Foro de Spyware - Ver Mensaje Individual - problema con winhost y block.exe (Solucionado)

Tema: problema con winhost y block.exe (Solucionado)

Ver Mensaje Individual

post #5 (permalink)

19/05/08, 19:55:16

alfah21

Usuario

Registrado: may 2008

Ubicación: Mexico

Mensajes: 10

Re: problema con winhost y block.exe

hola de nuevo, le dejo los reportes del combofix y del hijackthis.

reporte del combofix

ComboFix 08-05-19.4 - AYAX 2008-05-19 18:39:40.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1613 [GMT -5:00]
Running from: C:\Documents and Settings\AYAX\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\AYAX\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sys32.exe
C:\winhost.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\winhost.exe

.
((((((((((((((((((((((((( Files Created from 2008-04-19 to 2008-05-19 )))))))))))))))))))))))))))))))
.

2008-05-19 10:04 . 2008-05-19 10:05 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-05-19 10:00 . 2008-05-19 10:03 <DIR> d-------- C:\Documents and Settings\AYAX\Application Data\AdobeUM
2008-05-18 18:11 . 2008-05-18 18:11 <DIR> d-------- C:\Program Files\Hamachi
2008-05-18 18:11 . 2008-05-18 19:07 <DIR> d-------- C:\Documents and Settings\AYAX\Application Data\Hamachi
2008-05-18 18:11 . 2008-05-18 18:12 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2008-05-16 17:51 . 2008-05-16 17:51 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-16 16:31 . 2008-05-16 16:31 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-16 15:53 . 2008-05-16 21:06 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-05-16 15:53 . 2008-05-16 15:53 <DIR> d-------- C:\Documents and Settings\AYAX\Application Data\SUPERAntiSpyware.com
2008-05-16 15:53 . 2008-05-16 15:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-16 15:50 . 2008-05-16 15:50 <DIR> d-------- C:\Program Files\CCleaner
2008-05-10 23:35 . 2008-05-10 23:36 1,160 --a------ C:\WINDOWS\mozver.dat
2008-05-10 23:03 . 2008-05-10 23:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2008-05-10 23:02 . 2008-05-10 23:05 <DIR> d-------- C:\Documents and Settings\AYAX\Application Data\Nokia
2008-05-10 23:01 . 2008-05-10 23:01 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2008-05-10 23:01 . 2008-05-10 23:01 <DIR> d-------- C:\Program Files\Nokia
2008-05-10 23:01 . 2008-05-10 23:01 <DIR> d-------- C:\Program Files\DIFX
2008-05-10 23:01 . 2008-05-10 23:01 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2008-05-10 23:01 . 2008-05-10 23:01 <DIR> d-------- C:\Program Files\Common Files\Nokia
2008-05-10 23:01 . 2008-05-10 23:03 <DIR> d-------- C:\Documents and Settings\AYAX\Application Data\PC Suite
2008-05-10 23:01 . 2007-02-22 10:15 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2008-05-10 23:00 . 2008-05-10 23:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Installations
2008-05-10 13:11 . 2008-05-10 14:03 <DIR> d-------- C:\Program Files\HDDGURU LLF Tool
2008-05-10 12:38 . 2008-05-10 14:03 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-10 12:38 . 2008-05-10 14:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-10 12:23 . 2008-05-10 12:29 <DIR> d-------- C:\Program Files\Common Files\SolidWorks Shared
2008-05-10 12:22 . 2008-05-10 12:22 <DIR> d-------- C:\Program Files\Common Files\eDrawings2008
2008-05-10 12:22 . 2008-05-10 12:22 <DIR> d-------- C:\Program Files\AGEIA Technologies
2008-05-09 18:46 . 2008-05-09 19:01 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-05-07 11:20 . 2008-05-07 11:20 <DIR> d-------- C:\Documents and Settings\AYAX\Application Data\Uniblue
2008-05-06 21:06 . 2008-05-06 21:06 <DIR> d-------- C:\Documents and Settings\AYAX\Application Data\Talkback
2008-05-06 21:05 . 2008-05-06 21:05 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-05 23:57 . 2008-05-05 23:57 <DIR> d-------- C:\Documents and Settings\AYAX\Application Data\SolidWorks 2008
2008-04-30 01:28 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-04-30 01:26 . 2008-04-30 01:26 <DIR> d-------- C:\WINDOWS\Sun
2008-04-29 19:17 . 2008-04-29 19:17 <DIR> d--hs---- C:\Documents and Settings\LocalService\Temporary Internet Files
2008-04-29 19:17 . 2008-04-29 19:17 <DIR> d--hs---- C:\Documents and Settings\LocalService\History
2008-04-29 19:14 . 2008-04-29 19:14 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-04-29 19:14 . 2005-10-14 22:42 46,592 --a------ C:\WINDOWS\system32\hpzll43a.dll
2008-04-29 19:14 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-04-29 19:14 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys
2008-04-29 19:13 . 2005-03-14 12:03 278,584 --a------ C:\WINDOWS\system32\HPZidr12.dll
2008-04-29 19:13 . 2005-03-14 12:05 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
2008-04-29 19:13 . 2005-03-08 11:55 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
2008-04-29 19:13 . 2007-08-09 02:27 73,728 --a------ C:\WINDOWS\system32\HPZipm12.exe
2008-04-29 19:13 . 2005-03-14 13:39 65,536 --a------ C:\WINDOWS\system32\HPZinw12.exe
2008-04-29 19:13 . 2005-03-08 11:55 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
2008-04-29 19:03 . 2005-10-28 18:11 614,400 --a------ C:\WINDOWS\system32\hpotscl2.dll
2008-04-29 19:03 . 2005-10-28 18:11 602,112 --a------ C:\WINDOWS\system32\hpowiax2.dll
2008-04-29 19:03 . 2005-10-28 18:11 254,026 --a------ C:\WINDOWS\system32\hpovst09.dll
2008-04-29 19:03 . 2008-04-29 19:15 103,193 --a------ C:\WINDOWS\hpoins08.dat
2008-04-29 19:03 . 2005-09-09 18:28 98,304 --a------ C:\WINDOWS\system32\hpzjsn01.dll
2008-04-29 19:03 . 2005-10-27 20:23 77,824 --a------ C:\WINDOWS\system32\hpzids01.dll
2008-04-29 19:03 . 2006-01-24 16:03 4,445 --------- C:\WINDOWS\hpomdl08.dat
2008-04-29 18:39 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-04-29 18:39 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\dllcache\usbprint.sys
2008-04-28 14:19 . 2008-04-28 14:19 <DIR> d-------- C:\Documents and Settings\AYAX\Application Data\CyberLink
2008-04-27 14:52 . 2008-04-27 14:52 <DIR> d-------- C:\Documents and Settings\AYAX\Application Data\HP
2008-04-26 21:40 . 2008-04-26 21:40 <DIR> d-------- C:\Documents and Settings\AYAX\Application Data\Sonic
2008-04-26 21:40 . 2008-04-26 21:40 <DIR> d-------- C:\Documents and Settings\AYAX\Application Data\Leadertech
2008-04-25 12:41 . 2008-04-25 12:41 <DIR> d-------- C:\Program Files\URUSoft
2008-04-25 01:14 . 2008-04-25 01:15 4,316 --a------ C:\WINDOWS\desctemp.dat
2008-04-23 11:26 . 2008-04-23 11:26 <DIR> d-------- C:\Program Files\Pegasys Inc
2008-04-19 20:48 . 2008-04-19 20:48 <DIR> d-------- C:\Program Files\MegauploadToolbar
2008-04-19 20:48 . 2008-05-19 18:38 <DIR> d-------- C:\Documents and Settings\AYAX\Application Data\MegauploadToolbar

