| Re: "warning: spyware threat has been detected on your pc"
SOLUCIONADO
Despues de seguir todos los pasos y reiniciar no aparece por ningun lado ninguno de los sintomas (ni fondo de escritorio modificado, ni pagina web, y puedo acceder al admin. de tareas), el reinicio ha sido algo lento pero supongo que el siguiente sera mas rapido. Os pego los reports.
HijackThis: (report realizado tras hacer todos los pasos y reiniciar)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:33:34, on 09/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Alwil Software\Avast4\aswUpdSv.exe
C:\Archivos de programa\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\Alwil Software\Avast4\ashMaiSv.exe
C:\Archivos de programa\Alwil Software\Avast4\ashWebSv.exe
C:\Archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Archivos de programa\VIA\VIAudioi\SBADeck\ADeck.exe
C:\ARCHIV~1\ALWILS~1\Avast4\ashDisp.exe
C:\Archivos de programa\Logitech\iTouch\iTouch.exe
C:\Archivos de programa\TaskSwitchXP\TaskSwitchXP.exe
C:\Archivos de programa\Microsoft ActiveSync\Wcescomm.exe
C:\ARCHIV~1\MICROS~4\rapimgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AudioDeck] "C:\Archivos de programa\VIA\VIAudioi\SBADeck\ADeck.exe" 1
O4 - HKLM\..\Run: [avast!] C:\ARCHIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [zBrowser Launcher] "C:\Archivos de programa\Logitech\iTouch\iTouch.exe"
O4 - HKLM\..\Run: [TaskSwitchXP] "C:\Archivos de programa\TaskSwitchXP\TaskSwitchXP.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Archivos de programa\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Archivos de programa\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Servicio de red')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Servicio de red')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\ARCHIV~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARCHIV~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Crear un favorito móvil... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\ARCHIV~1\MICROS~4\INetRepl.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{26F82371-6FA8-4A92-AA79-C169EE92D386}: NameServer = 195.235.113.3,195.235.96.90
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Archivos de programa\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Archivos de programa\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Archivos de programa\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Archivos de programa\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Motor de Spy Sweeper de Webroot (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Archivos de programa\Webroot\Spy Sweeper\SpySweeper.exe
--
End of file - 4891 bytes
Malwarebytes' Anti-Malware:
Malwarebytes' Anti-Malware 1.11
Versión de la Base de Datos: 603
Tipo de examen : Examen Completo (C:\|)
Objetos examinados: 46502
Tiempo transcurrido: 7 minute(s), 8 second(s)
Procesos en Memoria Infectados: 1
Módulos en Memoria Infectados: 0
Claves del Registro Infectadas: 15
Valores del Registro Infectados: 0
Elementos de Datos del Registro Infectados: 1
Carpetas Infectadas: 1
Ficheros Infectados: 49
Procesos en Memoria Infectados:
c:\WINDOWS\system32\wmsdkns.exe (Trojan.FakeAlert) -> Unloaded process successfully.
Módulos en Memoria Infectados:
(No se han detectado elementos maliciosos)
Claves del Registro Infectadas:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{15651c7c-e812-44a2-a9ac-b467a2233e7d} (Adware.123Mania) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{622cc208-b014-4fe0-801b-874a5e5e403a} (Adware.123Mania) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{9c5b2f29-1f46-4639-a6b4-828942301d3e} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{ffff0001-0002-101a-a3c9-08002b2f49fb} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{00000250-0320-4dd4-be4f-7566d2314352} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{13197ace-6851-45c3-a7ff-c281324d5489} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{4e1075f4-eec4-4a86-add7-cd5f52858c31} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{5929cd6e-2062-44a4-b2c5-2c7e78fbab38} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{5dafd089-24b1-4c5e-bd42-8ca72550717b} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{5fa6752a-c4a0-4222-88c2-928ae5ab4966} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{8674aea0-9d3d-11d9-99dc-00600f9a01f1} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{965a592f-8efa-4250-8630-7960230792f1} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765728274} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{fc3a74e5-f281-4f10-ae1e-733078684f3c} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
Valores del Registro Infectados:
(No se han detectado elementos maliciosos)
Elementos de Datos del Registro Infectados:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: c:\windows\system32\wmsdkns.exe -> Quarantined and deleted successfully.
