deeplounge
11/02/08, 18:33:24
Bueno les paso a comentar los sintomas que tiene la computadora:
- Primero y principal, la computadora escribe muy lenta, sobre todo en el messenger, tarda un buen rato en escribir las frases, lo mismo se repite en el firefox o en algun programa de office.
- Esta muy inestable, se cuelga a cada rato, cualquier tipo de programa, y lo raro es que en el task manager la memoria no aparece como si algun programa la estaria consumiendo, o sea aparece todo normal.
-Ademas el restart o el shutdown , no funcionan quedan colgados cuando la computadora hace el loggin off, asi que la tengo que apagar manualmente.
Ahora paso a nombrar los programas que he utiizado para solucionar esto:
- Escanie la computadora con mi antivirus instalado, que es el avira, y detecto algunos adware pero nada sobresaliente.
- Luego utilize el kaspersky online que tambien detecto algunos cookies, que los resolvio pero los problemas continuaron.
-Utilize el panda antivirus online, me soluciono tambien algunos errores, menos un troyano que para que lo limpie tenia que comprar un version mejor del antivirus, pero al archivo lo localize y lo borre
- Luego utilize el SuperAntiSpyware y el SpyBot Search & Destroy 1.4 que encontraron una buena cantidad de cosas y me las sacaron.
-Tambien use el ccleaner y el regcure que hicieron bien sus cosas.
-Tambien desfragmente los discos y limpie todos los temporarios y le deje un buen espacio libre al disco.
Despues de todo esto la computadora mejoro un poco, pero los principales problemas que nombre al principio permaneciero, por eso mi duda ahora es ver si tengo algo ahi adentro que ustedes puedan ver.
TEngo los logs del hijack y combofix.
Aca esta el log del hijack:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:46:54 p.m., on 11/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Power Translator 11\LogoMedia TranslateDotNet Server.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\WINDOWS\System32\snmp.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6061207
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MI1933~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\sw g.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: LEC - {1DBAB667-A486-421e-AFE4-CF07DD0088E5} - C:\Program Files\Power Translator 11\Applications\LEC IE Translation Extension.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - Startup: OneNote Table Of Contents.onetoc2
O8 - Extra context menu item: &Save Flash In This Page by Flash Saver - C:\PROGRA~1\FLASHS~1\save.htm
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html
O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 4.00\MediaManager\grab.html
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra 'Tools' menuitem: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra button: Agregar entrada - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Agregar entrada en Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/spanish/kavwebscan_unicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/16.35/uploader2.cab
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - http://support.dell.com/systemprofiler/SysProExe.CAB
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/cabs/ascstubie.cab
O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} (SopCore Control) - http://download.sopcast.com/download/SOPCORE.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab53083.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4922EF67-5D6F-4F74-A7BF-C888E86FD040}: NameServer = 200.45.191.35,200.45.191.40
O17 - HKLM\System\CCS\Services\Tcpip\..\{951AF2B8-84C9-400B-999B-ED56329057E0}: NameServer = 200.45.191.35,200.45.191.40
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MI1933~1\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\PROGRA ~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\PROGRA~1\Google \GOOGLE~1\GOEC62~1.DLL C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\PROGRA ~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: ver32 - ver32.dll (file missing)
O20 - Winlogon Notify: winmxw32 - C:\WINDOWS\
O21 - SSODL: SysTray - DISABLED_{35CEC8A3-2BE6-11D2-8773-92E220524153} - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - GEAR Software Inc. - (no file)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - C:\Program Files\Power Translator 11\LogoMedia TranslateDotNet Server.exe
O23 - Service: Microsoft Office Diagnostics Service (odserv) - O&O Software GmbH - (no file)
O23 - Service: Office Source Engine (ose) - O&O Software GmbH - (no file)
O23 - Service: StarWind iSCSI Service (StarWindService) - Avira GmbH - (no file)
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
--
End of file - 13590 bytes
Y aca esta el log del combofix:
ComboFix 08-02-12.1 - Barra 2008-02-11 19:51:55.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.492 [GMT -2:00]
Running from: C:\downloads\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\system32\_000002_.tmp.dll
C:\WINDOWS\system32\_000003_.tmp.dll
C:\WINDOWS\system32\_000004_.tmp.dll
C:\WINDOWS\system32\_000006_.tmp.dll
C:\WINDOWS\system32\_000007_.tmp.dll
C:\WINDOWS\system32\_000008_.tmp.dll
C:\WINDOWS\system32\_000011_.tmp.dll
C:\WINDOWS\system32\_000012_.tmp.dll
----- BITS: Possible infected sites -----
hxxp://go.microsoft.com
.
