Foro de Spyware - Ver Mensaje Individual - troyano not-a-virus:FraudTool.Win32.WinAntiVirus.bb segun kaspersky online

Tema: troyano not-a-virus:FraudTool.Win32.WinAntiVirus.bb segun kaspersky online

Ver Mensaje Individual

post #3 (permalink)

21/08/08, 00:00:38

Vituperio Viole Vituperio Viole está offline

Usuario

Registrado: feb 2006

Ubicación: Argentina

Mensajes: 36

Re: troyano not-a-virus:FraudTool.Win32.WinAntiVirus.bb segun kaspersky online

ante todo gracias Thecat_re

bueno los logs son estos:
Malwarebytes' Anti-Malware 1.25
Versión de la Base de Datos: 1073
Windows 6.0.6000

21:51:02 2008-08-20
mbam-log-08-20-2008 (21-50-58).txt

Tipo de examen : Examen Completo (C:\|D:\|E:\|)
Objetos examinados: 127138
Tiempo transcurrido: 11 minute(s), 25 second(s)

Procesos en Memoria Infectados: 0
Módulos en Memoria Infectados: 0
Claves del Registro Infectadas: 1
Valores del Registro Infectados: 0
Elementos de Datos del Registro Infectados: 0
Carpetas Infectadas: 2
Ficheros Infectados: 17

Procesos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Módulos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Claves del Registro Infectadas:
HKEY_CURRENT_USER\SOFTWARE\VAV (Rogue.VistaAntivirus2008) -> No action taken.

Valores del Registro Infectados:
(No se han detectado elementos maliciosos)

Elementos de Datos del Registro Infectados:
(No se han detectado elementos maliciosos)

Carpetas Infectadas:
C:\Program Files\PCHealthCenter (Trojan.Fakealert) -> No action taken.
C:\Program Files\VAV (Rogue.VistaAntivirus2008) -> No action taken.

Ficheros Infectados:
C:\Program Files\PCHealthCenter\0.exe (Trojan.FakeAlert) -> No action taken.
C:\Program Files\PCHealthCenter\7.exe (Trojan.FakeAlert) -> No action taken.
C:\Program Files\PCHealthCenter\0.gif (Trojan.Fakealert) -> No action taken.
C:\Program Files\PCHealthCenter\1.gif (Trojan.Fakealert) -> No action taken.
C:\Program Files\PCHealthCenter\2.gif (Trojan.Fakealert) -> No action taken.
C:\Program Files\PCHealthCenter\3.gif (Trojan.Fakealert) -> No action taken.
C:\Program Files\PCHealthCenter\sc.html (Trojan.Fakealert) -> No action taken.
C:\Program Files\PCHealthCenter\sex1.ico (Trojan.Fakealert) -> No action taken.
C:\Program Files\PCHealthCenter\sex2.ico (Trojan.Fakealert) -> No action taken.
C:\Program Files\VAV\vav.cpl (Rogue.VistaAntivirus2008) -> No action taken.
C:\Program Files\VAV\vav0.dat (Rogue.VistaAntivirus2008) -> No action taken.
C:\Program Files\VAV\vav1.dat (Rogue.VistaAntivirus2008) -> No action taken.
C:\WINDOWS\System32\sex1.ico (Malware.Trace) -> No action taken.
C:\WINDOWS\System32\sex2.ico (Malware.Trace) -> No action taken.
C:\WINDOWS\System32\vav.cpl (Rogue.VistaAntivirus2008) -> No action taken.
C:\Users\Los Dávola\AppData\Local\Temp\bindsrv2.exe (Trojan.FakeAlert) -> No action taken.
C:\Users\Los Dávola\AppData\Local\Temp\atmadm2.exe (Trojan.FakeAlert) -> No action taken.

---------------------------------------------------------------------------------------------------------------------------------------------------------------

ComboFix 08-08-19.06 - Los Dávola 2008-08-20 23:38:56.1 - NTFSx86
Microsoft® Windows Vista™ Starter 6.0.6000.0.1252.1.3082.18.86 [GMT -3:00]
Se ejecuta desde: C:\Users\Los Dávola\Desktop\Emilio\Soft\ComboFix.exe
* Creado un nuevo punto de restauración
.

(((((((((((((((((( Archivos creados desde 2008-07-21 - 2008-08-21 )))))))))))))))))))))))))))))))))
.