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-05-16 20:52 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-14 19:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-10 22:00 --------- d-----w C:\Program Files\TextAloud
2008-05-10 17:27 --------- d-----w C:\Program Files\SolidWorks
2008-04-30 06:28 --------- d-----w C:\Program Files\Java
2008-04-30 00:13 --------- d-----w C:\Program Files\HP
2008-04-27 19:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-24 00:37 --------- d-----w C:\Documents and Settings\AYAX\Application Data\Ahead
2008-04-22 13:32 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-04-16 03:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Bluetooth
2008-04-16 03:15 --------- d-----w C:\Documents and Settings\AYAX\Application Data\Media Player Classic
2008-04-16 03:14 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-04-16 02:43 --------- d-----w C:\Program Files\IVT Corporation
2008-04-16 02:32 --------- d-----w C:\Program Files\MSBuild
2008-04-16 02:32 --------- d-----w C:\Program Files\Microsoft Works
2008-04-16 02:28 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-04-15 05:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-04-14 05:39 --------- d-----w C:\Program Files\Windows Live
2008-04-12 15:05 --------- d-----w C:\Documents and Settings\AYAX\Application Data\SolidWorks
2008-04-11 01:57 --------- d-----w C:\Program Files\Loquendo
2008-04-10 01:36 --------- d-----w C:\Program Files\MSECACHE
2008-04-10 01:13 --------- d-----w C:\Program Files\Ares
2008-04-09 23:55 --------- d-----w C:\Program Files\MSXML 6.0
2008-04-08 01:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\SolidWorks
2008-04-08 00:54 --------- d-----w C:\Program Files\Reference Assemblies
2008-04-08 00:50 --------- d-----w C:\Program Files\Microsoft.NET
2008-04-08 00:26 --------- d-----w C:\Program Files\MATLAB
2008-04-08 00:16 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-04-08 00:15 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Xfire
2008-04-08 00:15 --------- d-----w C:\Documents and Settings\AYAX\Application Data\Xfire
2008-04-08 00:14 --------- d-----w C:\Program Files\Xfire
2008-04-07 23:56 --------- d-----w C:\Program Files\Windows Installer Clean Up
2008-04-07 23:55 --------- d-----w C:\Program Files\MSXML 4.0
2008-04-07 23:40 --------- d-----w C:\Program Files\Teamspeak2_RC2
2008-04-07 23:40 --------- d-----w C:\Documents and Settings\AYAX\Application Data\teamspeak2
2008-04-07 23:37 --------- d-----w C:\Program Files\TI Education
2008-04-07 23:37 --------- d-----w C:\Program Files\Common Files\TI Shared
2008-04-07 23:31 --------- d-----w C:\Program Files\Microsoft Games
2008-04-07 23:27 --------- d-----w C:\Program Files\activePDF
2008-04-07 22:32 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-04-07 22:31 --------- d-----w C:\Program Files\Common Files\Ahead
2008-04-07 22:30 --------- d-----w C:\Program Files\Nero
2008-04-07 22:17 --------- d-----w C:\Program Files\Microchip
2008-04-07 22:14 --------- d-----w C:\Program Files\Hide IP Platinum
2008-04-07 22:12 --------- d-----w C:\Program Files\Festo Fluidsim
2008-04-07 22:11 --------- d-----w C:\Program Files\Electronics Workbench
2008-04-07 21:08 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-07 21:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-07 20:45 --------- d-----w C:\Program Files\Alwil Software
2008-04-07 20:34 --------- d-----w C:\Program Files\RGB
2008-04-07 19:32 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-07 19:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-07 19:26 --------- d-----w C:\Program Files\NetWaiting
2008-04-07 19:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\WildTangent
2008-04-07 09:58 --------- d-----w C:\Program Files\HP Pavilion Webcam Demo
2008-04-07 09:58 --------- d-----w C:\Program Files\Hewlett-Packard
2008-04-07 09:55 1,787 --sha-r C:\WINDOWS\system32\drivers\103C_HP_NTBK_HP Pavilion dv6000 (RG372UA#ABA)_YN_0Pavi_QCNF6410S04_E419857002_46_I 30BB_SQuanta_V66.37_BF.16_T070202_WXP2_L409_M2039_ J120_7Intel_8Core2 T5500_91.66_#060911_N80861092_(RG372UA#ABA)_XMOBIL E_CN10_Z.MRK
2008-04-07 09:50 --------- d-----w C:\Program Files\HPQ
2008-04-07 09:32 --------- d-----w C:\Program Files\Windows Plus
2008-04-07 09:32 --------- d-----w C:\Program Files\WildTangent
2008-04-07 09:32 --------- d-----w C:\Program Files\Synaptics
2008-04-07 09:32 --------- d-----w C:\Program Files\Sonic
2008-04-07 09:30 --------- d-----w C:\Program Files\muvee Technologies
2008-04-07 09:28 --------- d-----w C:\Program Files\microsoft frontpage
2008-04-07 09:23 --------- d-----w C:\Program Files\DivX
2008-04-07 09:23 --------- d-----w C:\Program Files\CONEXANT
2008-04-07 09:23 --------- d-----w C:\Program Files\Common Files\TiVo Shared
2008-04-07 09:23 --------- d-----w C:\Program Files\Common Files\SureThing Shared
2008-04-07 09:23 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2008-04-07 09:23 --------- d-----w C:\Program Files\Common Files\muvee Technologies
2008-04-07 09:22 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-04-07 09:22 --------- d-----w C:\Program Files\Common Files\Java
2008-04-07 09:22 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-07 09:22 --------- d-----w C:\Program Files\Common Files\HP
2008-04-07 09:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sonic
2008-04-07 09:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\SBSI
2008-04-07 09:15 --------- d-----w C:\Documents and Settings\AYAX\Application Data\Intuit
2008-04-07 09:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Intuit
2008-04-07 09:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2008-04-07 09:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2008-04-07 09:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-04-07 09:15 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Intuit
.

