WiredWX Hobby Weather ToolsLog in

 


TR/Trash.Gen [trojan]

3 posters

descriptionSolvedRe: TR/Trash.Gen [trojan]

more_horiz
Hi.

Re-running ComboFix to remove infections:

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:


    KillAll::

    TDL::
    c:\windows\system32\drivers\tcpip.sys

    Reboot::


  4. Save this as CFScript.txt, in the same location as ComboFix.exe

    TR/Trash.Gen [trojan] - Page 3 Cfscriptb4

  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.

descriptionSolvedRe: TR/Trash.Gen [trojan]

more_horiz
Hello

ComboFix 10-08-18.04 - yo 21/08/2010 2:33.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.34.3082.18.2037.1564 [GMT -3:00]
Running from: c:\documents and settings\yo\Escritorio\commy.exe
Command switches used :: c:\documents and settings\yo\Escritorio\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((( Files Created from 2010-07-21 to 2010-08-21 )))))))))))))))))))))))))))))))
.

2010-08-19 20:53 . 2010-08-19 20:54 -------- d-----w- c:\archivos de programa\memtest86+-4.10.usb.installer
2010-08-19 20:53 . 2010-08-19 20:53 144308 ----a-w- c:\archivos de programa\memtest86+-4.10.usb.installer.zip
2010-08-18 19:15 . 2010-08-18 19:15 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Apple Computer
2010-08-17 19:43 . 2010-08-17 19:43 -------- d-----w- C:\_OTL
2010-08-17 06:58 . 2010-08-17 06:58 -------- d-----w- c:\documents and settings\Administrador\Datos de programa\Malwarebytes
2010-08-15 20:04 . 2010-08-15 20:04 260384 ----a-w- c:\archivos de programa\SoftonicDownloader22897.exe
2010-08-15 07:27 . 2010-08-15 07:27 -------- d-----w- c:\documents and settings\yo\Datos de programa\.oit
2010-08-15 05:58 . 2010-08-15 05:58 -------- d-----w- c:\documents and settings\yo\Datos de programa\GlarySoft
2010-08-15 05:58 . 2010-08-15 05:58 -------- d-----w- c:\archivos de programa\Glary Undelete
2010-08-15 05:57 . 2010-08-15 05:57 3354016 ----a-w- c:\archivos de programa\gunsetup.exe
2010-08-15 05:54 . 2010-08-15 05:54 260400 ----a-w- c:\archivos de programa\SoftonicDownloader70493.exe
2010-08-15 03:36 . 2010-08-15 03:36 -------- d-----w- c:\archivos de programa\ESET
2010-08-14 19:28 . 2010-08-14 19:28 -------- d-----w- c:\archivos de programa\SoftLogica
2010-08-14 19:27 . 2010-08-14 19:28 1676456 ----a-w- c:\archivos de programa\handyrecovery4.exe
2010-08-14 18:33 . 2010-08-14 18:33 260400 ----a-w- c:\archivos de programa\SoftonicDownloader32483.exe
2010-08-14 17:05 . 2010-08-14 17:05 -------- d-----w- c:\archivos de programa\Kroll Ontrack
2010-08-14 17:01 . 2010-08-14 17:04 45192311 ----a-w- c:\archivos de programa\erprot.exe
2010-08-14 17:00 . 2010-08-14 17:00 260424 ----a-w- c:\archivos de programa\SoftonicDownloader12296.exe
2010-08-14 04:22 . 2010-08-14 04:22 -------- d-----w- c:\documents and settings\yo\Datos de programa\Apple Computer
2010-08-14 03:44 . 2010-08-18 19:15 -------- d-----w- c:\archivos de programa\QuickTime
2010-08-14 03:44 . 2010-08-14 03:44 -------- d-----w- c:\archivos de programa\Archivos comunes\Apple
2010-08-14 03:43 . 2010-08-14 03:44 -------- d-----w- c:\archivos de programa\Apple Software Update
2010-08-14 03:43 . 2010-08-14 03:43 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Apple
2010-08-13 22:18 . 2010-08-13 22:18 388096 ----a-r- c:\documents and settings\yo\Datos de programa\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-08-13 22:18 . 2010-08-13 22:18 -------- d-----w- c:\archivos de programa\TrendMicro