2008-08-20 22:24 . 2008-08-20 22:24 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-08-20 21:34 . 2008-08-20 21:34 <DIR> d-------- C:\Users\Los Dávola\AppData\Roaming\Malwarebytes
2008-08-20 21:34 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\System32\drivers\mbam.sys
2008-08-20 21:33 . 2008-08-20 21:33 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-08-20 21:33 . 2008-08-20 21:34 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-20 21:33 . 2008-08-20 21:33 <DIR> d-------- C:\PROGRA~2\Malwarebytes
2008-08-20 00:26 . 2008-08-20 02:42 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2008-08-20 00:22 . 2008-08-20 00:22 <DIR> d-------- C:\!KillBox
2008-08-19 00:35 . 2008-08-19 00:35 <DIR> d-------- C:\WINDOWS\System32\Kaspersky Lab
2008-08-18 23:27 . 2008-08-18 23:30 <DIR> d-------- C:\Program Files\CCleaner
2008-08-18 19:57 . 2008-01-21 17:43 13,576 --a------ C:\WINDOWS\System32\wnaspi32.dll
2008-08-18 06:08 . 2008-08-18 06:08 <DIR> d-------- C:\Users\Los Dávola\Program Files
2008-08-18 06:08 . 2008-08-18 06:08 <DIR> d-------- C:\Users\Los Dávola\Program Files
2008-08-18 05:11 . 2008-08-18 05:14 <DIR> d-------- C:\Program Files\ISOpen
2008-08-18 05:00 . 2008-08-18 05:01 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-08-18 04:12 . 2008-08-18 04:12 1,712,984 --a------ C:\WINDOWS\System32\wuaueng.dll
2008-08-18 04:12 . 2008-08-18 04:12 1,524,224 --a------ C:\WINDOWS\System32\wucltux.dll
2008-08-18 04:12 . 2008-08-18 04:12 549,720 --a------ C:\WINDOWS\System32\wuapi.dll
2008-08-18 04:12 . 2008-08-18 04:12 163,000 --a------ C:\WINDOWS\System32\wuwebv.dll
2008-08-18 04:12 . 2008-08-18 04:12 80,896 --a------ C:\WINDOWS\System32\wudriver.dll
2008-08-18 04:12 . 2008-08-18 04:12 53,080 --a------ C:\WINDOWS\System32\wuauclt.exe
2008-08-18 04:12 . 2008-08-18 04:12 43,352 --a------ C:\WINDOWS\System32\wups2.dll
2008-08-18 04:12 . 2008-08-18 04:12 33,624 --a------ C:\WINDOWS\System32\wups.dll
2008-08-18 04:12 . 2008-08-18 04:12 31,232 --a------ C:\WINDOWS\System32\wuapp.exe
2008-08-18 03:38 . 2008-08-18 03:38 <DIR> d-------- C:\Users\Los Dávola\AppData\Roaming\ESET
2008-08-18 03:33 . 2008-08-18 03:33 <DIR> d-------- C:\Users\All Users\ESET
2008-08-18 03:33 . 2008-08-18 03:33 <DIR> d-------- C:\Program Files\ESET
2008-08-18 03:33 . 2008-08-18 03:33 <DIR> d-------- C:\PROGRA~2\ESET
2008-08-18 02:55 . 2008-08-20 23:37 <DIR> d-------- C:\Users\Los Dávola\AppData\Roaming\DNA
2008-08-18 02:55 . 2008-08-18 19:45 <DIR> d-------- C:\Users\Los Dávola\AppData\Roaming\BitTorrent
2008-08-18 02:55 . 2008-08-18 02:55 <DIR> d-------- C:\Program Files\DNA
2008-08-18 02:55 . 2008-08-18 03:30 <DIR> d-------- C:\Program Files\BitTorrent
2008-08-18 02:34 . 2008-08-18 02:34 <DIR> d-------- C:\Users\Los Dávola\AppData\Roaming\WinRAR
2008-08-18 02:08 . 2008-08-18 02:08 <DIR> d-------- C:\Program Files\Skype
2008-08-18 02:08 . 2008-08-18 02:08 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-08-18 02:07 . 2008-08-18 02:08 <DIR> d-------- C:\Users\All Users\Skype
2008-08-18 02:07 . 2008-08-18 02:08 <DIR> d-------- C:\PROGRA~2\Skype
2008-08-18 01:18 . 2008-08-18 23:28 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-08-18 01:18 . 2008-08-18 01:18 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-08-18 01:18 . 2008-08-18 23:28 <DIR> d-------- C:\PROGRA~2\Spybot - Search & Destroy
2008-08-18 01:13 . 2006-10-04 23:42 2,560 --------- C:\WINDOWS\System32\drivers\cdralw2k.sys
2008-08-18 01:13 . 2006-10-04 23:42 2,432 --------- C:\WINDOWS\System32\drivers\cdr4_xp.sys
