Foro de Spyware - Ver Mensaje Individual - Ayuda con savetheinformation y pop ups

Tema: Ayuda con savetheinformation y pop ups

Ver Mensaje Individual

post #3 (permalink)

18/10/07, 22:38:16

Perfent

Usuario

Registrado: oct 2007

Ubicación: Mexico

Mensajes: 3

Re: Ayuda con savetheinformation y pop ups

OK, gracias por la ayuda

Segui las instrucciones, excepto lo de "Ver archivos ocultos", ya que como lo habia dicho, la computadora no me lo permite. A pesar de que marco la casilla de "Mostrar archivos y carpetas ocultos", no se muestra ninguno, y se vuelve a quitar la marca en cuanto doy "Aplicar"

Creo que el problema eran esos 2 archivos

C:\WINDOWS\system32\gkcgghqz.dll
C:\WINDOWS\system32\avpo.exe

Ya que despues de borrarlos dejaron de aparecer los pop ups y demas

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Aqui esta el log de ComboFix.exe

ComboFix 07-10-19.1 - Carlos 2007-10-18 19:52:44.1 - NTFSx86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.188 [GMT -5:00]
Running from: C:\Documents and Settings\Carlos\My Documents\prog\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
C:\Documents and Settings\Bianca\Desktop\internet.lnk
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\accdd.bak1
C:\WINDOWS\system32\accdd.bak2
C:\WINDOWS\system32\accdd.ini
C:\WINDOWS\system32\agcqerno.dll
C:\WINDOWS\system32\agcqerno.dll
C:\WINDOWS\system32\agsfisit.dll
C:\WINDOWS\system32\agsfisit.dll
C:\WINDOWS\system32\atqwvbpl.exe
C:\WINDOWS\system32\aycdd.bak1
C:\WINDOWS\system32\aycdd.bak2
C:\WINDOWS\system32\aycdd.ini
C:\WINDOWS\system32\badpatmv.dll
C:\WINDOWS\system32\bhveikqr.dll
C:\WINDOWS\system32\brqhkufm.dll
C:\WINDOWS\system32\cccdd.bak1
C:\WINDOWS\system32\cccdd.ini
C:\WINDOWS\system32\cjvfimjl.exe
C:\WINDOWS\system32\ckmtxdkc.dll
C:\WINDOWS\system32\ctitndcy.dll
C:\WINDOWS\system32\cyrmgrbs.dll
C:\WINDOWS\system32\dcfneegj.exe
C:\WINDOWS\system32\dephcrqt.exe
C:\WINDOWS\system32\doweyqgr.ini
C:\WINDOWS\system32\dqtiidjr.exe
C:\WINDOWS\system32\dxowwgcy.ini
C:\WINDOWS\system32\ednvibwq.dll
C:\WINDOWS\system32\ednvibwq.dll
C:\WINDOWS\system32\eeobrolj.exe
C:\WINDOWS\system32\ekqtabdl.ini
C:\WINDOWS\system32\enmiioqv.ini
C:\WINDOWS\system32\erxdpvct.ini
C:\WINDOWS\system32\eucatlxv.dll
C:\WINDOWS\system32\eucatlxv.dll
C:\WINDOWS\system32\fhkmp.bak2
C:\WINDOWS\system32\fhkmp.ini
C:\WINDOWS\system32\fhkmp.ini2
C:\WINDOWS\system32\fhkmp.tmp
C:\WINDOWS\system32\frnbndco.dll
C:\WINDOWS\system32\frnbndco.dll
C:\WINDOWS\system32\ftixtxbu.ini
C:\WINDOWS\system32\fvinwqwy.dll
C:\WINDOWS\system32\gbenyosa.exe
C:\WINDOWS\system32\gfqlqrxb.exe
C:\WINDOWS\system32\glwrlbkn.exe
C:\WINDOWS\system32\gpxathts.ini
C:\WINDOWS\system32\hgjlm.bak1
C:\WINDOWS\system32\hgjlm.bak1
C:\WINDOWS\system32\hgjlm.bak2
C:\WINDOWS\system32\hgjlm.bak2
C:\WINDOWS\system32\hgjlm.ini2
C:\WINDOWS\system32\hgjlm.ini2
C:\WINDOWS\system32\hgjlm.tmp
C:\WINDOWS\system32\hgjlm.tmp
C:\WINDOWS\system32\hgpkvjxq.ini
C:\WINDOWS\system32\hhhkj.bak1
C:\WINDOWS\system32\hhhkj.bak2
C:\WINDOWS\system32\hhhkj.ini
