Bien... creo ke lo konsegui...
ComboFix 08-05-01.3 - administrador 2008-05-07 16:08:49.1 - NTFSx86 MINIMAL
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.3082.18.729 [GMT 2:00]
Se ejecuta desde: C:\Users\administrador\Desktop\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Otras eliminaciones )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\PROGRA~2\Microsoft\Network\Downloader\qmgr0.dat
C:\PROGRA~2\Microsoft\Network\Downloader\qmgr1.dat
C:\Windows\system32\x64
----- BITS: Possible infected sites -----
hxxp://www.download.windowsupdate.cõj
.
(((((((((((((((((( Archivos creados desde 2008-04-07 - 2008-05-07 )))))))))))))))))))))))))))))))))
.
Ningún archivo ha sido creado durante este intervalo de tiempo
.
(((((((((((((((((((((((((((((((((((((( Reporte Find3M )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
2008-05-07 13:57 81,984 ----a-w C:\Windows\System32\bdod.bin
2008-05-07 13:41 --------- d-----w C:\Users\administrador\AppData\Roaming\WTablet
2008-05-07 13:41 --------- d-----w C:\Users\administrador\AppData\Roaming\Extensis
2008-05-07 13:41 --------- d-----w C:\Users\ADMINI~1\AppData\Roaming\WTablet
2008-05-07 13:41 --------- d-----w C:\Users\ADMINI~1\AppData\Roaming\Extensis
2008-05-07 13:41 --------- d-----w C:\PROGRA~2\Extensis
2008-05-06 10:06 --------- d-----w C:\Users\administrador\AppData\Roaming\Malwarebyte s
2008-05-06 10:06 --------- d-----w C:\Users\ADMINI~1\AppData\Roaming\Malwarebytes
2008-05-06 10:06 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-05-06 10:06 --------- d-----w C:\PROGRA~2\Malwarebytes
2008-05-06 08:59 --------- d-----w C:\Users\administrador\AppData\Roaming\SUPERAntiSp yware.com
2008-05-06 08:59 --------- d-----w C:\Users\ADMINI~1\AppData\Roaming\SUPERAntiSpyware .com
2008-05-06 08:59 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-05-06 08:59 --------- d-----w C:\PROGRA~2\SUPERAntiSpyware.com
2008-05-06 08:58 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-06 00:55 --------- d-----w C:\Program Files\Trend Micro
2008-05-06 00:12 --------- d-----w C:\Program Files\Image-Line
2008-05-06 00:04 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-05 23:54 85,520 ----a-w C:\Windows\system32\drivers\bdfndisf.sys
2008-05-05 23:39 --------- d-----w C:\Program Files\Common Files\BitDefender
2008-05-05 18:46 27,048 ----a-w C:\Windows\system32\drivers\mbamcatchme.sys
2008-05-05 18:46 15,864 ----a-w C:\Windows\system32\drivers\mbam.sys
2008-05-05 00:31 --------- d-----w C:\Program Files\Sony Setup
2008-05-04 14:56 --------- d-----w C:\Program Files\VstPlugins
2008-05-03 15:01 37 ----a-w C:\Users\administrador\AppData\Roaming\Opusbext.da t
2008-05-03 15:01 37 ----a-w C:\Users\ADMINI~1\AppData\Roaming\Opusbext.dat
2008-05-03 14:23 118,784 ----a-w C:\Windows\dsdxirmv.exe
2008-05-03 14:14 --------- d-----w C:\Program Files\ASIO4ALL v2
2008-05-02 16:37 --------- d-----w C:\Program Files\Outsim
2008-05-01 22:44 --------- d-----w C:\PROGRA~2\BitDefender
2008-04-30 16:37 --------- d-----w C:\Users\administrador\AppData\Roaming\BitDefender
2008-04-30 16:37 --------- d-----w C:\Users\ADMINI~1\AppData\Roaming\BitDefender
2008-04-30 13:07 --------- d-----w C:\PROGRA~2\Spybot - Search & Destroy
2008-04-30 12:31 --------- d-----w C:\Program Files\BitDefender
2008-04-30 10:22 --------- d-----w C:\PROGRA~2\avg8
2008-04-28 15:04 24,136 ----a-w C:\Users\administrador\AppData\Roaming\GDIPFONTCAC HEV1.DAT
2008-04-28 15:04 24,136 ----a-w C:\Users\ADMINI~1\AppData\Roaming\GDIPFONTCACHEV1. DAT
2008-04-28 14:51 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-04-28 14:50 307,968 ----a-w C:\Windows\System32\TuneUpDefragService.exe
2008-04-22 14:21 --------- d-----w C:\Program Files\Codec Pack de ELISOFT
2008-04-21 13:50 --------- d-----w C:\Program Files\Extensis