2008-08-18 01:12 . 2008-08-18 01:13 <DIR> d-------- C:\Program Files\Picasa2
2008-08-18 01:12 . 2008-08-18 01:12 <DIR> d-------- C:\Program Files\Google
2008-08-18 00:33 . 2008-08-18 02:45 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-08-18 00:32 . 2008-08-18 02:45 <DIR> d-------- C:\Program Files\Windows Live
2008-08-18 00:31 . 2008-08-18 00:31 <DIR> d-------- C:\Users\Los Dávola\AppData\Roaming\Macromedia
2008-08-18 00:31 . 2008-08-18 02:31 <DIR> d-------- C:\Users\Los Dávola\AppData\Roaming\Adobe
2008-08-18 00:30 . 2008-08-18 00:30 <DIR> d-------- C:\Users\Los Dávola\Application Data
2008-08-18 00:30 . 2008-08-18 00:30 <DIR> d-------- C:\Users\Los Dávola\Application Data
2008-08-18 00:28 . 2008-08-18 02:35 <DIR> d-------- C:\Users\All Users\WLInstaller
2008-08-18 00:28 . 2008-08-18 02:35 <DIR> d-------- C:\PROGRA~2\WLInstaller
2008-08-18 00:26 . 2006-10-26 19:58 30,512 --a------ C:\WINDOWS\System32\mdimon.dll
2008-08-18 00:19 . 2008-08-18 00:19 <DIR> d-------- C:\Users\Los Dávola\AppData\Roaming\Mozilla
2008-08-18 00:15 . 2008-08-18 00:15 <DIR> d-------- C:\WINDOWS\PCHEALTH
2008-08-18 00:15 . 2008-08-18 00:15 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-08-18 00:07 . 2008-08-18 00:07 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-08-18 00:07 . 2008-08-18 00:07 <DIR> d-------- C:\IDE
2008-08-18 00:06 . 2008-08-18 00:16 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-08-18 00:05 . 2008-08-18 00:05 <DIR> dr-h----- C:\MSOCache
2008-08-17 23:56 . 2008-08-17 23:56 <DIR> d-------- C:\WINDOWS\System32\ShellExt
2008-08-17 23:54 . 2008-08-17 23:59 <DIR> d-------- C:\Program Files\SysinternalsSuite
2008-08-17 23:53 . 2008-08-17 23:53 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-17 23:45 . 2008-08-17 23:45 <DIR> d-------- C:\Users\Los Dávola\AppData\Roaming\TuneUp Software
2008-08-17 23:44 . 2008-08-17 23:44 <DIR> d-------- C:\Users\All Users\TuneUp Software
2008-08-17 23:44 . 2008-08-17 23:44 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008
2008-08-17 23:44 . 2008-08-17 23:44 <DIR> d-------- C:\PROGRA~2\TuneUp Software
2008-08-17 23:44 . 2008-08-17 23:44 306,432 --a------ C:\WINDOWS\System32\TuneUpDefragService.exe
2008-08-17 23:44 . 2007-12-20 10:41 29,440 --a------ C:\WINDOWS\System32\uxtuneup.dll
2008-08-17 23:44 . 2007-12-20 10:44 16,640 --a------ C:\WINDOWS\System32\authuitu.dll
2008-08-17 23:42 . 2008-08-17 23:42 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-17 23:42 . 2008-08-17 23:42 717,296 --a------ C:\WINDOWS\System32\drivers\sptd.sys
2008-08-17 23:41 . 2008-08-17 23:41 <DIR> d-------- C:\Users\Los Dávola\AppData\Roaming\DAEMON Tools
2008-08-17 23:22 . 2008-08-17 23:22 <DIR> d-------- C:\WINDOWS\System32\msmq
2008-08-17 23:22 . 2008-08-17 23:22 <DIR> d-------- C:\inetpub
2008-08-17 23:22 . 2008-08-17 23:22 862 --a------ C:\WINDOWS\System32\termcap
2008-08-17 23:18 . 2008-08-17 23:18 <DIR> d-------- C:\Users\All Users\HP Product Assistant
2008-08-17 23:18 . 2008-08-17 23:18 <DIR> d-------- C:\PROGRA~2\HP Product Assistant
2008-08-17 23:16 . 2008-08-17 23:16 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-08-17 23:11 . 2007-03-17 13:11 675,840 --a------ C:\WINDOWS\System32\hpowiax3.dll
2008-08-17 23:11 . 2007-03-17 13:11 569,344 --a------ C:\WINDOWS\System32\hpotscl3.dll
2008-08-17 23:11 . 2007-03-08 01:20 364,544 --a------ C:\WINDOWS\System32\hppldcoi.dll
2008-08-17 23:11 . 2007-03-08 01:20 309,760 --a------ C:\WINDOWS\System32\difxapi.dll
2008-08-17 23:11 . 2007-03-17 13:11 303,104 --a------ C:\WINDOWS\System32\hpovst10.dll
2008-08-17 23:07 . 2008-08-18 21:05 159,330 --a------ C:\WINDOWS\hpoins14.dat