C:\WINDOWS\system32\hjjlm.bak1
C:\WINDOWS\system32\hjjlm.bak1
C:\WINDOWS\system32\hjjlm.ini2
C:\WINDOWS\system32\hjjlm.ini2
C:\WINDOWS\system32\hjjlm.tmp
C:\WINDOWS\system32\hjjlm.tmp
C:\WINDOWS\system32\hlbflkkm.dll
C:\WINDOWS\system32\hmpytlls.dll
C:\WINDOWS\system32\hnehjler.dll
C:\WINDOWS\system32\hnehjler.dll
C:\WINDOWS\system32\hoelfosu.dll
C:\WINDOWS\system32\hsgtargt.dll
C:\WINDOWS\system32\ijacbqtl.exe
C:\WINDOWS\system32\iqkwxtfh.dll
C:\WINDOWS\system32\iqkwxtfh.dll
C:\WINDOWS\system32\iqlcboql.exe
C:\WINDOWS\system32\iviodclf.exe
C:\WINDOWS\system32\iwaqhqki.dll
C:\WINDOWS\system32\iwaqhqki.dll
C:\WINDOWS\system32\iwcgyfpt.exe
C:\WINDOWS\system32\iygavfwn.dll
C:\WINDOWS\system32\iygavfwn.dll
C:\WINDOWS\system32\jiwxkxvs.exe
C:\WINDOWS\system32\jjjlm.bak1
C:\WINDOWS\system32\jjjlm.bak1
C:\WINDOWS\system32\jjjlm.bak2
C:\WINDOWS\system32\jjjlm.bak2
C:\WINDOWS\system32\jjjlm.ini
C:\WINDOWS\system32\jjjlm.ini
C:\WINDOWS\system32\jjjlm.ini2
C:\WINDOWS\system32\jjjlm.ini2
C:\WINDOWS\system32\jjkkj.bak1
C:\WINDOWS\system32\jjkkj.bak1
C:\WINDOWS\system32\jjkkj.bak2
C:\WINDOWS\system32\jjkkj.bak2
C:\WINDOWS\system32\jjkkj.ini
C:\WINDOWS\system32\jjkkj.ini
C:\WINDOWS\system32\jjkkj.ini2
C:\WINDOWS\system32\jjkkj.ini2
C:\WINDOWS\system32\jjkkj.tmp
C:\WINDOWS\system32\jjkkj.tmp
C:\WINDOWS\system32\jjyuieer.dll
C:\WINDOWS\system32\jlnmp.bak2
C:\WINDOWS\system32\jlnmp.ini
C:\WINDOWS\system32\jlnmp.ini2
C:\WINDOWS\system32\kjjlm.bak1
C:\WINDOWS\system32\kjjlm.bak1
C:\WINDOWS\system32\kjjlm.bak2
C:\WINDOWS\system32\kjjlm.bak2
C:\WINDOWS\system32\kjjlm.ini
C:\WINDOWS\system32\kjjlm.ini
C:\WINDOWS\system32\kjjlm.ini2
C:\WINDOWS\system32\kjjlm.ini2
C:\WINDOWS\system32\klkkj.bak1
C:\WINDOWS\system32\klkkj.ini
C:\WINDOWS\system32\kmllm.bak1
C:\WINDOWS\system32\kmllm.bak2
C:\WINDOWS\system32\kmllm.ini
C:\WINDOWS\system32\knispumm.dll
C:\WINDOWS\system32\knispumm.dll
C:\WINDOWS\system32\ldbatqke.dll
C:\WINDOWS\system32\ljmomyrs.dll
C:\WINDOWS\system32\ljmomyrs.dll
C:\WINDOWS\system32\lmvhyjxs.exe
C:\WINDOWS\system32\lnnmp.bak1
C:\WINDOWS\system32\lnnmp.ini
C:\WINDOWS\system32\lovoytnv.ini
C:\WINDOWS\system32\lrkhwuqx.ini
C:\WINDOWS\system32\lwhsxurr.exe
C:\WINDOWS\system32\megncdot.dll
C:\WINDOWS\system32\megncdot.dll
C:\WINDOWS\system32\mftwxawg.dll
C:\WINDOWS\system32\mftwxawg.dll
C:\WINDOWS\system32\mfukhqrb.ini
C:\WINDOWS\system32\mkklfblh.ini
C:\WINDOWS\system32\ntvrwhtr.dll
C:\WINDOWS\system32\ntvrwhtr.dll
C:\WINDOWS\system32\nwfvagyi.ini
C:\WINDOWS\system32\ocdnbnrf.ini
C:\WINDOWS\system32\ojpxbljf.exe
C:\WINDOWS\system32\omcponjv.ini
C:\WINDOWS\system32\oqkpfikm.exe
C:\WINDOWS\system32\oslwovas.dll
C:\WINDOWS\system32\oslwovas.dll
C:\WINDOWS\system32\pdstqdmq.exe
C:\WINDOWS\system32\pmxdytjx.exe
C:\WINDOWS\system32\prsjrcgl.exe
C:\WINDOWS\system32\pwrewbtt.ini
C:\WINDOWS\system32\pwuqbjxv.dll
C:\WINDOWS\system32\pwuqbjxv.dll
C:\WINDOWS\system32\qbobpsus.ini
C:\WINDOWS\system32\qjxjyenk.exe
C:\WINDOWS\system32\qpqss.bak1
C:\WINDOWS\system32\qpqss.bak2
C:\WINDOWS\system32\qpqss.ini
C:\WINDOWS\system32\qrqss.bak2
