Foro de Spyware - Ver Mensaje Individual - problema con winhost y block.exe (Solucionado)

Tema: problema con winhost y block.exe (Solucionado)

Ver Mensaje Individual

post #3 (permalink)

17/05/08, 23:34:14

alfah21

Usuario

Registrado: may 2008

Ubicación: Mexico

Mensajes: 10

Re: problema con winhost y block.exe

hola y gracias por la ayuda, aqui le dejo mi reporte del combo fix.

ComboFix 08-05-15.3 - AYAX 2008-05-17 22:28:19.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1355 [GMT -5:00]
Running from: C:\Documents and Settings\AYAX\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-04-18 to 2008-05-18 )))))))))))))))))))))))))))))))
.

2008-05-16 17:51 . 2008-05-16 17:51 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-16 16:31 . 2008-05-16 16:31 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-16 15:53 . 2008-05-16 21:06 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-05-16 15:53 . 2008-05-16 15:53 <DIR> d-------- C:\Documents and Settings\AYAX\Application Data\SUPERAntiSpyware.com
2008-05-16 15:53 . 2008-05-16 15:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-16 15:50 . 2008-05-16 15:50 <DIR> d-------- C:\Program Files\CCleaner
2008-05-10 23:35 . 2008-05-10 23:36 1,160 --a------ C:\WINDOWS\mozver.dat
2008-05-10 23:03 . 2008-05-10 23:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2008-05-10 23:02 . 2008-05-10 23:05 <DIR> d-------- C:\Documents and Settings\AYAX\Application Data\Nokia
2008-05-10 23:01 . 2008-05-10 23:01 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2008-05-10 23:01 . 2008-05-10 23:01 <DIR> d-------- C:\Program Files\Nokia
2008-05-10 23:01 . 2008-05-10 23:01 <DIR> d-------- C:\Program Files\DIFX
2008-05-10 23:01 . 2008-05-10 23:01 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2008-05-10 23:01 . 2008-05-10 23:01 <DIR> d-------- C:\Program Files\Common Files\Nokia
2008-05-10 23:01 . 2008-05-10 23:03 <DIR> d-------- C:\Documents and Settings\AYAX\Application Data\PC Suite
2008-05-10 23:01 . 2007-02-22 10:15 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2008-05-10 23:00 . 2008-05-10 23:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Installations
2008-05-10 13:11 . 2008-05-10 14:03 <DIR> d-------- C:\Program Files\HDDGURU LLF Tool
2008-05-10 12:38 . 2008-05-10 14:03 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-10 12:38 . 2008-05-10 14:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-10 12:23 . 2008-05-10 12:29 <DIR> d-------- C:\Program Files\Common Files\SolidWorks Shared
2008-05-10 12:22 . 2008-05-10 12:22 <DIR> d-------- C:\Program Files\Common Files\eDrawings2008
2008-05-10 12:22 . 2008-05-10 12:22 <DIR> d-------- C:\Program Files\AGEIA Technologies
2008-05-09 18:46 . 2008-05-09 19:01 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-05-09 17:19 . 2008-05-09 17:19 30,208 --a------ C:\winhost.exe
2008-05-07 11:20 . 2008-05-07 11:20 <DIR> d-------- C:\Documents and Settings\AYAX\Application Data\Uniblue
2008-05-06 21:06 . 2008-05-06 21:06 <DIR> d-------- C:\Documents and Settings\AYAX\Application Data\Talkback