2008-04-20 09:50 --------- d-----w C:\PROGRA~2\Pinnacle
2008-04-13 23:15 --------- d-----w C:\Users\administrador\AppData\Roaming\Nokia Multimedia Player
2008-04-13 23:15 --------- d-----w C:\Users\ADMINI~1\AppData\Roaming\Nokia Multimedia Player
2008-04-05 01:46 --------- d-----w C:\Users\administrador\AppData\Roaming\DNA
2008-04-05 01:46 --------- d-----w C:\Users\ADMINI~1\AppData\Roaming\DNA
2008-04-05 01:34 --------- d-----w C:\Users\administrador\AppData\Roaming\TuneUp Software
2008-04-05 01:34 --------- d-----w C:\Users\ADMINI~1\AppData\Roaming\TuneUp Software
2008-04-05 01:32 --------- d-----w C:\PROGRA~2\TuneUp Software
2008-04-04 14:56 --------- d-----w C:\Users\administrador\AppData\Roaming\Pavtube
2008-04-04 14:56 --------- d-----w C:\Users\ADMINI~1\AppData\Roaming\Pavtube
2008-03-25 15:06 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-20 05:23 --------- d-----w C:\Program Files\Java
2008-03-12 16:14 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-10 15:24 --------- d-----w C:\Users\administrador\AppData\Roaming\Ace
2008-03-10 15:24 --------- d-----w C:\Users\ADMINI~1\AppData\Roaming\Ace
2008-03-10 03:01 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-03-10 03:00 --------- d-----w C:\Users\administrador\AppData\Roaming\DAEMON Tools
2008-03-10 03:00 --------- d-----w C:\Users\ADMINI~1\AppData\Roaming\DAEMON Tools
2008-03-10 02:11 --------- d-----w C:\PROGRA~2\Zylom
2008-03-10 02:09 --------- d-----w C:\Users\administrador\AppData\Roaming\Zylom
2008-03-10 02:09 --------- d-----w C:\Users\ADMINI~1\AppData\Roaming\Zylom
2008-02-29 06:51 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 06:39 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:39 371,712 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:38 313,856 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 06:38 16,384 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 06:34 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
2008-02-29 04:16 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-02-27 11:15 28,416 ----a-w C:\Windows\System32\uxtuneup.dll
2008-02-27 11:15 16,640 ----a-w C:\Windows\System32\authuitu.dll
2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-21 04:43 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-02-21 04:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-19 05:10 620,088 ----a-w C:\Windows\System32\ci.dll
2008-02-14 23:19 944,184 ----a-w C:\Windows\System32\winload.exe
2008-02-13 01:08 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-13 01:06 613,888 ----a-w C:\Windows\System32\wpd_ci.dll
2008-02-13 01:06 558,080 ----a-w C:\Windows\System32\oleaut32.dll
2008-02-13 01:06 260,096 ----a-w C:\Windows\System32\dpx.dll
2008-02-13 01:06 224,824 ----a-w C:\Windows\System32\clfs.sys
2008-02-13 01:06 221,696 ----a-w C:\Windows\System32\umpnpmgr.dll
2008-02-13 01:06 19,456 ----a-w C:\Windows\System32\cfgmgr32.dll
2008-02-13 01:06 101,888 ----a-w C:\Windows\System32\drvinst.exe
2008-02-13 01:06 1,585,664 ----a-w C:\Windows\System32\setupapi.dll
2008-02-13 01:05 905,400 ----a-w C:\Windows\System32\winresume.exe
2008-02-13 01:05 595,456 ----a-w C:\Windows\System32\schedsvc.dll
2008-02-13 01:05 39,424 ----a-w C:\Windows\System32\lodctr.exe
2008-02-13 01:05 35,328 ----a-w C:\Windows\System32\dispci.dll
2008-02-13 01:05 32,256 ----a-w C:\Windows\System32\unlodctr.exe
2008-02-13 01:05 23,552 ----a-w C:\Windows\System32\nshhttp.dll
2008-02-13 01:05 17,408 ----a-w C:\Windows\System32\prflbmsg.dll
2008-02-13 01:05 12,800 ----a-w C:\Windows\System32\batt.dll
2008-02-13 01:05 115,200 ----a-w C:\Windows\System32\loadperf.dll
2008-02-13 01:03 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-13 01:03 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-13 01:03 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
.