2008-08-17 23:07 . 2007-09-19 22:14 2,000 --------- C:\WINDOWS\hpomdl14.dat
2008-08-17 23:06 . 2007-03-30 12:07 267,864 --a------ C:\WINDOWS\System32\hpzids01.dll
2008-08-17 23:05 . 2007-03-28 14:01 117,760 --a------ C:\WINDOWS\System32\hpzll5ha.dll
2008-08-17 22:35 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\System32\msonpmon.dll
2008-08-17 22:28 . 2008-08-20 23:30 <DIR> d-------- C:\Users\All Users\Microsoft Help
2008-08-17 22:28 . 2008-08-20 23:30 <DIR> d-------- C:\PROGRA~2\Microsoft Help
2008-08-17 22:21 . 2008-08-17 22:21 <DIR> d-------- C:\Users\Los Dávola\AppData\Roaming\Symantec
2008-08-17 22:19 . 2008-08-17 22:19 <DIR> dr------- C:\Users\Los Dávola\Searches
2008-08-17 22:19 . 2008-08-17 22:19 <DIR> dr------- C:\Users\Los Dávola\Searches
2008-08-17 22:19 . 2008-08-18 02:52 <DIR> dr------- C:\Users\Los Dávola\Contacts
2008-08-17 22:19 . 2008-08-18 02:52 <DIR> dr------- C:\Users\Los Dávola\Contacts
2008-08-17 22:19 . 2008-08-17 22:19 <DIR> d-------- C:\Users\Los Dávola\AppData\Roaming\Identities
2008-08-17 22:19 . 2008-08-17 22:19 44 --a------ C:\WINDOWS\system\hpsysdrv.dat
2008-08-17 22:17 . 2008-08-17 22:17 <DIR> d-------- C:\Users\Los Dávola\AppData\Roaming\Hewlett-Packard
2008-08-17 22:16 . 2008-08-17 22:16 1,669 -rahs---- C:\WINDOWS\System32\drivers\103C_HP_CPC_KC868AA-ABM SG3203LA_YC_0Pres_QCNX812_E81LAv3PrA2_49_IIris8_SE CS_V1.0_B5.25_T080229_WUU0_LC0A_M446_J160_7AMD_8Se mpron LE-1150_92_#080818_N10DE03EF_Z14F12F20_G10DE03D0.MRK
2008-08-17 22:15 . 2008-08-17 22:19 <DIR> dr------- C:\Users\Los Dávola\Videos
2008-08-17 22:15 . 2008-08-17 22:19 <DIR> dr------- C:\Users\Los Dávola\Videos
2008-08-17 22:15 . 2008-08-17 22:19 <DIR> dr------- C:\Users\Los Dávola\Saved Games
2008-08-17 22:15 . 2008-08-17 22:19 <DIR> dr------- C:\Users\Los Dávola\Saved Games
2008-08-17 22:15 . 2008-08-17 22:19 <DIR> dr------- C:\Users\Los Dávola\Pictures
2008-08-17 22:15 . 2008-08-17 22:19 <DIR> dr------- C:\Users\Los Dávola\Pictures
2008-08-17 22:15 . 2008-08-17 22:19 <DIR> dr------- C:\Users\Los Dávola\Music
2008-08-17 22:15 . 2008-08-17 22:19 <DIR> dr------- C:\Users\Los Dávola\Music
2008-08-17 22:15 . 2008-08-17 22:19 <DIR> dr------- C:\Users\Los Dávola\Links
2008-08-17 22:15 . 2008-08-17 22:19 <DIR> dr------- C:\Users\Los Dávola\Links
2008-08-17 22:15 . 2008-08-17 22:19 <DIR> dr------- C:\Users\Los Dávola\Favorites
2008-08-17 22:15 . 2008-08-17 22:19 <DIR> dr------- C:\Users\Los Dávola\Favorites
2008-08-17 22:15 . 2008-08-18 05:41 <DIR> dr------- C:\Users\Los Dávola\Downloads
2008-08-17 22:15 . 2008-08-18 05:41 <DIR> dr------- C:\Users\Los Dávola\Downloads
2008-08-17 22:15 . 2008-08-18 23:31 <DIR> dr------- C:\Users\Los Dávola\Documents
2008-08-17 22:15 . 2008-08-18 23:31 <DIR> dr------- C:\Users\Los Dávola\Documents
2008-08-17 22:15 . 2008-08-20 22:14 <DIR> dr------- C:\Users\Los Dávola\Desktop
2008-08-17 22:15 . 2008-08-20 22:14 <DIR> dr------- C:\Users\Los Dávola\Desktop
2008-08-17 22:15 . 2008-08-18 02:47 <DIR> d---s---- C:\Users\Los Dávola\AppData\Roaming\Microsoft
2008-08-17 22:15 . 2008-08-17 22:16 <DIR> d--h----- C:\Users\Los Dávola\AppData
2008-08-17 22:15 . 2008-08-17 22:16 <DIR> d--h----- C:\Users\Los Dávola\AppData
2008-08-17 22:15 . 2008-08-20 23:43 4,456,448 --ahs---- C:\Users\Los Dávola\NTUSER.DAT
2008-08-17 22:15 . 2008-08-20 23:43 4,456,448 --ahs---- C:\Users\Los Dávola\NTUSER.DAT
2008-08-17 22:14 . 2008-08-18 21:31 <DIR> d-------- C:\Users\Los Dávola
2008-08-17 22:09 . 2008-08-17 22:09 <DIR> dr------- C:\WINDOWS\System32\config\systemprofile\Contacts