2010-08-13 22:15 . 2010-08-13 22:15 1401344 ----a-w- c:\archivos de programa\HijackThis.msi
2010-08-08 22:19 . 2010-04-29 18:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-08 22:18 . 2010-04-29 18:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-08 20:40 . 2010-08-08 20:40 6153352 ----a-w- c:\archivos de programa\mbam-setup-1.46.exe
2010-08-06 19:48 . 2010-08-06 19:48 -------- d-----w- c:\windows\Sun
2010-08-06 07:09 . 2010-08-07 05:09 -------- d-----w- c:\documents and settings\yo\Datos de programa\Youtube Downloader HD
2010-08-06 07:09 . 2010-08-06 07:09 -------- d-----w- c:\archivos de programa\Youtube Downloader HD
2010-08-06 07:08 . 2010-08-06 07:08 3513989 ----a-w- c:\archivos de programa\youtube_downloader_hd_setup.exe
2010-08-05 04:40 . 2010-08-05 04:40 503808 ----a-w- c:\documents and settings\yo\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4f72e18e-n\msvcp71.dll
2010-08-05 04:40 . 2010-08-05 04:40 499712 ----a-w- c:\documents and settings\yo\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4f72e18e-n\jmc.dll
2010-08-05 04:40 . 2010-08-05 04:40 348160 ----a-w- c:\documents and settings\yo\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4f72e18e-n\msvcr71.dll
2010-08-05 04:40 . 2010-08-05 04:40 61440 ----a-w- c:\documents and settings\yo\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-539a9a21-n\decora-sse.dll
2010-08-05 04:40 . 2010-08-05 04:40 12800 ----a-w- c:\documents and settings\yo\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-539a9a21-n\decora-d3d.dll
2010-08-02 16:01 . 2010-08-02 16:01 -------- d-----w- c:\documents and settings\yo\Datos de programa\Malwarebytes
2010-08-02 16:00 . 2010-08-08 22:22 -------- d-----w- c:\archivos de programa\Malwarebytes' Anti-Malware
2010-08-02 16:00 . 2010-08-02 16:00 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Malwarebytes
2010-07-31 08:11 . 2010-08-12 01:32 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Spybot - Search & Destroy
2010-07-31 08:11 . 2010-08-02 21:56 -------- d-----w- c:\archivos de programa\Spybot - Search & Destroy
2010-07-30 18:22 . 2010-08-09 04:48 -------- d-----w- c:\archivos de programa\OTL
2010-07-30 05:35 . 2010-07-30 05:35 -------- d-----w- c:\archivos de programa\Archivos comunes\Adobe
2010-07-30 05:14 . 2010-07-30 05:14 -------- d-----w- c:\archivos de programa\JavaRa
2010-07-30 05:12 . 2010-07-30 05:12 -------- d-----w- c:\archivos de programa\Archivos comunes\Java
2010-07-30 05:12 . 2010-07-30 05:12 503808 ----a-w- c:\documents and settings\yo\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-250f7da7-n\msvcp71.dll
2010-07-30 05:12 . 2010-07-30 05:12 499712 ----a-w- c:\documents and settings\yo\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-250f7da7-n\jmc.dll
2010-07-30 05:12 . 2010-07-30 05:12 348160 ----a-w- c:\documents and settings\yo\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-250f7da7-n\msvcr71.dll
2010-07-30 05:12 . 2010-07-30 05:12 61440 ----a-w- c:\documents and settings\yo\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-3042ecd6-n\decora-sse.dll
2010-07-30 05:12 . 2010-07-30 05:12 12800 ----a-w- c:\documents and settings\yo\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-3042ecd6-n\decora-d3d.dll
2010-07-30 05:12 . 2010-07-30 05:11 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-30 05:11 . 2010-07-30 05:11 -------- d-----w- c:\archivos de programa\Java
2010-07-30 01:56 . 2010-07-30 01:56 -------- d-----w- c:\documents and settings\NetworkService\Escritorio

