Foro de Spyware - Ver Mensaje Individual - Problemas con el Trojan-PSW.Win32.OnLineGames.qmf

Tema: Problemas con el Trojan-PSW.Win32.OnLineGames.qmf

Ver Mensaje Individual

post #3 (permalink)

16/05/08, 12:23:04

Aber

Usuario

Registrado: nov 2007

Ubicación: Peru

Mensajes: 3

Re: Problemas con el Trojan-PSW.Win32.OnLineGames.qmf

Hola El piedra gracias por la ayuda, la verdad siempre entro a este foto y me han ayudado bastante anteriormente, esta es la priemra vez quque necesito colocar mi log....rorri los programas que me dijiste, me detectaron algunos problemas,pero me he dado cuenta ahora que cuando navego con el firefox mi maquina llega al 100% del uso del CPU.... aca te dejo el log del COMBO FIX que me pediste.... gracias de antemano

ComboFix 08-05-15.2 - Valued Costumer 2008-05-16 9:26:35.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.503 [GMT -5:00]
Running from: C:\Documents and Settings\Valued Costumer\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\setup.exe
C:\WINDOWS\system32\lsprst7.dll
C:\WINDOWS\system32\ssprs.dll

.
((((((((((((((((((((((((( Files Created from 2008-04-16 to 2008-05-16 )))))))))))))))))))))))))))))))
.