2008-05-06 21:05 . 2008-05-06 21:05 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-05 23:57 . 2008-05-05 23:57 <DIR> d-------- C:\Documents and Settings\AYAX\Application Data\SolidWorks 2008
2008-04-30 01:28 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-04-30 01:26 . 2008-04-30 01:26 <DIR> d-------- C:\WINDOWS\Sun
2008-04-29 19:17 . 2008-04-29 19:17 <DIR> d--hs---- C:\Documents and Settings\LocalService\Temporary Internet Files
2008-04-29 19:17 . 2008-04-29 19:17 <DIR> d--hs---- C:\Documents and Settings\LocalService\History
2008-04-29 19:14 . 2008-04-29 19:14 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-04-29 19:14 . 2005-10-14 22:42 46,592 --a------ C:\WINDOWS\system32\hpzll43a.dll
2008-04-29 19:14 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-04-29 19:14 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys
2008-04-29 19:13 . 2005-03-14 12:03 278,584 --a------ C:\WINDOWS\system32\HPZidr12.dll
2008-04-29 19:13 . 2005-03-14 12:05 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
2008-04-29 19:13 . 2005-03-08 11:55 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
2008-04-29 19:13 . 2007-08-09 02:27 73,728 --a------ C:\WINDOWS\system32\HPZipm12.exe
2008-04-29 19:13 . 2005-03-14 13:39 65,536 --a------ C:\WINDOWS\system32\HPZinw12.exe
2008-04-29 19:13 . 2005-03-08 11:55 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
2008-04-29 19:03 . 2005-10-28 18:11 614,400 --a------ C:\WINDOWS\system32\hpotscl2.dll
2008-04-29 19:03 . 2005-10-28 18:11 602,112 --a------ C:\WINDOWS\system32\hpowiax2.dll
2008-04-29 19:03 . 2005-10-28 18:11 254,026 --a------ C:\WINDOWS\system32\hpovst09.dll
2008-04-29 19:03 . 2008-04-29 19:15 103,193 --a------ C:\WINDOWS\hpoins08.dat
2008-04-29 19:03 . 2005-09-09 18:28 98,304 --a------ C:\WINDOWS\system32\hpzjsn01.dll
2008-04-29 19:03 . 2005-10-27 20:23 77,824 --a------ C:\WINDOWS\system32\hpzids01.dll
2008-04-29 19:03 . 2006-01-24 16:03 4,445 --------- C:\WINDOWS\hpomdl08.dat
2008-04-29 18:39 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-04-29 18:39 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\dllcache\usbprint.sys
2008-04-28 14:19 . 2008-04-28 14:19 <DIR> d-------- C:\Documents and Settings\AYAX\Application Data\CyberLink
2008-04-27 14:52 . 2008-04-27 14:52 <DIR> d-------- C:\Documents and Settings\AYAX\Application Data\HP
2008-04-26 21:40 . 2008-04-26 21:40 <DIR> d-------- C:\Documents and Settings\AYAX\Application Data\Sonic
2008-04-26 21:40 . 2008-04-26 21:40 <DIR> d-------- C:\Documents and Settings\AYAX\Application Data\Leadertech
2008-04-25 12:41 . 2008-04-25 12:41 <DIR> d-------- C:\Program Files\URUSoft
2008-04-25 01:14 . 2008-04-25 01:15 4,316 --a------ C:\WINDOWS\desctemp.dat
2008-04-23 11:26 . 2008-04-23 11:26 <DIR> d-------- C:\Program Files\Pegasys Inc
2008-04-19 20:48 . 2008-04-19 20:48 <DIR> d-------- C:\Program Files\MegauploadToolbar
2008-04-19 20:48 . 2008-05-17 22:27 <DIR> d-------- C:\Documents and Settings\AYAX\Application Data\MegauploadToolbar