.
(((((((((((((((((((((((((((((((((((((( Reporte Find3M )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
2008-08-21 02:43 4,456,448 --sha-w C:\Users\Los Dávola\NTUSER.DAT
2008-08-21 02:43 4,456,448 --sha-w C:\Users\Los Dávola\NTUSER.DAT
2008-08-21 02:37 --------- d-----w C:\Users\Los Dávola\AppData\Roaming\DNA
2008-08-21 00:34 --------- d-----w C:\Users\Los Dávola\AppData\Roaming\Malwarebytes
2008-08-19 00:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-19 00:38 --------- d-----w C:\Program Files\Microsoft Works
2008-08-18 22:45 --------- d-----w C:\Users\Los Dávola\AppData\Roaming\BitTorrent
2008-08-18 06:38 --------- d-----w C:\Users\Los Dávola\AppData\Roaming\ESET
2008-08-18 05:47 --------- d-s---w C:\Users\Los Dávola\AppData\Roaming\Microsoft
2008-08-18 05:34 --------- d-----w C:\Users\Los Dávola\AppData\Roaming\WinRAR
2008-08-18 05:31 --------- d-----w C:\Users\Los Dávola\AppData\Roaming\Adobe
2008-08-18 04:56 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-08-18 04:03 --------- d-----w C:\PROGRA~2\Symantec
2008-08-18 03:31 --------- d-----w C:\Users\Los Dávola\AppData\Roaming\Macromedia
2008-08-18 03:19 --------- d-----w C:\Users\Los Dávola\AppData\Roaming\Mozilla
2008-08-18 03:17 --------- d-----w C:\Program Files\MSBuild
2008-08-18 02:45 --------- d-----w C:\Users\Los Dávola\AppData\Roaming\TuneUp Software
2008-08-18 02:41 --------- d-----w C:\Users\Los Dávola\AppData\Roaming\DAEMON Tools
2008-08-18 02:18 --------- d-----w C:\PROGRA~2\HP
2008-08-18 02:07 --------- d-----w C:\PROGRA~2\Hewlett-Packard
2008-08-18 01:21 --------- d-----w C:\Users\Los Dávola\AppData\Roaming\Symantec
2008-08-18 01:19 --------- d-----w C:\Users\Los Dávola\AppData\Roaming\Identities
2008-08-18 01:17 --------- d-----w C:\Users\Los Dávola\AppData\Roaming\Hewlett-Packard
2008-08-18 01:10 --------- d-sh--w C:\Program Files\Archivos comunes
2008-08-18 01:10 --------- d-sh--w C:\PROGRA~2\Plantillas
2008-08-18 01:10 --------- d-sh--w C:\PROGRA~2\Menú Inicio
2008-08-18 01:10 --------- d-sh--w C:\PROGRA~2\Favoritos
2008-08-18 01:10 --------- d-sh--w C:\PROGRA~2\Escritorio
2008-08-18 01:10 --------- d-sh--w C:\PROGRA~2\Documentos
2008-08-18 01:10 --------- d-sh--w C:\PROGRA~2\Datos de programa
2008-08-17 18:01 38,472 ----a-w C:\Windows\system32\drivers\mbamswissarmy.sys
2008-07-01 12:04 71,688 ----a-w C:\Windows\system32\drivers\epfw.sys
2008-07-01 12:04 54,280 ----a-w C:\Windows\system32\drivers\epfwtdi.sys
2008-07-01 12:04 30,728 ----a-w C:\Windows\system32\drivers\epfwndis.sys
2008-07-01 11:57 53,256 ----a-w C:\Windows\system32\drivers\easdrv.sys
2008-07-01 11:56 39,944 ----a-w C:\Windows\system32\drivers\eamon.sys
2007-12-14 14:19 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((((((( Cargando Puntos Reg ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vacías & entradas legítimas predeterminadas no son mostradas
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368]
"BitTorrent DNA"="C:\Users\Los Dávola\Program Files\DNA\btdna.exe" [2008-08-18 06:08 342336]
"ccleaner"="C:\Program Files\CCleaner\CCleaner.exe" [2008-07-29 10:41 1213680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 12:01 65536]
"KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 13:16 65536]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 08:59 118784]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-07-06 22:45 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-06 22:45 8466432]