((((((((((((((((((((((((( Files Created from 2008-01-12 to 2008-02-12 )))))))))))))))))))))))))))))))
.
2008-02-11 15:48 . 2008-02-11 15:48 <DIR> d-------- C:\Program Files\Vasilios Applications
2008-02-11 15:48 . 2008-02-11 15:48 17,408 --a------ C:\psapi.dll
2008-02-10 17:53 . 2008-02-10 18:07 <DIR> d-------- C:\Program Files\Panda Security
2008-02-10 17:42 . 2008-02-10 17:42 106 --a------ C:\delete.bat
2008-02-06 19:34 . 2008-02-10 12:12 <DIR> d-------- C:\Program Files\Mozilla Firefox 3 Beta 2
2008-02-05 19:04 . 2008-02-05 19:04 <DIR> d-------- C:\Program Files\Xvid
2008-02-05 18:56 . 2008-02-05 19:05 <DIR> d-------- C:\Program Files\StaxRip
2008-02-05 18:51 . 2008-02-05 18:51 <DIR> d-------- C:\Program Files\eRightSoft
2008-02-05 18:51 . 2007-12-17 11:43 27,648 ---hs---- C:\WINDOWS\system32\Smab0.dll
2008-02-03 16:18 . 2008-02-08 14:37 <DIR> d-------- C:\Documents and Settings\Barra\Application Data\CopyToDvd
2008-02-03 00:32 . 2008-02-03 00:32 <DIR> d-------- C:\Program Files\RegCure
2008-02-02 21:23 . 2008-02-02 21:23 <DIR> d-------- C:\Program Files\Lavasoft
2008-02-02 21:23 . 2008-02-02 21:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-02 20:55 . 2008-02-02 20:55 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-02 19:58 . 2008-02-02 19:58 <DIR> d-------- C:\Documents and Settings\Barra\Application Data\Nero
2008-02-02 19:54 . 2008-02-02 19:57 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-02-02 19:54 . 2008-02-02 19:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-02-02 19:21 . 2008-02-11 00:51 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-02 19:21 . 2008-02-02 19:21 <DIR> d-------- C:\Documents and Settings\Barra\Application Data\PTGui
2008-02-02 19:21 . 2008-02-02 19:21 <DIR> d-------- C:\Documents and Settings\Barra\Application Data\iolo
2008-02-02 19:21 . 2008-02-02 19:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\iolo
2008-02-01 20:08 . 2008-02-01 20:08 <DIR> d-------- C:\Documents and Settings\Barra\Application Data\TuneUp Software
2008-02-01 20:07 . 2008-02-02 19:18 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008
2008-02-01 20:07 . 2008-02-01 20:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-02-01 20:07 . 2008-02-01 20:07 306,432 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-02-01 20:07 . 2007-12-20 10:41 29,440 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-02-01 19:43 . 2008-02-02 19:18 <DIR> d-------- C:\Documents and Settings\Barra\Application Data\RegSweep
2008-02-01 17:45 . 2008-02-01 17:45 <DIR> d-------- C:\Program Files\ElcomSoft
2008-02-01 17:45 . 2008-02-01 18:26 1,328 --a------ C:\WINDOWS\APDFPRP.INI
2008-01-31 11:25 . 2008-02-02 19:19 <DIR> d-------- C:\Program Files\bwin Argentina
2008-01-30 21:34 . 2008-01-30 21:34 <DIR> d-------- C:\Program Files\Hasbro
2008-01-30 21:31 . 2008-02-02 19:19 <DIR> d-------- C:\Program Files\PowerISO
2008-01-30 14:37 . 2008-02-02 19:19 <DIR> d-------- C:\Program Files\PTGui
2008-01-28 19:47 . 2008-01-28 19:47 <DIR> d-------- C:\Program Files\Ares
2008-01-28 13:55 . 2008-01-28 13:55 <DIR> d-------- C:\Documents and Settings\Barra\Application Data\vlc
2008-01-28 13:50 . 2008-01-28 13:54 <DIR> d-------- C:\Documents and Settings\Barra\Application Data\MozillaControl
2008-01-28 13:48 . 2008-01-28 13:48 <DIR> d-------- C:\Program Files\VideoLAN
2008-01-28 13:47 . 2008-01-28 13:48 <DIR> d-------- C:\Program Files\Mozilla ActiveX Control v1.7.12