((((((((((((((((((((((((((((( snapshot@2008-05-16_15.21.02.95 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-16 19:44:20 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-19 23:43:26 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-19 15:05:19 25,214 ----a-r C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A71000000002}\SC_Reader.exe
- 2008-05-12 16:44:11 1,152,888 ----a-w C:\WINDOWS\system32\aswBoot.exe
+ 2008-05-15 23:24:43 1,152,888 ----a-w C:\WINDOWS\system32\aswBoot.exe
- 2008-05-12 16:32:02 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
+ 2008-05-15 23:12:36 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
- 2008-05-12 16:33:19 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
+ 2008-05-15 23:13:26 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
- 2008-05-12 16:38:45 20,560 ----a-w C:\WINDOWS\system32\drivers\aswFsBlk.sys
+ 2008-05-15 23:16:06 20,560 ----a-w C:\WINDOWS\system32\drivers\aswFsBlk.sys
- 2008-05-12 16:38:25 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
+ 2008-05-15 23:18:33 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
- 2008-05-12 16:34:42 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
+ 2008-05-15 23:15:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
- 2008-05-12 16:36:18 77,904 ----a-w C:\WINDOWS\system32\drivers\aswSP.sys
+ 2008-05-15 23:20:32 78,416 ----a-w C:\WINDOWS\system32\drivers\aswSP.sys
- 2008-05-12 16:33:38 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
+ 2008-05-15 23:14:11 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
+ 2005-05-17 00:34:48 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-09-10 15:47:42 65,536 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-09-10 15:47:42 790,528 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
+ 2008-05-19 23:43:30 16,384 ----atw C:\WINDOWS\temp\Perflib_Perfdata_b8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-15 23:00 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-11-07 15:34 3739672]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 23:56 64512]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 00:58 458752]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-22 15:17 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-22 15:13 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-22 15:17 118784]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 10:02 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-17 00:22 794713]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-10-18 18:12 102400]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 18:30 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 18:30 81920]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 13:33 163840]
"Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-06-19 12:50 40960]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 12:23 1187840]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24 54840]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.e xe" [2001-07-09 10:50 155648]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 13:20 227328]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 15:58 1744896]