"NvMediaCenter"="C:\Windows\system32\NvMcTray. dll" [2007-07-06 22:45 81920]
"DPService"="C:\Program Files\HP\DVDPlay\DPService.exe" [2007-10-09 07:07 90112]
"SunJavaUpdateReg"="C:\Windows\system32\jureg. exe" [2007-04-06 22:56 54936]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2008-07-01 09:01 1447168]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-25 10:52 4702208 C:\WINDOWS\RtHDVCpl.exe]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"NoDFSTab"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies\explorer]
"NoDFSTab"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp"= l3codecp.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"{8B080A29-3930-4CD7-93C6-492614CB282C}"= C:\Program Files\HP\DVDPlay\DVDPlay.exe:DVD Play
"{3A74838C-B9DF-4576-A0F6-6BAC22A06117}"= C:\Program Files\HP\DVDPlay\DPService.exe:DVD Play Resident Program
"{1B162528-E983-4E4E-B49A-5F0366D1B591}"= c:\Program Files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{4CF6CBB6-C4C2-40E9-BCDC-74B956E9E6F7}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{FF26B67E-E36A-433B-A9A3-81449942C1B5}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{BF97D38D-ECD7-4C8B-9518-4DAD366584E9}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{2740F04E-541F-4E5F-A284-D15A9D1542C5}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{34E2B27D-FEF5-4299-8AFC-C73794CC219F}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{93EF6454-C47D-40E3-8F85-5FDB5BE52002}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{DAC2E681-BB50-4FD9-9BA6-AA2ADD0D9159}"= UDP:C:\WINDOWS\System32\mqsvc.exe:Message Queuing
"{4A1CF2D4-CBCD-4DA9-A934-1469E9DB3D44}"= TCP:C:\WINDOWS\System32\mqsvc.exe:Message Queuing
"{55E9515B-2AEB-4FD8-A3E2-002EDC658E03}"= UDP:C:\WINDOWS\System32\mqsvc.exe:Message Queuing
"{09F6DC23-F5D4-4E9A-AAEA-7E7A082650FF}"= TCP:C:\WINDOWS\System32\mqsvc.exe:Message Queuing
"{A530994D-0EE0-4AB2-8713-33B72A279EE7}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{01541B36-4A6C-4BD8-A27D-A35C2E4CF15F}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{83829050-F889-4769-8A3E-15369C094010}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{F6473581-8CC9-4B9B-8620-403E4102DC18}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{F0A64986-91FA-4032-A812-CA675CF3377D}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{CB75FBD9-59E7-4B7F-A262-356CB4AD002C}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
"{C7CF0EEE-E6CB-4847-A0A8-A4226FEC8342}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{131D1C12-DEEF-4F43-8FB1-B59B1226B3A0}"= UDP:C:\Program Files\DNA\btdna.exe:DNA (TCP-In)
"{C05A0308-F300-4E44-9E3A-D644D4317C46}"= TCP:C:\Program Files\DNA\btdna.exe:DNA (UDP-In)
"TCP Query User{2BAA3AF5-4387-42A8-9929-6EF48FBBD228}C:\\program files\\bittorrent\\bittorrent.exe"= UDP:C:\program files\bittorrent\bittorrent.exe:bittorrent
"UDP Query User{89382A04-3F74-4BFB-AD63-A335CA574408}C:\\program files\\bittorrent\\bittorrent.exe"= TCP:C:\program files\bittorrent\bittorrent.exe:bittorrent
"TCP Query User{7A7F7E9F-D647-4BF9-BDC6-E492E6AF7F57}C:\\users\\los dávola\\program files\\dna\\btdna.exe"= UDP:C:\users\los dávola\program files\dna\btdna.exe:btdna.exe
"UDP Query User{CF4BA493-EF32-41E1-BB08-3B1C7786EA2A}C:\\users\\los dávola\\program files\\dna\\btdna.exe"= TCP:C:\users\los dávola\program files\dna\btdna.exe:btdna.exe