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-02-11 17:59 --------- d-----w C:\Program Files\PokerStars
2008-02-11 17:50 --------- d-----w C:\Documents and Settings\Barra\Application Data\uTorrent
2008-02-11 02:51 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-02-11 02:51 --------- d-----w C:\Documents and Settings\Barra\Application Data\SUPERAntiSpyware.com
2008-02-11 02:51 --------- d-----w C:\Documents and Settings\Barra\Application Data\MegauploadToolbar
2008-02-11 01:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-02-10 23:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-10 23:10 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-02-10 22:45 --------- d---a-w C:\Program Files\Servant Salamander 2.5 RC1
2008-02-10 02:17 --------- d-----w C:\Program Files\MP3 Workshop
2008-02-08 16:37 --------- d-----w C:\Documents and Settings\Barra\Application Data\Vso
2008-02-06 22:00 --------- d-----w C:\Program Files\eMule
2008-02-05 21:03 --------- d-----w C:\Program Files\AviSynth 2.5
2008-02-03 18:15 --------- d-----w C:\Program Files\vso
2008-02-02 21:54 --------- d-----w C:\Program Files\Nero
2008-02-02 21:47 --------- d-----w C:\Program Files\Common Files\Ahead
2008-02-02 21:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-02 21:20 --------- d-----w C:\Documents and Settings\Barra\Application Data\InstallShield
2008-02-02 18:11 --------- d-----w C:\Program Files\Joost
2008-02-01 21:16 --------- d-----w C:\Program Files\Startup Select
2008-02-01 17:19 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-01-11 21:08 --------- d-----w C:\Program Files\Flux
2008-01-08 21:15 --------- d-----w C:\Program Files\pRSSreader
2008-01-04 03:29 --------- d-----w C:\Program Files\ZIO
2008-01-03 17:10 --------- d-----w C:\Program Files\Ateksoft
2008-01-02 18:03 --------- d-----w C:\Program Files\Sony Ericsson
2008-01-02 17:13 --------- d-----w C:\Documents and Settings\Barra\Application Data\Skype
2008-01-02 16:32 --------- d-----w C:\Documents and Settings\Barra\Application Data\skypePM
2008-01-02 05:27 --------- d-----w C:\Program Files\ZIO Interactive
2008-01-02 05:07 --------- d-----w C:\Program Files\PDAmill
2008-01-02 04:32 --------- d-----w C:\Program Files\PocketDivx
2008-01-02 02:34 --------- d-----w C:\Program Files\Picasa2
2007-12-31 23:57 --------- d-----w C:\Program Files\Microsoft Silverlight
2007-12-27 00:54 --------- d-----w C:\Program Files\Windows Live
2007-12-27 00:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-12-26 22:59 --------- d-----w C:\Program Files\Power Translator 11
2007-12-26 18:38 --------- d-----w C:\Program Files\Power Translator
2007-12-23 09:18 --------- d-----w C:\Program Files\Opera
2007-12-22 21:27 --------- d-----w C:\Program Files\Cadsoft
2007-12-22 19:55 --------- d-----w C:\Program Files\Soulseek-Test
2007-12-20 17:42 --------- d-----w C:\Program Files\CDisplay
2007-12-20 11:33 --------- d-----w C:\Program Files\MegauploadToolbar
2007-12-17 20:32 --------- d-----w C:\Program Files\Electronic Arts
2007-12-16 19:03 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2007-12-16 18:36 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2007-12-14 13:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-13 05:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-12-12 17:28 --------- d-----w C:\Program Files\DkZ Studio
2007-11-29 18:35 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-11-13 11:31 399,360 ----a-w C:\WINDOWS\system32\Smab.dll
2007-06-04 19:04 0 ----a-w C:\Documents and Settings\Barra\Application Data\wklnhst.dat
