock the system restore option and not
I can format because it is a mini laptop Síragon, and when
I try to format a flash drive through makes me files
shortcut. I need help.


THESE ARE THE RESULTS THAT GAVE ME THIS PROGRAM ComboFix

I NEED YOUR HELP PLEASE. THANKS

ComboFix 12-05-29.01 - Administrador 18/03/2013 22:32:10.1.1 - x86 DSREPAIR
Microsoft Windows XP Professional 5.1.2600.2.1252.54.3082.18.959.701 [GMT -3:00]
Running from: d:\downloads\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrador\27F6461627473796E696D64614\winlogon.exe
c:\documents and settings\Administrador\selqeq.exe
c:\documents and settings\Administrador\winlogon.exe
c:\documents and settings\NetworkService\winlogon.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_usnjsvc
.
.
((((((((((((((((((((((((( Files Created from 2013-02-19 to 2013-03-19 )))))))))))))))))))))))))))))))
.
.
2013-03-19 01:41 . 2013-03-19 01:41 -------- d-----w- c:\windows\system32\wbem\snmp
2013-03-19 01:41 . 2013-03-19 01:41 -------- d-----w- c:\windows\system32\xircom
2013-03-19 01:41 . 2013-03-19 01:41 -------- d-----w- c:\archivos de programa\microsoft frontpage
2013-03-18 15:07 . 2013-03-18 15:07 -------- d-----w- c:\documents and settings\Administrador\Datos de programa\RegistryKeys
2013-03-18 15:07 . 2013-03-18 15:07 -------- d-----w- c:\documents and settings\Administrador\Datos de programa\PC Speed Maximizer
2013-03-18 14:49 . 2013-03-18 14:49 -------- d-----w- c:\archivos de programa\NortonInstaller
2013-03-18 12:55 . 2013-03-18 14:39 -------- d-----w- c:\archivos de programa\GridinSoft Trojan Killer
2013-03-18 12:44 . 2013-03-18 12:44 -------- d-----w- c:\archivos de programa\PC Speed Maximizer
2013-03-18 12:35 . 2006-06-29 16:07 14048 ------w- c:\windows\system32\spmsg2.dll
2013-03-18 12:31 . 2013-03-18 12:35 -------- d-----w- c:\windows\system32\XPSViewer
2013-03-18 12:31 . 2013-03-18 12:31 -------- d-----w- c:\archivos de programa\MSBuild
2013-03-18 12:31 . 2013-03-18 12:31 -------- d-----w- c:\archivos de programa\Reference Assemblies
2013-03-18 12:31 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2013-03-18 12:30 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2013-03-18 12:30 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2013-03-18 12:30 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2013-03-18 12:30 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2013-03-18 12:30 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2013-03-18 12:30 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2013-03-18 12:30 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2013-03-18 12:30 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2013-03-18 12:28 . 2013-03-18 12:36 -------- d-----w- c:\documents and settings\Administrador\Configuración local\Datos de programa\Google
2013-03-18 12:26 . 2013-03-18 12:26 -------- d-----w- c:\archivos de programa\MSXML 6.0
2013-03-18 11:19 . 2013-03-18 11:19 -------- d-----w- c:\archivos de programa\FileASSASSIN
2013-03-18 10:08 . 2013-03-18 10:08 -------- d-----w- c:\documents and settings\Administrador\Datos de programa\SUPERAntiSpyware.com
2013-03-18 10:07 . 2013-03-18 10:08 -------- d-----w- c:\archivos de programa\SUPERAntiSpyware
2013-03-18 10:07 . 2013-03-18 10:07 -------- d-----w- c:\documents and settings\All Users\Datos de programa\SUPERAntiSpyware.com
2013-03-18 07:59 . 2013-03-18 07:59 -------- d-----w- c:\documents and settings\All Users\Datos de programa\NortonInstaller
2013-03-18 05:25 . 2013-03-18 05:25 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-18 05:25 . 2013-03-18 05:25 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-18 04:56 . 2013-03-18 04:57 -------- d-----w- c:\documents and settings\Administrador\Datos de programa\XnView
2013-03-18 03:29 . 2013-03-18 03:29 -------- d-----w- c:\archivos de programa\Lavalys
2013-03-18 03:28 . 2013-03-18 03:28 -------- d-----w- c:\archivos de programa\everest
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-21 01:18 . 2013-03-18 04:48 97208 ----a-w- c:\archivos de programa\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 122512 ----a-w- c:\archivos de programa\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-05-21 3905920]
"SPMTray"="c:\archivos de programa\PC Speed Maximizer\SPMTray.exe" [2011-06-10 203920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2008-06-04 53248]
"VTTrayp"="VTtrayp.exe" [2008-06-04 176128]
"SkyTel"="SkyTel.EXE" [2008-06-04 1826816]
"RTHDCPL"="RTHDCPL.EXE" [2008-06-04 16844800]
"GrooveMonitor"="c:\archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"avast"="c:\archivos de programa\Alwil Software\Avast5\avastUI.exe" [2011-09-06 3722416]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2010-05-04 124928]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\archivos de programa\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\archivos de programa\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiSpyWareDisableNotify"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Archivos de programa\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Archivos de programa\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Archivos de programa\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Archivos de programa\\Microsoft Office\\Office12\\ONENOTE.EXE"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [04/12/2011 01:34 p.m. 715248]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [04/12/2011 04:33 p.m. 320856]
R1 SASDIFSV;SASDIFSV;c:\archivos de programa\SUPERAntiSpyware\sasdifsv.sys [22/07/2011 01:27 p.m. 12880]
R1 SASKUTIL;SASKUTIL;c:\archivos de programa\SUPERAntiSpyware\SASKUTIL.SYS [12/07/2011 06:55 p.m. 67664]
R2 !SASCORE;SAS Core Service;c:\archivos de programa\SUPERAntiSpyware\SASCore.exe [11/08/2011 08:38 p.m. 116608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [04/12/2011 04:33 p.m. 20568]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [07/12/2012 09:16 a.m. 73216]
R3 VNWLNDIS;VIA Networking Technologies PCI-Cardbus Wireless LAN Adapter NT Driver;c:\windows\system32\drivers\VNWL5B.sys [04/12/2011 02:29 p.m. 135680]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [04/12/2011 04:33 p.m. 442200]
S2 HWDeviceService.exe;HWDeviceService.exe;c:\documents and settings\All Users\Datos de programa\DatacardService\HWDeviceService.exe [14/03/2011 12:27 p.m. 271712]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [18/03/2013 02:25 a.m. 257696]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [07/12/2012 09:16 a.m. 102784]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [13/11/2012 05:25 p.m. 235392]
S3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\drivers\ewdcsc.sys [13/11/2012 05:25 p.m. 25856]
S3 hwmobile;Huawei CDMA Handset USB Modem and USB Serial;c:\windows\system32\drivers\hwusbser.sys [05/12/2011 08:09 p.m. 101376]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys --> c:\windows\system32\DRIVERS\ewusbdev.sys [?]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys --> c:\windows\system32\DRIVERS\ewusbfake.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\archivos de programa\Mozilla Maintenance Service\maintenanceservice.exe [18/03/2013 01:48 a.m. 129976]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-18 05:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://fi56cppml7k16qb.directorio-w.com
uLocal Page = hxxp://dap77ogo9jslc8z.directorio-w.com
uDefault_Search_URL = hxxp://plj19gwn1k36o32.directorio-w.com
mLocal Page = hxxp://p9cp682013sy180.directorio-w.com
mStart Page = hxxp://73nr5530g711t7r.directorio-w.com
uInternet Connection Wizard,ShellNext = hxxp://google.e/
uInternet Settings,ProxyOverride = *.local
IE: E&xportar a Microsoft Excel - c:\archiv~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 200.44.32.12 200.11.248.12
FF - ProfilePath - c:\documents and settings\Administrador\Datos de programa\Mozilla\Firefox\Profiles\s5swqfcn.default\
FF - prefs.js: browser.startup.homepage - hxxp://e2mkwe747xw5qdb.directorio-w.com
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-35553535F4C4F434 - c:\documents and settings\Administrador\27F6461627473796E696D64614\winlogon.exe
HKLM-Run-35553535F4C4F434 - c:\documents and settings\Administrador\27F6461627473796E696D64614\winlogon.exe
AddRemove-DIGITEL 3G - c:\program files\DIGITEL 3G\uninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-03-18 22:43
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(776)
c:\archivos de programa\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'winlogon.exe'(2716)
c:\windows\system32\wininet.dll
.
- - - - - - - > 'explorer.exe'(3556)
c:\windows\system32\WININET.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\archivos de programa\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\VTTimer.exe
c:\windows\system32\VTtrayp.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\WgaTray.exe
c:\archivos de programa\Alwil Software\Avast5\setup\avast.setup
.
**************************************************************************
.
Completion time: 2013-03-18 22:49:43 - machine was rebooted
ComboFix-quarantined-files.txt 2013-03-19 01:49
.
Pre-Run: 73.117.786.112 bytes libres
Post-Run: 73.906.208.768 bytes libres
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 9B987BF875D942663875EB123140531A