Código:
<pre>
----a-w 97,778 2004-01-06 17:25:28 C:\Users\administrador\Music\Elektro- Pop\2 discografia alaska-fangoria-dinarama-pegamoides\MPC Winamp Plugin .exe
</pre>
((((((((((((((((((((((((((((((((( Cargando Puntos Reg ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* entradas vacías & entradas legítimas predeterminadas no son mostradas
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\i suspm.exe" [2004-08-09 07:03 221184]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:54 5674352]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-11-12 02:43 1006264]
"WireLessMouse"="C:\Program Files\Nortek Keyboard Mouse Application\MouseDrv.exe" [2005-09-08 17:51 503808]
"WireLessKeyboard"="C:\Program Files\Nortek Keyboard Mouse Application\PS2USBKbdDrv.exe" [2005-09-10 12:52 253952]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 11:57 3784704 C:\Windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-03-09 21:54 1822720 C:\Windows\SkyTel.exe]
"NeroFilterCheck"="C:\Windows\system32\NeroCheck.e xe" [2001-07-09 10:50 155648]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-08-09 07:03 81920]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-02-11 20:13 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-02-11 20:13 166424]
"Persistence"="C:\Windows\system32\igfxpers.ex e" [2008-02-11 20:13 133656]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2008-05-06 01:53 360448]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 15:46 61440]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce]
"GrpConv"="grpconv -o" []
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 15:58 1744896]
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Sta rtup\
Belkin Wireless Utility.lnk - C:\Program Files\Belkin\Belkin 802.11g Wireless PCI Card Configuration Utility\Belkinwcui.exe [2007-03-17 19:27:34 1523712]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360]
Suitcase 11.0.lnk - C:\Windows\Installer\{4E920E20-CB94-45D3-9520-929FA61983D2}\_01D57C9244869186542E24.exe [2008-04-21 15:51:02 9062]
[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.FFDS"= C:\Program Files\K-Lite Codec Pack\ffdshow\ffdshow.ax
"vidc.DIV3"= c:\progra~1\codecp~1\divx3\divxc32.dll
"vidc.DIV4"= c:\progra~1\codecp~1\divx412\divx.dll
"vidc.DIVX"= c:\progra~1\codecp~1\divx511\divx.dll
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run-]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
"Pando"="C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
"BitTorrent DNA"="C:\Users\administrador\Program Files\DNA\btdna.exe"
"MsnMsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe"
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
"PCSuiteTrayApplication"=C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
"Windows Mobile-based device management"=%windir%\WindowsMobile\wmdSync.exe
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"{D736E76E-72AA-4820-91B7-9E228334B8E9}"= UDP:C:\Program Files\Pinnacle\MediaCenter\PMC.exe:Pmc.exe
"{CFF2E38F-B688-4A3D-93DF-667FD9696512}"= TCP:C:\Program Files\Pinnacle\MediaCenter\PMC.exe:Pmc.exe
"{B779946B-10E0-4B5C-9976-3399D7C1039F}"= UDP:C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main .exe:PMC.Service.Main.exe
"{B5FCC4BE-5944-4E64-BAF4-09D0E38419B3}"= TCP:C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main .exe:PMC.Service.Main.exe
"{C8CBCCE2-9FA7-4EBB-A979-3047B4BB30E1}"= UDP:C:\Program Files\Pinnacle\MediaCenter\PSST.exe:PSST.exe