C:\WINDOWS\system32\qrqss.ini
C:\WINDOWS\system32\qrqss.ini2
C:\WINDOWS\system32\qtstv.bak1
C:\WINDOWS\system32\qtstv.ini
C:\WINDOWS\system32\qwbivnde.ini
C:\WINDOWS\system32\qxjvkpgh.dll
C:\WINDOWS\system32\rdagwslv.ini
C:\WINDOWS\system32\reeiuyjj.ini
C:\WINDOWS\system32\reljhenh.ini
C:\WINDOWS\system32\rgqyewod.dll
C:\WINDOWS\system32\rgqyewod.dll
C:\WINDOWS\system32\rqkievhb.ini
C:\WINDOWS\system32\rqstv.bak1
C:\WINDOWS\system32\rqstv.bak2
C:\WINDOWS\system32\rqstv.ini
C:\WINDOWS\system32\rqtss.bak2
C:\WINDOWS\system32\rqtss.ini
C:\WINDOWS\system32\rqtss.ini2
C:\WINDOWS\system32\rrqss.bak1
C:\WINDOWS\system32\rrqss.ini
C:\WINDOWS\system32\rthwrvtn.ini
C:\WINDOWS\system32\savowlso.ini
C:\WINDOWS\system32\sbrgmryc.ini
C:\WINDOWS\system32\slltypmh.ini
C:\WINDOWS\system32\srymomjl.ini
C:\WINDOWS\system32\sthtaxpg.dll
C:\WINDOWS\system32\suspbobq.dll
C:\WINDOWS\system32\sxxjgmwi.exe
C:\WINDOWS\system32\tckukeqy.dll
C:\WINDOWS\system32\tcvpdxre.dll
C:\WINDOWS\system32\tcvpdxre.dll
C:\WINDOWS\system32\tdnynjby.dll
C:\WINDOWS\system32\tdnynjby.dll
C:\WINDOWS\system32\tgratgsh.ini
C:\WINDOWS\system32\thfdbxxo.exe
C:\WINDOWS\system32\tisifsga.ini
C:\WINDOWS\system32\tscpblfl.exe
C:\WINDOWS\system32\ttbwerwp.dll
C:\WINDOWS\system32\ttbwerwp.dll
C:\WINDOWS\system32\tttss.bak1
C:\WINDOWS\system32\tttss.ini
C:\WINDOWS\system32\tyuwmmnb.dll
C:\WINDOWS\system32\tyuwmmnb.dll
C:\WINDOWS\system32\ubxtxitf.dll
C:\WINDOWS\system32\usofleoh.ini
C:\WINDOWS\system32\ututv.bak1
C:\WINDOWS\system32\ututv.bak1
C:\WINDOWS\system32\ututv.bak2
C:\WINDOWS\system32\ututv.bak2
C:\WINDOWS\system32\ututv.ini2
C:\WINDOWS\system32\ututv.ini2
C:\WINDOWS\system32\ututv.tmp
C:\WINDOWS\system32\ututv.tmp
C:\WINDOWS\system32\utvwa.bak1
C:\WINDOWS\system32\utvwa.ini
C:\WINDOWS\system32\uyutqvyv.ini
C:\WINDOWS\system32\vigmhlew.dll
C:\WINDOWS\system32\vigmhlew.dll
C:\WINDOWS\system32\vjnopcmo.dll
C:\WINDOWS\system32\vjnopcmo.dll
C:\WINDOWS\system32\vlswgadr.dll
C:\WINDOWS\system32\vlswgadr.dll
C:\WINDOWS\system32\vmtapdab.ini
C:\WINDOWS\system32\vntyovol.dll
C:\WINDOWS\system32\vntyovol.dll
C:\WINDOWS\system32\vqoiimne.dll
C:\WINDOWS\system32\vqoiimne.dll
C:\WINDOWS\system32\vxjbquwp.ini
C:\WINDOWS\system32\vxltacue.ini
C:\WINDOWS\system32\vyvqtuyu.dll
C:\WINDOWS\system32\vyvqtuyu.dll
C:\WINDOWS\system32\welhmgiv.ini
C:\WINDOWS\system32\wybeg.bak1
C:\WINDOWS\system32\wybeg.ini
C:\WINDOWS\system32\xbeeg.bak1
C:\WINDOWS\system32\xbeeg.ini
C:\WINDOWS\system32\xcjohtov.exe
C:\WINDOWS\system32\xeenyfno.exe
C:\WINDOWS\system32\xfpsydrs.dll
C:\WINDOWS\system32\xfpsydrs.dll
C:\WINDOWS\system32\xgtqdpyx.exe
C:\WINDOWS\system32\xocxfdfn.dll
C:\WINDOWS\system32\xquwhkrl.dll
C:\WINDOWS\system32\yaxbpsvi.dll
C:\WINDOWS\system32\yaxbpsvi.dll
C:\WINDOWS\system32\ybjnyndt.ini
C:\WINDOWS\system32\ycbeg.bak1
C:\WINDOWS\system32\ycbeg.ini
C:\WINDOWS\system32\ycgwwoxd.dll
C:\WINDOWS\system32\yqekukct.ini
C:\WINDOWS\system32\ywqwnivf.ini
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_FWDRV.SYS
-------\DomainService
-------\fwdrv.sys