2008-05-14 18:08 . 2008-05-14 18:08 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-14 18:08 . 2008-05-14 18:08 <DIR> d-------- C:\Documents and Settings\Valued Costumer\Application Data\Malwarebytes
2008-05-14 18:08 . 2008-05-14 18:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-14 18:08 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-14 18:08 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-14 18:07 . 2008-05-14 18:07 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-05-14 18:07 . 2008-05-14 18:07 <DIR> d-------- C:\Documents and Settings\Valued Costumer\Application Data\SUPERAntiSpyware.com
2008-05-14 18:07 . 2008-05-14 18:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-14 18:06 . 2008-05-14 18:06 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-14 12:15 . 2008-05-14 12:32 96,645 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-05-14 12:15 . 2008-05-14 12:32 87,941 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-05-14 12:14 . 2008-05-14 12:33 <DIR> d-------- C:\Program Files\Kaspersky Internet Security 7.0
2008-05-14 12:14 . 2008-05-16 08:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-14 12:14 . 2008-05-16 09:52 9,770,016 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-05-14 12:14 . 2008-05-15 23:58 133,100 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-05-14 12:14 . 2008-05-16 09:51 18,720 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-05-14 12:14 . 2008-05-15 23:59 3,560 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-05-14 11:46 . 2007-08-12 11:37 96 --------- C:\autoexec.per
2008-05-06 21:44 . 2008-05-06 21:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-05-06 19:28 . 2008-05-06 19:28 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-05-05 12:24 . 2008-05-05 12:24 <DIR> d-------- C:\Program Files\Olympus
2008-05-05 12:24 . 2005-07-30 21:00 114,688 --a------ C:\WINDOWS\system32\OdiOlDVR.dll
2008-05-05 12:24 . 2005-07-30 21:14 86,016 --a------ C:\WINDOWS\system32\STRDEVAPI.dll
2008-05-05 12:24 . 2006-04-07 17:05 73,728 --a------ C:\WINDOWS\system32\VNUSB.dll
2008-05-05 12:24 . 2003-06-13 17:49 73,728 --a------ C:\WINDOWS\system32\DW90USB.DLL
2008-05-05 12:24 . 2004-06-21 10:14 53,248 --a------ C:\WINDOWS\system32\OdiAPI.dll
2008-05-05 12:24 . 2001-04-09 19:17 39,096 --a------ C:\WINDOWS\system32\drivers\DW90USB.SYS
2008-05-05 12:24 . 2006-04-07 17:06 38,496 --a------ C:\WINDOWS\system32\drivers\VNUSB.sys
2008-05-03 13:07 . 2008-05-03 13:08 26 --a------ C:\WINDOWS\ExplorerXP.INI
2008-05-01 11:41 . 2008-05-01 11:41 0 --ah----- C:\Documents and Settings\Valued Costumer\Application Data\.F1DE379206385595.sys
2008-04-30 21:37 . 2008-04-30 21:37 <DIR> d-------- C:\Program Files\KONAMI
2008-04-22 08:37 . 2008-04-22 08:37 <DIR> d-------- C:\Documents and Settings\Valued Costumer\Application Data\ArcSoft
2008-04-21 19:44 . 2008-04-21 19:44 <DIR> d-------- C:\Program Files\INITIO
2008-04-21 19:44 . 2004-05-10 00:59 13,696 --a------ C:\WINDOWS\system32\drivers\inigpio.sys
2008-04-21 19:44 . 2005-04-26 19:38 4,736 --a------ C:\WINDOWS\system32\drivers\UsbFi2K.sys
2008-04-21 19:37 . 2008-04-21 19:37 <DIR> d-------- C:\Program Files\TotalMedia Backup & Record
2008-04-21 19:37 . 2008-04-21 19:37 <DIR> d-------- C:\Program Files\Common Files\ArcSoft
2008-04-21 19:37 . 1995-08-01 04:44 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL
2008-04-21 19:37 . 2005-02-23 14:58 11,776 --a------ C:\WINDOWS\system32\drivers\afc.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-05-13 00:31 --------- d-----w C:\Program Files\common
2008-05-12 03:19 2,516 --sha-w C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
2008-05-09 02:51 --------- d-----w C:\Program Files\Soulseek-Test
2008-05-07 01:19 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-05 17:35 --------- d-----w C:\Documents and Settings\Valued Costumer\Application Data\Sony Corporation
2008-05-05 17:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-05 00:04 --------- d-----w C:\Documents and Settings\Valued Costumer\Application Data\Azureus
2008-05-04 16:49 --------- d-----w C:\Program Files\Azureus
2008-05-01 02:34 --------- d-----w C:\Program Files\Winning Eleven 2007
2008-04-27 03:02 --------- d-----w C:\Program Files\VST Plugins
2008-04-27 00:23 --------- d-----w C:\Documents and Settings\Valued Costumer\Application Data\Image Zone Express
2008-04-12 14:35 --------- d-----w C:\Program Files\Common Files\Protexis
2008-04-12 14:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Corel
2008-04-12 14:30 --------- d-----w C:\Program Files\Common Files\Corel
2008-04-11 02:07 --------- d-----w C:\Program Files\Yahoo!
2008-04-11 02:06 --------- d--h--r C:\Documents and Settings\Valued Costumer\Application Data\yahoo!
2008-04-11 02:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-04-03 23:43 88 --sh--r C:\Documents and Settings\All Users\Application Data\1FAFAA7EEC.sys
2008-04-03 19:05 --------- d-----w C:\Program Files\Native Instruments
2008-04-02 23:45 --------- d-----w C:\Documents and Settings\Valued Costumer\Application Data\dvdcss
2008-04-02 22:46 --------- d-----w C:\Program Files\iPod
2008-03-31 23:13 --------- d-----w C:\Program Files\iTunes
2008-03-31 23:09 --------- d-----w C:\Program Files\QuickTime
2008-03-31 23:09 --------- d-----w C:\Program Files\Bonjour
2008-03-31 23:00 --------- d-----w C:\Program Files\Apple Software Update
2008-03-31 22:58 --------- d-----w C:\Program Files\Common Files\Apple
2008-03-31 22:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-03-31 13:10 --------- d-----w C:\Program Files\Winamp
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-22 22:09 --------- d-----w C:\Program Files\Common Files\Digidesign
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-18 14:14 0 ---ha-w C:\Documents and Settings\Valued Costumer\Application Data\.F1DE3792C0ADD4DD.sys
2008-03-16 22:17 --------- d-----w C:\Program Files\MSXML 6.0
2008-03-16 02:15 --------- d-----w C:\Documents and Settings\Valued Costumer\Application Data\Corel
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2005-05-26 19:35 1,422 ----a-w C:\Program Files\ReadMe.txt
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-10-07 00:10 344064]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 07:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"SonyPowerCfg"="C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" [2004-10-21 22:12 184320]
"VAIO Recovery"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 00:08 28672]
"AVP"="C:\Program Files\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 12:51 218376]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\M SConfig.exe" [2004-08-04 07:00 158208]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 110592]
DSLMON.lnk - C:\Program Files\Arescom\NDS1060USB ADSL Adapter\dslmon.exe [2006-04-19 10:35:35 929861]
TotalMedia Backup Monitor.lnk - C:\Program Files\TotalMedia Backup & Record\uBBMonitor.exe [2008-04-21 19:37:28 270336]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
VESWinlogon.dll 2004-10-27 18:40 73728 C:\WINDOWS\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1.0\adialhk. dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= C:\PROGRA~1\COMMON~1\SONYSH~1\VideoLib\sonydv.dll
"msacm.l3fhg"= mp3fhg.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"vidc.yv12"= yv12vfw.dll
"msacm.imc"= imc32.acm
"msacm.divxa32"= divxa32.acm
"Midi1"= KORGUMDD.DRV

