Ayuda por favor con "Troyano" necio [Archivo]

Reka1971

30/11/07, 23:47:01

ComboFix 07-11-19.4C - HP_Administrator 2007-11-30 22:32:32.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2574 [GMT -6:00]
Running from: C:\WINDOWS\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2007-11-01 to 2007-12-01 )))))))))))))))))))))))))))))))
.

2007-11-30 21:48 1,560,556 --a------ C:\WINDOWS\ComboFix.exe
2007-11-26 09:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-26 00:12 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-25 22:55 <DIR> d-------- C:\Program Files\SiteAdvisor
2007-11-25 22:55 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\SiteAdvisor
2007-11-25 22:48 <DIR> d-------- C:\Program Files\McAfee.com
2007-11-25 22:47 <DIR> d-------- C:\Program Files\McAfee
2007-11-25 22:47 <DIR> d-------- C:\Program Files\Common Files\McAfee
2007-11-25 22:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2007-11-18 14:04 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\???????sAppData
2007-11-15 23:29 <DIR> d-------- C:\Program Files\Zards software
2007-11-15 23:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-11-15 23:07 <DIR> d-------- C:\Program Files\Yahoo!
2007-11-11 13:49 <DIR> d-------- C:\Program Files\Intuwave Ltd
2007-11-11 10:48 <DIR> d-------- C:\Program Files\iTunes
2007-11-11 10:48 <DIR> d-------- C:\Program Files\iPod
2007-11-11 10:46 <DIR> d-------- C:\Program Files\QuickTime
2007-11-10 09:34 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Sony Ericsson
2007-11-02 13:17 368,912 --a------ C:\WINDOWS\system32\VBAR332.DLL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2007-12-01 04:28 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-11-26 04:15 --------- d-----w C:\Program Files\Opera
2007-11-23 02:16 --------- d-----w C:\Program Files\Java
2007-11-22 21:16 --------- d-----w C:\Program Files\Norton Internet Security
2007-11-18 20:04 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\???????sAppData
2007-11-12 20:15 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\BitTorrent DNA
2007-11-11 19:58 --------- d-----w C:\Program Files\Creative
2007-11-11 19:52 --------- d-----w C:\Program Files\HP
2007-11-11 19:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-28 03:31 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\SlySoft
2007-10-28 03:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
2007-10-28 03:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\SlySoft
2007-10-28 03:25 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\BitTorrent
2007-10-27 19:54 --------- d-----w C:\Program Files\SlySoft
2007-10-27 19:44 --------- d-----w C:\Program Files\Elaborate Bytes
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-13 16:46 --------- d-----w C:\Program Files\BitTorrent_DNA
2007-10-13 16:46 --------- d-----w C:\Program Files\BitTorrent
2007-10-06 15:59 512,096 ----a-w C:\WINDOWS\system32\drivers\amon.sys
2007-10-06 15:59 298,104 ----a-w C:\WINDOWS\system32\imon.dll
2007-10-06 15:59 15,424 ----a-w C:\WINDOWS\system32\drivers\nod32drv.sys
2007-09-15 07:30 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-09-04 22:11 389,120 ------w C:\WINDOWS\system32\EMPLnchr.exe
2006-02-19 08:28 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 06:00]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 18:03]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 22:56]
"ftutil2"="ftutil2.dll" [2004-06-07 23:05 C:\WINDOWS\system32\ftutil2.dll]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 01:19 C:\WINDOWS\arpwrmsg.exe]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-10 06:00 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2005-08-02 09:30 C:\WINDOWS\system32\nwiz.exe]
"PCDrProfiler"="" []
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-30 10:48]
"URLLSTCK.exe"="c:\Program Files\Norton Internet Security\UrlLstCk.exe" [2005-03-29 17:03]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-09-21 11:41]
"DPAgnt"="C:\Program Files\DigitalPersona\Bin\DPAgnt.exe" [2004-10-13 17:24]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-06-24 12:57]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 11:00]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 16:44]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-10-06 09:59]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 23:50]
"ISUSScheduler"="c:\program files\common files\installshield\updateservice\issch.exe" [2004-07-27 23:50]
"MWLExe"="C:\Program Files\Mcafee\MWL\MWLGui.exe" [2007-07-28 09:32]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-11-26 00:39]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DPWLN ]
C:\WINDOWS\system32\DPWLEvHd.dll 2004-10-13 17:29 102400 C:\WINDOWS\system32\DPWLEvHd.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
"Notification Packages"= scecli DPPWDFLT

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=C:\WINDOWS\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
backup=C:\WINDOWS\pss\Updates from HP.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^Recorte de pantalla e Inicio rápido de OneNote 2007.lnk]
path=C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\Recorte de pantalla e Inicio rápido de OneNote 2007.lnk
backup=C:\WINDOWS\pss\Recorte de pantalla e Inicio rápido de OneNote 2007.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2007-10-13 10:46 286016 --a------ C:\Program Files\BitTorrent_DNA\dna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative WebCam Tray]
2003-02-24 02:00 184320 --a------ C:\Program Files\Creative\Shared Files\CAMTRAY.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-02-19 01:41 49152 --a------ C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2007-11-02 18:36 267048 --a------ C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 14:57 153136 --a------ C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

R0 dontgo;Promise Removable Disk Control Driver;C:\WINDOWS\system32\DRIVERS\DontGo.sys
R1 cdrbsvsd;cdrbsvsd;C:\WINDOWS\system32\drivers\cdrb svsd.sys
R2 Programador de LiveUpdate automático;Programador de LiveUpdate automático;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
R3 CXFALCON;Conexant Falcon II NTSC Video Capture;C:\WINDOWS\system32\drivers\cxfalcon.sys
R3 dpK0Bx01;Controlador superior de lector de huellas digitales;C:\WINDOWS\system32\DRIVERS\dpK0Bx01.sys
R3 P1130VID;Creative WebCam NX Pro;C:\WINDOWS\system32\DRIVERS\P1130Vid.sys
R3 UsbdpFP;Controlador de clase de lector de huellas digitales;C:\WINDOWS\system32\DRIVERS\UsbdpFP.sys
R3 WN5301;LIteon Wireless PCI Network Adapter Service;C:\WINDOWS\system32\DRIVERS\wn5301.sys
S2 0235271196474266mcinstcleanup;McAfee Application Installer Cleanup (0235271196474266);C:\WINDOWS\TEMP\023527~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service
S3 FTLUND;Lundinova Filter Driver;C:\WINDOWS\system32\drivers\ftlund.sys
S3 WN5401;Liteon Wireless LAN PCI 802.11 a/b/g adapter WN5401A;C:\WINDOWS\system32\DRIVERS\wn5401.sys

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{dddfd327-97f1-11dc-bba5-0002e3449613}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(&0)\command - Recycled\ctfmon.exe

*Newly Created Service* - 0235271196474266MCINSTCLEANUP
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2007-11-22 23:33:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-11-26 04:48:53 C:\WINDOWS\Tasks\McDefragTask.job"
- C:\WINDOWS\system32\defrag.exe
"2007-11-26 04:48:52 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe.4158 0
"2007-12-01 04:11:13 C:\WINDOWS\Tasks\Norton AntiVirus - Analizar el equipo - HP_Administrator.job"
- c:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe
"2007-12-01 04:35:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDetect.exe
.
************************************************** ************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-30 22:37:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2007-11-30 22:39:48
.
--- E O F ---