Carpetas Infectadas:
C:\WINDOWS\FLEOK (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
Ficheros Infectados:
c:\WINDOWS\system32\wmsdkns.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\FLEOK\180ax.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\avifile32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\avisynthex32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\aviwrap32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\bjam.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\bokja.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\browserad.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\cdsm32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\changeurl_30.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\didduid.ini (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\msa64chk.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\msapasrc.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\mspphe.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\123messenger.per (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\mssvr.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\ntnut.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\saiemod.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\salm.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\shdocpe.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\shdocpl.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\stcloader.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\swin32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\updatetc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\voiceip.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\winsb.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\MSIXU.DLL (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\MSNSA32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ntnut32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\shdocpe.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SIPSPI32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\WER8274.DLL (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\Installer\id53.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\180ax.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\2020search.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\2020search2.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\apphelp32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\asferror32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\asycfilt32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\athprxy32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\ati2dvaa32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\ati2dvag32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\audiosrv32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\autodisc32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\licencia.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\telefonos.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\textos.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winfrun32.bin (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\adaway.lic (Rogue.AdwareAway) -> Quarantined and deleted successfully.
ComboFix:
ComboFix 08-04-08.7 - Administrador 2008-04-09 9:27:20.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.3082.18.700 [GMT 2:00]
Se ejecuta desde: C:\Documents and Settings\Administrador\Escritorio\ComboFix.exe
ADVERTENCIA - ESTE EQUIPO NO TIENE INSTALADA LA CONSOLA DE RECUPERACION!
.
(((((((((((((((((( Archivos creados desde 2008-03-09 - 2008-04-09 )))))))))))))))))))))))))))))))))
.
2008-04-09 09:10 . 2008-04-09 09:10 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\Malwarebytes
2008-04-09 09:10 . 2008-04-09 09:10 <DIR> d-------- C:\Documents and Settings\Administrador\Datos de programa\Malwarebytes
2008-04-09 09:10 . 2008-04-09 09:10 <DIR> d-------- C:\Archivos de programa\Malwarebytes' Anti-Malware
2008-04-09 09:04 . 2008-04-09 09:04 <DIR> d-------- C:\WINDOWS\LastGood
2008-04-08 19:17 . 2008-04-08 19:17 <DIR> d-------- C:\Documents and Settings\LocalService\Datos de programa\Webroot
2008-04-08 19:17 . 2008-04-08 19:17 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\Webroot
