| Virus Zlob.gen!GV ha invadido mi maquina ayuda!!!
Mi maquina se contagio con este Zlob.gen y me dejo metido el desktop.ini use el comofix y se arreglo algo, pero sigue apareciendo el desktop.ini, que puedo hacer? Abajo encontraran el como fix: AYUDA POR FAVOR!!!
ComboFix 08-08-10.05 - maryluz 2008-08-11 18:01:34.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1017 [GMT -6:00]
Running from: C:\Users\maryluz\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2008-07-12 to 2008-08-12 )))))))))))))))))))))))))))))))
.
2008-08-11 17:58 . 2008-08-11 17:59 <DIR> d-------- C:\327882R2FWJFW
2008-08-11 14:28 . 2008-08-11 14:28 3,631 --a------ C:\DD65.tmp
2008-08-11 14:27 . 2008-08-11 14:27 3,631 --a------ C:\A2B6.tmp
2008-08-11 14:26 . 2008-08-11 14:26 3,631 --a------ C:\B4A0.tmp
2008-08-11 14:26 . 2008-08-11 14:50 39 --a------ C:\MUI00
2008-08-09 07:29 . 2008-08-09 07:29 <DIR> d-------- C:\Program Files\Sony
2008-08-08 10:43 . 2008-08-08 10:43 <DIR> d--h----- C:\Users\All Users\CanonBJ
2008-08-08 10:43 . 2008-08-08 10:43 <DIR> d--h----- C:\ProgramData\CanonBJ
2008-08-08 10:42 . 2006-09-12 20:00 197,632 --a------ C:\Windows\System32\CNMLM86.DLL
2008-08-03 22:42 . 2008-08-03 22:42 <DIR> d-------- C:\Windows\System32\Adobe
2008-08-03 20:22 . 2008-08-03 20:22 <DIR> d-------- C:\Users\All Users\WindowsSearch
2008-08-03 20:22 . 2008-08-03 20:22 <DIR> d-------- C:\ProgramData\WindowsSearch
2008-08-03 19:20 . 2008-08-03 21:16 <DIR> d-------- C:\Temp
2008-08-02 00:24 . 2008-08-11 12:25 <DIR> d-------- C:\IPPVR
2008-07-28 08:19 . 2008-05-26 23:21 1,582,592 --a------ C:\Windows\System32\tquery.dll
2008-07-28 08:19 . 2008-05-26 23:21 1,418,240 --a------ C:\Windows\System32\mssrch.dll
2008-07-28 08:19 . 2008-05-26 23:18 670,208 --a------ C:\Windows\System32\mssvp.dll
2008-07-28 08:19 . 2008-05-26 23:18 350,208 --a------ C:\Windows\System32\mssph.dll
2008-07-28 08:19 . 2008-05-26 23:18 203,776 --a------ C:\Windows\System32\mssphtb.dll
2008-07-27 17:15 . 2008-07-27 17:15 2,896 --a------ C:\Windows\System32\requestBody.xml
2008-07-27 17:15 . 2008-07-27 17:15 1,883 --a------ C:\Windows\System32\responseBody.xml
2008-07-27 17:15 . 2008-07-27 17:15 964 --a------ C:\Windows\System32\request.gzip
2008-07-22 00:04 . 2008-07-22 00:04 <DIR> d-------- C:\Program Files\iTunes
2008-07-22 00:04 . 2008-07-22 00:04 <DIR> d-------- C:\Program Files\iPod
2008-07-22 00:02 . 2008-07-22 00:03 <DIR> d-------- C:\Program Files\QuickTime
2008-07-21 10:56 . 2008-07-21 10:56 <DIR> d-------- C:\Users\maryluz\AppData\Roaming\Move Networks
2008-07-18 12:34 . 2008-07-18 12:34 586,240 --a------ C:\Windows\WLXPGSS.SCR
2008-07-14 20:41 . 2008-07-14 20:41 <DIR> d-------- C:\Program Files\Sun
2008-07-12 21:00 . 2008-07-18 11:02 54,156 --ah----- C:\Windows\QTFont.qfn
2008-07-12 21:00 . 2008-07-12 21:00 1,409 --a------ C:\Windows\QTFont.for
2008-07-12 08:59 . 2008-07-12 08:59 16,732,450 --------- C:\avg7qt.dat
2008-07-12 08:59 . 2008-07-12 08:59 56 --ah----- C:\Windows\System32\ezsidmv.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-08-12 00:01 --------- d-----w C:\Users\maryluz\AppData\Roaming\Skype
2008-08-11 22:17 --------- d-----w C:\Users\maryluz\AppData\Roaming\AVG7
2008-08-11 22:03 --------- d-----w C:\Users\maryluz\AppData\Roaming\skypePM
2008-08-11 18:38 13,119 ----a-w C:\Users\maryluz\AppData\Roaming\nvModes.dat
2008-08-11 18:25 --------- d-----w C:\ProgramData\avg7
2008-08-11 14:20 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-09 13:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-04 02:59 --------- d-----w C:\Users\maryluz\AppData\Roaming\Hewlett-Packard
2008-08-04 02:58 --------- d-----w C:\Program Files\Hewlett-Packard
2008-08-02 03:08 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-07-30 15:46 --------- d-----w C:\Users\maryluz\AppData\Roaming\Yahoo!