2007-04-21 20:03 87,608 ----a-w C:\Documents and Settings\Barra\Application Data\ezpinst.exe
2007-04-21 20:03 47,360 ----a-w C:\Documents and Settings\Barra\Application Data\pcouffin.sys
2002-08-27 08:47 62,594 ----a-w C:\Program Files\viewsonicinstruct_xp.pdf
2007-10-30 18:46 88 --sh--r C:\WINDOWS\system32\219DC67799.sys
2007-10-12 17:30 8 --sh--r C:\WINDOWS\system32\66C83614B6.sys
2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-10-30 18:46 2,672 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-02-21 11:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:00 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 14:39 1289000]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 13:48 761947]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-11-04 19:34 249896]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 09:51 1836328]
C:\Documents and Settings\Barra\Start Menu\Programs\Startup\
OneNote Table Of Contents.onetoc2 [2007-07-24 13:48:41 3656]
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"DisallowRun"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ver32]
ver32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winmxw32]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\PROGR A~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\PROGRA~1\Googl e\GOOGLE~1\GOEC62~1.DLL C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\PROGRA ~1\Google\GOOGLE~1\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-disabled]
"CloneDVDElbyDelay"="C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
"ElbyCheckAnyDVD"="C:\Program Files\SlySoft\AnyDVD\ElbyCheck.exe" /L AnyDVD
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
"Dell QuickSet"=C:\Program Files\Dell\QuickSet\Quickset.exe
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
"OODefragTray"=C:\WINDOWS\system32\oodtray.exe
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
"PowerTranslator Pro OLR"=C:\PROGRA~1\BVRPSO~1\POWERT~1\BVRPOlr.exe /PowerTranslator Pro
"Adobe_ID0EYTHM"=C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VE RSIO~2.EXE
R1 MPSHLPR;MPSHLPR;C:\WINDOWS\system32\DRIVERS\mpshlp r.sys [2005-05-24 09:51]
R1 SSHDRV84;SSHDRV84;C:\WINDOWS\system32\drivers\SSHD RV84.sys [2007-08-14 21:52]
R2 mpsdrv;MPSDrv;C:\WINDOWS\system32\DRIVERS\mpsdrv.s ys [2005-05-24 09:51]
S3 SPCA508A;TC-111A;C:\WINDOWS\system32\DRIVERS\SP508PIX.SYS [2000-08-21 00:46]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
mpssvc REG_MULTI_SZ mpssvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{8e18091c-6c33-11dc-8286-0015c5cc63b0}]
\Shell\AutoRun\command - H:\USBNB.exe
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{eabf60c3-9456-11dc-bd79-0018f3cd245e}]
\Shell\AutoRun\command - G:\Autoplay.exe -auto
.
Contents of the 'Scheduled Tasks' folder
"2008-02-08 19:34:12 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
"2008-01-12 12:35:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-11 20:04:57 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-02-07 05:09:17 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
.
************************************************** ************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-12 19:59:32
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
Completion time: 2008-02-12 20:01:03
ComboFix-quarantined-files.txt 2008-02-12 22:00:59
.
2008-01-09 05:04:38 --- E O F ---
Muchas gracias por todo lo que puedan hacer, les estare muy agradecidos.