2008-04-08 19:17 . 2008-04-08 19:17 <DIR> d-------- C:\Documents and Settings\Administrador\Datos de programa\Webroot
2008-04-08 19:17 . 2008-04-08 19:17 <DIR> d-------- C:\Archivos de programa\Webroot
2008-04-08 19:17 . 2008-01-04 20:56 1,526,640 --a------ C:\WINDOWS\WRSetup.dll
2008-04-08 19:17 . 2008-01-04 20:34 163,696 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2008-04-08 19:17 . 2008-01-04 20:34 23,920 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2008-04-08 19:17 . 2008-01-04 20:34 21,872 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2008-04-08 19:17 . 2008-01-04 20:34 20,336 --a------ C:\WINDOWS\system32\drivers\SSFS0BB9.sys
2008-04-08 18:22 . 2008-04-08 19:12 <DIR> d-------- C:\Archivos de programa\Spy Sweeper Updater
2008-04-08 18:22 . 2008-04-08 18:37 17,408 --a------ C:\psapi.dll
2008-04-08 17:16 . 2008-04-08 19:16 164 --a------ C:\install.dat
2008-04-08 17:11 . 2008-04-08 17:11 <DIR> d-------- C:\Archivos de programa\CCleaner
2008-04-08 12:34 . 2008-04-08 12:34 <DIR> d-------- C:\Archivos de programa\Enigma Software Group
2008-04-08 09:42 . 2008-04-08 10:59 <DIR> d-------- C:\Archivos de programa\Panda Security
2008-04-07 19:32 . 2008-04-07 19:32 <DIR> d-------- C:\Archivos de programa\Trend Micro
2008-04-07 18:52 . 2008-04-07 18:52 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\SUPERAntiSpyware.com
2008-04-07 18:52 . 2008-04-08 11:00 <DIR> d-------- C:\Documents and Settings\Administrador\Datos de programa\SUPERAntiSpyware.com
2008-04-07 18:52 . 2008-04-08 11:00 <DIR> d-------- C:\Archivos de programa\SUPERAntiSpyware
2008-04-07 18:32 . 2008-04-07 18:41 <DIR> d-a------ C:\Documents and Settings\All Users\Datos de programa\TEMP
2008-04-07 18:30 . 2008-04-07 19:10 <DIR> d-------- C:\Archivos de programa\Google
2008-04-07 18:10 . 2008-04-07 18:43 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\Lavasoft
2008-04-07 18:10 . 2008-04-07 18:10 <DIR> d-------- C:\Archivos de programa\Lavasoft
2008-04-07 17:29 . 2008-04-08 11:03 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\Spybot - Search & Destroy
2008-04-07 17:29 . 2008-04-08 12:16 <DIR> d-------- C:\Archivos de programa\Spybot - Search & Destroy
2008-04-07 17:17 . 2008-04-07 17:20 <DIR> d-------- C:\usd
2008-04-07 16:53 . 2008-04-07 16:53 <DIR> d-------- C:\WINDOWS\Caps
2008-04-07 16:53 . 2008-04-07 16:56 <DIR> d-------- C:\Archivos de programa\RapidLeecher Ultimate 2007
2008-04-07 16:40 . 2008-04-07 16:57 <DIR> d-------- C:\Documents and Settings\Administrador\Datos de programa\uTorrent
2008-04-07 16:40 . 2008-04-07 16:40 <DIR> d-------- C:\Archivos de programa\uTorrent
2008-04-07 12:21 . 2008-04-08 13:08 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-07 12:21 . 2008-04-08 13:11 1,744 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-04-07 12:21 . 2008-04-07 12:21 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-07 10:36 . 2008-04-07 12:48 1,632 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-04-07 10:35 . 2008-04-07 10:44 <DIR> d-------- C:\Archivos de programa\Dream Aquarium
2008-04-07 10:25 . 2008-04-07 10:25 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\Apple
2008-04-07 10:25 . 2008-04-08 13:12 <DIR> d-------- C:\Archivos de programa\QuickTime
2008-04-07 10:25 . 2008-04-07 10:25 <DIR> d-------- C:\Archivos de programa\Apple Software Update
2008-04-04 17:07 . 2008-04-04 17:07 <DIR> d-------- C:\Archivos de programa\Zeallsoft
2008-04-04 17:05 . 2008-04-04 17:05 <DIR> d-------- C:\Documents and Settings\Administrador\Datos de programa\Morpheus Software
2008-04-04 17:05 . 2008-04-04 17:13 <DIR> d-------- C:\Archivos de programa\Dealio
2008-04-04 17:03 . 2008-04-04 17:03 <DIR> d-------- C:\Archivos de programa\Archivos comunes\GeoVid
2008-04-04 17:03 . 2004-08-18 16:00 1,712,128 --a------ C:\WINDOWS\system32\gdiplus.dll
2008-04-04 17:03 . 2003-03-19 07:05 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2008-04-04 17:03 . 2007-06-28 19:55 77,824 --a------ C:\WINDOWS\system32\xvid.ax
2008-04-04 17:03 . 2005-06-07 16:11 60,416 --a------ C:\WINDOWS\system32\dsetup.dll
2008-04-04 16:57 . 2008-04-04 19:40 <DIR> d-------- C:\roms nds
