Tema: Les paso mi log, porfa me lo podrían revisar?
Ver Mensaje Individual
  #2 (permalink)  
Antiguo 06/12/2007, 09:54
SephirothIX
 
Fecha de Ingreso: diciembre-2007
Mensajes: 7
Antigüedad: 17 años, 2 meses
Puntos: 0
Exclamación Re: Les paso mi log, porfa me lo podrían revisar?
Les paso el log del ComboFix...


ComboFix 07-12-02.6 - Administrator 05-12-2007 15:37:36.5 - NTFSx86
Microsoft Windows 2000 Server 5.0.2195.4.1252.1.1033.18.190 [GMT -6:00]
Running from: \\archivo\archivo\Ulises\Instalar\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINNT\system32\lajfftmr.dll
C:\WINNT\system32\rmtffjal.ini
C:\WINNT\system32\srutv.bak1
C:\WINNT\system32\srutv.ini2
C:\WINNT\system32\srutv.tmp
C:\WINNT\system32\uojxgnkw.dll
C:\WINNT\system32\wkngxjou.ini

.
((((((((((((((((((((((((( Files Created from 2007-11-05 to 2007-12-05 )))))))))))))))))))))))))))))))
.

2007-12-14 17:55 . 07-11-24 19:00 67 --a------ C:\WINNT\system32\i
2007-12-14 17:55 . 07-12-14 17:55 0 --a------ C:\WINNT\system32\kl.exe
2007-12-13 14:43 . 07-11-20 14:14 964,871 ---hs---- C:\WINNT\system32\wpbdsqsr.ini
2007-12-13 14:03 . 07-12-13 14:35 <DIR> d-a------ C:\Documents and Settings\All Users.WINNT\Application Data\TEMP
2007-12-13 14:00 . 07-12-13 14:00 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-13 14:00 . 07-12-13 14:00 <DIR> d-------- C:\Documents and Settings\All Users.WINNT\Application Data\SUPERAntiSpyware.com
2007-12-13 14:00 . 07-12-13 14:00 <DIR> d-------- C:\Documents and Settings\Administrator.SERVIDOR\Application Data\SUPERAntiSpyware.com
2007-12-13 13:59 . 07-12-13 14:08 133,725 --a------ C:\WINNT\system32\SRUTV.tmp.ren
2007-12-13 12:44 . 07-12-13 13:12 143 --a------ C:\WINNT\system32\mcrh.tmp
2007-12-13 11:56 . 07-12-13 11:56 512,096 --a------ C:\WINNT\system32\drivers\amon.sys
2007-12-13 11:56 . 07-12-13 11:56 298,104 --a------ C:\WINNT\system32\imon.dll
2007-12-13 11:56 . 07-12-13 11:55 15,424 --a------ C:\WINNT\system32\drivers\nod32drv.sys
2007-12-13 11:19 . 07-12-13 11:19 <DIR> d-------- C:\Documents and Settings\Administrator.SERVIDOR\Application Data\Lavasoft
2007-12-05 15:28 . 07-12-05 15:28 109,568 --a------ C:\WINNT\system32\spool.exe
2007-12-04 17:29 . 07-12-04 17:29 8,192 --a------ C:\WINNT\system32\default_user_class.dat
2007-12-04 10:20 . 06-10-26 13:40 335,872 --a------ C:\WINNT\system32\mdm_2.exe
2007-12-04 09:37 . 07-12-04 09:37 <DIR> dr------- C:\Enkontrol
2007-11-30 10:56 . 05-08-25 18:19 1,066,176 --a------ C:\WINNT\system32\MSCOMCTL.OCX
2007-11-30 10:56 . 05-08-25 18:18 118,784 --a------ C:\WINNT\system32\MSSTDFMT.DLL
2007-11-30 10:56 . 05-08-25 18:19 115,920 --a------ C:\WINNT\system32\MSINET.OCX
2007-11-28 12:27 . 07-11-28 12:27 <DIR> d-------- C:\Documents and Settings\All Users.WINNT\Application Data\Prevx
2007-11-23 19:50 . 07-11-23 19:50 0 --a------ C:\WINNT\system32\qu2.exe
2007-11-23 12:33 . 07-11-23 12:12 158,208 --a------ C:\WINNT\msconfig.exe
2007-11-23 12:16 . 07-12-05 10:14 <DIR> d-------- C:\Program Files\Security Task Manager
2007-11-23 12:16 . 07-12-05 14:31 <DIR> d-------- C:\Documents and Settings\All Users.WINNT\Application Data\SecTaskMan
2007-11-22 09:52 . 07-11-22 09:52 <DIR> d-------- C:\WINNT\system32\ZoneLabs
2007-11-22 09:52 . 07-11-22 09:52 31,616 --ah----- C:\WINNT\system32\vsconfig.xml
2007-11-21 20:20 . 07-11-21 20:20 0 --a------ C:\WINNT\system32\gather.exe
2007-11-21 16:09 . 07-11-21 16:09 11,776 --a------ C:\junio6.XLS
2007-11-21 16:08 . 07-11-21 16:08 14,336 --a------ C:\junio5.XLS
2007-11-21 16:08 . 07-11-21 16:08 12,288 --a------ C:\junio 4.XLS
2007-11-21 16:05 . 07-11-21 16:05 14,336 --a------ C:\junio 3.XLS
2007-11-21 16:02 . 07-11-21 16:02 11,264 --a------ C:\junio 2.XLS
2007-11-21 16:00 . 07-11-21 16:00 14,336 --a------ C:\junio 2007 1.XLS
2007-11-12 14:57 . 07-11-12 15:58 65 --a------ C:\WINNT\system32\o
2007-11-12 10:46 . 07-11-12 10:46 <DIR> d-------- C:\Documents and Settings\CASASPLATINO\EnKontrol V8
2007-11-12 10:04 . 07-12-13 10:56 135,639 --a------ C:\WINNT\system32\SRUTV.bak2.ren
2007-11-12 10:03 . 07-11-12 10:03 6,470 --a------ C:\WINNT\system32\SRUTV.bak1.ren
2007-11-12 09:48 . 07-11-12 09:58 590,416 ---hs---- C:\WINNT\system32\oysxemte.ini
2007-11-10 09:26 . 06-04-25 18:07 155,648 --a------ C:\WINNT\toc13.ocx
2007-11-10 08:53 . 04-08-04 00:56 293,376 --a------ C:\WINNT\system32\wisptis.exe
2007-11-10 08:53 . 04-08-04 00:56 207,360 --a------ C:\WINNT\system32\inked.dll
2007-11-10 08:37 . 00-10-24 04:12 24,576 --------- C:\WINNT\KeyHH.exe
2007-11-10 08:36 . 02-02-19 14:22 24,576 --a------ C:\WINNT\system32\msxml3a.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2007-12-13 20:18 133,725 --sha-w C:\WINNT\system32\SRUTV.ini2.ren
2007-12-13 16:57 --------- d-----w C:\Documents and Settings\All Users.WINNT\Application Data\Spybot - Search & Destroy
2007-11-10 14:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-10 14:18 --------- d-----w C:\Documents and Settings\administrador\Application Data\Lavasoft
2005-11-28 21:03 271 ---h--w C:\Program Files\desktop.ini
2005-11-28 21:03 21,952 ---h--w C:\Program Files\folder.htt
2002-07-24 12:00 32,528 ----a-w C:\WINNT\inf\wbfirdma.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"SybaseCentral43"="D:\Program Files\Sybase9\Shared\Sybase Central 4.3\win32\scjview.exe" [06-09-28 14:44 ]
"DBISQL9"="D:\Program Files\Sybase9\SQL Anywhere 9\win32\dbisqlg.exe" [06-12-08 19:09 ]
"SUPERAntiSpyware"="D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [07-06-21 14:06 ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [07-12-13 11:55 ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"Microsoft Update"="C:\WINNT\system32\spool.exe" [07-12-05 15:28 ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"disablecad"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer]
"ShowSuperHidden"= 1 (0x1)
"NoFileAssociate"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= D:\Program Files\SUPERAntiSpyware\SASSEH.DLL [06-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
D:\Program Files\SUPERAntiSpyware\SASWINLO.dll 07-04-19 13:41 294912 D:\Program Files\SUPERAntiSpyware\SASWINLO.dll