2008-07-22 06:04 --------- d-----w C:\ProgramData\Apple Computer
2008-07-15 02:41 --------- d-----w C:\Program Files\Java
2008-07-11 17:15 --------- d-----w C:\ProgramData\Microsoft Help
2008-07-09 15:16 --------- d-----w C:\Program Files\Windows Mail
2008-07-05 19:05 --------- d-----w C:\Program Files\Common Files\Skype
2008-06-26 03:29 801,280 ----a-w C:\Windows\System32\NaturalLanguage6.dll
2008-06-26 01:45 2,644,480 ----a-w C:\Windows\System32\NlsLexicons0009.dll
2008-06-26 01:45 12,240,896 ----a-w C:\Windows\System32\NlsLexicons0007.dll
2008-06-16 06:02 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_ 00.Wdf
2008-06-14 18:17 --------- d-----w C:\Program Files\Windows Sidebar
2008-06-14 18:17 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-06-14 18:17 --------- d-----w C:\Program Files\Windows Journal
2008-06-14 18:17 --------- d-----w C:\Program Files\Windows Defender
2008-06-14 18:17 --------- d-----w C:\Program Files\Windows Collaboration
2008-06-14 18:17 --------- d-----w C:\Program Files\Windows Calendar
2008-06-14 18:02 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-06-14 18:02 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-06-11 20:41 21,248 ----a-w C:\Windows\Help\OEM\scripts\HPScript.exe
2008-05-27 05:18 71,680 ----a-w C:\Windows\System32\propdefs.dll
2008-05-27 05:18 56,320 ----a-w C:\Windows\System32\xmlfilter.dll
2008-05-27 05:18 44,032 ----a-w C:\Windows\System32\msstrc.dll
2008-05-27 05:18 439,808 ----a-w C:\Windows\System32\SearchIndexer.exe
2008-05-27 05:18 40,448 ----a-w C:\Windows\System32\mimefilt.dll
2008-05-27 05:18 38,400 ----a-w C:\Windows\System32\rtffilt.dll
2008-05-27 05:18 29,184 ----a-w C:\Windows\System32\wsepno.dll
2008-05-27 05:18 231,936 ----a-w C:\Windows\System32\msshsq.dll
2008-05-27 05:18 184,832 ----a-w C:\Windows\System32\SearchProtocolHost.exe
2008-05-27 05:18 136,704 ----a-w C:\Windows\System32\nlhtml.dll
2008-05-27 04:59 18,904 ----a-w C:\Windows\System32\StructuredQuerySchemaTrivial.b in
2008-05-27 04:59 106,605 ----a-w C:\Windows\System32\StructuredQuerySchema.bin
2008-04-28 17:48 201,728 ----a-w C:\Program Files\A-Patch140rc2b17_WLM.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 01:33 1233920]
"HPAdvisor"="C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-03-20 16:23 1773568]
"EPSON Stylus CX5800F Series"="C:\Windows\system32\spool\DRIVERS\W32X86\ 3\E_FATIALA.EXE" [2006-12-20 05:00 177664]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-05-30 14:54 21718312]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2008-04-28 11:45 5724184]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe" [2008-05-17 08:32 171448]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 16:43 4670704]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 01:33 125952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 01:05 1045800]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-03-28 18:45 176128]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-18 09:41 579584]
"HP Health Check Scheduler"="c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 13:42 70912]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 03:27 144784]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 15:24 54840]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-02-28 12:26 90191]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-02-28 12:26 7770112]
"NvMediaCenter"="C:\Windows\system32\NvMcTray. dll" [2007-02-28 12:26 81920]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-10 10:51 289064]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 15:15 480560]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-13 08:25 219136]
C:\Users\maryluz\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 04:45:42 101784]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
2008-03-13 08:25 9216 C:\Windows\System32\avgwlntf.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
