Ver la Versión Completa : comine.exe controlado mas no eliminado (Solucionado)
wuatzuki 26/04/08, 15:46:11 hola a todos ...
hoce unos dias me hicieron el favor de pasarme un virus que responde al nombre de comine.exe
lo primero que note es que me elimino el antivirus (uso nod 32) no aparece en la barra de tareas, me voy a su carpeta y lo intento ejecutar y nada....me voy a inicio ejecutar y escribo msconfig (para ver que procesos se inician) y nada presiono ctrl + alt + supr y NADA me dice que el administrador de tareas a sido desabilitado por un administrador (valla cosa), intento iniciar en modo a prueba de fallos y al momento que elijo iniciar en modo seguro me sale la pantalla azul que winds a sido apagado para evitar daños (antes ya habia iniciado en modo seguro y iniciaba como debe ser)
buscandole me di cuenta que asi como el amvo este no me dejaba ver las carpetas ocultas, asi que ejecute el scrip de my geek side que es para eliminar el amvo y sus variantes y me dice procediendo a eliminar comine ooooooo valla sorpresa terminando esto ya puedo ver las carpetas ocultas, pero nmo puedo eliminar el virus, cualquier dispositivo que conecto se pasa el comine.exe y un autorun de my geek side (sirve para que no se infecte mi usb) lo intento eliminar manualmente el comine pero a los 3 seg tengo otro... ya no se que hacer espero alguien me pueda ayudar
de antemano gracias....
mi maquina: windows xp bj7
antivirus nod 32
spywere doctor (este no me detecta nada)
thecat_re 26/04/08, 16:06:35 Hola wuatzuki :manos:
Descarga, actualiza y ejecuta el programa: SUPERAntiSpyware
Descarga CCleaner (http://www.forospyware.com/t105564.html) y ejecútalo usando primero su opción de "Limpiador" para borrar cookies, temporales de Internet y todos los archivos que este te muestre como obsoletos, y luego usa su opción de "Registro" para limpiar todo el registro de Windows (haciendo copia de seguridad).
.:cf_icon:. - Descarga la herramienta ComboFix.exe (http://www.forospyware.com/sUBs/ComboFix.exe) y guárdala en el escritorio. Desactiva temporalmente el Antivirus y/o Antispyware. Cierra todas las ventanas abiertas. Hacele doble clic al archivo ComboFix.exe y seguí las instrucciones. Cuando termine, generara un registro en C:\ComboFix.txt. *Nota* Mientras CF este trabajando no mover el mouse ya que pararía su proceso. *Nota* ComboFix puede reiniciar automáticamente el PC para completar el proceso de eliminación. Atención!! No use ComboFix a menos que se le haya indicado específicamente en su mensaje por un integrante de nuestro Staff (http://www.forospyware.com/showgroups.php). Es una herramienta de gran alcance destinada por su creador a ser usada bajo la orientación y supervisión de un experto, no para uso privado. El uso de ComboFix incorrectamente podría generar problemas en su sistema. Por favor, lea las "Negaciones de la Garantía" de ComboFix.
Reinicia y pega el reporte de C:\ComboFix.txt en este mismo mensaje. junto a un reporte de Kaspersky Online Escaner (http://www.forospyware.com/t55793.html) para analizarlos.
Saludos nos Comentas. ;)
wuatzuki 26/04/08, 17:51:39 e aqui el resultado de combo fix
ComboFix 08-04-24.1 - Administrador 2008-04-26 15:34:54.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.3082.18.1552 [GMT 2:00]
Se ejecuta desde: C:\Documents and Settings\Administrador\Escritorio\ComboFix.exe
* Creado un nuevo punto de restauración
* Resident AV is active
ADVERTENCIA - ESTE EQUIPO NO TIENE INSTALADA LA CONSOLA DE RECUPERACION!
.
(((((((((((((((((((((((((((((((((((( Otras eliminaciones )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Autorun.inf
D:\Autorun.inf
.
(((((((((((((((((( Archivos creados desde 2008-03-26 - 2008-04-26 )))))))))))))))))))))))))))))))))
.
2008-04-26 15:10 . 2008-04-26 15:10 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\SUPERAntiSpyware.com
2008-04-26 15:10 . 2008-04-26 15:10 <DIR> d-------- C:\Documents and Settings\Administrador\Datos de programa\SUPERAntiSpyware.com
2008-04-26 15:10 . 2008-04-26 15:10 <DIR> d-------- C:\Archivos de programa\SUPERAntiSpyware
2008-04-25 18:57 . 2008-04-25 18:57 <DIR> d-------- C:\Sierra
2008-04-25 18:57 . 2008-04-25 18:57 225 --a------ C:\WINDOWS\SIERRA.INI
2008-04-24 21:48 . 2007-01-18 14:00 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
2008-04-24 13:37 . 2008-04-24 13:37 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-24 10:42 . 2007-12-14 03:41 30,025 ---hs---- C:\comine.exe
2008-04-19 19:44 . 2008-04-19 19:44 <DIR> d-------- C:\Archivos de programa\C-Media USB2.0 Card Reader
2008-04-19 18:36 . 2007-12-14 03:41 30,025 ---hs---- C:\WINDOWS\system32\comine.exe
2008-04-19 18:36 . 2008-04-26 15:35 166 ---hs---- C:\AutoRun.inf
2008-04-15 11:03 . 2008-04-15 11:03 <DIR> d-------- C:\WINDOWS\system32\xircom
2008-04-15 11:03 . 2008-04-15 11:03 <DIR> d-------- C:\WINDOWS\system32\oobe
2008-04-15 11:03 . 2008-04-15 11:03 <DIR> d-------- C:\WINDOWS\srchasst
2008-04-15 11:03 . 2008-04-15 11:03 <DIR> d-------- C:\WINDOWS\msagent
2008-04-15 11:03 . 2008-04-15 11:03 <DIR> d-------- C:\Archivos de programa\microsoft frontpage
2008-04-14 16:24 . 2008-04-14 16:24 <DIR> d-------- C:\Archivos de programa\Microsoft Games
2008-04-14 11:55 . 2008-04-14 11:55 <DIR> d-------- C:\Documents and Settings\Administrador\Datos de programa\PC Tools
2008-04-14 11:55 . 2008-04-24 11:33 <DIR> d-------- C:\Archivos de programa\Spyware Doctor
2008-04-14 11:55 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2008-04-14 11:55 . 2008-04-14 11:58 83,536 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-04-14 11:55 . 2008-04-14 11:58 59,984 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-04-14 11:55 . 2008-04-14 11:57 52,304 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-04-14 11:55 . 2008-04-14 11:57 39,248 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys
2008-04-14 11:55 . 2008-04-14 11:57 26,064 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-04-12 16:03 . 2008-04-18 20:55 32 --a------ C:\WINDOWS\CD_Start.INI
2008-04-11 20:10 . 2008-04-11 20:10 <DIR> d-------- C:\Documents and Settings\Administrador\Datos de programa\Media Player Classic
2008-04-10 20:38 . 2008-04-10 20:39 <DIR> d-------- C:\Archivos de programa\Ares
2008-04-10 20:00 . 2008-04-25 17:20 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-04-09 21:26 . 2008-04-22 20:56 <DIR> d-------- C:\Documents and Settings\Administrador\Datos de programa\U3
2008-04-09 19:32 . 2008-04-09 19:32 <DIR> d-------- C:\Documents and Settings\Administrador\Datos de programa\Ahead
2008-04-09 19:32 . 2008-04-09 19:32 <DIR> d-------- C:\Archivos de programa\Nero
2008-04-09 19:32 . 2008-04-09 19:32 <DIR> d-------- C:\Archivos de programa\Archivos comunes\Ahead
2008-04-09 19:32 . 2004-07-26 17:16 1,568,768 --a------ C:\WINDOWS\system32\imagX7.dll
2008-04-09 19:32 . 2003-03-18 21:12 1,047,552 --a------ C:\WINDOWS\system32\mfc71u.dll
2008-04-09 19:32 . 2004-07-26 17:16 476,320 --a------ C:\WINDOWS\system32\imagXpr7.dll
2008-04-09 19:32 . 2004-07-26 17:16 471,040 --a------ C:\WINDOWS\system32\imagXRA7.dll
2008-04-09 19:32 . 2004-07-09 09:43 364,544 --a------ C:\WINDOWS\system32\TwnLib4.dll
2008-04-09 19:32 . 2004-07-26 17:16 262,144 --a------ C:\WINDOWS\system32\imagXR7.dll
2008-04-08 15:22 . 2008-04-08 17:23 <DIR> d-------- C:\Archivos de programa\ABBYY FineReader 6.0 Sprint