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Actualización de PER Antivirus.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Actualización de PER Antivirus.lnk
backup=C:\WINDOWS\pss\Actualización de PER Antivirus.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Button Manager v1.874.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Button Manager v1.874.lnk
backup=C:\WINDOWS\pss\Button Manager v1.874.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Device Detector 3.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Device Detector 3.lnk
backup=C:\WINDOWS\pss\Device Detector 3.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Recording Status.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Recording Status.lnk
backup=C:\WINDOWS\pss\Recording Status.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Valued Costumer^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Valued Costumer\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Valued Costumer^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\Valued Costumer\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Valued Costumer^Start Menu^Programs^Startup^VAIO Launcher.lnk]
path=C:\Documents and Settings\Valued Costumer\Start Menu\Programs\Startup\VAIO Launcher.lnk
backup=C:\WINDOWS\pss\VAIO Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
--a------ 2007-02-28 23:06 2321600 C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2004-10-13 19:00 57344 C:\WINDOWS\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amva]
C:\WINDOWS\system32\amvo.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
--a------ 2003-11-07 19:21 114688 C:\Program Files\Apoint\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
C:\Program Files\Ares\Ares.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-06-27 19:03 152872 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath]
--a------ 2004-06-09 15:37 40960 C:\WINDOWS\VM_STI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CreateCD_Reminder]
--a------ 2004-07-16 14:17 53248 C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2005-11-08 17:00 128920 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Filetopia]
C:\FILETO~1\FILETO~1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hcontrol]
--a------ 2004-07-19 16:05 61440 C:\WINDOWS\ATK0100\Hcontrol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2006-12-10 21:52 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISBMgr.exe]
--a------ 2004-02-20 17:12 32768 C:\Program Files\Sony\ISB Utility\ISBMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-19 13:10 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IW_Drop_Icon]
C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.ex e

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kava]
C:\WINDOWS\system32\kavo.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\M-Audio Taskbar Icon]
--a------ 2005-12-13 10:39 91136 C:\WINDOWS\System32\M-AudioTaskBarIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 2006-04-26 08:29 237568 C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
--a------ 2006-04-11 17:52 1409024 C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-31 23:13 385024 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
--a------ 2007-02-22 23:31 25388584 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
--a------ 2006-11-10 12:35 90112 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a------ 2008-02-29 16:03 1481968 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Switcher.exe]
--a------ 2004-10-26 01:20 167936 C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
--a------ 2006-04-10 17:48 100056 C:\PROGRA~1\SYMNET~1\SNDMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-04-19 08:06 185784 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Update 2]
--a------ 2004-09-21 21:54 151552 C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VZRemoteCommander]
--a------ 2004-10-21 19:25 192512 C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2007-05-14 17:22 35328 C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\CuteFTP 8\\ftpte.exe"=
"C:\\Program Files\\Sony\\vaio media 3.1\\Vc.exe"=
"C:\\Program Files\\Sony\\vaio media 3.1\\VmpClient.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Soulseek-Test\\slsk.exe"=
"C:\\Program Files\\Winning Eleven 2007\\we2007.dat"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=