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-05-16 20:52 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-14 19:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-10 22:00 --------- d-----w C:\Program Files\TextAloud
2008-05-10 17:27 --------- d-----w C:\Program Files\SolidWorks
2008-04-30 06:28 --------- d-----w C:\Program Files\Java
2008-04-30 00:13 --------- d-----w C:\Program Files\HP
2008-04-27 19:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-24 00:37 --------- d-----w C:\Documents and Settings\AYAX\Application Data\Ahead
2008-04-22 13:32 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-04-16 03:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Bluetooth
2008-04-16 03:15 --------- d-----w C:\Documents and Settings\AYAX\Application Data\Media Player Classic
2008-04-16 03:14 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-04-16 02:43 --------- d-----w C:\Program Files\IVT Corporation
2008-04-16 02:32 --------- d-----w C:\Program Files\MSBuild
2008-04-16 02:32 --------- d-----w C:\Program Files\Microsoft Works
2008-04-16 02:28 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-04-15 05:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-04-14 05:39 --------- d-----w C:\Program Files\Windows Live
2008-04-12 15:05 --------- d-----w C:\Documents and Settings\AYAX\Application Data\SolidWorks
2008-04-11 01:57 --------- d-----w C:\Program Files\Loquendo
2008-04-10 01:36 --------- d-----w C:\Program Files\MSECACHE
2008-04-10 01:13 --------- d-----w C:\Program Files\Ares
2008-04-09 23:55 --------- d-----w C:\Program Files\MSXML 6.0
2008-04-08 01:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\SolidWorks
2008-04-08 00:54 --------- d-----w C:\Program Files\Reference Assemblies
2008-04-08 00:50 --------- d-----w C:\Program Files\Microsoft.NET
2008-04-08 00:26 --------- d-----w C:\Program Files\MATLAB
2008-04-08 00:16 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-04-08 00:15 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Xfire
2008-04-08 00:15 --------- d-----w C:\Documents and Settings\AYAX\Application Data\Xfire
2008-04-08 00:14 --------- d-----w C:\Program Files\Xfire
2008-04-07 23:56 --------- d-----w C:\Program Files\Windows Installer Clean Up
2008-04-07 23:55 --------- d-----w C:\Program Files\MSXML 4.0
2008-04-07 23:40 --------- d-----w C:\Program Files\Teamspeak2_RC2
2008-04-07 23:40 --------- d-----w C:\Documents and Settings\AYAX\Application Data\teamspeak2
2008-04-07 23:37 --------- d-----w C:\Program Files\TI Education
2008-04-07 23:37 --------- d-----w C:\Program Files\Common Files\TI Shared
2008-04-07 23:31 --------- d-----w C:\Program Files\Microsoft Games
2008-04-07 23:27 --------- d-----w C:\Program Files\activePDF
2008-04-07 22:32 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-04-07 22:31 --------- d-----w C:\Program Files\Common Files\Ahead
2008-04-07 22:30 --------- d-----w C:\Program Files\Nero
2008-04-07 22:17 --------- d-----w C:\Program Files\Microchip
2008-04-07 22:14 --------- d-----w C:\Program Files\Hide IP Platinum
2008-04-07 22:12 --------- d-----w C:\Program Files\Festo Fluidsim
2008-04-07 22:11 --------- d-----w C:\Program Files\Electronics Workbench
2008-04-07 21:08 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-07 21:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-07 20:45 --------- d-----w C:\Program Files\Alwil Software
2008-04-07 20:34 --------- d-----w C:\Program Files\RGB
2008-04-07 19:32 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-07 19:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-07 19:26 --------- d-----w C:\Program Files\NetWaiting
2008-04-07 19:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\WildTangent
2008-04-07 09:58 --------- d-----w C:\Program Files\HP Pavilion Webcam Demo
2008-04-07 09:58 --------- d-----w C:\Program Files\Hewlett-Packard
2008-04-07 09:55 1,787 --sha-r C:\WINDOWS\system32\drivers\103C_HP_NTBK_HP Pavilion dv6000 (RG372UA#ABA)_YN_0Pavi_QCNF6410S04_E419857002_46_I 30BB_SQuanta_V66.37_BF.16_T070202_WXP2_L409_M2039_ J120_7Intel_8Core2 T5500_91.66_#060911_N80861092_(RG372UA#ABA)_XMOBIL E_CN10_Z.MRK
2008-04-07 09:50 --------- d-----w C:\Program Files\HPQ
2008-04-07 09:32 --------- d-----w C:\Program Files\Windows Plus
2008-04-07 09:32 --------- d-----w C:\Program Files\WildTangent
2008-04-07 09:32 --------- d-----w C:\Program Files\Synaptics
2008-04-07 09:32 --------- d-----w C:\Program Files\Sonic
2008-04-07 09:30 --------- d-----w C:\Program Files\muvee Technologies
2008-04-07 09:28 --------- d-----w C:\Program Files\microsoft frontpage
2008-04-07 09:23 --------- d-----w C:\Program Files\DivX
2008-04-07 09:23 --------- d-----w C:\Program Files\CONEXANT
2008-04-07 09:23 --------- d-----w C:\Program Files\Common Files\TiVo Shared
2008-04-07 09:23 --------- d-----w C:\Program Files\Common Files\SureThing Shared
2008-04-07 09:23 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2008-04-07 09:23 --------- d-----w C:\Program Files\Common Files\muvee Technologies
2008-04-07 09:22 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-04-07 09:22 --------- d-----w C:\Program Files\Common Files\Java
2008-04-07 09:22 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-07 09:22 --------- d-----w C:\Program Files\Common Files\HP
2008-04-07 09:22 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-07 09:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sonic
2008-04-07 09:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\SBSI
2008-04-07 09:15 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Applicati on Data\Symantec
2008-04-07 09:15 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Applicati on Data\Intuit
2008-04-07 09:15 --------- d-----w C:\Documents and Settings\AYAX\Application Data\Intuit
2008-04-07 09:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Intuit
2008-04-07 09:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2008-04-07 09:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2008-04-07 09:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-04-07 09:15 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Intuit
2008-04-04 21:31 41,296 ----a-w C:\WINDOWS\system32\xfcodec.dll
2008-03-28 17:41 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-27 08:12 151,583 ------w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-01 23:36 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 08:55 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-29 08:55 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:32 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:32 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
.