2008-04-08 15:21 . 2008-04-08 15:21 <DIR> d-------- C:\WINDOWS\system32\PhotoImpression Slideshow
2008-04-08 15:21 . 2008-04-08 15:21 <DIR> d-------- C:\Documents and Settings\Administrador\Datos de programa\ArcSoft
2008-04-08 15:21 . 2008-04-08 15:21 <DIR> d-------- C:\Archivos de programa\Archivos comunes\ArcSoft
2008-04-08 15:21 . 2008-04-08 15:21 <DIR> d-------- C:\Archivos de programa\ArcSoft
2008-04-08 15:21 . 2004-12-07 10:11 258,352 --a------ C:\WINDOWS\system32\unicows.dll
2008-04-08 15:21 . 1995-08-01 04:44 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL
2008-04-08 15:21 . 2006-10-26 09:37 126,976 --a------ C:\WINDOWS\system32\PhotoImpression Slideshow.scr
2008-04-08 15:21 . 2005-02-23 14:58 11,776 --a------ C:\WINDOWS\system32\drivers\afc.sys
2008-04-08 13:56 . 2008-04-08 13:56 <DIR> d-------- C:\WINDOWS\Sun
2008-04-08 12:58 . 2004-05-14 16:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
2008-04-08 12:58 . 2004-05-14 16:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
2008-04-08 12:58 . 2004-05-14 16:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
2008-04-08 12:58 . 2004-05-14 16:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
2008-04-08 12:58 . 2004-01-12 02:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
2008-04-08 12:58 . 2004-05-14 16:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
2008-04-08 12:58 . 2003-11-04 15:10 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
2008-04-08 12:58 . 2004-05-14 16:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll
2008-04-08 12:38 . 2007-07-29 14:47 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-04-08 12:38 . 2007-07-29 14:47 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-04-07 16:14 . 2008-04-08 15:16 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\EPSON
2008-04-07 16:14 . 2006-12-08 04:04 76,800 --a------ C:\WINDOWS\system32\E_FLBCAL.DLL
2008-04-07 16:14 . 2006-04-19 04:00 62,976 --a------ C:\WINDOWS\system32\E_FD4BCAL.DLL
2008-04-07 16:14 . 2007-07-29 14:47 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-04-07 16:14 . 2007-07-29 14:47 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-04-07 16:14 . 2006-07-12 03:00 5,385 --a------ C:\WINDOWS\EPBUYINK.HTM
2008-04-07 13:36 . 2008-04-25 20:37 524 --a------ C:\hpfr3420.xml
2008-04-07 13:11 . 2008-04-25 13:39 <DIR> d-------- C:\Documents and Settings\Administrador\Contacts
2008-04-07 12:18 . 2008-04-07 12:18 8,192 --a------ C:\WINDOWS\REGLOCS.OLD
2008-04-07 12:13 . 2008-04-07 12:13 <DIR> d-------- C:\WINDOWS\system32\es-es
2008-04-07 12:06 . 2008-04-07 12:57 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\WLInstaller
2008-04-07 12:06 . 2008-04-07 13:01 <DIR> d-------- C:\Archivos de programa\Windows Live
2008-04-07 12:06 . 2008-04-07 12:06 <DIR> d--hsc--- C:\Archivos de programa\Archivos comunes\WindowsLiveInstaller
2008-04-07 11:59 . 2008-04-07 11:59 <DIR> d-------- C:\WINDOWS\Samsung
2008-04-07 11:59 . 2003-11-17 20:24 208,896 --------- C:\WINDOWS\system32\SSRemove.exe
2008-04-07 11:59 . 2005-03-03 13:32 151,552 --a------ C:\WINDOWS\system32\SSCoInst.exe
2008-04-07 11:59 . 2004-10-11 21:25 57,344 --a------ C:\WINDOWS\system32\SSCoInst.dll
2008-04-07 11:59 . 2004-05-17 22:04 41,984 --------- C:\WINDOWS\system32\drivers\DGIVECP.SYS
2008-04-07 11:59 . 2005-04-08 11:29 20,622 --a------ C:\WINDOWS\system32\SUGS1LMK.DLL
2008-04-07 11:59 . 2003-07-21 20:50 8,478 --------- C:\WINDOWS\system32\SP119.ICO
2008-04-07 11:59 . 2005-01-13 19:47 604 --a------ C:\WINDOWS\system32\SUGS1LMK.SMT
2008-04-07 11:58 . 2008-04-07 11:58 <DIR> d-------- C:\Archivos de programa\hp deskjet 3420 series
2008-04-07 11:58 . 2007-07-29 14:47 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-04-07 11:58 . 2008-04-07 11:58 849 --a------ C:\WINDOWS\hpinfo.lnk
2008-04-07 11:57 . 2008-04-07 11:57 <DIR> d-------- C:\Archivos de programa\Hewlett-Packard
2008-04-07 05:47 . 2008-04-08 15:22 <DIR> d-------- C:\Archivos de programa\epson
2008-04-07 05:44 . 2008-04-07 05:44 <DIR> d-------- C:\WINDOWS\PixArt
2008-04-07 05:44 . 2008-04-07 05:44 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-04-07 05:44 . 2008-04-07 05:44 <DIR> d-------- C:\Archivos de programa\Archivos comunes\PAC207
2008-04-07 05:44 . 2005-04-03 20:56 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll
2008-04-07 05:44 . 2006-07-11 18:35 503,808 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-04-07 05:44 . 2006-11-03 10:59 48,128 --a------ C:\WINDOWS\system32\Remove.exe
2008-04-07 05:44 . 2005-01-28 14:15 7,064 --a------ C:\WINDOWS\system32\WMVCORE.lib
2008-04-07 05:44 . 2007-05-09 14:20 284 --a------ C:\WINDOWS\system32\Remover.ini
2008-04-07 05:43 . 2008-04-07 05:43 <DIR> d-------- C:\WINDOWS\Album
2008-04-07 05:43 . 2008-04-07 05:43 <DIR> d-------- C:\Documents and Settings\Administrador\Datos de programa\InstallShield
2008-04-07 05:43 . 2008-04-07 05:43 <DIR> d-------- C:\Archivos de programa\KYE
2008-04-07 05:41 . 2008-04-16 16:13 <DIR> d-------- C:\Archivos de programa\Total Video Converter
2008-04-07 05:41 . 2000-05-22 22:58 608,448 --a------ C:\WINDOWS\system32\comctl32.ocx
2008-04-07 05:36 . 2007-07-05 22:00 466,944 -ra------ C:\WINDOWS\713xRMT.exe
2008-04-07 05:35 . 2007-07-29 14:47 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2008-04-07 05:34 . 2008-04-07 05:34 <DIR> d-------- C:\Archivos de programa\TV Expert
2008-04-07 05:27 . 2008-04-07 05:27 <DIR> d-------- C:\WINDOWS\nview
2008-04-07 05:27 . 2007-05-11 08:03 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-04-07 05:27 . 2007-05-11 08:03 115,999 --a------ C:\WINDOWS\system32\nvapps.xml
2008-04-07 05:27 . 2007-05-11 08:03 17,431 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-04-07 05:26 . 2007-05-10 18:39 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-04-07 05:20 . 2008-04-07 05:20 <DIR> d-------- C:\Program Files
2008-04-07 05:20 . 2008-04-07 05:20 <DIR> d-------- C:\Archivos de programa\ASUS
2008-04-07 05:20 . 2006-01-10 10:50 24,576 -ra------ C:\WINDOWS\system32\AsIO.dll
2008-04-07 05:20 . 2006-10-18 21:12 12,664 -ra------ C:\WINDOWS\system32\drivers\AsIO.sys
2008-04-07 05:20 . 2006-10-19 03:11 12,096 --a------ C:\WINDOWS\system32\drivers\AsInsHelp64.sys
2008-04-07 05:20 . 2006-10-19 03:11 10,304 --a------ C:\WINDOWS\system32\drivers\AsInsHelp32.sys
2008-04-07 05:19 . 2008-04-07 05:20 666 --a------ C:\WINDOWS\setup.iss
2008-04-06 22:05 . 2008-04-06 22:05 <DIR> d-------- C:\WINDOWS\system32\Lang
2008-04-06 22:05 . 2008-04-06 22:05 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
2008-04-06 22:05 . 2007-07-29 14:46 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2008-04-06 22:05 . 2008-04-06 22:05 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
2008-04-06 22:05 . 2007-07-29 14:46 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2008-04-06 22:04 . 2007-07-29 14:47 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2008-04-06 22:04 . 2007-07-29 14:46 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2008-04-06 22:02 . 2008-04-06 22:02 <DIR> d-------- C:\WINDOWS\system32\Attansic
2008-04-06 22:02 . 2008-04-06 22:02 <DIR> d-------- C:\Archivos de programa\Attansic
2008-04-06 22:02 . 2007-07-29 14:46 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2008-04-06 22:02 . 2007-07-29 14:47 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-06 22:02 . 2007-07-29 14:47 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
.