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-21 05:38 . 2009-07-14 23:06 -------- d-----w- c:\documents and settings\yo\Datos de programa\uTorrent
2010-08-20 21:46 . 2010-02-04 18:52 -------- d-----w- c:\archivos de programa\Softonic_ES
2010-08-20 13:38 . 2010-05-03 15:17 -------- d-----w- c:\archivos de programa\TuneUp Utilities 2010
2010-08-19 15:32 . 2009-03-13 17:04 -------- d-----w- c:\documents and settings\yo\Datos de programa\dvdcss
2010-08-19 04:49 . 2009-03-13 15:58 -------- d-----w- c:\documents and settings\yo\Datos de programa\Vso
2010-08-17 22:24 . 2008-12-09 14:13 -------- d-----w- c:\documents and settings\yo\Datos de programa\Winamp
2010-08-16 05:10 . 2008-12-09 14:28 -------- d-----w- c:\archivos de programa\eMule
2010-08-14 17:05 . 2008-12-09 14:00 -------- d--h--w- c:\archivos de programa\InstallShield Installation Information
2010-08-14 17:04 . 2008-12-09 14:00 -------- d-----w- c:\archivos de programa\Archivos comunes\InstallShield
2010-08-13 01:20 . 2010-01-06 20:40 -------- d-----w- c:\archivos de programa\Ares
2010-08-12 19:26 . 2010-05-03 15:18 30528 ----a-w- c:\windows\system32\TURegOpt.exe
2010-08-12 19:19 . 2010-07-02 05:53 30016 ----a-w- c:\windows\system32\uxtuneup.dll
2010-08-12 01:21 . 2009-11-06 19:28 -------- d-----w- c:\archivos de programa\Last.fm
2010-08-11 14:45 . 2010-07-14 22:43 -------- d-----w- c:\documents and settings\yo\Datos de programa\vlc
2010-08-05 17:31 . 2010-06-22 21:21 -------- d-----w- c:\documents and settings\yo\Datos de programa\foobar2000
2010-08-05 03:44 . 2010-06-28 03:25 -------- d-----w- c:\archivos de programa\Burrrn
2010-08-03 15:49 . 2008-12-09 13:57 16608 ----a-w- c:\windows\gdrv.sys
2010-08-02 22:01 . 2010-06-22 04:16 -------- d-----w- c:\archivos de programa\Monkey's Audio
2010-08-02 21:53 . 2008-12-09 14:08 -------- d-----w- c:\archivos de programa\CCleaner
2010-08-02 21:51 . 2010-07-14 22:41 -------- d-----w- c:\archivos de programa\VLC
2010-08-02 21:50 . 2010-07-07 04:10 -------- d-----w- c:\archivos de programa\EVEREST Ultimate Edition
2010-08-02 21:49 . 2010-06-22 21:21 -------- d-----w- c:\archivos de programa\foobar2000
2010-08-02 21:44 . 2010-06-19 07:18 -------- d-----w- c:\archivos de programa\Illustrate
2010-08-02 21:33 . 2008-12-09 14:13 -------- d-----w- c:\archivos de programa\Winamp
2010-08-02 21:31 . 2010-05-03 16:07 -------- d-----w- c:\archivos de programa\RemoveWGA_Victorxxx
2010-08-02 21:30 . 2010-01-24 21:48 -------- d-----w- c:\archivos de programa\Avira
2010-08-02 21:29 . 2009-03-13 15:58 -------- d-----w- c:\archivos de programa\VSO
2010-08-02 21:25 . 2010-02-04 19:01 -------- d-----w- c:\archivos de programa\VirtualDub-1.9.8
2010-08-02 21:22 . 2010-06-19 00:19 -------- d-----w- c:\archivos de programa\TotalAudioConverter
2010-07-31 07:20 . 2008-12-09 14:16 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Lavasoft
2010-07-30 05:32 . 2009-11-02 23:42 -------- d-----w- c:\archivos de programa\VDOWNLOADER
2010-07-17 22:16 . 2010-07-17 22:16 54744 ----a-w- c:\documents and settings\All Users\Datos de programa\WidgetServer\uninst.exe
2010-07-17 22:16 . 2010-07-17 22:16 -------- d-----w- c:\documents and settings\All Users\Datos de programa\WidgetServer
2010-07-16 21:45 . 2010-06-03 23:51 -------- d-----w- c:\archivos de programa\Winamp Detect
2010-07-16 21:45 . 2010-07-16 21:45 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Winamp Toolbar
2010-07-16 21:45 . 2010-07-16 21:45 -------- d-----w- c:\archivos de programa\Winamp Toolbar
2010-07-16 05:23 . 2001-08-24 10:00 51286 ----a-w- c:\windows\system32\perfc00A.dat
2010-07-16 05:23 . 2001-08-24 10:00 362564 ----a-w- c:\windows\system32\perfh00A.dat
2010-07-15 18:10 . 2010-07-15 18:10 -------- d-----w- c:\archivos de programa\Windows Media Connect 2
2010-07-14 20:11 . 2010-07-14 19:49 -------- d-----w- c:\archivos de programa\RealArcade
2010-07-12 20:27 . 2010-07-12 20:27 3299 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp m4a Codec.dat
2010-07-12 20:26 . 2010-06-18 01:31 869608 ----a-w- c:\windows\system32\SpoonUninstall.exe
2010-07-02 02:57 . 2010-07-02 02:57 -------- d-----w- c:\documents and settings\All Users\Datos de programa\McAfee
2010-06-30 12:32 . 2004-08-19 13:42 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-28 03:25 . 2010-06-28 03:25 -------- d-----w- c:\archivos de programa\burrrn_1.13
2010-06-25 16:20 . 2010-06-25 16:20 501936 ----a-w- c:\documents and settings\All Users\Datos de programa\Google\Google Toolbar\Update\gtb264.tmp.exe
2010-06-24 20:37 . 2010-06-24 20:37 501936 ----a-w- c:\documents and settings\All Users\Datos de programa\Google\Google Toolbar\Update\gtb22D.tmp.exe
2010-06-24 12:15 . 2004-08-19 13:42 832512 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 12:15 . 2004-08-19 13:42 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-06-24 12:15 . 2004-08-19 13:41 17408 ----a-w- c:\windows\system32\corpol.dll
2010-06-24 09:02 . 2004-08-19 13:30 1852032 ----a-w- c:\windows\system32\win32k.sys
2010-06-23 16:10 . 2010-06-23 16:10 501936 ----a-w- c:\documents and settings\All Users\Datos de programa\Google\Google Toolbar\Update\gtb1C0.tmp.exe
2010-06-23 02:47 . 2010-06-23 02:47 501936 ----a-w- c:\documents and settings\All Users\Datos de programa\Google\Google Toolbar\Update\gtb13B.tmp.exe
2010-06-21 15:27 . 2004-08-03 21:14 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-21 15:05 . 2010-06-21 03:33 3151 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp Monkeys Audio Codec.dat
2010-06-21 03:32 . 2010-06-21 03:32 3026 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp FLAC Codec.dat
2010-06-21 03:27 . 2010-06-21 03:27 15349 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2010-06-17 14:03 . 2004-08-19 13:42 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 21:35 . 2004-08-03 21:14 361600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-06-14 21:33 . 2010-06-14 21:33 259072 ----a-w- c:\archivos de programa\Half-open_limit_fix_4.1.exe
2010-06-14 21:06 . 2010-06-14 21:06 260416 ----a-w- c:\archivos de programa\SoftonicDownloader81240.exe
2010-06-14 14:31 . 2008-12-09 13:50 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:42 . 2004-08-19 13:42 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-04 19:31 . 2010-06-04 19:31 299864 ----a-w- c:\archivos de programa\dxwebsetup.exe
.