R0 DfsDriver;DfsDriver;C:\WINNT\system32\drivers\Dfs. sys
R0 mraid2k;mraid2k;C:\WINNT\system32\drivers\mraid2k. sys
R2 ASANYs_serv_v8;Adaptive Server Anywhere - serv_v8;D:\Program Files\Sybase9\SQL Anywhere 9\win32\dbsrv9.exe -hvASANYs_serv_v8
R2 Dfs;Distributed File System;C:\WINNT\system32\Dfssvc.exe
R2 MSSEARCH;Microsoft Search;"C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe"
R2 NntpSvc;Network News Transport Protocol (NNTP);C:\WINNT\System32\inetsrv\inetinfo.exe
R2 SMTPSVC;Simple Mail Transport Protocol (SMTP);C:\WINNT\System32\inetsrv\inetinfo.exe
R2 TermServLicensing;Terminal Services Licensing;C:\WINNT\System32\lserver.exe
R3 openhci;Microsoft USB Open Host Controller Driver;C:\WINNT\system32\DRIVERS\openhci.sys
R3 spud;Special Purpose Utility Driver;C:\WINNT\system32\drivers\spud.sys
S3 NtFrs;File Replication;C:\WINNT\system32\ntfrs.exe
S3 TDASYNC;TDASYNC;C:\WINNT\system32\drivers\TDASYNC. sys
S3 TDIPX;TDIPX;C:\WINNT\system32\drivers\TDIPX.sys
S3 TDNETB;TDNETB;C:\WINNT\system32\drivers\TDNETB.sys
S3 TDSPX;TDSPX;C:\WINNT\system32\drivers\TDSPX.sys
S3 TrkSvr;Distributed Link Tracking Server;C:\WINNT\system32\services.exe
S4 ASANYs_EK_ADM00;Adaptive Server Anywhere - EK_ADM00;D:\Program Files\Sybase\SQL Anywhere 7\win32\dbsrv7.exe -hvASANYs_EK_ADM00
S4 IsmServ;Intersite Messaging;C:\WINNT\System32\ismserv.exe
S4 kdc;Kerberos Key Distribution Center;C:\WINNT\System32\lsass.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
tapisrv REG_MULTI_SZ Tapisrv

.
Contents of the 'Scheduled Tasks' folder
"2007-12-05 15:20:07 C:\WINNT\Tasks\respaldo_ek- Server.job"
- D:\respaldos ek\respaldo_ek- Server.bat
.
************************************************** ************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-05 15:42:46
Windows 5.0.2195 Service Pack 4 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2007-12-05 15:43:35 - machine was rebooted
.
--- E O F ---