R2 MAudioUSBService;M-Audio USB Installer;C:\Program Files\M-Audio\Fast Track Pro\MAUSBInst.exe [2005-12-02 09:20]
R2 PSI_SVC_2;Protexis Licensing V2;"c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe" [2007-07-24 11:15]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
R3 SPI;Sony Programmable I/O Control Device;C:\WINDOWS\system32\DRIVERS\SonyPI.sys [2002-08-20 14:59]
S3 Bulk;HDJBulk;C:\WINDOWS\system32\Drivers\HDJBulk.s ys []
S3 HDJCtrl;HDJCtrl;C:\WINDOWS\system32\Drivers\HDJCtr l.sys []
S3 HDJKbd;HDJKbd;C:\WINDOWS\system32\Drivers\HDJKbd.s ys []
S3 HDJMidi;Hercules DJ Console MIDI;C:\WINDOWS\system32\DRIVERS\HDJMidi.sys []
S3 KORGUMDS;KORG USB-MIDI Driver for Windows XP;C:\WINDOWS\system32\Drivers\KORGUMDS.SYS [2004-02-19 03:05]
S3 MA763010;M-Audio Fast Track;C:\WINDOWS\system32\drivers\MA763010.sys []
S3 MAUSB;Service for M-Audio Fast Track Pro Driver (WDM);C:\WINDOWS\system32\DRIVERS\mausb.sys [2005-12-13 10:39]
S3 ne2000;Novell/Eagle NE2000 Adapter Driver;C:\WINDOWS\system32\DRIVERS\ne2000.sys [2001-08-17 16:49]
S3 VNUSB;VN Series Device;C:\WINDOWS\system32\DRIVERS\VNUSB.sys [2006-04-07 17:06]
S3 voxthing;Voice Thing service;C:\WINDOWS\system32\drivers\voxthing.sys [2007-07-20 14:30]
S3 w300bus;Sony Ericsson W300 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\w300bus.sys [2005-12-28 12:46]
S3 ZSMC302;VIMICRO USB PC Camera;C:\WINDOWS\system32\Drivers\usbVM31b.sys [2004-08-17 11:44]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{42e99a48-bc92-11dc-a908-00014a1ced26}]
\Shell\AutoRun\command - G:\u.bat
\Shell\explore\Command - G:\u.bat
\Shell\open\Command - G:\u.bat

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{78127fc6-1915-11dd-a9fa-00014a1ced26}]
\Shell\AutoRun\command - semo2x.exe
\Shell\explore\Command - semo2x.exe
\Shell\open\Command - semo2x.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{797dd0c4-bb0c-11dc-a902-00014a1ced26}]
\Shell\AutoRun\command - semo2x.exe
\Shell\explore\Command - semo2x.exe
\Shell\open\Command - semo2x.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{833a4c58-8884-11dc-a82c-00014a1ced26}]
\Shell\auto\command - Knight.exe open
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open
\Shell\explore\command - Knight.exe open
\Shell\find\command - Knight.exe open
\Shell\install\command - Knight.exe open
\Shell\open\command - Knight.exe open

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{a70a3069-986c-11dc-a864-00014a1ced26}]
\Shell\AutoRun\command - G:\ntde1ect.com
\Shell\explore\Command - G:\ntde1ect.com
\Shell\open\Command - G:\ntde1ect.com

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{a89e9387-bd33-11dc-a909-00014a1ced26}]
\Shell\AutoRun\command - H:\usdeiect.com
\Shell\explore\Command - H:\usdeiect.com
\Shell\open\Command - H:\usdeiect.com

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{ae491ccf-8a12-11dc-a830-00014a1ced26}]
\Shell\auto\command - Knight.exe open
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open
\Shell\explore\command - Knight.exe open
\Shell\find\command - Knight.exe open
\Shell\install\command - Knight.exe open
\Shell\open\command - Knight.exe open

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{b1804b23-9def-11db-a5c5-00014a1ced26}]
\Shell\Auto\command - G:\sxs.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{c094b8bf-75c6-11dc-a7f7-00014a1ced26}]
\Shell\AutoRun\command - G:\2ifetri.cmd
\Shell\explore\Command - G:\2ifetri.cmd
\Shell\open\Command - G:\2ifetri.cmd

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-05-16 14:36:02 C:\WINDOWS\Tasks\Comprobar actualizaciones de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2005-12-10 02:08:09 C:\WINDOWS\Tasks\Registration reminder 1.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2005-12-10 02:08:10 C:\WINDOWS\Tasks\Registration reminder 2.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2005-12-10 02:08:10 C:\WINDOWS\Tasks\Registration reminder 3.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
.
************************************************** ************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-16 09:51:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2008-05-16 10:04:55
ComboFix-quarantined-files.txt 2008-05-16 15:04:00

Pre-Run: 2,902,581,248 bytes free
Post-Run: 2,828,759,040 bytes free

338 --- E O F --- 2008-05-16 04:58:21