--a------ 2008-02-20 08:33 963072 C:\Program Files\Ares\Ares.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"EarthLink2"= TCP:Profile=Private|Profile=Public|C:\Program Files\earthlink totalaccess\taskpanl.exe:taskpanl
"EarthLink1"= UDP:Profile=Private|Profile=Public|C:\Program Files\earthlink totalaccess\taskpanl.exe:taskpanl
"TCP Query User{A99EBAA7-22FA-429F-B8A3-8D22A84CD85D}C:\\program files\\windows live\\messenger\\msnmsgr.exe"= UDP:C:\program files\windows live\messenger\msnmsgr.exe:Windows Live Messenger
"UDP Query User{BB86CC73-7F82-4EDD-8266-BECC51106AAC}C:\\program files\\windows live\\messenger\\msnmsgr.exe"= TCP:C:\program files\windows live\messenger\msnmsgr.exe:Windows Live Messenger
"TCP Query User{36029472-CD4E-427C-9FF4-0382AFA5DAFE}C:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:C:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"UDP Query User{12EA6198-E69E-4091-8BB7-BBC5AB687E02}C:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:C:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"TCP Query User{2CCE272F-0D71-4579-BFB0-EB1F8EB2E115}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{8EB97B50-99A2-4CE8-83BC-03974BD1D1A3}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{7513D8A4-F9D5-4C37-85A9-1946EAE7EB53}C:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:C:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"UDP Query User{1E564005-FB17-4F84-9D03-7199690626A0}C:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:C:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"TCP Query User{5880329F-EB52-46D5-B5B4-D1749717C465}C:\\program files\\myspace\\im\\myspaceim.exe"= UDP:C:\program files\myspace\im\myspaceim.exe:MySpace Instant Messenger
"UDP Query User{C3F41459-BD02-4B4B-A3E8-050AA823AD48}C:\\program files\\myspace\\im\\myspaceim.exe"= TCP:C:\program files\myspace\im\myspaceim.exe:MySpace Instant Messenger
"TCP Query User{22F65797-F506-4C6E-A263-0D9A166073E6}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{15A9BD4F-ECE4-477C-91F3-29A7203F7582}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"{4F07E334-A6A7-4FB2-B666-19B956ADC828}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{A5DA0216-9D58-4559-9C15-006A54D58130}C:\\program files\\myspace\\im\\myspaceim.exe"= UDP:C:\program files\myspace\im\myspaceim.exe:MySpace Instant Messenger
"UDP Query User{413CD007-0279-4F33-A691-5FD14F0F4D49}C:\\program files\\myspace\\im\\myspaceim.exe"= TCP:C:\program files\myspace\im\myspaceim.exe:MySpace Instant Messenger
"{6EF59342-BFCF-4B0C-A4C8-065E24971F08}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{770822E0-F3CD-419C-8A7C-A8DEF7F5828B}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{A78C0BD6-47A0-42E2-BD24-EB55A18B3287}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{006BAC89-4A8C-4B36-93F6-CA4B0C875775}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{0F4A233C-4232-478C-B922-8508CFA6B455}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{F0FA3A52-4321-4B15-837E-6D724F2F822C}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{E328D928-3A1E-4AF7-BB8B-10757B20827E}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{A4D444E7-04BE-4F71-940D-C09B755073A1}C:\\users\\maryluz\\music\\emule\\emu le.exe"= UDP:C:\users\maryluz\music\emule\emule.exe:emule.e xe
"UDP Query User{C16BDE07-5405-4365-B60E-0BA1ABAFB666}C:\\users\\maryluz\\music\\emule\\emu le.exe"= TCP:C:\users\maryluz\music\emule\emule.exe:emule.e xe
"TCP Query User{28016DAA-129C-4C9F-90AD-A95CCA5DC9DE}C:\\program files\\ares\\ares.exe"= UDP:C:\program files\ares\ares.exe:Ares p2p for windows
"UDP Query User{1B6FA53C-7897-4A22-99DB-8E4891337911}C:\\program files\\ares\\ares.exe"= TCP:C:\program files\ares\ares.exe:Ares p2p for windows
"TCP Query User{61D78354-429E-4FF9-B7A5-457DD148CB0E}C:\\program files\\ares\\ares.exe"= UDP:C:\program files\ares\ares.exe:Ares p2p for windows
"UDP Query User{AA2BCC20-C9BE-437D-8157-4F3183B620A4}C:\\program files\\ares\\ares.exe"= TCP:C:\program files\ares\ares.exe:Ares p2p for windows