(((((((((((((((((((((((((((((((((((((( Reporte Find3M )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
2008-04-24 19:47 --------- d-----w C:\Archivos de programa\Archivos comunes\Wise Installation Wizard
2008-04-22 15:26 --------- d-----w C:\Archivos de programa\Eset
2008-04-19 17:44 7,164 ----a-w C:\WINDOWS\system32\drivers\CMFileDisk.sys
2008-04-19 17:44 626,688 ----a-w C:\WINDOWS\system32\SecurityBox.exe
2008-04-19 17:44 385,024 ----a-w C:\WINDOWS\system32\CMBox.exe
2008-04-19 17:44 28,672 ----a-w C:\WINDOWS\system32\DiskMount.exe
2008-04-17 10:49 --------- d-----w C:\Archivos de programa\Unlocker
2008-04-14 10:24 --------- d-----w C:\Archivos de programa\Java
2008-04-09 17:32 --------- d-----w C:\Archivos de programa\Archivos comunes\Ahead
2008-04-09 17:32 --------- d-----w C:\Archivos de programa\Archivos comunes
2008-04-08 13:21 --------- d-----w C:\Archivos de programa\Archivos comunes\ArcSoft
2008-04-07 11:00 --------- d-----w C:\Archivos de programa\Archivos comunes\Microsoft Shared
2008-04-07 03:44 --------- d-----w C:\Archivos de programa\Archivos comunes\InstallShield
2008-04-06 20:00 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-04-06 19:52 --------- d-----w C:\Archivos de programa\Intel
2008-04-06 19:02 --------- d-----w C:\Archivos de programa\Archivos comunes\SpeechEngines
2008-04-06 19:02 --------- d-----w C:\Archivos de programa\Archivos comunes\ODBC
2008-04-06 18:47 --------- d-----w C:\Documents and Settings\All Users\Datos de programa\Microsoft Help
2008-04-06 18:47 --------- d-----w C:\Archivos de programa\MSBuild
2008-04-06 18:47 --------- d-----w C:\Archivos de programa\Microsoft Works
2008-04-06 18:47 --------- d-----w C:\Archivos de programa\Archivos comunes\DESIGNER
2008-04-06 18:46 --------- d-----w C:\Archivos de programa\Microsoft.NET
2008-04-06 18:44 --------- d-----w C:\Archivos de programa\Microsoft Visual Studio 8
2008-04-06 18:44 --------- d-----w C:\Archivos de programa\Archivos comunes\System
2008-04-06 18:31 --------- d-----w C:\Archivos de programa\TaskSwitchXP
2008-04-06 18:30 --------- d-----w C:\Documents and Settings\Administrador\Datos de programa\TuneUp Software
2008-04-06 18:30 --------- d-----w C:\Archivos de programa\TuneUp Utilities 2007
2008-04-06 18:29 --------- d-----w C:\Archivos de programa\Windows Media Connect 2
2008-04-06 18:29 --------- d-----w C:\Archivos de programa\My Company Name
2008-04-06 18:28 512,096 ----a-w C:\WINDOWS\system32\drivers\amon.sys
2008-04-06 18:28 298,104 ----a-w C:\WINDOWS\system32\imon.dll
2008-04-06 18:28 15,424 ----a-w C:\WINDOWS\system32\drivers\nod32drv.sys
2008-04-06 18:28 --------- d-----w C:\Archivos de programa\Lavalys
2008-04-06 18:28 --------- d-----w C:\Archivos de programa\K-Lite Codec Pack
2008-04-06 18:28 --------- d-----w C:\Archivos de programa\HashTab Shell Extension
2008-04-06 18:28 --------- d-----w C:\Archivos de programa\DAMN NFO Viewer
2008-04-06 18:28 --------- d-----w C:\Archivos de programa\CCleaner
2008-04-06 18:28 --------- d-----w C:\Archivos de programa\Archivos comunes\Java
2008-04-06 18:27 --------- d-----w C:\Archivos de programa\Archivos comunes\Adobe
2008-04-06 18:27 --------- d-----w C:\Archivos de programa\Alcohol Soft
2008-04-06 18:10 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-04-06 18:08 --------- d-----w C:\Archivos de programa\Archivos comunes\Services
2008-04-06 18:08 --------- d-----w C:\Archivos de programa\Archivos comunes\MSSoap
2006-06-23 06:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe
2007-12-14 01:41 30,025 --sh--w C:\WINDOWS\system32\comine.exe
.
------- Sigcheck -------
2007-07-29 14:46 579072 237fb93c6b4330d8ee7d2448cf71c5ed C:\WINDOWS\system32\user32.dll
2007-07-30 01:08 360576 c79df4477c0d82bb045cbc50e2b677e9 C:\WINDOWS\system32\drivers\tcpip.sys
2007-07-29 14:46 2019840 53ff54334b619c46e0919f1f7d112493 C:\WINDOWS\system32\ntkrnlpa.exe
2007-07-29 14:46 2140160 5501760f52eb0930e89992600a4d4592 C:\WINDOWS\system32\ntoskrnl.exe
2007-07-29 14:45 953856 e9c19fd131d46eb3ef52b7a31ef33a90 C:\WINDOWS\explorer.exe
2007-07-29 14:45 1035776 dbb6b75cc6cb2cf8ec0bafca08aed6be C:\WINDOWS\XPize\Backup\explorer.exe
2004-08-19 15:42 30208 84ad8e1b758c1abea80cfcc087be0ed3 C:\WINDOWS\system32\ctfmon.exe
2004-08-19 15:42 15360 25ecfa69af1563fde8dfd31f9954497a C:\WINDOWS\XPize\Backup\ctfmon.exe
.
((((((((((((((((((((((((((((((((( Cargando Puntos Reg ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* entradas vacías & entradas legítimas predeterminadas no son mostradas
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"TaskSwitchXP"="C:\Archivos de programa\TaskSwitchXP\TaskSwitchXP.exe" [2006-08-05 00:29 62976]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:42 30208]
"MsnMsgr"="C:\Archivos de programa\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"EPSON Stylus CX5600 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIC AL.exe" [2007-01-25 08:00 179200]
"AlcoholAutomount"="C:\Archivos de programa\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 12:29 220544]
"SUPERAntiSpyware"="C:\Archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]
CONTINUA.....
wuatzuki 26/04/08, 17:55:13 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SunJavaUpdateSched"="C:\Archivos de programa\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"nod32kui"="C:\Archivos de programa\Eset\nod32kui.exe" [2008-04-06 20:28 949376]
"UnlockerAssistant"="C:\Archivos de programa\Unlocker\UnlockerAssistant.exe" [2006-09-07 19:19 15872]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 08:49 16126464 C:\WINDOWS\RTHDCPL.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-05-11 08:03 8429568]
"nwiz"="nwiz.exe" [2007-05-11 08:03 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-05-11 08:03 81920]
"TV Card Remote Control Device Monitor"="C:\WINDOWS\713xRMT.exe" [2007-07-05 22:00 466944]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 7.exe" [2003-05-16 07:58 188416]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 15:42 30208]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
"nltide_3"="advpack.dll" [2007-08-13 18:39 123904 C:\WINDOWS\system32\advpack.dll]
C:\Documents and Settings\All Users\Men£ Inicio\Programas\Inicio\
TV Expert Schedule Agent.lnk - C:\Archivos de programa\TV Expert\ADTVScheduleAgent.exe [2008-04-07 05:34:42 35840]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"DisableStatusMessages"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer]
"NoDesktopCleanupWizard"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Archivos de programa\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ADVXDWIN]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\alertsvc.exe]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ALOGSERV]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\amon.exe]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AMON9X]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\anti - trojan.exe]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\antivir]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ANTS]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\arvmon.exe]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ATCON]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ATUPDATER]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ATWATCH]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AutoGuarder.exe]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AutoTrace]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVGCC32]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AvgServ]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVGSERV9]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVGW]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avkpop]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AvkServ]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avkservice]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avkwctl9]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avpmon.exe]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avpnt.exe]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Avrep32.exe]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avsynmgr.exe]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVWINNT]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVXMONITOR9X]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVXMONITORNT]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVXQUAR]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVXW]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\BullGuard]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CCAPP.EXE]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cfgWiz]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cfind.exe]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\claw95ct.exe]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\clrav.com]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CMGRDIAN]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CONNECTIONMONITOR]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CPDClnt]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CTRL]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\defalert]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\defscangui]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\DEFWATCH]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\DOORS]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dv95.exe]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dv95_o.exe]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\EFINET32.EXE]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\EFPEADM]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\espwatch.exe]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ETRUSTCIPE]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\EVPN]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\EXPERT]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\f - agnt95.exe]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\f - prot.exe]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\f - prot95.exe]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\f - stopw.exe]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fameh32]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fch32]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fih32]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\filemon.exe]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\findt2005.exe]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fnrb32]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fp - win.exe]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FPROT95.EXE]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsaa]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsav32]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsgk32]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsm32]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsma32]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsmb32]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\gbmenu]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\GBPOLL]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\GENERICS]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\GUARD]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\IAMSTATS]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\icmoon.exe]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\icssuppnt.exe]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\IsHelp.exe]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ISRV95]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\jed.exe]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\killhidepid.exe]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kpf.exe]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\LDPROMENU]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\LDSCAN]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\lockdownadvanced.exe]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\lucomserver.exe]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\LUSPT]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcafee]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MCAGENT]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MCMNHDLR]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MCTOOL]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MCUPDATE]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MCVSRTE]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MCVSSHLD]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MGHTML]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MINILOG]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Monitor.exe]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MPFSERVICE]