Hola, hace dias entro un troyano (virtumonde, Trojan.Win32.KillAV.rf)
, mi error tener win vista sin antivirus. Bueno trate de seguir los pasos de un caso solucionado con virtumonde, segui todos los pasos. SuperAntispyware, VundoFIx (no encontro nada), Delpsdguard (tampoco), ATF-cleaner, spybot, ccleaner. etc...
Bueno, aun sigo con el problema, explorer no funciona, y el Mozilla se pega cada 10 seg)
a continuacion pego mi log de HijackThis, espero que puedan orientarme
Tengo win Vista home edition

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:12:30, on 19-04-2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&co ntinue=https%3A%2F%2Fmail.google.com%2Fmail%2F%3Fn sr%3D1%26ui%3Dhtml%26zy%3Dl&ltmpl=default&ltmplcac he=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.la.dell.com/content/default.aspx?c=cl&l=es&s=gen
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [dscactivate] c:\dell\dsca.exe 3
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [BMc9b92511] Rundll32.exe "C:\Users\Diego\AppData\Local\Temp\afvjsgto.dl l",s
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Servicio de red')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Enviar imagen al dispositivo &Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Enviar página al dispositivo &Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe
O9 - Extra 'Tools' menuitem: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - (no file)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - (no file)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O13 - Gopher Prefix:
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://dmapas.elmercurio.com/mgaxctrl.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll,C:\PROG RA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ATI WebPAM (ATIWebPAM) - Unknown owner - C:\Program Files\ATI\WebPAM\jetty\extra\win32\Wrapper.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Servicio Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11559 bytes

Hola ZooRon,

Paso 1- Descarga, Instala y/o actualiza estas herramientas: (pero no los ejecutes aun)

• ComboFix.exe
• Malwarebytes' Anti-Malware

Paso 2- Con todos los programas cerrados, ejecuta HijackThis y dale a las siguientes entradas:


O4 - HKCU\..\Run: [BMc9b92511] Rundll32.exe "C:\Users\Diego\AppData\Local\Temp\afvjsgto.dl l",s

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - (no file)

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - (no file)

O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe




Paso 3- Ejecuta estas herramientas, de a una:

• Malwarebytes' Anti-Malware
  *Nota* Es importante que envíes a "Cuarentena" todo lo que este detecte antes de copiar y pegarnos su reporte.

• Antes de usar ComboFix....
• Desactiva temporalmente el Antivirus y/o Antispyware.
• Cierra todas las ventanas abiertas.
• Hacele doble clic al archivo ComboFix.exe y seguí las instrucciones.
• Cuando termine, generara un registro en C:\ComboFix.txt.
  • *Nota* Mientras CF este trabajando no mover el mouse ya que pararía su proceso.
  • *Nota* ComboFix puede reiniciar automáticamente el PC para completar el proceso de eliminación.

Paso 4- Descarga CCleaner y ejecútalo usando primero su opción de "Limpiador" para borrar cookies, temporales de Internet y todos los archivos que este te muestre como obsoletos, y luego usa su opción de "Registro" para limpiar todo el registro de Windows (haciendo copia de seguridad).

Reinicia y nos contas los resultados. junto con el reporte de

Paso 5- Reinicia en modo normal y nos dejas los reportes de:

• Malwarebytes' Anti-Malware
• C:\ComboFix.txt en este mismo mensaje.

**Nota**
- Para mayor comodidad imprime los pasos.
- Recuerda regresar y contarnos los resultados.

Salu2

Hola, muchas gracias...
AL perecer todo volvio a la normalidad

Se pasaron...

Bueno aca están los reportes que arrojo en Combofix y Anti-Malware

ComboFix 08-04-22.5 - Diego 2008-04-23 22:55:24.1 - NTFSx86 MINIMAL
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.3082.18.1406 [GMT -4:00]
Se ejecuta desde: C:\Users\Diego\Desktop\ComboFix.exe
.

(((((((((((((((((( Archivos creados desde 2008-03-24 - 2008-04-24 )))))))))))))))))))))))))))))))))
.