"TCP Query User{AB324F9B-EE04-4B80-BDE5-416DF667F366}C:\\programdata\\kaspersky lab setup files\\kaspersky internet security 7.0.1.325\\english\\setup.exe"= UDP:C:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.325\english\setup.exe:Kaspersky Internet Security 7.0 Setup
"UDP Query User{A88D639E-22F6-477C-A1F2-4FC9D82E4CDB}C:\\programdata\\kaspersky lab setup files\\kaspersky internet security 7.0.1.325\\english\\setup.exe"= TCP:C:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.325\english\setup.exe:Kaspersky Internet Security 7.0 Setup
"{5D237D09-23E3-4AAF-B902-08AD78B2E2F9}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{B6076B21-A273-425B-AA5E-EB850A2DC824}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{64E594EF-9682-4014-BD92-FA34D0B7EAE8}"= UDP:C:\Program Files\Online Services\Aolca\InstallAol.exe:AOL
"{0898E914-0CBA-4D44-AB04-D73541BC60AD}"= TCP:C:\Program Files\Online Services\Aolca\InstallAol.exe:AOL
"{314E3A00-9A23-4DD9-A6F2-5593D96C356C}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
"{47523335-A1FA-4936-9A08-0B002FC225FF}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{934F8C0A-5F79-416A-A4D0-DA8606FB58D5}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{23BAB454-40EE-4094-974F-A75AEF86B2F4}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{3125E8F2-DB8F-468B-9DC9-7715B82F1D55}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{17D83EC5-51CA-4FFA-994E-249FA86846BB}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{E52DD35D-0D49-405C-9C2A-B2225A20965F}"= UDP:C:\Windows\SMINST\CD Creator.exe:Recovery Disc Creation
"{AE1AF81A-3204-4704-8E4B-3DF9245F04A7}"= TCP:C:\Windows\SMINST\CD Creator.exe:Recovery Disc Creation
"TCP Query User{EC31F36F-44A7-4E0B-8A59-DA6CCC0FFE84}E:\\ippvr.exe"= UDP:E:\ippvr.exe:IPPVR
"UDP Query User{1888CB5F-F570-4F59-A37E-ADAAFCB88EA4}E:\\ippvr.exe"= TCP:E:\ippvr.exe:IPPVR
"TCP Query User{3B1FB490-AED5-4137-A600-B73187C765D3}C:\\ippvr\\ippvr.exe"= UDP:C:\ippvr\ippvr.exe:IPPVR
"UDP Query User{B5062483-8D29-4E94-B9C8-43102C7339D6}C:\\ippvr\\ippvr.exe"= TCP:C:\ippvr\ippvr.exe:IPPVR
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
R3 AvgWFP;AVG7 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfp.sys [2008-03-13 08:25]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service;C:\Windows\system32\drivers\CHDRT32.sys [2008-03-03 04:10]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{180906bf-9c58-11dc-b3b8-806e6f6e6963}]
\shell\AutoRun\command - E:\disk1.bat
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{73e8ae91-c45a-11dc-84a8-001b2485b8a6}]
\shell\AutoRun\command - E:\d.com
\shell\explore\Command - E:\d.com
\shell\open\Command - E:\d.com
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
2008-04-26 C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]
2008-07-28 C:\Windows\Tasks\HPCeeScheduleFormaryluz.job
- C:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-03-23 15:23]
2008-08-11 C:\Windows\Tasks\User_Feed_Synchronization-{44CB0ACF-B851-41B8-B013-B249CF05A0EB}.job
- C:\Windows\system32\msfeedssync.exe [2008-01-19 01:33]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Users\maryluz\AppData\Roaming\Mozilla\Firefox\P rofiles\15b1k73q.default\
************************************************** ************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-11 18:05:50
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
C:\Users\maryluz\AppData\Local\Temp\~DFCBC4.tmp 770048 bytes
C:\Users\maryluz\AppData\Local\Temp\~DFCD15.tmp 512 bytes
scan completed successfully
hidden files: 2
************************************************** ************************
.
Completion time: 2008-08-11 18:07:37
ComboFix-quarantined-files.txt 2008-08-12 00:07:31
ComboFix2.txt 2008-03-22 00:31:43
Pre-Run: 82,644,692,992 bytes free
Post-Run: 82,643,222,528 bytes free
230 --- E O F --- 2008-08-08 14:48:22  |