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorre nt

R2 NetMsmqActivator;Adaptador de escucha Net.Msmq;C:\Windows\Microsoft.NET\Framework\v3.0\W indows Communication Foundation\SMSvcHost.exe [2006-11-02 09:32]
R2 NetPipeActivator;Adaptador de escucha Net.Pipe;C:\Windows\Microsoft.NET\Framework\v3.0\W indows Communication Foundation\SMSvcHost.exe [2006-11-02 09:32]
R2 NetTcpActivator;Adaptador de escucha Net.Tcp;C:\Windows\Microsoft.NET\Framework\v3.0\Wi ndows Communication Foundation\SMSvcHost.exe [2006-11-02 09:32]
R2 UxTuneUp;TuneUp Ampliación del thema;C:\Windows\System32\svchost.exe [2006-11-02 06:45]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 04:30]
S3 GameConsoleService;GameConsoleService;C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe [2007-07-23 20:33]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\Windows\System32\TuneUpDefragService.ex e [2008-08-17 23:44]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
rsmsvcs REG_MULTI_SZ ntmssvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

*Newly Created Service* - MBAMSWISSARMY
*Newly Created Service* - PROCEXP90
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Users\LOSDVO~1\AppData\Roaming\Mozilla\Firefox\ Profiles\1d8vrkel.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com.ar/
FF -: plugin - C:\Program Files\DNA\plugins\npbtdna.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
FF -: plugin - C:\Users\Los DÃ¡vola\Program Files\DNA\plugins\npbtdna.dll
.

************************************************** ************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-20 23:43:15
Windows 6.0.6000 NTFS

escaneando procesos ocultos ...

escaneando entradas ocultas de autostart ...

escaneando archivos ocultos ...

el escaneo se completo con exito
archivos ocultos: 0

************************************************** ************************
.
Tiempo completado: 2008-08-20 23:44:51
ComboFix-quarantined-files.txt 2008-08-21 02:44:43
ComboFix2.txt 2008-08-21 00:57:44

Pre-Run: 126,366,326,784 bytes libres
Post-Run: 126,339,670,016 bytes libres

284 --- E O F --- 2008-08-21 02:30:55

espero que todo este bien y te agradezco por la ayuda y al foro por ser un lugar donde encontrar soluciones (lo que no es poco) y capacitacion

Gracias
Vituperio Violeta