Ningún archivo ha sido creado durante este intervalo de tiempo

.
(((((((((((((((((((((((((((((((((((((( Reporte Find3M )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
2008-04-24 02:00 2,550,080 --sha-w C:\Windows\system32\drivers\fidbox.idx
2008-04-24 02:00 190,247,712 --sha-w C:\Windows\system32\drivers\fidbox.dat
2008-04-24 01:56 --------- d-----w C:\PROGRA~2\Kaspersky Lab
2008-04-24 01:52 --------- d-----w C:\Users\Diego\AppData\Roaming\Malwarebytes
2008-04-24 01:52 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-04-24 01:52 --------- d-----w C:\PROGRA~2\Malwarebytes
2008-04-24 01:46 --------- d-----w C:\Program Files\DelPSGuard
2008-04-22 18:45 --------- d-----w C:\Program Files\PokerStars
2008-04-21 07:00 --------- d-----w C:\Users\Diego\AppData\Roaming\Skype
2008-04-21 06:59 --------- d-----w C:\Users\Diego\AppData\Roaming\skypePM
2008-04-20 21:19 --------- d-----w C:\PROGRA~2\Microsoft Help
2008-04-19 17:11 --------- d-----w C:\Program Files\Trend Micro
2008-04-19 06:46 --------- d-----w C:\PROGRA~2\SUPERAntiSpyware.com
2008-04-19 06:43 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-04-19 06:40 --------- d-----w C:\Users\Diego\AppData\Roaming\SUPERAntiSpyware.co m
2008-04-19 06:37 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-18 01:20 --------- d-----w C:\Program Files\Bodog Poker
2008-04-17 15:17 96,645 ----a-w C:\Windows\system32\drivers\klin.dat
2008-04-17 15:17 87,941 ----a-w C:\Windows\system32\drivers\klick.dat
2008-04-17 04:12 --------- d-----w C:\Program Files\Skype
2008-04-17 04:11 --------- d-----w C:\Program Files\Common Files\Skype
2008-04-17 04:11 --------- d-----w C:\PROGRA~2\Skype
2008-04-16 21:18 --------- d-----w C:\Program Files\Kaspersky Lab
2008-04-16 21:15 --------- d-----w C:\PROGRA~2\Kaspersky Lab Setup Files
2008-04-16 19:48 --------- d-----w C:\PROGRA~2\Spybot - Search & Destroy
2008-04-16 18:44 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-15 19:06 --------- d-----w C:\Program Files\CyberLink
2008-04-15 07:01 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-04-15 06:27 --------- d-----w C:\PROGRA~2\Apple Computer
2008-04-15 05:58 --------- d-----w C:\PROGRA~2\Symantec
2008-04-15 00:36 --------- d-----w C:\PROGRA~2\McAfee
2008-04-14 15:02 --------- d-----w C:\Program Files\Enigma Software Group
2008-04-14 04:51 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2008-04-14 04:50 --------- d-----w C:\PROGRA~2\Roxio
2008-04-14 03:24 --------- d-----w C:\Program Files\Microsoft Works
2008-04-14 03:23 --------- d-----w C:\Program Files\MSBuild
2008-04-14 03:21 --------- d-----w C:\Program Files\Microsoft.NET
2008-04-14 03:14 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-04-13 22:46 --------- d-----w C:\Program Files\Common Files\Nero
2008-04-11 06:03 --------- d-----w C:\Program Files\Real
2008-04-11 06:03 --------- d-----w C:\Program Files\Common Files\xing shared
2008-04-11 06:03 --------- d-----w C:\Program Files\Common Files\Real
2008-04-02 03:52 --------- d-----w C:\Program Files\Full Tilt Poker
2008-03-28 02:14 --------- d-----w C:\Users\Diego\AppData\Roaming\Nero
2008-03-28 02:04 --------- d-----w C:\Program Files\Nero
2008-03-28 02:04 --------- d-----w C:\PROGRA~2\Nero
2008-03-27 15:12 --------- d-----w C:\Program Files\MSECache
2008-03-26 03:21 --------- d-----w C:\Program Files\CCleaner
2008-03-25 00:02 --------- d-----w C:\Program Files\TryMedia
2008-03-21 20:12 --------- d-----w C:\Users\Diego\AppData\Roaming\Apple Computer
2008-03-21 20:10 --------- d-----w C:\Program Files\Bonjour
2008-03-21 20:09 --------- d-----w C:\Program Files\QuickTime
2008-03-21 20:08 --------- d-----w C:\Program Files\Apple Software Update
2008-03-21 20:06 --------- d-----w C:\Program Files\Common Files\Apple
2008-03-21 20:06 --------- d-----w C:\PROGRA~2\Apple
2008-03-18 06:11 --------- d-----w C:\Users\Diego\AppData\Roaming\Winamp
2008-03-18 04:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-18 04:23 --------- d-----w C:\Program Files\Common Files\Ahead
2008-03-15 03:55 --------- d-----w C:\Users\Diego\AppData\Roaming\Betfair
2008-03-15 03:55 --------- d-----w C:\Program Files\Betfair
2008-03-05 20:03 479,752 ----a-w C:\Windows\System32\XAudio2_0.dll
2008-03-05 20:03 238,088 ----a-w C:\Windows\System32\xactengine3_0.dll
2008-03-05 20:00 25,608 ----a-w C:\Windows\System32\X3DAudio1_3.dll
2008-03-05 19:56 3,786,760 ----a-w C:\Windows\System32\D3DX9_37.dll
2008-03-05 19:56 1,420,824 ----a-w C:\Windows\System32\D3DCompiler_37.dll
2008-03-02 22:14 --------- d-----w C:\Users\Diego\AppData\Roaming\BSplayer Pro
2008-03-02 21:43 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-03-02 05:01 --------- d-----w C:\Program Files\Webteh
2008-03-02 04:59 --------- d-----w C:\Users\Diego\AppData\Roaming\BSplayer
2008-02-29 06:51 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 06:39 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:39 371,712 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:38 313,856 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 06:38 16,384 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 06:34 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
2008-02-29 04:16 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-02-28 21:38 972,072 ----a-w C:\Windows\UNNeroMediaHome.exe
2008-02-28 17:26 1,414,440 ----a-w C:\Windows\System32\ShellManager310E2D762.dll
2008-02-27 04:11 --------- d-----w C:\Program Files\BitComet
2008-02-26 20:14 972,072 ----a-w C:\Windows\UNRecode.exe
2008-02-26 04:06 --------- d-----w C:\Program Files\PokerStrategy
2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-21 04:43 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-02-21 04:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-19 05:10 620,088 ----a-w C:\Windows\System32\ci.dll
2008-02-18 20:04 95,600 ----a-w C:\Windows\System32\NeroCo.dll
2008-02-14 23:19 944,184 ----a-w C:\Windows\System32\winload.exe
2008-02-14 05:04 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-14 05:00 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-14 05:00 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-14 05:00 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-08 22:37 219,664 ----a-w C:\Windows\System32\klogon.dll
2008-02-06 03:07 462,864 ----a-w C:\Windows\System32\d3dx10_37.dll
2007-12-07 03:50 32 ----a-w C:\Users\All Users\ezsid.dat
2007-12-07 03:50 32 ----a-w C:\PROGRA~2\ezsid.dat
2006-11-02 12:48 174 --sha-w C:\Program Files\desktop.ini
2007-11-12 23:10 80 --sh--r C:\Windows\CT4CET.bin
.