"{F1FD5A96-8076-4F98-B0C6-E8464CEA9A2D}"= TCP:C:\Program Files\Pinnacle\MediaCenter\PSST.exe:PSST.exe
"{25EC29C7-3A15-40F6-8DD2-795204583666}"= UDP:C:\Program Files\Pinnacle\MediaCenter\PMSInstallInit.exe:PMSI nstallInit.exe
"{B7542E0F-9DC6-4446-864A-B4C8605F611A}"= TCP:C:\Program Files\Pinnacle\MediaCenter\PMSInstallInit.exe:PMSI nstallInit.exe
"{4324A9F0-F57E-4808-9DD4-2E6CF7A3E9B9}"= UDP:C:\Program Files\Pinnacle\MediaCenter\PMC.Tvtv.Wizard.exe:PMC .Tvtv.Wizard.exe
"{E515BA96-9668-491E-AC1E-67B93F762973}"= TCP:C:\Program Files\Pinnacle\MediaCenter\PMC.Tvtv.Wizard.exe:PMC .Tvtv.Wizard.exe
"{CBDA48CB-18B7-49C2-8709-FBBA829F4819}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{803E9409-8D8E-4EB3-A2BC-6700C92D9740}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{93AC34EB-80BE-4CAA-A438-1434AB17E35F}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"TCP Query User{8BA4D2DE-5770-4B14-ABA9-015F820FEF63}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule Plus
"UDP Query User{28987261-877D-416C-B734-CE5335BAAE65}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule Plus
"{EFE010AC-24EE-4D11-B895-739FD813AB5B}"= UDP:990:LocalSubnet:LocalSubnet|IF={F173411D-AFF8-4C3E-83C2-361769AB3E7B}|%SystemRoot%\system32\svchost.exe|Sv c=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001
"TCP Query User{5FA298CC-7195-4458-AB38-0FF7786A1727}C:\\program files\\pando networks\\pando\\pando.exe"= UDP:C:\program files\pando networks\pando\pando.exe:pando
"UDP Query User{032FB954-8401-49C0-9E27-FAC8845DDF32}C:\\program files\\pando networks\\pando\\pando.exe"= TCP:C:\program files\pando networks\pando\pando.exe:pando
"TCP Query User{8F1A322E-F737-4DB6-9B81-C5083D455750}C:\\program files\\pando networks\\pando\\pando.exe"= UDP:C:\program files\pando networks\pando\pando.exe:pando
"UDP Query User{331A78C5-31F4-4BC7-8EE3-44938675AE61}C:\\program files\\pando networks\\pando\\pando.exe"= TCP:C:\program files\pando networks\pando\pando.exe:pando
"TCP Query User{6767DD27-3759-4B64-BA24-CEA5B0612F24}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule Plus
"UDP Query User{8724CA58-E494-4B59-B98D-190A7A34E41E}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule Plus
"TCP Query User{B538034F-BD39-4149-92A3-A05F6418F5AA}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{30AFFFB8-F824-4B3F-8349-ED5378D9CDC5}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{70B3C858-49FF-4DE2-B476-0AC78386BD37}C:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= UDP:C:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"UDP Query User{966A7685-6555-42FF-A3E2-0E47FEE7871D}C:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= TCP:C:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"TCP Query User{4BD9C7D0-960E-4F51-B519-3D618C40368C}C:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= UDP:C:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"UDP Query User{03D5FF16-60C6-497A-BFEB-56C0FF5EE05C}C:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= TCP:C:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"TCP Query User{A6C480CC-4137-42F1-A2BA-ADECF49BEB16}C:\\program files\\ares\\ares.exe"= UDP:C:\program files\ares\ares.exe:Ares p2p for windows
"UDP Query User{FB036792-AC01-4580-9B60-AD201614019F}C:\\program files\\ares\\ares.exe"= TCP:C:\program files\ares\ares.exe:Ares p2p for windows