((((((((((((((((((((((((( Files Created from 2007-09-19 to 2007-10-19 )))))))))))))))))))))))))))))))
.

2007-10-18 13:04 <DIR> d-------- C:\Documents and Settings\Carlos\Application Data\Webroot
2007-10-16 10:29 86,851 -r-hs---- C:\ntde1ect.com
2007-10-12 17:37 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-10-08 09:37 <DIR> d--hs---- C:\found.000
2007-10-07 01:56 <DIR> d-------- C:\Program Files\DivX
2007-10-04 16:03 <DIR> d-------- C:\Documents and Settings\Carlos\Contacts
2007-10-04 11:34 <DIR> d-------- C:\Documents and Settings\Carlos\Application Data\Apple Computer
2007-10-02 13:47 <DIR> C:\Documents and Settings\Carlos\Application Data\'O%§O?"ª<„Sy"
2007-09-23 13:49 <DIR> d-------- C:\ePSXe
2007-09-23 13:24 <DIR> d-------- C:\Documents and Settings\Carlos\Application Data\fltk.org
2007-09-23 12:01 <DIR> d-------- C:\Documents and Settings\Antonio\Application Data\Grisoft
2007-09-23 10:31 <DIR> d-------- C:\Documents and Settings\Bianca\Application Data\Grisoft
2007-09-23 02:49 <DIR> d-------- C:\Documents and Settings\Carlos\Application Data\Media Player Classic
2007-09-23 02:38 <DIR> d-------- C:\Documents and Settings\Carlos\dwhelper
2007-09-22 23:51 <DIR> d-------- C:\Documents and Settings\Carlos\Application Data\Grisoft
2007-09-22 23:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-09-22 22:58 <DIR> d-------- C:\Documents and Settings\Carlos\Application Data\AdobeUM
2007-09-22 19:17 <DIR> d-------- C:\Program Files\LimeWire
2007-09-22 11:55 <DIR> d-------- C:\Documents and Settings\Carlos\Application Data\SUPERAntiSpyware.com
2007-09-22 11:29 <DIR> d-------- C:\Documents and Settings\Carlos\WINDOWS
2007-09-22 11:29 <DIR> d-------- C:\Documents and Settings\Carlos\Application Data\You've Got Pictures Screensaver
2007-09-22 11:29 <DIR> d-------- C:\Documents and Settings\Carlos\Application Data\SampleView
2007-09-22 11:29 <DIR> d-------- C:\Documents and Settings\Carlos\Application Data\AOL
2007-09-19 18:57 <DIR> d-------- C:\Documents and Settings\Antonio\Contacts