((((((((((((((((((((((((((((((((( Cargando Puntos Reg ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* entradas vacías & entradas legítimas predeterminadas no son mostradas

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-16 00:40 1232896]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 10:34 5724184]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-11-13 02:30 1006264]
"Apoint"="C:\Program Files\DellTPad\Apoint.exe" [2007-04-17 23:31 159744]
"OEM02Mon.exe"="C:\Windows\OEM02Mon.exe" [2007-08-29 01:54 36864]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-28 00:54 405504]
"SunJavaUpdateSched"="c:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2007-11-12 18:55 77824]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 14:35 90112]
"Broadcom Wireless Manager UI"="C:\Windows\system32\WLTRAY.exe" [2007-03-21 15:33 1548288]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 13:37 81920]
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-04-16 18:10 184320]
"dscactivate"="c:\dell\dsca.exe" [2007-07-30 15:40 16384]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\I SUSPM.exe" [2006-10-03 13:35 221184]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-10-10 01:28 36352]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 16:29 2221352]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-11 02:03 185896]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2008-02-08 18:36 227856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce]
"GrpConv"="grpconv -o" []

C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Sta rtup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2007-11-12 18:57:28 50688]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"{ACE3264B-1818-4A1B-B934-CDB25CD5D0DF}"= C:\Program Files\Dell\MediaDirect\PowerCinema.exe:CyberLink PowerCinema
"{F8E8F277-8384-473C-9DF2-958038A4D598}"= C:\Program Files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
"{A904342A-E2F4-45CE-9D61-2751BC0FAD58}"= C:\Program Files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine. exe:Cyberlink Media Server Browser Engine
"{0C521886-D671-42B7-A956-F4EA9EAB82AF}"= C:\Program Files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe: CyberLink Media Server
"{196A0609-FE2D-4AE0-8334-A1AA836E2A4C}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{8B5209A7-3ECB-465A-A204-72A90F15C72B}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{736743C0-8710-400A-8EBE-FBDBAE1E0E65}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{7F94FB1E-0EB7-4263-9270-5B68675AAD02}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{F7C0CCE1-16F1-41EF-9F21-4AD4DA55AE7A}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{5536F097-EFE3-44A5-9448-F64D02957FCE}C:\\program files\\ares\\ares.exe"= UDP:C:\program files\ares\ares.exe:Ares p2p for windows
"UDP Query User{833E7B9C-D9FA-49CF-96DF-ED790042014F}C:\\program files\\ares\\ares.exe"= TCP:C:\program files\ares\ares.exe:Ares p2p for windows
"TCP Query User{56561DE6-DA2C-4523-AB80-82454EDEA02B}C:\\program files\\ares\\ares.exe"= UDP:C:\program files\ares\ares.exe:Ares p2p for windows
"UDP Query User{BBA71896-B7A0-4D63-96B4-9A87C9965740}C:\\program files\\ares\\ares.exe"= TCP:C:\program files\ares\ares.exe:Ares p2p for windows