Saludos
Ramiro
- Primero y principal, la computadora escribe muy lenta, sobre todo en el messenger, tarda un buen rato en escribir las frases, lo mismo se repite en el firefox o en algun programa de office.
- Esta muy inestable, se cuelga a cada rato, cualquier tipo de programa, y lo raro es que en el task manager la memoria no aparece como si algun programa la estaria consumiendo, o sea aparece todo normal.
-Ademas el restart o el shutdown , no funcionan quedan colgados cuando la computadora hace el loggin off, asi que la tengo que apagar manualmente.
Ahora paso a nombrar los programas que he utiizado para solucionar esto:
- Escanie la computadora con mi antivirus instalado, que es el avira, y detecto algunos adware pero nada sobresaliente.
- Luego utilize el kaspersky online que tambien detecto algunos cookies, que los resolvio pero los problemas continuaron.
-Utilize el panda antivirus online, me soluciono tambien algunos errores, menos un troyano que para que lo limpie tenia que comprar un version mejor del antivirus, pero al archivo lo localize y lo borre
- Luego utilize el SuperAntiSpyware y el SpyBot Search & Destroy 1.4 que encontraron una buena cantidad de cosas y me las sacaron.
-Tambien use el ccleaner y el regcure que hicieron bien sus cosas.
-Tambien desfragmente los discos y limpie todos los temporarios y le deje un buen espacio libre al disco.
Despues de todo esto la computadora mejoro un poco, pero los principales problemas que nombre al principio permaneciero, por eso mi duda ahora es ver si tengo algo ahi adentro que ustedes puedan ver.
TEngo los logs del hijack y combofix.
Aca esta el log del hijack:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:46:54 p.m., on 11/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Power Translator 11\LogoMedia TranslateDotNet Server.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\WINDOWS\System32\snmp.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6061207
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MI1933~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\sw g.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: LEC - {1DBAB667-A486-421e-AFE4-CF07DD0088E5} - C:\Program Files\Power Translator 11\Applications\LEC IE Translation Extension.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - Startup: OneNote Table Of Contents.onetoc2
O8 - Extra context menu item: &Save Flash In This Page by Flash Saver - C:\PROGRA~1\FLASHS~1\save.htm
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html
O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 4.00\MediaManager\grab.html
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra 'Tools' menuitem: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra button: Agregar entrada - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Agregar entrada en Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/spanish/kavwebscan_unicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/16.35/uploader2.cab
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - http://support.dell.com/systemprofiler/SysProExe.CAB
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/cabs/ascstubie.cab
O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} (SopCore Control) - http://download.sopcast.com/download/SOPCORE.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab53083.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4922EF67-5D6F-4F74-A7BF-C888E86FD040}: NameServer = 200.45.191.35,200.45.191.40
O17 - HKLM\System\CCS\Services\Tcpip\..\{951AF2B8-84C9-400B-999B-ED56329057E0}: NameServer = 200.45.191.35,200.45.191.40
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MI1933~1\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\PROGRA ~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\PROGRA~1\Google \GOOGLE~1\GOEC62~1.DLL C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\PROGRA ~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: ver32 - ver32.dll (file missing)
O20 - Winlogon Notify: winmxw32 - C:\WINDOWS\
O21 - SSODL: SysTray - DISABLED_{35CEC8A3-2BE6-11D2-8773-92E220524153} - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - GEAR Software Inc. - (no file)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - C:\Program Files\Power Translator 11\LogoMedia TranslateDotNet Server.exe
O23 - Service: Microsoft Office Diagnostics Service (odserv) - O&O Software GmbH - (no file)
O23 - Service: Office Source Engine (ose) - O&O Software GmbH - (no file)
O23 - Service: StarWind iSCSI Service (StarWindService) - Avira GmbH - (no file)
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
--
End of file - 13590 bytes
Y aca esta el log del combofix:
ComboFix 08-02-12.1 - Barra 2008-02-11 19:51:55.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.492 [GMT -2:00]
Running from: C:\downloads\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\system32\_000002_.tmp.dll
C:\WINDOWS\system32\_000003_.tmp.dll
C:\WINDOWS\system32\_000004_.tmp.dll
C:\WINDOWS\system32\_000006_.tmp.dll
C:\WINDOWS\system32\_000007_.tmp.dll
C:\WINDOWS\system32\_000008_.tmp.dll
C:\WINDOWS\system32\_000011_.tmp.dll
C:\WINDOWS\system32\_000012_.tmp.dll
----- BITS: Possible infected sites -----
hxxp://go.microsoft.com
.