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MWATCH]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\n32scan.exe]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NAVENGNAVEX15]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\navrunr.exe]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\navsched.exe]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\navw.exe]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ndd32]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NeoWatchLog]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\netutils]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nisserv.exe]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\notstart.exe]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\npscheck]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\npssvc]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nsched32.exe]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Nspclean.exe]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ntrtscan]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NTVDM]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NTXconfig]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NVSVC32]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NWService]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NWTOOL16]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\offguard.exe]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\outpost.exe]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PADMIN]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\padmin.exe]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pav.exe]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pavmail.exe]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pavproxy]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pcciomon.exe]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pccmain.exe]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pccwin97]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pcntmon]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pcscan]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\per.exe]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\perd.exe]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pertsk.exe]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\perupd.exe]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pervac.exe]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pervacd.exe]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pfwagent.exe]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pfwcon.exe]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\POP3TRAP]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\POPROXY]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PORTMONITOR]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pqremove.com]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PROCESSMONITOR]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\procexp]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PROGRAMAUDITOR]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pview95]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pview95.exe]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rapapp.exe]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RavCopy.exe]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RavStore.exe]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ravt08.exe]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\REALMON]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\regedt32.exe]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\regmon.exe]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rescue.exe]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rfwolusr.exe]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RTVSCN95]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RULAUNCH]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sbserv]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sfc.exe]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\smartassistant.exe]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SPYXX]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SREngPS.exe]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SS3EDIT]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SweepNet]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SWNETSUP]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SymProxySvc]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SYMTRAY]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\syscheck.exe]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Syscheck2.exe]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TAUMON]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TCM]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TDS - 3 ]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\tds2 - 98.exe]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\tds2 - nt.exe]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TFAK]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\th.exe]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\th32.exe]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\th32upd.exe]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\thav.exe]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\thd.exe]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\thd32.exe]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\thmail.exe]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ToolsUp.exe]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vbcmserv]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VbCons]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VCONTROL.EXE]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VET32.EXE]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vet98.exe]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VIR - HELP]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VPC32]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VPTRAY]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VSMAIN]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vsmon]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vsscan40.exe]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\WATCHDOG]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\webscan.exe]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\WEBTRAP]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\WGFE95]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\WIMMUN32]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\WrAdmin]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\WrCtrl]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ZAP.EXE]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ZAPD.EXE]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ZAPPRG.EXE]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\zapro.exe]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ZAPS.EXE]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ZCAP.EXE]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\zlclient.exe]
Debugger=C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
"Ai Nap"="C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe"
"Adobe Reader Speed Launcher"="C:\Archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"Monitor"=C:\WINDOWS\PixArt\PAC207\Monitor.exe
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Archivos de programa\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Archivos de programa\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Archivos de programa\\Ares\\Ares.exe"=
"C:\\Archivos de programa\\Microsoft Games\\Age of Empires II\\empires2.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\Sierra\\Empire Earth\\Empire Earth.exe"=
R1 CMFileDisk;CMFileDisk;C:\WINDOWS\system32\drivers\ CMFileDisk.sys [2008-04-19 19:44]
R2 UxTuneUp;TuneUp Ampliación del thema;C:\WINDOWS\System32\svchost.exe [2004-08-19 15:43]
R3 3xHybrid;SAA713x TV Card Service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2007-08-15 22:00]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\DRIVERS\atl01_xp.sy s [2007-03-15 08:12]
R3 USBSTOR;Dispositivo de almacenamiento masivo de datos USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2007-07-29 14:47]
S3 CMISTOR;CMIUCR.SYS CM320/CM220 Card Reader Driver;C:\WINDOWS\system32\DRIVERS\cmiucr.SYS [2007-01-05 11:21]
S3 PAC207;Eye 110;C:\WINDOWS\system32\DRIVERS\PFC027.SYS [2006-12-05 11:34]
S3 usbscan;Controlador de escáner USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2007-07-29 14:47]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{02e00b2d-0b97-11dd-aa5e-001d60c2c7bc}]
\Shell\AutoRun\command - F:\comine.exe
\Shell\Explore\Command - F:\comine.exe
\Shell\Open\Command - F:\comine.exe
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{02e00b32-0b97-11dd-aa5e-001d60c2c7bc}]
\Shell\Auto\command - G:\MSOCache\doWTP_RESTORE.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MSOCache\doWTP_RESTORE.exe
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{6aa8769d-097e-11dd-aa59-001d60c2c7bc}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL nircmd.exe execmd CALL winsystem\moddown.exe
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{85aa571b-1116-11dd-aa74-001d60c2c7bc}]
\Shell\AutoRun\command - game666.exe
\Shell\open\command - game666.exe
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{97780c06-04c3-11dd-aa49-001d60c2c7bc}]
\Shell\AutoRun\command - comine.exe
\Shell\Explore\Command - F:\comine.exe
\Shell\Open\Command - F:\comine.exe
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{9c5736ba-0cb2-11dd-aa63-001d60c2c7bc}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL nircmd.exe execmd CALL winsystem\moddown.exe
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{acec57bc-0e2e-11dd-aa67-001d60c2c7bc}]
\Shell\AutoRun\command - G:\comine.exe
\Shell\Explore\Command - G:\comine.exe
\Shell\Open\Command - G:\comine.exe
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{ba4bfcc5-12ca-11dd-9c17-001d60c2c7bc}]
\Shell\AutoRun\command - I:\comine.exe
\Shell\Explore\Command - I:\comine.exe
\Shell\Open\Command - I:\comine.exe
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{ba4bfcc6-12ca-11dd-9c17-001d60c2c7bc}]
\Shell\AutoRun\command - F:\comine.exe
\Shell\Explore\Command - F:\comine.exe
\Shell\Open\Command - F:\comine.exe
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{d22a6890-0627-11dd-aa50-001d60c2c7bc}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL nircmd.exe execmd CALL winsystem\moddown.exe
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{d22a6898-0627-11dd-aa50-001d60c2c7bc}]
\Shell\AutoRun\command - F:\comine.exe
\Shell\Explore\Command - F:\comine.exe
\Shell\Open\Command - F:\comine.exe
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{d22a689a-0627-11dd-aa50-001d60c2c7bc}]
\Shell\AutoRun\command - H:\comine.exe
\Shell\Explore\Command - H:\comine.exe
\Shell\Open\Command - H:\comine.exe
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{f0589beb-048f-11dd-aa4b-001d60c2c7bc}]
\Shell\AutoRun\command - F:\comine.exe
\Shell\Explore\Command - F:\comine.exe
\Shell\Open\Command - F:\comine.exe
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{f0589bed-048f-11dd-aa4b-001d60c2c7bc}]
\Shell\AutoRun\command - G:\comine.exe
\Shell\Explore\Command - G:\comine.exe
\Shell\Open\Command - G:\comine.exe
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{f058a697-048f-11dd-aa4b-001d60c2c7bc}]
\Shell\AutoRun\command - G:\comine.exe
\Shell\Explore\Command - G:\comine.exe
\Shell\Open\Command - G:\comine.exe
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{f4b7dc2c-0be2-11dd-aa60-001d60c2c7bc}]
\Shell\AutoRun\command - F:\comine.exe
\Shell\Explore\Command - F:\comine.exe
\Shell\Open\Command - F:\comine.exe
*Newly Created Service* - CATCHME
*Newly Created Service* - SASDIFSV
*Newly Created Service* - SASENUM
*Newly Created Service* - SASKUTIL
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\comine]
C:\WINDOWS\system32\comine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{18B0E5C2-99CB-11CF-AYX5-00401C648513}]
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\iuhi64.exe
.
Contenido de carpeta 'Tareas Programadas'
"2008-04-25 15:16:26 C:\WINDOWS\Tasks\Mantenimiento con 1 clic.job"
- C:\Archivos de programa\TuneUp Utilities 2007\SystemOptimizer.exe
.
************************************************** ************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-26 15:35:58
Windows 5.1.2600 Service Pack 2 NTFS
escaneando procesos ocultos ...
escaneando entradas ocultas de autostart ...
escaneando archivos ocultos ...
el escaneo se completo con exito
archivos ocultos: 0
************************************************** ************************
.