"TCP Query User{BD37B394-1180-4F74-AB80-5D36313A8F17}C:\\program files\\bitcomet\\bitcomet.exe"= UDP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{9E42BE62-B035-4A23-85CD-AB2FBCF3236C}C:\\program files\\bitcomet\\bitcomet.exe"= TCP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"TCP Query User{053DEEB2-2B59-4D19-8F6E-2B11EFACBE7B}C:\\program files\\bitcomet\\bitcomet.exe"= UDP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{1ABB5CE2-190F-4F6E-B7B1-D98A918DCEEE}C:\\program files\\bitcomet\\bitcomet.exe"= TCP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"{36BE9C26-6727-4A50-9C6C-0591856DB6E5}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{0A537E49-8008-453C-BFC4-10CD4586D91A}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{26AFBD73-B8F9-4FFD-869A-02E6AADDADCA}C:\\users\\diego\\appdata\\local\\tem p\\onlineupdate8\\setupxu.exe"= UDP:C:\users\diego\appdata\local\temp\onlineupdate 8\setupxu.exe:setupxu.exe
"UDP Query User{DC2EA06A-CC2F-4A09-8992-7E6932D7F9B0}C:\\users\\diego\\appdata\\local\\tem p\\onlineupdate8\\setupxu.exe"= TCP:C:\users\diego\appdata\local\temp\onlineupdate 8\setupxu.exe:setupxu.exe
"TCP Query User{AD46ACFB-8FF0-4D8F-9C98-FA7F834481A7}C:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"UDP Query User{F975A210-6671-41E3-ADB6-336D56E42B8E}C:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"TCP Query User{644A9D54-76FB-40B2-BA9B-FBAEF9292444}C:\\program files\\sopcast\\sopcast.exe"= UDP:C:\program files\sopcast\sopcast.exe:SopCast Main Application
"UDP Query User{A4999C18-749F-4171-B310-EFD77AF39E3D}C:\\program files\\sopcast\\sopcast.exe"= TCP:C:\program files\sopcast\sopcast.exe:SopCast Main Application
"TCP Query User{BDFCB0DA-21C2-4AE1-94C1-8A3D754D9F7F}C:\\program files\\sopcast\\sopvod.exe"= UDP:C:\program files\sopcast\sopvod.exe:sopvod
"UDP Query User{AF4CE9D1-69B9-47D6-9EA1-4883F4848A6F}C:\\program files\\sopcast\\sopvod.exe"= TCP:C:\program files\sopcast\sopvod.exe:sopvod
"TCP Query User{B9565F32-81CB-42C1-A65A-6CD7DFAAA5DD}C:\\program files\\real\\realplayer\\realplay.exe"= UDP:C:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{E5A8739D-141F-469B-A4F6-9287E5EA8EE1}C:\\program files\\real\\realplayer\\realplay.exe"= TCP:C:\program files\real\realplayer\realplay.exe:RealPlayer
"TCP Query User{FF348FE3-1EAD-446A-82E3-6DB62B0199BE}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= UDP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"UDP Query User{CE3CB0C8-0ADE-411B-A695-298B7D8FCF0A}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= TCP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"TCP Query User{1EEBDA1E-8F13-4C17-B2AB-247E5B2EF9F0}C:\\program files\\nero\\nero8\\nero home\\nerohome.exe"= UDP:C:\program files\nero\nero8\nero home\nerohome.exe:Nero Home
"UDP Query User{383E3FD8-60BC-4DA9-B336-A54A342DFA44}C:\\program files\\nero\\nero8\\nero home\\nerohome.exe"= TCP:C:\program files\nero\nero8\nero home\nerohome.exe:Nero Home
"{CA8293AF-FEC7-49C6-AA39-1EEB79CF3908}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{6B371D45-11B2-4474-9FB7-4AFBB73C0A15}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{22F5CCDA-054D-4EDF-974F-50074EC42D06}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{193FFE38-BD9D-4283-B3CE-6A3F459E90C0}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{92EFCE2D-6E82-4736-81B8-FAAABE9BC820}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{7645C705-94CF-4139-9B51-3C0F2E0BFE14}C:\\programdata\\kaspersky lab setup files\\kaspersky internet security 7.0.1.325\\english\\setup.exe"= UDP:C:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.325\english\setup.exe:Kaspersky Internet Security 7.0 Setup
"UDP Query User{ECA935EB-7B44-4C03-B78E-EA2298BD1A7F}C:\\programdata\\kaspersky lab setup files\\kaspersky internet security 7.0.1.325\\english\\setup.exe"= TCP:C:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.325\english\setup.exe:Kaspersky Internet Security 7.0 Setup