((((((((((((((((((((((((( Files Created from 2008-01-12 to 2008-02-12 )))))))))))))))))))))))))))))))
.
2008-02-11 15:48 . 2008-02-11 15:48 <DIR> d-------- C:\Program Files\Vasilios Applications
2008-02-11 15:48 . 2008-02-11 15:48 17,408 --a------ C:\psapi.dll
2008-02-10 17:53 . 2008-02-10 18:07 <DIR> d-------- C:\Program Files\Panda Security
2008-02-10 17:42 . 2008-02-10 17:42 106 --a------ C:\delete.bat
2008-02-06 19:34 . 2008-02-10 12:12 <DIR> d-------- C:\Program Files\Mozilla Firefox 3 Beta 2
2008-02-05 19:04 . 2008-02-05 19:04 <DIR> d-------- C:\Program Files\Xvid
2008-02-05 18:56 . 2008-02-05 19:05 <DIR> d-------- C:\Program Files\StaxRip
2008-02-05 18:51 . 2008-02-05 18:51 <DIR> d-------- C:\Program Files\eRightSoft
2008-02-05 18:51 . 2007-12-17 11:43 27,648 ---hs---- C:\WINDOWS\system32\Smab0.dll
2008-02-03 16:18 . 2008-02-08 14:37 <DIR> d-------- C:\Documents and Settings\Barra\Application Data\CopyToDvd
2008-02-03 00:32 . 2008-02-03 00:32 <DIR> d-------- C:\Program Files\RegCure
2008-02-02 21:23 . 2008-02-02 21:23 <DIR> d-------- C:\Program Files\Lavasoft
2008-02-02 21:23 . 2008-02-02 21:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-02 20:55 . 2008-02-02 20:55 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-02 19:58 . 2008-02-02 19:58 <DIR> d-------- C:\Documents and Settings\Barra\Application Data\Nero
2008-02-02 19:54 . 2008-02-02 19:57 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-02-02 19:54 . 2008-02-02 19:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-02-02 19:21 . 2008-02-11 00:51 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-02 19:21 . 2008-02-02 19:21 <DIR> d-------- C:\Documents and Settings\Barra\Application Data\PTGui
2008-02-02 19:21 . 2008-02-02 19:21 <DIR> d-------- C:\Documents and Settings\Barra\Application Data\iolo
2008-02-02 19:21 . 2008-02-02 19:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\iolo
2008-02-01 20:08 . 2008-02-01 20:08 <DIR> d-------- C:\Documents and Settings\Barra\Application Data\TuneUp Software
2008-02-01 20:07 . 2008-02-02 19:18 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008
2008-02-01 20:07 . 2008-02-01 20:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-02-01 20:07 . 2008-02-01 20:07 306,432 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-02-01 20:07 . 2007-12-20 10:41 29,440 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-02-01 19:43 . 2008-02-02 19:18 <DIR> d-------- C:\Documents and Settings\Barra\Application Data\RegSweep
2008-02-01 17:45 . 2008-02-01 17:45 <DIR> d-------- C:\Program Files\ElcomSoft
2008-02-01 17:45 . 2008-02-01 18:26 1,328 --a------ C:\WINDOWS\APDFPRP.INI
2008-01-31 11:25 . 2008-02-02 19:19 <DIR> d-------- C:\Program Files\bwin Argentina
2008-01-30 21:34 . 2008-01-30 21:34 <DIR> d-------- C:\Program Files\Hasbro
2008-01-30 21:31 . 2008-02-02 19:19 <DIR> d-------- C:\Program Files\PowerISO
2008-01-30 14:37 . 2008-02-02 19:19 <DIR> d-------- C:\Program Files\PTGui
2008-01-28 19:47 . 2008-01-28 19:47 <DIR> d-------- C:\Program Files\Ares
2008-01-28 13:55 . 2008-01-28 13:55 <DIR> d-------- C:\Documents and Settings\Barra\Application Data\vlc
2008-01-28 13:50 . 2008-01-28 13:54 <DIR> d-------- C:\Documents and Settings\Barra\Application Data\MozillaControl
2008-01-28 13:48 . 2008-01-28 13:48 <DIR> d-------- C:\Program Files\VideoLAN
2008-01-28 13:47 . 2008-01-28 13:48 <DIR> d-------- C:\Program Files\Mozilla ActiveX Control v1.7.12