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2007-10-18 21:13 --------- d-----w C:\Program Files\SUPERAntiSpyware
2007-10-11 21:32 --------- d-----w C:\Documents and Settings\Bianca\Application Data\IMVU
2007-10-08 03:55 --------- d-----w C:\Program Files\IMVU
2007-10-02 18:47 --------- d-----w C:\Documents and Settings\Carlos\Application Data\’O‰ºŒ“¬‹äŠy•”
2007-09-23 01:05 --------- d-----w C:\Documents and Settings\Bianca\Application Data\U3
2007-09-21 22:05 --------- d-----w C:\Documents and Settings\Bianca\Application Data\LimeWire
2007-09-19 01:10 --------- d-----w C:\Documents and Settings\Bianca\Application Data\SUPERAntiSpyware.com
2007-09-17 18:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-09-15 15:21 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-09-14 17:35 --------- d-----w C:\Program Files\SpywareBlaster
2007-09-14 16:07 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-09-12 22:56 --------- d-----w C:\Program Files\MSN Messenger
2007-09-08 18:47 --------- d-----w C:\Program Files\Infogrames Interactive
2007-08-30 23:09 --------- d-----w C:\Program Files\MSN Encarta Plus
2007-08-30 23:09 --------- d-----w C:\Program Files\Microsoft Works
2007-08-30 23:09 --------- d-----w C:\Program Files\LiveUpdate
2007-08-22 22:41 --------- d-----w C:\Documents and Settings\Bianca\Application Data\AdobeUM
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0B6D71C3-33D7-46F6-A6D3-332C9112EC7D}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D44B527-44E4-4D70-8AF6-1D3EC3841905}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{440A4729-4377-4094-AB97-517BABBFD0F1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4E5D2210-68F7-426D-9E9C-F21174F0ACC7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{92627256-F327-459C-9194-F1EF5A8D1671}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9C306267-C8DF-4D0C-B694-A3A3D69E578D}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D6846E6F-EC9B-46D0-BE9C-09A6A7ED1CD0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 05:01]
"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" []
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2006-06-27 11:47]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 15:57]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 14:00 C:\WINDOWS\system32\rundll32.exe]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45]
"avpa"="C:\WINDOWS\system32\avpo.exe" [2007-09-24 13:24]