Tiempo completado: 2008-04-26 15:36:43
ComboFix-quarantined-files.txt 2008-04-26 13:36:41
8 dirs 42,395,734,016 bytes libres
11 dirs 42,378,907,648 bytes libres
780
wuatzuki 26/04/08, 17:59:13 HE AQUI EL RESULTADO DEL KASPERSKY ONLINE
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER INFORME
sábado, 26 de abril de 2008 16:48:16
Sistema operativo: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner versión: 5.0.84.1
Ultima actualización: 26/04/2008
Registros en la base antivirus: 649601
-------------------------------------------------------------------------------
Configuración del análisis:
Analizar usando las siguientes bases: standard
Analizar archivos: verdadero
Analizar bases de correo: verdadero
Objetivo a analizar - Mi PC:
A:\
C:\
D:\
E:\
F:\
Estadísticas:
Número de objeros analizados: 34870
Virus encontrados: 3
Objetos infectados: 15 / 0
Objetos sospechosos: 0
Duración del análisis: 01:00:43
Bombre del objeto infectado / Nombre del virus / Última acción
C:\Archivos de programa\Eset\cache\FND0.NFI Infectados: IRC-Worm.Win32.Delf.n saltado
C:\comine.exe Infectados: IRC-Worm.Win32.Delf.n saltado
C:\Documents and Settings\Administrador\Configuración local\Archivos temporales de Internet\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked saltado
C:\Documents and Settings\Administrador\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked saltado
C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Microsoft\Feeds Cache\index.dat Object is locked saltado
C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Microsoft\Messenger\wuatzuki@hotmail.com\ SharingMetadata\Logs\Dfsr00005.log Object is locked saltado
C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Microsoft\Messenger\wuatzuki@hotmail.com\ SharingMetadata\pending.dat Object is locked saltado
C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Microsoft\Messenger\wuatzuki@hotmail.com\ SharingMetadata\Working\database_BACC_7ACF_CC7A_86 03\dfsr.db Object is locked saltado
C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Microsoft\Messenger\wuatzuki@hotmail.com\ SharingMetadata\Working\database_BACC_7ACF_CC7A_86 03\fsr.log Object is locked saltado
C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Microsoft\Messenger\wuatzuki@hotmail.com\ SharingMetadata\Working\database_BACC_7ACF_CC7A_86 03\tmp.edb Object is locked saltado
C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked saltado
C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked saltado
C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Microsoft\Windows Live Contacts\wuatzuki@hotmail.com\real\members.stg Object is locked saltado
C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Microsoft\Windows Live Contacts\wuatzuki@hotmail.com\shadow\members.stg Object is locked saltado
C:\Documents and Settings\Administrador\Configuración local\Historial\History.IE5\index.dat Object is locked saltado
C:\Documents and Settings\Administrador\Configuración local\Historial\History.IE5\MSHist0120080426200804 27\index.dat Object is locked saltado
C:\Documents and Settings\Administrador\Configuración local\Temp\~DF22F6.tmp Object is locked saltado
C:\Documents and Settings\Administrador\Configuración local\Temp\~DF2303.tmp Object is locked saltado
C:\Documents and Settings\Administrador\Configuración local\Temp\~DFAC1C.tmp Object is locked saltado
C:\Documents and Settings\Administrador\Configuración local\Temp\~DFB17B.tmp Object is locked saltado
C:\Documents and Settings\Administrador\Cookies\index.dat Object is locked saltado
C:\Documents and Settings\Administrador\Datos de programa\SUPERAntiSpyware.com\SUPERAntiSpyware\App Logs\SUPERANTISPYWARE-4-26-2008( 15-42-19 ).LOG Object is locked saltado
C:\Documents and Settings\Administrador\Escritorio\abril.xlsx Object is locked saltado
C:\Documents and Settings\Administrador\Escritorio\austrumi-1.6.5.iso/BOOT/AUSTRUMI.TGZ;1/austrumi.tar/./var/www/htdocs/cyti/c99/c99.php Infectados: Backdoor.PHP.Rst.ak saltado
C:\Documents and Settings\Administrador\Escritorio\austrumi-1.6.5.iso/BOOT/AUSTRUMI.TGZ;1/austrumi.tar Infectados: Backdoor.PHP.Rst.ak saltado
C:\Documents and Settings\Administrador\Escritorio\austrumi-1.6.5.iso/BOOT/AUSTRUMI.TGZ;1 Infectados: Backdoor.PHP.Rst.ak saltado
C:\Documents and Settings\Administrador\Escritorio\austrumi-1.6.5.iso ISOimage: infectado - 3 saltado
C:\Documents and Settings\Administrador\NTUSER.DAT Object is locked saltado
C:\Documents and Settings\Administrador\NTUSER.DAT.LOG Object is locked saltado
C:\Documents and Settings\LocalService\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked saltado
C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked saltado
C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked saltado
C:\Documents and Settings\LocalService\Configuración local\Historial\History.IE5\index.dat Object is locked saltado
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked saltado
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked saltado
C:\Documents and Settings\LocalService\NTUSER.DAT.LOG Object is locked saltado
C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked saltado
C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked saltado
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked saltado
C:\Documents and Settings\NetworkService\NTUSER.DAT.LOG Object is locked saltado
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked saltado
C:\System Volume Information\_restore{2414EA3A-8B9D-49A0-8123-7009D616FC19}\RP2\change.log Object is locked saltado
C:\WINDOWS\Debug\PASSWD.LOG Object is locked saltado
C:\WINDOWS\SchedLgU.Txt Object is locked saltado
C:\WINDOWS\SoftwareDistribution\ReportingEvents.lo g Object is locked saltado
C:\WINDOWS\Sti_Trace.log Object is locked saltado
C:\WINDOWS\system32\comine.exe Infectados: IRC-Worm.Win32.Delf.n saltado
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked saltado
C:\WINDOWS\system32\config\default Object is locked saltado
C:\WINDOWS\system32\config\default.LOG Object is locked saltado
C:\WINDOWS\system32\config\Internet.evt Object is locked saltado
C:\WINDOWS\system32\config\ODiag.evt Object is locked saltado
C:\WINDOWS\system32\config\OSession.evt Object is locked saltado
C:\WINDOWS\system32\config\SAM Object is locked saltado
C:\WINDOWS\system32\config\SAM.LOG Object is locked saltado
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked saltado
C:\WINDOWS\system32\config\SECURITY Object is locked saltado
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked saltado
C:\WINDOWS\system32\config\software Object is locked saltado
C:\WINDOWS\system32\config\software.LOG Object is locked saltado
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked saltado
C:\WINDOWS\system32\config\system Object is locked saltado
C:\WINDOWS\system32\config\system.LOG Object is locked saltado
C:\WINDOWS\system32\drivers\sptd.sys Object is locked saltado
C:\WINDOWS\system32\h323log.txt Object is locked saltado
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked saltado
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked saltado
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked saltado
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked saltado
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MA P Object is locked saltado
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MA P Object is locked saltado
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DAT A Object is locked saltado
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked saltado
C:\WINDOWS\wiadebug.log Object is locked saltado
C:\WINDOWS\wiaservc.log Object is locked saltado
C:\WINDOWS\WindowsUpdate.log Object is locked saltado
D:\basiko\archicad\Pa__que_el_barco_flote__a_fuerz a_tiene_que_estar_en_el_agua.part4.rar/archicad 11/Setup.exe Infectados: Trojan.Win32.Agent.uu saltado
D:\basiko\archicad\Pa__que_el_barco_flote__a_fuerz a_tiene_que_estar_en_el_agua.part4.rar RAR: infectado - 1 saltado
D:\comine.exe Infectados: IRC-Worm.Win32.Delf.n saltado
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked saltado
F:\comine.VVVVexe Infectados: IRC-Worm.Win32.Delf.n saltado
F:\comine.VVVexe Infectados: IRC-Worm.Win32.Delf.n saltado
F:\comine.VVexe Infectados: IRC-Worm.Win32.Delf.n saltado
F:\comine.Vexe Infectados: IRC-Worm.Win32.Delf.n saltado
F:\comine.exe Infectados: IRC-Worm.Win32.Delf.n saltado
Análisis completado.