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-02-11 17:59 --------- d-----w C:\Program Files\PokerStars
2008-02-11 17:50 --------- d-----w C:\Documents and Settings\Barra\Application Data\uTorrent
2008-02-11 02:51 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-02-11 02:51 --------- d-----w C:\Documents and Settings\Barra\Application Data\SUPERAntiSpyware.com
2008-02-11 02:51 --------- d-----w C:\Documents and Settings\Barra\Application Data\MegauploadToolbar
2008-02-11 01:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-02-10 23:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-10 23:10 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-02-10 22:45 --------- d---a-w C:\Program Files\Servant Salamander 2.5 RC1
2008-02-10 02:17 --------- d-----w C:\Program Files\MP3 Workshop
2008-02-08 16:37 --------- d-----w C:\Documents and Settings\Barra\Application Data\Vso
2008-02-06 22:00 --------- d-----w C:\Program Files\eMule
2008-02-05 21:03 --------- d-----w C:\Program Files\AviSynth 2.5
2008-02-03 18:15 --------- d-----w C:\Program Files\vso
2008-02-02 21:54 --------- d-----w C:\Program Files\Nero
2008-02-02 21:47 --------- d-----w C:\Program Files\Common Files\Ahead
2008-02-02 21:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-02 21:20 --------- d-----w C:\Documents and Settings\Barra\Application Data\InstallShield
2008-02-02 18:11 --------- d-----w C:\Program Files\Joost
2008-02-01 21:16 --------- d-----w C:\Program Files\Startup Select
2008-02-01 17:19 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-01-11 21:08 --------- d-----w C:\Program Files\Flux
2008-01-08 21:15 --------- d-----w C:\Program Files\pRSSreader
2008-01-04 03:29 --------- d-----w C:\Program Files\ZIO
2008-01-03 17:10 --------- d-----w C:\Program Files\Ateksoft
2008-01-02 18:03 --------- d-----w C:\Program Files\Sony Ericsson
2008-01-02 17:13 --------- d-----w C:\Documents and Settings\Barra\Application Data\Skype
2008-01-02 16:32 --------- d-----w C:\Documents and Settings\Barra\Application Data\skypePM
2008-01-02 05:27 --------- d-----w C:\Program Files\ZIO Interactive
2008-01-02 05:07 --------- d-----w C:\Program Files\PDAmill
2008-01-02 04:32 --------- d-----w C:\Program Files\PocketDivx
2008-01-02 02:34 --------- d-----w C:\Program Files\Picasa2
2007-12-31 23:57 --------- d-----w C:\Program Files\Microsoft Silverlight
2007-12-27 00:54 --------- d-----w C:\Program Files\Windows Live
2007-12-27 00:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-12-26 22:59 --------- d-----w C:\Program Files\Power Translator 11
2007-12-26 18:38 --------- d-----w C:\Program Files\Power Translator
2007-12-23 09:18 --------- d-----w C:\Program Files\Opera
2007-12-22 21:27 --------- d-----w C:\Program Files\Cadsoft
2007-12-22 19:55 --------- d-----w C:\Program Files\Soulseek-Test
2007-12-20 17:42 --------- d-----w C:\Program Files\CDisplay
2007-12-20 11:33 --------- d-----w C:\Program Files\MegauploadToolbar
2007-12-17 20:32 --------- d-----w C:\Program Files\Electronic Arts
2007-12-16 19:03 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2007-12-16 18:36 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2007-12-14 13:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-13 05:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-12-12 17:28 --------- d-----w C:\Program Files\DkZ Studio
2007-11-29 18:35 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-11-13 11:31 399,360 ----a-w C:\WINDOWS\system32\Smab.dll
2007-06-04 19:04 0 ----a-w C:\Documents and Settings\Barra\Application Data\wklnhst.dat