------- Sigcheck -------

[-] 2010-06-14 . CD00787894008369F56153B91FC28847 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[7] 2008-04-14 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-14 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[7] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
.
((((((((((((((((((((((((((((( SnapShot@2010-08-20_06.38.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-21 05:37 . 2010-08-21 05:37 16384 c:\windows\temp\Perflib_Perfdata_1d4.dat
- 2010-08-10 20:13 . 2009-05-26 11:40 764280 c:\windows\SoftwareDistribution\Download\a55343ca369382122a33905d7c85c623\update\update.exe
- 2010-08-10 20:13 . 2010-02-22 14:24 764280 c:\windows\SoftwareDistribution\Download\5223781abe26bac8c269db40b449266e\update\update.exe
- 2010-08-10 20:13 . 2009-05-26 11:40 764280 c:\windows\SoftwareDistribution\Download\2e0fac0ea201ad36dd05526d7f006f50\update\update.exe
- 2010-08-10 20:13 . 2009-05-26 11:40 764280 c:\windows\SoftwareDistribution\Download\2a3aa2e80cf03d0dddb69e41a0cb1cec\update\update.exe
- 2010-08-10 20:13 . 2010-02-22 14:24 764280 c:\windows\SoftwareDistribution\Download\0ce8722a568559fda0b0b60725066c1b\update\update.exe
+ 2010-08-13 14:57 . 2010-08-13 14:57 919552 c:\windows\Installer\1bb39bf.msp
+ 2010-08-13 14:57 . 2010-08-13 14:57 547328 c:\windows\Installer\1bb38dd.msp
- 2010-06-14 07:40 . 2010-06-14 07:40 1172480 c:\windows\SoftwareDistribution\Download\2a3aa2e80cf03d0dddb69e41a0cb1cec\sp3qfe\msxml3.dll
- 2010-06-14 07:42 . 2010-06-14 07:42 1172480 c:\windows\SoftwareDistribution\Download\2a3aa2e80cf03d0dddb69e41a0cb1cec\sp3gdr\msxml3.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\archivos de programa\Winamp Toolbar\winamptb.dll" [2009-05-06 1262888]
"{c2ed826e-8903-4a9d-b0df-3a8fb8ea918a}"= "c:\archivos de programa\Softonic_ES\tbSof0.dll" [2010-08-20 2734688]