Edited by hamluis, 30 May 2012 - 09:42 AM.
Moved from XP to Malware Removal Logs - Hamluis.


BC AdBot (Login to Remove)

 


#2 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:07:48 PM

Posted 30 May 2012 - 10:17 PM

Bienvenido al foro, dupagust!

Espero poder ayudarlo con sus problemas, pero normalmente todas las instrucciones que proveo estan escritas en Ingles. Si puede entenderlas, podemos continuar, y tratare de proveer algunas en Espanol... :busy:

Por favor, trate de hacer lo siguiente...

Descarga DDS de aquí:
Link 1
Link 2
Guarda el programa en el Escritorio de Windows.

Haga doble-clic en dds.scr para ejecutar la herramienta, y espere el reporte.
Cuando termina DDS, se abren dos (2) reportes:
DDS.txt (aparece en el escritorio (Desktop))
Attach.txt (aparece en el TaskBar, la barra de abajo)

En la próxima respuesta, pega el contenido de ambos reportes DDS.txt y Attach.txt.



Tambien descarga RogueKiller

•Lo encuentras donde dice:
(Download link) Lien de téléchargement: Posted Image
•Click el boton azul obscuro para descargarlo.
•Guardalo en el Escritorio

•Cierra todos los programas que tienes abiertos en el Escritorio
•XP: Doble-click el program para usarlo
•Dale a: SCAN
•Cuando termina, el reporte abre en el Escritorio: RKreport.txt

Pega el contenido del RKreport.txt (Mode: Scan) en tu respuesta.

Edited by Aaflac, 30 May 2012 - 10:18 PM.

Old duck...





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users