2008-04-04 16:56 . 2008-04-04 16:56 <DIR> d-------- C:\Archivos de programa\Evolution Tools
2008-04-03 16:33 . 2008-04-03 16:33 <DIR> d-------- C:\WINDOWS\Mozilla
2008-04-01 09:08 . 2008-03-29 19:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys
2008-04-01 09:08 . 2008-03-29 19:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys
2008-03-28 19:12 . 2008-03-28 19:12 <DIR> d-------- C:\Archivos de programa\QuickSFV
2008-03-27 20:12 . 2008-03-27 20:24 472,888 --a------ C:\1.xls
2008-03-27 18:21 . 2008-03-27 18:50 98,816 --a------ C:\A.xls
2008-03-27 17:14 . 2008-04-08 19:33 <DIR> d-------- C:\Downloads
2008-03-26 18:00 . 2008-03-26 18:45 <DIR> d-------- C:\Archivos de programa\URUSoft
2008-03-26 17:19 . 2006-01-19 18:33 402,432 --a------ C:\WINDOWS\system32\drivers\WlanBZXP.sys
2008-03-24 20:07 . 2008-03-24 20:07 <DIR> d-------- C:\Archivos de programa\FENG3
2008-03-24 11:03 . 2008-03-24 11:03 <DIR> d-------- C:\Informativas_Grupo_Castilla
2008-03-19 18:06 . 2008-03-19 18:06 <DIR> d-------- C:\Archivos de programa\Blue Squirrel
2008-03-19 12:37 . 2006-08-31 22:35 116,736 --a------ C:\WINDOWS\system32\libsndfile-1.dll
2008-03-18 18:19 . 2006-02-24 10:33 10,608,708 --a------ C:\WINDOWS\system32\Goldfish2.scr
2008-03-17 10:33 . 2004-03-22 15:17 24,816 --a------ C:\WINDOWS\system32\mdimon.dll
2008-03-17 10:27 . 2008-03-17 10:31 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-03-17 10:26 . 2008-03-17 10:26 <DIR> d-------- C:\Archivos de programa\Microsoft.NET
2008-03-14 17:51 . 2008-03-14 18:36 634 --a------ C:\WINDOWS\system32\MAPISVC.INF
2008-03-14 17:50 . 2008-03-14 18:36 <DIR> d-------- C:\Archivos de programa\Ontrack
2008-03-14 17:22 . 2008-04-08 18:03 <DIR> d-------- C:\Archivos de programa\eMule
2008-03-13 18:14 . 2008-03-13 18:14 <DIR> d-------- C:\WINDOWS\Sun
2008-03-13 17:15 . 2008-03-13 17:15 <DIR> d-------- C:\Archivos de programa\Microsoft ActiveSync
2008-03-13 17:15 . 2005-10-21 03:47 30,592 --------- C:\WINDOWS\system32\drivers\rndismpx.sys
2008-03-13 17:15 . 2005-10-21 03:47 12,800 --------- C:\WINDOWS\system32\drivers\usb8023x.sys
2008-03-13 17:11 . 2008-03-13 17:11 <DIR> d-------- C:\Documents and Settings\Administrador\Datos de programa\Ahead
2008-03-13 13:34 . 2008-04-08 19:48 52 --a------ C:\WINDOWS\dawin32.INI
2008-03-13 12:05 . 2008-04-09 09:01 65 --a------ C:\WINDOWS\iTouch.ini
2008-03-13 12:00 . 2008-03-13 12:00 <DIR> d-------- C:\Archivos de programa\Logitech
2008-03-13 12:00 . 2008-03-13 12:00 <DIR> d-------- C:\Archivos de programa\Archivos comunes\Logitech
2008-03-13 12:00 . 2002-01-05 05:38 54,784 --a------ C:\WINDOWS\system32\MSVCI70.DLL
2008-03-13 12:00 . 2004-03-03 10:50 37,887 --------- C:\WINDOWS\system32\drivers\Lhidusb.sys
2008-03-13 12:00 . 2004-03-03 10:50 14,095 --------- C:\WINDOWS\system32\drivers\LCCFLTR.SYS
2008-03-13 12:00 . 2004-03-10 14:42 12,953 --a------ C:\WINDOWS\system32\drivers\itchfltr.sys
2008-03-13 11:23 . 2004-08-04 00:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-03-13 11:07 . 2008-03-13 11:07 <DIR> d-------- C:\Archivos de programa\Windows Media Connect 2
2008-03-13 11:06 . 2008-03-13 11:06 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-03-13 11:06 . 2008-03-13 11:06 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-03-13 11:05 . 2008-03-13 11:05 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-03-13 11:04 . 2008-04-03 19:11 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-03-13 11:00 . 2008-03-13 11:00 <DIR> d---s---- C:\Documents and Settings\Administrador\UserData
2008-03-13 10:51 . 2004-08-19 20:42 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-03-13 10:45 . 2008-03-13 10:45 <DIR> d-------- C:\Documents and Settings\Administrador\Datos de programa\pdf995
2008-03-13 10:45 . 2008-03-13 10:45 28 --a------ C:\WINDOWS\pdf995.ini
2008-03-13 10:43 . 2008-04-08 16:59 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\pdf995
2008-03-13 10:43 . 2008-03-13 10:43 <DIR> d-------- C:\Archivos de programa\pdf995
2008-03-13 10:43 . 2008-03-13 10:43 249,856 --a------ C:\WINDOWS\system32\pdfmona.dll
2008-03-13 10:43 . 2008-03-13 10:43 51,716 --a------ C:\WINDOWS\system32\pdf995mon.dll
2008-03-13 10:43 . 2008-03-13 11:13 88 --a------ C:\WINDOWS\wpd99.drv
.