2007-04-21 20:03 87,608 ----a-w C:\Documents and Settings\Barra\Application Data\ezpinst.exe
2007-04-21 20:03 47,360 ----a-w C:\Documents and Settings\Barra\Application Data\pcouffin.sys
2002-08-27 08:47 62,594 ----a-w C:\Program Files\viewsonicinstruct_xp.pdf
2007-10-30 18:46 88 --sh--r C:\WINDOWS\system32\219DC67799.sys
2007-10-12 17:30 8 --sh--r C:\WINDOWS\system32\66C83614B6.sys
2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-10-30 18:46 2,672 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-02-21 11:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:00 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 14:39 1289000]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 13:48 761947]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-11-04 19:34 249896]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 09:51 1836328]
C:\Documents and Settings\Barra\Start Menu\Programs\Startup\
OneNote Table Of Contents.onetoc2 [2007-07-24 13:48:41 3656]
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"DisallowRun"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ver32]
ver32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winmxw32]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\PROGR A~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\PROGRA~1\Googl e\GOOGLE~1\GOEC62~1.DLL C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\PROGRA ~1\Google\GOOGLE~1\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-disabled]
"CloneDVDElbyDelay"="C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
"ElbyCheckAnyDVD"="C:\Program Files\SlySoft\AnyDVD\ElbyCheck.exe" /L AnyDVD
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
"Dell QuickSet"=C:\Program Files\Dell\QuickSet\Quickset.exe
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
"OODefragTray"=C:\WINDOWS\system32\oodtray.exe
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
"PowerTranslator Pro OLR"=C:\PROGRA~1\BVRPSO~1\POWERT~1\BVRPOlr.exe /PowerTranslator Pro
"Adobe_ID0EYTHM"=C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VE RSIO~2.EXE
R1 MPSHLPR;MPSHLPR;C:\WINDOWS\system32\DRIVERS\mpshlp r.sys [2005-05-24 09:51]
R1 SSHDRV84;SSHDRV84;C:\WINDOWS\system32\drivers\SSHD RV84.sys [2007-08-14 21:52]
R2 mpsdrv;MPSDrv;C:\WINDOWS\system32\DRIVERS\mpsdrv.s ys [2005-05-24 09:51]
S3 SPCA508A;TC-111A;C:\WINDOWS\system32\DRIVERS\SP508PIX.SYS [2000-08-21 00:46]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
mpssvc REG_MULTI_SZ mpssvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{8e18091c-6c33-11dc-8286-0015c5cc63b0}]
\Shell\AutoRun\command - H:\USBNB.exe
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{eabf60c3-9456-11dc-bd79-0018f3cd245e}]
\Shell\AutoRun\command - G:\Autoplay.exe -auto
.
Contents of the 'Scheduled Tasks' folder
"2008-02-08 19:34:12 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
"2008-01-12 12:35:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-11 20:04:57 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-02-07 05:09:17 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
.
************************************************** ************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-12 19:59:32
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
Completion time: 2008-02-12 20:01:03
ComboFix-quarantined-files.txt 2008-02-12 22:00:59
.
2008-01-09 05:04:38 --- E O F ---
Muchas gracias por todo lo que puedan hacer, les estare muy agradecidos.
Saludos
Ramiro