((((((((((((((((((((((((((((( snapshot@2008-05-16_15.21.02.95 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-16 19:44:20 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-17 21:47:07 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2005-05-17 00:34:48 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-09-10 15:47:42 65,536 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-09-10 15:47:42 790,528 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
+ 2008-05-17 21:47:11 16,384 ----atw C:\WINDOWS\temp\Perflib_Perfdata_e0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-15 23:00 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-11-07 15:34 3739672]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 23:56 64512]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 00:58 458752]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-22 15:17 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-22 15:13 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-22 15:17 118784]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 10:02 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-17 00:22 794713]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-10-18 18:12 102400]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 18:30 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 18:30 81920]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 13:33 163840]
"Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-06-19 12:50 40960]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 12:23 1187840]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24 54840]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp. exe" [2008-05-12 11:39 79224]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.e xe" [2001-07-09 10:50 155648]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 13:20 227328]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 15:58 1744896]

C:\Documents and Settings\AYAX\Start Menu\Programs\Startup\
SolidWorks Task Scheduler Engine.lnk - C:\Program Files\SolidWorks\swScheduler\swBOEngine.exe [2007-09-09 06:51:40 488728]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 00:05:26 29696]
HP Pavilion Webcam Tray Icon.lnk - C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe [2008-04-07 04:58:15 102400]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-24 11:39:30 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll
"VIDC.YV12"= yv12vfw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\mqsvc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft Games\\Halo Custom Edition\\haloce.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\Documents and Settings\\AYAX\\My Documents\\Juegos\\Age of Empires\\age2_x1.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-12 11:36]
R2 {22D78859-9CE9-4B77-BF18-AC83E81A9263};{22D78859-9CE9-4B77-BF18-AC83E81A9263};C:\Program Files\HP\QuickPlay\000.fcl [2007-10-18 18:12]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswF sBlk.sys [2008-05-12 11:38]
S3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;C:\WINDOWS\system32\Drivers\5U870CAP.sys [2006-06-06 15:39]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{c15e9e14-08a5-11dd-9530-0018de313bcb}]
\Shell\AutoRun\command - F:\m9j.com
\Shell\explore\Command - F:\m9j.com
\Shell\open\Command - F:\m9j.com

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28ABC5C0-4FCB-11CF-AAX5-81CX1C635612}]
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sys32.exe
.
************************************************** ************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-17 22:30:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe????????????L?@? ??? ]??????`?@?????L?@

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{ 22D78859-9CE9-4B77-BF18-AC83E81A9263}]
"ImagePath"="\??\C:\Program Files\HP\QuickPlay\000.fcl"
.
Completion time: 2008-05-17 22:31:46
ComboFix-quarantined-files.txt 2008-05-18 03:31:44
ComboFix2.txt 2008-05-16 20:21:11
ComboFix3.txt 2008-05-06 05:27:03

Pre-Run: 37,398,470,656 bytes free
Post-Run: 37,386,657,792 bytes free

282 --- E O F --- 2008-05-16 05:59:11