(((((((((((((((((((((((((((((((((((((( Reporte Find3M )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
2008-04-08 09:00 --------- d-----w C:\Archivos de programa\Archivos comunes\Wise Installation Wizard
2008-03-19 18:02 --------- d-----w C:\Archivos de programa\AIMP2
2008-03-12 17:14 --------- d-----w C:\Documents and Settings\Administrador\Datos de programa\TuneUp Software
2008-03-12 17:14 --------- d-----w C:\Archivos de programa\TuneUp Utilities 2007
2008-03-12 17:14 --------- d-----w C:\Archivos de programa\TaskSwitchXP
2008-03-12 17:14 --------- d-----w C:\Archivos de programa\My Company Name
2008-03-12 17:13 --------- d-----w C:\Archivos de programa\Nero
2008-03-12 17:13 --------- d-----w C:\Archivos de programa\Archivos comunes\Ahead
2008-03-12 17:11 --------- d-----w C:\Archivos de programa\Java
2008-03-12 17:11 --------- d-----w C:\Archivos de programa\Archivos comunes\Java
2008-03-12 17:10 --------- d-----w C:\Archivos de programa\DAMN NFO Viewer
2008-03-12 17:10 --------- d-----w C:\Archivos de programa\Archivos comunes\Adobe
2008-03-12 17:02 --------- d-----w C:\Archivos de programa\microsoft frontpage
2008-03-12 17:01 --------- d-----w C:\Archivos de programa\Servicios en línea
2008-01-15 12:26 1,548,800 ----a-w C:\WINDOWS\system32\sfcfiles.dll
2008-01-15 12:25 57,344 ----a-w C:\WINDOWS\system32\dmutil.dll
2008-01-15 12:25 51,712 ----a-w C:\WINDOWS\system32\wzcsapi.dll
2008-01-15 12:25 47,616 ----a-w C:\WINDOWS\system32\iyuv_32.dll
2008-01-15 12:25 360,448 ----a-w C:\WINDOWS\system32\wzcsvc.dll
2008-01-15 12:25 35,328 ----a-w C:\WINDOWS\system32\pid.dll
2008-01-15 12:25 294,912 ----a-w C:\WINDOWS\system32\msh263.drv
2008-01-15 12:25 23,552 ----a-w C:\WINDOWS\system32\wdmaud.drv
2008-01-15 12:25 20,992 ----a-w C:\WINDOWS\system32\hid.dll
2008-01-15 12:25 17,408 ----a-w C:\WINDOWS\system32\msyuv.dll
2008-01-15 12:24 8,192 ----a-w C:\WINDOWS\system32\tsbyuv.dll
2008-01-15 12:24 8,192 ----a-w C:\WINDOWS\system32\streamci.dll
2008-01-15 12:24 72,192 ----a-w C:\WINDOWS\system32\sprio800.dll
2008-01-15 12:24 70,656 ----a-w C:\WINDOWS\system32\sprio600.dll
2008-01-15 12:24 69,632 ----a-w C:\WINDOWS\system32\spnike.dll
2008-01-15 12:24 58,368 ----a-w C:\WINDOWS\system32\dvdplay.exe
2008-01-15 12:24 157,696 ----a-w C:\WINDOWS\system32\paqsp.dll
2008-01-15 12:24 147,968 ----a-w C:\WINDOWS\system32\mdwmdmsp.dll
2008-01-15 12:19 1,001,472 ----a-w C:\WINDOWS\system32\syssetup.dll
.