--------TODO ESTO DESPUES DE REALIZAR TODO LO QUE ME RECOMENDASTE----------
thecat_re 26/04/08, 21:06:35 Hola Nuevamente
Realiza lo Siguiente:
Apagar el "Restaurar Sistema" (http://www.forospyware.com/t68195.html#post292280) (solo Win Me y XP)
Descarga Y Ejecuta de Una, Con la Memoria (USB) conectada, ya que tambien esta Infectada:
Flash_Disinfector.exe (http://www.forospyware.com/408993-post9.html)
Dr WebCureIt (http://www.forospyware.com/t93472.html)
:1:Abrir el Notepad (Bloc de Notas)
Ir a INICIO > EJECUTAR > Y ahí pones notepad.exe y ACEPTAR
:2:Ahora copia y pega estos archivos dentro del Notepad
KillAll::
File::
C:\comine.exe
C:\WINDOWS\system32\comine.exe
C:\AutoRun.inf
C:\Documents and Settings\Administrador\Escritorio\austrumi-1.6.5.iso
D:\basiko\archicad\Pa__que_el_barco_flote__a_fuerz a_tiene_que_estar_en_el_agua.part4.rar
Folder::
C:\WINDOWS\srchasst
C:\WINDOWS\msagent
NetSvc::
Driver::
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ADVXDWIN]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\alertsvc.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ALOGSERV]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\amon.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AMON9X]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\anti - trojan.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\antivir]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ANTS]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\arvmon.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ATCON]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ATUPDATER]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ATWATCH]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AutoGuarder.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AutoTrace]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVGCC32]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AvgServ]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVGSERV9]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVGW]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avkpop]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AvkServ]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avkservice]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avkwctl9]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avpmon.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avpnt.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Avrep32.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avsynmgr.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVWINNT]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVXMONITOR9X]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVXMONITORNT]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVXQUAR]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVXW]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\BullGuard]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CCAPP.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cfgWiz]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cfind.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\claw95ct.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\clrav.com]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CMGRDIAN]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CONNECTIONMONITOR]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CPDClnt]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CTRL]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\defalert]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\defscangui]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\DEFWATCH]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\DOORS]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dv95.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dv95_o.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\EFINET32.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\EFPEADM]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\espwatch.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ETRUSTCIPE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\EVPN]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\EXPERT]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\f - agnt95.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\f - prot.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\f - prot95.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\f - stopw.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fameh32]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fch32]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fih32]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\filemon.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\findt2005.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fnrb32]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fp - win.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FPROT95.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsaa]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsav32]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsgk32]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsm32]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsma32]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsmb32]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\gbmenu]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\GBPOLL]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\GENERICS]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\GUARD]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\IAMSTATS]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\icmoon.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\icssuppnt.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\IsHelp.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ISRV95]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\jed.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\killhidepid.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kpf.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\LDPROMENU]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\LDSCAN]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\lockdownadvanced.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\lucomserver.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\LUSPT]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mcafee]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MCAGENT]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MCMNHDLR]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MCTOOL]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MCUPDATE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MCVSRTE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MCVSSHLD]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MGHTML]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MINILOG]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Monitor.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MPFSERVICE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MWATCH]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\n32scan.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NAVENGNAVEX15]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\navrunr.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\navsched.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\navw.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ndd32]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NeoWatchLog]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\netutils]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nisserv.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\notstart.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\npscheck]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\npssvc]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nsched32.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Nspclean.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ntrtscan]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NTVDM]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NTXconfig]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NVSVC32]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NWService]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NWTOOL16]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\offguard.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\outpost.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PADMIN]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\padmin.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pav.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pavmail.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pavproxy]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pcciomon.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pccmain.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pccwin97]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pcntmon]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pcscan]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\per.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\perd.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pertsk.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\perupd.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pervac.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pervacd.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pfwagent.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pfwcon.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\POP3TRAP]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\POPROXY]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PORTMONITOR]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pqremove.com]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PROCESSMONITOR]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\procexp]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PROGRAMAUDITOR]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pview95]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pview95.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rapapp.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RavCopy.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RavStore.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ravt08.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\REALMON]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\regedt32.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\regmon.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rescue.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rfwolusr.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RTVSCN95]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RULAUNCH]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sbserv]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sfc.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\smartassistant.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SPYXX]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SREngPS.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SS3EDIT]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SweepNet]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SWNETSUP]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SymProxySvc]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SYMTRAY]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\syscheck.