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

[HKEY_CLASSES_ROOT\clsid\{c2ed826e-8903-4a9d-b0df-3a8fb8ea918a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2ed826e-8903-4a9d-b0df-3a8fb8ea918a}]
2010-08-20 21:46 2734688 ----a-w- c:\archivos de programa\Softonic_ES\tbSof0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{c2ed826e-8903-4a9d-b0df-3a8fb8ea918a}"= "c:\archivos de programa\Softonic_ES\tbSof0.dll" [2010-08-20 2734688]

[HKEY_CLASSES_ROOT\clsid\{c2ed826e-8903-4a9d-b0df-3a8fb8ea918a}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{C2ED826E-8903-4A9D-B0DF-3A8FB8EA918A}"= "c:\archivos de programa\Softonic_ES\tbSof0.dll" [2010-08-20 2734688]

[HKEY_CLASSES_ROOT\clsid\{c2ed826e-8903-4a9d-b0df-3a8fb8ea918a}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\archivos de programa\uTorrent\uTorrent.exe" [2009-07-15 288048]
"swg"="c:\archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-02 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\archivos de programa\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"QuickTime Task"="c:\archivos de programa\QuickTime\qttask.exe" [2010-08-10 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[BU]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\archivos de programa\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiSpyWareDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Archivos de programa\\Real Alternative\\Media Player Classic\\mplayerc.exe"=
"c:\\Archivos de programa\\uTorrent\\uTorrent.exe"=
"c:\\Archivos de programa\\MSN Messenger\\msnmsgr.exe"=
"c:\\Archivos de programa\\MSN Messenger\\livecall.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Archivos de programa\\eMule\\emule.exe"=
"c:\\Archivos de programa\\VLC\\vlc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"48312:UDP"= 48312:UDP:emule puerto
"45113:TCP"= 45113:TCP:emule puerto

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\archivos de programa\Avira\AntiVir Desktop\sched.exe [24/01/2010 06:48 p.m. 108289]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\archivos de programa\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [12/08/2010 04:23 p.m. 1051968]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\archivos de programa\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14/10/2009 05:24 a.m. 10064]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 gupdate;Servicio de actualización de Google (gupdate);c:\archivos de programa\Google\Update\GoogleUpdate.exe [03/02/2010 02:55 p.m. 135664]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2010-08-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\archivos de programa\Apple Software Update\SoftwareUpdate.exe [2008-07-30 15:34]

2010-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\archivos de programa\Google\Update\GoogleUpdate.exe [2010-02-03 17:55]

2010-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\archivos de programa\Google\Update\GoogleUpdate.exe [2010-02-03 17:55]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com.ar/
mStart Page = hxxp://www.gooofullsearch.com/
IE: &Winamp Search - c:\documents and settings\All Users\Datos de programa\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xportar a Microsoft Excel - c:\archiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\archivos de programa\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\yo\Datos de programa\Mozilla\Firefox\Profiles\pnydudbk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Winamp Search
FF - prefs.js: browser.startup.homepage - hxxp://www.gooofullsearch.com/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=
FF - plugin: c:\archivos de programa\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\archivos de programa\Mozilla Firefox\plugins\npwachk.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-21 02:37
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1652)
c:\windows\system32\WININET.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\archivos de programa\Avira\AntiVir Desktop\avguard.exe
c:\archivos de programa\Java\jre6\bin\jqs.exe
c:\archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\wbem\wmiapsrv.exe
c:\archivos de programa\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
.
**************************************************************************
.
Completion time: 2010-08-21 02:39:24 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-21 05:39
ComboFix2.txt 2010-08-20 06:39

Pre-Run: 110.902.861.824 bytes libres
Post-Run: 111.179.915.264 bytes libres

- - End Of File - - 0E6F39089D3E70C9FD24AE74C43E4985

descriptionSolvedRe: TR/Trash.Gen [trojan]

more_horiz
Hi.