"TCP Query User{99BAB106-1074-46A6-9B5F-E1875F560B84}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{9CD1AB59-3BB1-4E08-B394-C3FEE457544E}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{AB2160E2-0B9D-44B8-AD92-117FE00624C6}C:\\program files\\mirc\\mirc.exe"= UDP:C:\program files\mirc\mirc.exe:mIRC
"UDP Query User{C2A136BD-7B2E-47E2-B570-506D00AC0738}C:\\program files\\mirc\\mirc.exe"= TCP:C:\program files\mirc\mirc.exe:mIRC
"TCP Query User{73EC31DC-FEDD-40B5-B265-C98F04D1362E}C:\\windows\\system32\\presentationho st.exe"= UDP:C:\windows\system32\presentationhost.exe:Host de Windows Presentation Foundation
"UDP Query User{C5D795B2-8BCE-4690-A4CF-D72F384BE624}C:\\windows\\system32\\presentationho st.exe"= TCP:C:\windows\system32\presentationhost.exe:Host de Windows Presentation Foundation
"TCP Query User{8E2B81E0-0072-44AD-995E-262E190A6630}C:\\program files\\ares\\ares.exe"= UDP:C:\program files\ares\ares.exe:Ares p2p for windows
"UDP Query User{64904A0C-0A04-4423-BED2-602F1A08BF7C}C:\\program files\\ares\\ares.exe"= TCP:C:\program files\ares\ares.exe:Ares p2p for windows
"TCP Query User{1AFFC9A8-544E-458B-A6F6-595B85AF73CB}C:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= UDP:C:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"UDP Query User{AACC3BA0-349C-456F-9E2A-411DDE98F146}C:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= TCP:C:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"TCP Query User{322F3951-888C-43E6-B3E8-1039F3571275}C:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= UDP:C:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"UDP Query User{14B407B5-95D8-4375-9DA9-DAD4EAA04B36}C:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= TCP:C:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"TCP Query User{D50625E6-69AE-468B-95E0-9142CD345B40}C:\\program files\\tvuplayer\\tvuplayer.exe"= UDP:C:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"UDP Query User{EC619C15-BB74-4B84-B10A-B3C05600133D}C:\\program files\\tvuplayer\\tvuplayer.exe"= TCP:C:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"{A16F28B9-6A39-4D1E-A8BD-146BF1E7E16F}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{5D183705-B7BE-4CA5-918B-DF5BE9F009BB}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{FC6ABCA9-DF61-4CCD-A711-1CABDD808900}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{05115335-C89B-46C6-B693-8DB23B5E1F46}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{CE4A4666-579C-4ADF-B7A2-1D9E2371EF2A}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{D138AF3A-3F16-4DC7-B778-BC0A83312DC8}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{0E33996A-3973-4839-B880-7CDF63967ACD}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
"{4B56E2BD-887C-4075-8C29-E48BB89215B1}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
"{9340974B-68BA-4EA4-B546-8B2B9CDB310C}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{66C657D8-00B4-4E2C-94F2-2FA2746FF685}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"TCP Query User{EFB7BA84-810C-4A1F-9160-2D5773BBB33F}C:\\users\\administrador\\program files\\dna\\btdna.exe"= UDP:C:\users\administrador\program files\dna\btdna.exe:btdna.exe
"UDP Query User{CA6B2ED7-8284-4AE3-9F5A-186B382A96B8}C:\\users\\administrador\\program files\\dna\\btdna.exe"= TCP:C:\users\administrador\program files\dna\btdna.exe:btdna.exe
"TCP Query User{62032DF7-AB6A-4CBE-A852-0219C96C09DF}C:\\users\\administrador\\program files\\dna\\btdna.exe"= UDP:C:\users\administrador\program files\dna\btdna.exe:btdna.exe