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|S vc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 ahcix86s;ahcix86s;C:\Windows\system32\drivers\ahci x86s.sys [2007-09-26 01:34]
R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 12:23]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys [2007-10-16 11:05]
S2 AESTFilters;Andrea ST Filters Service;C:\Windows\system32\aestsrv.exe [2007-09-28 00:54]
S2 ATIWebPAM;ATI WebPAM;"C:\Program Files\ATI\WebPAM\jetty\extra\win32\Wrapper.exe" -s wrapper.conf []
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
S2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.s ys [2006-08-04 20:39]
S3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atik mdag.sys [2007-08-14 04:40]
S3 btwaudio;Dispositivo de audio Bluetooth;C:\Windows\system32\drivers\btwaudio.sys [2006-11-06 21:37]
S3 btwavdt;Bluetooth AVDT Service;C:\Windows\system32\drivers\btwavdt.sys [2006-11-06 19:13]
S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwr chid.sys [2006-11-06 19:13]
S3 MBAMCatchMe;MBAMCatchMe;C:\Program Files\Malwarebytes' Anti-Malware\catchme.sys [2008-04-07 20:17]
S3 OEM02Dev;Creative Camera OEM002 Driver;C:\Windows\system32\DRIVERS\OEM02Dev.sys [2007-08-29 01:54]
S3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;C:\Windows\system32\DRIVERS\OEM02Vfx.sys [2007-08-29 01:55]
S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-08-14 04:40]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{17ffaf0f-10da-11dd-a9d9-001dd9e50c0a}]
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\win32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{6511b1d7-04bf-11dd-9473-001dd9e50c0a}]
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL win32.exe\open=´ò¿ª(&O)
\shell\explore\Command - driver.exe
\shell\open\Command - driver.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{733c3150-a6be-11dc-b763-001dd9e50c0a}]
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL win32.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - ECACHE
*Newly Created Service* - PXHELP20
.
************************************************** ************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-23 22:56:49
Windows 6.0.6000 NTFS

escaneando procesos ocultos ...

escaneando entradas ocultas de autostart ...

escaneando archivos ocultos ...

el escaneo se completo con exito
archivos ocultos: 0

************************************************** ************************
.
Tiempo completado: 2008-04-23 22:57:17
ComboFix-quarantined-files.txt 2008-04-24 02:57:13
ComboFix2.txt 2008-04-24 02:54:08

El sistema no puede encontrar el texto del mensaje para el mensaje número 0x2379 en el archivo de mensajes para Application.
El sistema no puede encontrar el texto del mensaje para el mensaje número 0x2379 en el archivo de mensajes para Application.

247 --- E O F --- 2008-04-23 23:19:16

De todas maneras me tiraba un error el Combofix, pero todo quuedo normal....aka va el otro reporte

Malwarebytes' Anti-Malware 1.11
Versión de la Base de Datos: 676

Tipo de examen : Examen Completo (C:\|D:\|)
Objetos examinados: 139931
Tiempo transcurrido: 40 minute(s), 5 second(s)

Procesos en Memoria Infectados: 0
Módulos en Memoria Infectados: 0
Claves del Registro Infectadas: 2
Valores del Registro Infectados: 0
Elementos de Datos del Registro Infectados: 0
Carpetas Infectadas: 0
Ficheros Infectados: 0

Procesos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Módulos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Claves del Registro Infectadas:
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.

Valores del Registro Infectados:
(No se han detectado elementos maliciosos)

Elementos de Datos del Registro Infectados:
(No se han detectado elementos maliciosos)

Carpetas Infectadas:
(No se han detectado elementos maliciosos)

Ficheros Infectados:
(No se han detectado elementos maliciosos)


Adios