Please go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.
  • descriptionSolvedRe: TR/Trash.Gen [trojan]

    more_horiz
    Hello

    KASPERSKY ONLINE SCANNER 7.0: scan report
    Sunday, August 22, 2010
    Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
    Kaspersky Online Scanner version: 7.0.26.13
    Last database update: Saturday, August 21, 2010 10:32:30
    Records in database: 4131719
    --------------------------------------------------------------------------------

    Scan settings:
    scan using the following database: extended
    Scan archives: yes
    Scan e-mail databases: yes

    Scan area - My Computer:
    C:\
    D:\
    E:\
    F:\
    G:\
    H:\

    Scan statistics:
    Objects scanned: 48013
    Threats found: 0
    Infected objects found: 0
    Suspicious objects found: 0
    Scan duration: 02:30:17

    No threats found. Scanned area is clean.

    Selected area has been scanned.

    descriptionSolvedRe: TR/Trash.Gen [trojan]

    more_horiz
    Hi.

    How is your machine running now?

    descriptionSolvedRe: TR/Trash.Gen [trojan]

    more_horiz
    Hello
    It's working fine.
    Thank you very much to you and Belazur for your help, I appreciate all of your help.
    Kindest regards
    Sebastian

    descriptionSolvedRe: TR/Trash.Gen [trojan]

    more_horiz
    You're welcome, glad to help. Smile...

    Your computer is now clean. Now, time to remove the tools used, and update your computer to prevent vulnerability.

    Updating System Restore
    Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:
    • Select Start > All Programs > Accessories > System tools > System Restore.
    • On the dialogue box that appears select Create a Restore Point
    • Click NEXT
    • Enter a name e.g. Clean
    • Click CREATE.


    You now have a clean restore point.

    To get rid of the bad ones:
    • Select Start > All Programs > Accessories > System tools > Disk Cleanup.
    • In the Drop down box that appears select your main drive e.g. C
    • Click OK
    • The System will do a calculation of temporary/old files, and then display a dialogue box.
    • Select the More Options Tab.
    • At the bottom will be a System Restore box with a CLEANUP button click this
    • Accept the Warning and select OK again, the program will close and you are done.


    ========

    Removing the tools
    Now, to remove all of the tools we used and the files and folders they created, please do the following:

    Download OTC.exe by OldTimer:
    • Save it to your Desktop.
    • Double click OTC.exe.
    • Click the CleanUp! button.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.
      Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.


    ============

    Service Pack upgrade
    Please consider upgrading to Windows XP SP3, because it includes all previously released updates. It also includes a small number of new functionalities. Some of the updates that Service Pack 3 provides, you may not have. It is now available via Windows Update.

    More info about SP3: Here

    =====

    Update Programs
    Please download the newest version of Adobe Acrobat Reader from Adobe.com

    Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
    Go to the Control Panel and enter Add or Remove Programs.
    Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

    Once old versions are gone, please install the newest version.



    Please download the newest version of Java from Java.com.

    Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
    Go to the Control Panel and enter Add or Remove Programs.
    Search in the list for all previous installed versions of Java (J2SE Runtime Environment). Please uninstall/remove each of them.

    Once old versions are gone, please install the newest version.

    ===========

    Here are some prevention tips I have provided:

    1. Don't download files from untrusted websites or websites that seem suspious.

    2. Don't use torrents they are a good way to get lots of malware.

    3. Don't download and use cracks/warez/keygens they are illegal and are another good way to contract malware.

    4. Disable autorun XP or Vista/7

    5. Always make sure you have the latest Windows updates. windowsupdate.microsoft.com

    6. Don't ever click on the links inside of a popup.

    7. Make sure you know what you install you can make sure it is not know for being a virus by just simply searching about it on google.

    8. Use a Site Advisor so you don't go to sites that will infect you. Mcafee Siteadvisor

    9. Also there are many holes and flaws in Internet Explorer I recommend using Firefox 3 to keep you more safe.

    10. Always keep your Java and Adobe updated.

    11. Don't fall for the Scareware. What is Scareware? it is a website made to download a rogue Antivirus on your system that will scare you into buying their fake software due to false detections.

    12. Always have a Firewall and a Antivirus.

    Thanks for choosing GeekPolice, see this page if you would like to leave feedback or contribute to our site. Do you have any more questions?

    For more information please visit Here

    descriptionSolvedRe: TR/Trash.Gen [trojan]

    more_horiz
    Hello
    I did every thing you recomend me.
    Thanks a lot.

    Sebastian

    descriptionSolvedRe: TR/Trash.Gen [trojan]

    more_horiz
    You're welcome, glad to help. Smile...

    descriptionSolvedRe: TR/Trash.Gen [trojan]

    more_horiz
    privacy_tip Permissions in this forum:
    You cannot reply to topics in this forum