"UDP Query User{A8130D06-0C47-4CF3-BEC9-F727F4718272}C:\\users\\administrador\\program files\\dna\\btdna.exe"= TCP:C:\users\administrador\program files\dna\btdna.exe:btdna.exe
"TCP Query User{FF33DF63-64BA-46C6-B5C5-75C8047661B4}C:\\users\\administrador\\appdata\\lo cal\\temp\\wzse0.tmp\\symnrt.exe"= UDP:C:\users\administrador\appdata\local\temp\wzse 0.tmp\symnrt.exe:symnrt.exe
"UDP Query User{F0F2B802-460E-4E31-A12A-CDBFFD519AE9}C:\\users\\administrador\\appdata\\lo cal\\temp\\wzse0.tmp\\symnrt.exe"= TCP:C:\users\administrador\appdata\local\temp\wzse 0.tmp\symnrt.exe:symnrt.exe
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|S vc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorre nt
R3 wacommousefilter;Wacom Mouse Filter Driver;C:\Windows\system32\DRIVERS\wacommousefilte r.sys [2007-02-16 21:12]
R3 wacomvhid;Wacom Virtual Hid Driver;C:\Windows\system32\DRIVERS\wacomvhid.sys [2007-02-16 20:30]
S2 AcronisOSSReinstallSvc;Acronis OS Selector Reinstall Service;"C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe" []
S2 RapiMgr;Conectividad de dispositivos basada en Windows Mobile;C:\Windows\system32\svchost.exe [2006-11-02 11:45]
S2 UxTuneUp;TuneUp Ampliación del thema;C:\Windows\System32\svchost.exe [2006-11-02 11:45]
S2 WcesComm;Conectividad de dispositivos basados en Windows Mobile 2003;C:\Windows\system32\svchost.exe [2006-11-02 11:45]
S3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\Windows\system32\DRIVERS\bdfndisf.sys [2008-05-06 01:54]
S3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-02-11 19:36]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\Windows\System32\TuneUpDefragService.ex e [2008-04-28 16:50]
S3 USB28xxBGA;PCTV 70e Device;C:\Windows\system32\DRIVERS\emBDA.sys [2007-01-29 21:20]
S3 USB28xxOEM;USB 28xx OEM Filter;C:\Windows\system32\DRIVERS\emOEM.sys [2007-01-29 21:19]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
bthsvcs REG_MULTI_SZ BthServ
bdx REG_MULTI_SZ scan
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{5fd93f3f-2e01-11dc-b938-00138fdefb0d}]
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\shell\Open(0)\command - Recycled\ctfmon.exe
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{60c1740f-ee42-11dc-8334-00138fdefb0d}]
\shell\AutoRun\command - L:\AIO_FL_STDUO8_V2.exe
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{c4ef0a0e-7517-11dc-8c7a-00138fdefb0d}]
\shell\AutoRun\command - J:\Autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{d3dd6020-b517-11db-bd8e-806e6f6e6963}]
\shell\AutoRun\command - D:\Bin\assetup.exe
*Newly Created Service* - CATCHME
*Newly Created Service* - ECACHE
.
************************************************** ************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-07 16:11:51
Windows 6.0.6000 NTFS
escaneando procesos ocultos ...
escaneando entradas ocultas de autostart ...
escaneando archivos ocultos ...
el escaneo se completo con exito
archivos ocultos: 0
************************************************** ************************
.
Tiempo completado: 2008-05-07 16:12:32
ComboFix-quarantined-files.txt 2008-05-07 14:12:23
El sistema no puede encontrar el texto del mensaje para el mensaje número 0x2379 en el archivo de mensajes para Application.
El sistema no puede encontrar el texto del mensaje para el mensaje número 0x2379 en el archivo de mensajes para Application.
290 --- E O F --- 2008-05-07 13:46:24