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Syscheck2.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TAUMON]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TCM]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TDS - 3 ]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\tds2 - 98.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\tds2 - nt.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TFAK]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\th.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\th32.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\th32upd.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\thav.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\thd.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\thd32.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\thmail.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ToolsUp.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vbcmserv]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VbCons]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VCONTROL.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VET32.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vet98.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VIR - HELP]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VPC32]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VPTRAY]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VSMAIN]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vsmon]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vsscan40.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\WATCHDOG]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\webscan.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\WEBTRAP]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\WGFE95]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\WIMMUN32]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\WrAdmin]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\WrCtrl]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ZAP.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ZAPD.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ZAPPRG.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\zapro.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ZAPS.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ZCAP.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\zlclient.exe]
[-HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{02e00b32-0b97-11dd-aa5e-001d60c2c7bc}]
[-HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{6aa8769d-097e-11dd-aa59-001d60c2c7bc}]
[-HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{85aa571b-1116-11dd-aa74-001d60c2c7bc}]
[-HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{97780c06-04c3-11dd-aa49-001d60c2c7bc}]
[-HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{9c5736ba-0cb2-11dd-aa63-001d60c2c7bc}]
[-HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{acec57bc-0e2e-11dd-aa67-001d60c2c7bc}]
[-HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{ba4bfcc5-12ca-11dd-9c17-001d60c2c7bc}]
[-HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{d22a6890-0627-11dd-aa50-001d60c2c7bc}]
[-HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{d22a689a-0627-11dd-aa50-001d60c2c7bc}]
[-HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer
[-HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{f0589bed-048f-11dd-aa4b-001d60c2c7bc}]
[-HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{f058a697-048f-11dd-aa4b-001d60c2c7bc}]
[-HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{f4b7dc2c-0be2-11dd-aa60-001d60c2c7bc}]
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\comine]
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{18B0E5C2-99CB-11CF-AYX5-00401C648513}]
:3: Graba este archivo con el nombre CFScript.txt y déjalo en tu escritorio.
:4: Arrastrar y soltar el archivo CFScript.txt dentro del archivo ComboFix.exe como lo muestra la animación de abajo. Esto activara ComboFix nuevamente.
http://www.forospyware.com/images/adv/CFScript.gif
Reinicia tu PC y nos dejas un nuevo reporte de ComboFix y otro de Kaspersky, comentándonos como esta funcionado todo actualmente?
Saludos Nos Comentas. :adios:
wuatzuki 30/04/08, 12:13:01 despues de realizar lo anterior al pioe de la letra he aqui los resultados.......
lo que note es que a veces ya aparece el antivirus :( ya puedo ver los archivos ocultos, pero el comine . exe sigue el c y algunos otros mas
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER INFORME
miércoles, 30 de abril de 2008 14:51:45
Sistema operativo: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner versión: 5.0.84.1
Ultima actualización: 29/04/2008
Registros en la base antivirus: 653861
-------------------------------------------------------------------------------
Configuración del análisis:
Analizar usando las siguientes bases: standard
Analizar archivos: verdadero
Analizar bases de correo: verdadero
Objetivo a analizar - Mi PC:
A:\
C:\
D:\
E:\
F:\
G:\
Estadísticas:
Número de objeros analizados: 35260
Virus encontrados: 3
Objetos infectados: 7 / 0
Objetos sospechosos: 0
Duración del análisis: 01:13:49
Bombre del objeto infectado / Nombre del virus / Última acción
C:\Archivos de programa\Eset\cache\CACHE.NDB Object is locked saltado
C:\Archivos de programa\Eset\logs\virlog.dat Object is locked saltado
C:\Archivos de programa\Eset\logs\warnlog.dat Object is locked saltado
C:\Documents and Settings\Administrador\Configuración local\Archivos temporales de Internet\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked saltado
C:\Documents and Settings\Administrador\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked saltado
C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Microsoft\Feeds Cache\index.dat Object is locked saltado
C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Microsoft\Media Player\CurrentDatabase_360.wmdb Object is locked saltado
C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked saltado
C:\Documents and Settings\Administrador\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked saltado
C:\Documents and Settings\Administrador\Configuración local\Historial\History.IE5\index.dat Object is locked saltado
C:\Documents and Settings\Administrador\Configuración local\Historial\History.IE5\MSHist0120080430200805 01\index.dat Object is locked saltado
C:\Documents and Settings\Administrador\Cookies\index.dat Object is locked saltado
C:\Documents and Settings\Administrador\Datos de programa\SUPERAntiSpyware.com\SUPERAntiSpyware\App Logs\SUPERANTISPYWARE-4-30-2008( 13-31-3 ).LOG Object is locked saltado
C:\Documents and Settings\Administrador\Escritorio\abrilmn.xlsx Object is locked saltado
C:\Documents and Settings\Administrador\Escritorio\~$abrilmn.xlsx Object is locked saltado
C:\Documents and Settings\Administrador\NTUSER.DAT Object is locked saltado
C:\Documents and Settings\Administrador\NTUSER.DAT.LOG Object is locked saltado
C:\Documents and Settings\LocalService\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked saltado
C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked saltado
C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked saltado
C:\Documents and Settings\LocalService\Configuración local\Historial\History.IE5\index.dat Object is locked saltado
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked saltado
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked saltado
C:\Documents and Settings\LocalService\NTUSER.DAT.LOG Object is locked saltado
C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked saltado
C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked saltado
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked saltado
C:\Documents and Settings\NetworkService\NTUSER.DAT.LOG Object is locked saltado
C:\QooBox\Quarantine\C\Documents and Settings\Administrador\Escritorio\austrumi-1.6.5.iso.vir/BOOT/AUSTRUMI.TGZ;1/austrumi.tar/./var/www/htdocs/cyti/c99/c99.php Infectados: Backdoor.PHP.Rst.ak saltado
C:\QooBox\Quarantine\C\Documents and Settings\Administrador\Escritorio\austrumi-1.6.5.iso.vir/BOOT/AUSTRUMI.TGZ;1/austrumi.tar Infectados: Backdoor.PHP.Rst.ak saltado
C:\QooBox\Quarantine\C\Documents and Settings\Administrador\Escritorio\austrumi-1.6.5.iso.vir/BOOT/AUSTRUMI.TGZ;1 Infectados: Backdoor.PHP.Rst.ak saltado
C:\QooBox\Quarantine\C\Documents and Settings\Administrador\Escritorio\austrumi-1.6.5.iso.vir ISOimage: infectado - 3 saltado
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked saltado
C:\System Volume Information\_restore{2414EA3A-8B9D-49A0-8123-7009D616FC19}\RP2\change.log Object is locked saltado
C:\WINDOWS\Debug\PASSWD.LOG Object is locked saltado
C:\WINDOWS\SchedLgU.Txt Object is locked saltado
C:\WINDOWS\SoftwareDistribution\ReportingEvents.lo g Object is locked saltado
C:\WINDOWS\Sti_Trace.log Object is locked saltado
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked saltado
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked saltado
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked saltado
C:\WINDOWS\system32\config\default Object is locked saltado
C:\WINDOWS\system32\config\default.LOG Object is locked saltado
C:\WINDOWS\system32\config\Internet.evt Object is locked saltado
C:\WINDOWS\system32\config\ODiag.evt Object is locked saltado
C:\WINDOWS\system32\config\OSession.evt Object is locked saltado
C:\WINDOWS\system32\config\SAM Object is locked saltado
C:\WINDOWS\system32\config\SAM.LOG Object is locked saltado
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked saltado
C:\WINDOWS\system32\config\SECURITY Object is locked saltado
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked saltado
C:\WINDOWS\system32\config\software Object is locked saltado
C:\WINDOWS\system32\config\software.LOG Object is locked saltado
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked saltado
C:\WINDOWS\system32\config\system Object is locked saltado
C:\WINDOWS\system32\config\system.LOG Object is locked saltado
C:\WINDOWS\system32\drivers\sptd.sys Object is locked saltado
C:\WINDOWS\system32\h323log.txt Object is locked saltado
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked saltado
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked saltado
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked saltado
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked saltado
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MA P Object is locked saltado
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MA P Object is locked saltado
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DAT A Object is locked saltado
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked saltado
C:\WINDOWS\wiadebug.log Object is locked saltado
C:\WINDOWS\wiaservc.log Object is locked saltado
C:\WINDOWS\WindowsUpdate.log Object is locked saltado
D:\basiko\archicad\Pa__que_el_barco_flote__a_fuerz a_tiene_que_estar_en_el_agua.part4.rar/archicad 11/Setup.exe Infectados: Trojan.Win32.Agent.uu saltado
D:\basiko\archicad\Pa__que_el_barco_flote__a_fuerz a_tiene_que_estar_en_el_agua.part4.rar RAR: infectado - 1 saltado
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked saltado
D:\System Volume Information\_restore{2414EA3A-8B9D-49A0-8123-7009D616FC19}\RP2\change.log Object is locked saltado
F:\comine.exe Infectados: IRC-Worm.Win32.Delf.n saltado