((((((((((((((((((((((((((((((((( Cargando Puntos Reg ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* entradas vacías & entradas legítimas predeterminadas no son mostradas
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"H/PC Connection Agent"="C:\Archivos de programa\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 15:22 1289000]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Adobe Reader Speed Launcher"="C:\Archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 09:06 40048]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 16:28 577536 C:\WINDOWS\soundman.exe]
"AudioDeck"="C:\Archivos de programa\VIA\VIAudioi\SBADeck\ADeck.exe" [2006-11-02 17:57 528384]
"avast!"="C:\ARCHIV~1\ALWILS~1\Avast4\ashDisp. exe" [2008-03-29 19:37 79224]
"zBrowser Launcher"="C:\Archivos de programa\Logitech\iTouch\iTouch.exe" [2004-03-18 10:33 892928]
"TaskSwitchXP"="C:\Archivos de programa\TaskSwitchXP\TaskSwitchXP.exe" [2006-08-05 00:29 62976]
"SpySweeper"="C:\Archivos de programa\Webroot\Spy Sweeper\SpySweeperUI.exe" [2008-01-04 20:56 5367664]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 20:42 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
"nltide_3"="advpack.dll" [2004-08-19 20:41 101376 C:\WINDOWS\system32\advpack.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer]
"NoDesktopCleanupWizard"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
[HKLM\~\startupfolder\C:^Documents and Settings^Administrador^Menú Inicio^Programas^Inicio^Bat - Auto Update.lnk]
path=C:\Documents and Settings\Administrador\Menú Inicio\Programas\Inicio\Bat - Auto Update.lnk
backup=C:\WINDOWS\pss\Bat - Auto Update.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\Archivos de programa\Microsoft ActiveSync\rapimgr.exe"= C:\Archivos de programa\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Archivos de programa\Microsoft ActiveSync\wcescomm.exe"= C:\Archivos de programa\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Archivos de programa\Microsoft ActiveSync\WCESMgr.exe"= C:\Archivos de programa\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Archivos de programa\\eMule\\emule.exe"=
"C:\\Documents and Settings\\Administrador\\Escritorio\\USDownloader1 34\\USDownloader.exe"=
"C:\\Archivos de programa\\uTorrent\\uTorrent.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX3 2.sys [2007-09-21 18:49]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswF sBlk.sys [2008-03-29 19:35]
R2 Machnm32;Machnm32 Driver;C:\WINDOWS\System32\Machnm32.sys [2003-08-13 00:27]
R2 UxTuneUp;TuneUp Ampliación del thema;C:\WINDOWS\System32\svchost.exe [2004-08-19 20:43]
S3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;C:\WINDOWS\system32\DRIVERS\WlanBZXP.sys [2006-01-19 18:33]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EEBF9CA6-567B-41cd-B5F6-EF2C7FEF37B5}]
rundll32.exe advpack.dll,LaunchINFSectionEx C:\WINDOWS\INF\wmactedp.inf,PerUserStub,,4
.
Contenido de carpeta 'Tareas Programadas'
"2008-03-12 17:14:42 C:\WINDOWS\Tasks\Mantenimiento con 1 clic.job"
- C:\Archivos de programa\TuneUp Utilities 2007\SystemOptimizer.exe
.
************************************************** ************************
catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-09 09:28:18
Windows 5.1.2600 Service Pack 2 NTFS
escaneando procesos ocultos ...
escaneando entradas ocultas de autostart ...
escaneando archivos ocultos ...
el escaneo se completo con exito
archivos ocultos: 0
************************************************** ************************
.
Tiempo completado: 2008-04-09 9:28:43
ComboFix-quarantined-files.txt 2008-04-09 07:28:33
ComboFix2.txt 2008-04-09 07:25:34
11 dirs 32,887,865,344 bytes libres
13 dirs 32,880,820,224 bytes libres
.
2008-03-17 12:17:56 --- E O F ---
A la espera de si tengo que realizar alguna tarea adicional, muchas gracias por su atencion y un gran saludo.  |