C:\Documents and Settings\AYAX\Start Menu\Programs\Startup\
SolidWorks Task Scheduler Engine.lnk - C:\Program Files\SolidWorks\swScheduler\swBOEngine.exe [2007-09-09 06:51:40 488728]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]
HP Pavilion Webcam Tray Icon.lnk - C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe [2008-04-07 04:58:15 102400]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-24 11:39:30 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll
"VIDC.YV12"= yv12vfw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\mqsvc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft Games\\Halo Custom Edition\\haloce.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\Documents and Settings\\AYAX\\My Documents\\Juegos\\Age of Empires\\age2_x1.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-15 18:20]
R2 {22D78859-9CE9-4B77-BF18-AC83E81A9263};{22D78859-9CE9-4B77-BF18-AC83E81A9263};C:\Program Files\HP\QuickPlay\000.fcl [2007-10-18 18:12]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswF sBlk.sys [2008-05-15 18:16]
S3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;C:\WINDOWS\system32\Drivers\5U870CAP.sys [2006-06-06 15:39]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{c15e9e14-08a5-11dd-9530-0018de313bcb}]
\Shell\AutoRun\command - F:\m9j.com
\Shell\explore\Command - F:\m9j.com
\Shell\open\Command - F:\m9j.com

.
************************************************** ************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-19 18:43:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe????????????L?@? ??? ]??????`?@?????L?@

scanning hidden files ...

C:\Documents and Settings\AYAX\Application Data\SolidWorks 2008\Scheduler_1\swbo1.ldb 64 bytes

scan completed successfully
hidden files: 1

************************************************** ************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{ 22D78859-9CE9-4B77-BF18-AC83E81A9263}]
"ImagePath"="\??\C:\Program Files\HP\QuickPlay\000.fcl"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\msdtc.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\SOLIDW~1\swScheduler\swBOEngine.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\ehome\ehmsas.exe
.
************************************************** ************************
.
Completion time: 2008-05-19 18:49:07 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-19 23:49:04
ComboFix2.txt 2008-05-18 03:31:47
ComboFix3.txt 2008-05-16 20:21:11
ComboFix4.txt 2008-05-06 05:27:03

Pre-Run: 37,159,370,752 bytes free
Post-Run: 37,255,671,808 bytes free

317 --- E O F --- 2008-05-16 05:59:11

reporte de hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:49:52 PM, on 5/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
C:\Program Files\SolidWorks\swScheduler\swBOEngine.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion &pf=laptop
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\PROGRA~1\TEXTAL~1\TAForIE.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - S-1-5-18 Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - Startup: SolidWorks Task Scheduler Engine.lnk = C:\Program Files\SolidWorks\swScheduler\swBOEngine.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Pavilion Webcam Tray Icon.lnk = C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion &pf=laptop
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/spanish/kavwebscan_ansi.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe

--
End of file - 9924 bytes

y por ultimo le pido un consejo, yo manejo desde ya hace tiempo Avast y spybot search & destroy, son buenos o seria congruente cambiarme de antivirus y detector de malwares. De antemano gracias.

Saludos.