G:\autorun.inf\lpt3.This folder was created by Flash_Disinfector Object is locked saltado
Análisis completado.
wuatzuki 30/04/08, 12:16:19 he aqui el reporte de combo fix
ComboFix 08-04-24.1 - Administrador 2008-05-01 11:02:59.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.3082.18.1631 [GMT 2:00]
Se ejecuta desde: C:\Documents and Settings\Administrador\Escritorio\ComboFix.exe
* Resident AV is active
ADVERTENCIA - ESTE EQUIPO NO TIENE INSTALADA LA CONSOLA DE RECUPERACION!
.
(((((((((((((((((((((((((((((((((((( Otras eliminaciones )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Autorun.inf
D:\Autorun.inf
.
(((((((((((((((((( Archivos creados desde 2008-04-01 - 2008-05-01 )))))))))))))))))))))))))))))))))
.
2008-04-30 14:34 . 2007-12-14 03:41 30,025 ---hs---- C:\WINDOWS\system32\comine.exe
2008-04-30 14:34 . 2007-12-14 03:41 30,025 ---hs---- C:\comine.exe
2008-04-30 11:13 . 2008-04-30 11:13 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Configura ci¾n local
2008-04-30 11:13 . 2008-04-30 11:13 <DIR> d-------- C:\Documents and Settings\NetworkService\Configuraci¾n local
2008-04-30 11:13 . 2008-04-30 11:13 <DIR> d-------- C:\Documents and Settings\LocalService\Configuraci¾n local
2008-04-30 11:13 . 2008-04-30 11:13 <DIR> d-------- C:\Documents and Settings\Administrador\Configuraci¾n local
2008-04-29 23:16 . 2008-04-29 23:16 <DIR> d-------- C:\Documents and Settings\Administrador\DoctorWeb
2008-04-26 15:10 . 2008-04-26 15:10 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\SUPERAntiSpyware.com
2008-04-26 15:10 . 2008-04-26 15:10 <DIR> d-------- C:\Documents and Settings\Administrador\Datos de programa\SUPERAntiSpyware.com
2008-04-26 15:10 . 2008-04-30 11:15 <DIR> d-------- C:\Archivos de programa\SUPERAntiSpyware
2008-04-25 18:57 . 2008-04-25 18:57 <DIR> d-------- C:\Sierra
2008-04-25 18:57 . 2008-04-25 18:57 225 --a------ C:\WINDOWS\SIERRA.INI
2008-04-24 21:48 . 2007-01-18 14:00 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
2008-04-24 13:37 . 2008-04-24 13:37 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-19 19:44 . 2008-04-19 19:44 <DIR> d-------- C:\Archivos de programa\C-Media USB2.0 Card Reader
2008-04-15 11:03 . 2008-04-15 11:03 <DIR> d-------- C:\WINDOWS\system32\xircom
2008-04-15 11:03 . 2008-04-15 11:03 <DIR> d-------- C:\WINDOWS\system32\oobe
2008-04-15 11:03 . 2008-04-15 11:03 <DIR> d-------- C:\WINDOWS\srchasst
2008-04-15 11:03 . 2008-04-15 11:03 <DIR> d-------- C:\WINDOWS\msagent
2008-04-15 11:03 . 2008-04-15 11:03 <DIR> d-------- C:\Archivos de programa\microsoft frontpage
2008-04-14 16:24 . 2008-04-14 16:24 <DIR> d-------- C:\Archivos de programa\Microsoft Games
2008-04-14 11:55 . 2008-04-14 11:55 <DIR> d-------- C:\Documents and Settings\Administrador\Datos de programa\PC Tools
2008-04-14 11:55 . 2008-04-24 11:33 <DIR> d-------- C:\Archivos de programa\Spyware Doctor
2008-04-14 11:55 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2008-04-14 11:55 . 2008-04-14 11:58 83,536 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-04-14 11:55 . 2008-04-14 11:58 59,984 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-04-14 11:55 . 2008-04-14 11:57 52,304 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-04-14 11:55 . 2008-04-14 11:57 39,248 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys
2008-04-14 11:55 . 2008-04-14 11:57 26,064 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-04-12 16:03 . 2008-04-18 20:55 32 --a------ C:\WINDOWS\CD_Start.INI
2008-04-11 20:10 . 2008-04-11 20:10 <DIR> d-------- C:\Documents and Settings\Administrador\Datos de programa\Media Player Classic
2008-04-10 20:38 . 2008-04-10 20:39 <DIR> d-------- C:\Archivos de programa\Ares
2008-04-10 20:00 . 2008-04-30 18:08 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-04-09 21:26 . 2008-04-22 20:56 <DIR> d-------- C:\Documents and Settings\Administrador\Datos de programa\U3
2008-04-09 19:32 . 2008-04-09 19:32 <DIR> d-------- C:\Documents and Settings\Administrador\Datos de programa\Ahead
2008-04-09 19:32 . 2008-04-09 19:32 <DIR> d-------- C:\Archivos de programa\Nero
2008-04-09 19:32 . 2008-04-09 19:32 <DIR> d-------- C:\Archivos de programa\Archivos comunes\Ahead
2008-04-09 19:32 . 2004-07-26 17:16 1,568,768 --a------ C:\WINDOWS\system32\imagX7.dll
2008-04-09 19:32 . 2003-03-18 21:12 1,047,552 --a------ C:\WINDOWS\system32\mfc71u.dll
2008-04-09 19:32 . 2004-07-26 17:16 476,320 --a------ C:\WINDOWS\system32\imagXpr7.dll
2008-04-09 19:32 . 2004-07-26 17:16 471,040 --a------ C:\WINDOWS\system32\imagXRA7.dll
2008-04-09 19:32 . 2004-07-09 09:43 364,544 --a------ C:\WINDOWS\system32\TwnLib4.dll
2008-04-09 19:32 . 2004-07-26 17:16 262,144 --a------ C:\WINDOWS\system32\imagXR7.dll
2008-04-08 15:22 . 2008-04-08 17:23 <DIR> d-------- C:\Archivos de programa\ABBYY FineReader 6.0 Sprint
2008-04-08 15:21 . 2008-04-08 15:21 <DIR> d-------- C:\WINDOWS\system32\PhotoImpression Slideshow
2008-04-08 15:21 . 2008-04-08 15:21 <DIR> d-------- C:\Documents and Settings\Administrador\Datos de programa\ArcSoft
2008-04-08 15:21 . 2008-04-08 15:21 <DIR> d-------- C:\Archivos de programa\Archivos comunes\ArcSoft
2008-04-08 15:21 . 2008-04-08 15:21 <DIR> d-------- C:\Archivos de programa\ArcSoft
2008-04-08 15:21 . 2004-12-07 10:11 258,352 --a------ C:\WINDOWS\system32\unicows.dll
2008-04-08 15:21 . 1995-08-01 04:44 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL
2008-04-08 15:21 . 2006-10-26 09:37 126,976 --a------ C:\WINDOWS\system32\PhotoImpression Slideshow.scr
2008-04-08 15:21 . 2005-02-23 14:58 11,776 --a------ C:\WINDOWS\system32\drivers\afc.sys
2008-04-08 13:56 . 2008-04-08 13:56 <DIR> d-------- C:\WINDOWS\Sun
2008-04-08 12:58 . 2004-05-14 16:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
2008-04-08 12:58 . 2004-05-14 16:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
2008-04-08 12:58 . 2004-05-14 16:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
2008-04-08 12:58 . 2004-05-14 16:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
2008-04-08 12:58 . 2004-01-12 02:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
2008-04-08 12:58 . 2004-05-14 16:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
2008-04-08 12:58 . 2003-11-04 15:10 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
2008-04-08 12:58 . 2004-05-14 16:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll
2008-04-08 12:38 . 2007-07-29 14:47 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-04-08 12:38 . 2007-07-29 14:47 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-04-07 16:14 . 2008-04-08 15:16 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\EPSON
2008-04-07 16:14 . 2006-12-08 04:04 76,800 --a------ C:\WINDOWS\system32\E_FLBCAL.DLL
2008-04-07 16:14 . 2006-04-19 04:00 62,976 --a------ C:\WINDOWS\system32\E_FD4BCAL.DLL
2008-04-07 16:14 . 2007-07-29 14:47 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-04-07 16:14 . 2007-07-29 14:47 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-04-07 16:14 . 2006-07-12 03:00 5,385 --a------ C:\WINDOWS\EPBUYINK.HTM
2008-04-07 13:36 . 2008-04-30 22:06 524 --a------ C:\hpfr3420.xml
2008-04-07 13:11 . 2008-04-25 13:39 <DIR> d-------- C:\Documents and Settings\Administrador\Contacts
2008-04-07 12:18 . 2008-04-07 12:18 8,192 --a------ C:\WINDOWS\REGLOCS.OLD
2008-04-07 12:13 . 2008-04-07 12:13 <DIR> d-------- C:\WINDOWS\system32\es-es
2008-04-07 12:06 . 2008-04-07 12:57 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\WLInstaller
2008-04-07 12:06 . 2008-04-07 13:01 <DIR> d-------- C:\Archivos de programa\Windows Live
2008-04-07 12:06 . 2008-04-07 12:06 <DIR> d--hsc--- C:\Archivos de programa\Archivos comunes\WindowsLiveInstaller
2008-04-07 11:59 . 2008-04-07 11:59 <DIR> d-------- C:\WINDOWS\Samsung
2008-04-07 11:59 . 2003-11-17 20:24 208,896 --------- C:\WINDOWS\system32\SSRemove.exe
2008-04-07 11:59 . 2005-03-03 13:32 151,552 --a------ C:\WINDOWS\system32\SSCoInst.exe
2008-04-07 11:59 . 2004-10-11 21:25 57,344 --a------ C:\WINDOWS\system32\SSCoInst.dll
2008-04-07 11:59 . 2004-05-17 22:04 41,984 --------- C:\WINDOWS\system32\drivers\DGIVECP.SYS
2008-04-07 11:59 . 2005-04-08 11:29 20,622 --a------ C:\WINDOWS\system32\SUGS1LMK.DLL
2008-04-07 11:59 . 2003-07-21 20:50 8,478 --------- C:\WINDOWS\system32\SP119.ICO
2008-04-07 11:59 . 2005-01-13 19:47 604 --a------ C:\WINDOWS\system32\SUGS1LMK.SMT
2008-04-07 11:58 . 2008-04-07 11:58 <DIR> d-------- C:\Archivos de programa\hp deskjet 3420 series
2008-04-07 11:58 . 2007-07-29 14:47 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-04-07 11:58 . 2008-04-07 11:58 849 --a------ C:\WINDOWS\hpinfo.lnk
2008-04-07 11:57 . 2008-04-07 11:57 <DIR> d-------- C:\Archivos de programa\Hewlett-Packard
2008-04-07 05:47 . 2008-04-08 15:22 <DIR> d-------- C:\Archivos de programa\epson
2008-04-07 05:44 . 2008-04-07 05:44 <DIR> d-------- C:\WINDOWS\PixArt
2008-04-07 05:44 . 2008-04-07 05:44 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-04-07 05:44 . 2008-04-07 05:44 <DIR> d-------- C:\Archivos de programa\Archivos comunes\PAC207
2008-04-07 05:44 . 2005-04-03 20:56 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll
2008-04-07 05:44 . 2006-07-11 18:35 503,808 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-04-07 05:44 . 2006-11-03 10:59 48,128 --a------ C:\WINDOWS\system32\Remove.exe
2008-04-07 05:44 . 2005-01-28 14:15 7,064 --a------ C:\WINDOWS\system32\WMVCORE.lib
2008-04-07 05:44 . 2007-05-09 14:20 284 --a------ C:\WINDOWS\system32\Remover.ini
2008-04-07 05:43 . 2008-04-07 05:43 <DIR> d-------- C:\WINDOWS\Album
2008-04-07 05:43 . 2008-04-07 05:43 <DIR> d-------- C:\Documents and Settings\Administrador\Datos de programa\InstallShield
2008-04-07 05:43 . 2008-04-07 05:43 <DIR> d-------- C:\Archivos de programa\KYE
2008-04-07 05:41 . 2008-04-16 16:13 <DIR> d-------- C:\Archivos de programa\Total Video Converter
2008-04-07 05:41 . 2000-05-22 22:58 608,448 --a------ C:\WINDOWS\system32\comctl32.ocx
2008-04-07 05:36 . 2007-07-05 22:00 466,944 -ra------ C:\WINDOWS\713xRMT.exe
2008-04-07 05:35 . 2007-07-29 14:47 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2008-04-07 05:34 . 2008-04-07 05:34 <DIR> d-------- C:\Archivos de programa\TV Expert
2008-04-07 05:27 . 2008-04-07 05:27 <DIR> d-------- C:\WINDOWS\nview
2008-04-07 05:27 . 2007-05-11 08:03 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-04-07 05:27 . 2007-05-11 08:03 115,999 --a------ C:\WINDOWS\system32\nvapps.xml
2008-04-07 05:27 . 2007-05-11 08:03 17,431 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-04-07 05:26 . 2007-05-10 18:39 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-04-07 05:20 . 2008-04-07 05:20 <DIR> d-------- C:\Program Files
2008-04-07 05:20 . 2008-04-07 05:20 <DIR> d-------- C:\Archivos de programa\ASUS
2008-04-07 05:20 . 2006-01-10 10:50 24,576 -ra------ C:\WINDOWS\system32\AsIO.dll
2008-04-07 05:20 . 2006-10-18 21:12 12,664 -ra------ C:\WINDOWS\system32\drivers\AsIO.sys
2008-04-07 05:20 . 2006-10-19 03:11 12,096 --a------ C:\WINDOWS\system32\drivers\AsInsHelp64.sys
2008-04-07 05:20 . 2006-10-19 03:11 10,304 --a------ C:\WINDOWS\system32\drivers\AsInsHelp32.sys
2008-04-07 05:19 . 2008-04-07 05:20 666 --a------ C:\WINDOWS\setup.iss
2008-04-06 22:05 . 2008-04-06 22:05 <DIR> d-------- C:\WINDOWS\system32\Lang
2008-04-06 22:05 . 2008-04-06 22:05 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
2008-04-06 22:05 . 2007-07-29 14:46 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2008-04-06 22:05 . |