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\run]
"Power2GoExpress"=NA

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 2007-09-14 23:18 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gkcgghqz]
gkcgghqz.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifcawu]
iifcawu.dll 2007-09-21 11:19 33792 C:\WINDOWS\system32\iifcawu.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vturpqp]
vturpqp.dll 2007-09-21 19:19 33792 C:\WINDOWS\system32\vturpqp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winsys32]
C:\WINDOWS\system32\winsys32.dll

R2 altio;altio;\??\C:\WINDOWS\system32\altio.sys
S3 motmodem;Motorola USB CDC ACM Driver;C:\WINDOWS\system32\DRIVERS\motmodem.sys

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\C]
AutoRun\command - C:\ntde1ect.com
explore\Command - C:\ntde1ect.com
open\Command - C:\ntde1ect.com

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\D]
AutoRun\command - D:\ntde1ect.com
explore\Command - D:\ntde1ect.com
open\Command - D:\ntde1ect.com

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{0524f8fa-c84e-11db-81a4-0040ca966dfa}]
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
Open(&0)\command - G:\Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{3f083634-ba4d-11db-8164-0040ca966dfa}]
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
Open(&0)\command - Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{5930fb2b-5cdf-11db-bf77-0040ca966dfa}]
AutoRun\command - F:\ntde1ect.com
explore\Command - F:\ntde1ect.com
open\Command - F:\ntde1ect.com

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{66b12c51-05f9-11db-b838-806d6172696f}]
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

.
Contents of the 'Scheduled Tasks' folder
"2007-09-28 11:30:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-10-19 00:08:02 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
"2006-10-06 16:23:34 C:\WINDOWS\Tasks\ISP signup reminder 1.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
.
************************************************** ************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-18 20:02:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

************************************************** ************************
.
Completion time: 2007-10-18 20:05:18 - machine was rebooted
.
--- E O F ---

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

El suguiente es el log de HijackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:31:03 PM, on 10/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0B6D71C3-33D7-46F6-A6D3-332C9112EC7D} - (no file)
O2 - BHO: (no name) - {0D44B527-44E4-4D70-8AF6-1D3EC3841905} - (no file)
O2 - BHO: (no name) - {440A4729-4377-4094-AB97-517BABBFD0F1} - (no file)
O2 - BHO: (no name) - {4E5D2210-68F7-426D-9E9C-F21174F0ACC7} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {92627256-F327-459C-9194-F1EF5A8D1671} - (no file)
O2 - BHO: (no name) - {9C306267-C8DF-4D0C-B694-A3A3D69E578D} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {D6846E6F-EC9B-46D0-BE9C-09A6A7ED1CD0} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [RealTray] "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [avpa] C:\WINDOWS\system32\avpo.exe
O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Bianca\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-_UNO/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: gkcgghqz - gkcgghqz.dll (file missing)
O20 - Winlogon Notify: iifcawu - C:\WINDOWS\SYSTEM32\iifcawu.dll
O20 - Winlogon Notify: vturpqp - C:\WINDOWS\SYSTEM32\vturpqp.dll
O20 - Winlogon Notify: winsys32 - C:\WINDOWS\
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 7478 bytes

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Los 2 scans no encontraron nada

Creo que la computadora ya esta bien. Con excepcion de que no puedo ver los archivos ocultos.

Estare pendiente a ver si en efecto mi computadora ya esta limpia y aver si me pueden ayudar con el otro problema mencionado

Gracias por la ayuda