Me estoy volviendo loco (Solucionado)

**notecomesnada** · 25/06/08, 04:10:20

buenos días,

continuamente mi pc va cada vez mas lento y mas lento y cada minuto aproximadamente se abre un maldito popup y ventanas de todo tipo, la ultima de ellas diciendome que me descargue un antispyware (algo muy sospechoso que por su puesto no he hecho) he intentado limpiar el registro, etc y hacer varias cosas pero nada. Sigue igual. He descargado y ejecutado el Hijackthis y me sale lo siguiente:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:04:26, on 25/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ISS\Proventia Desktop\blackd.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\ISS\Proventia Desktop\RapApp.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ISS\Proventia Desktop\RapUISvc.exe
C:\Program Files\ISS\Proventia Desktop\vpatch.exe
C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\documents and settings\alprieto\local settings\application data\quyuxd.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Desktop Search\WindowsSearchFilter.exe
C:\Program Files\Windows Desktop Search\WindowsSearchFilter.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://portal.es.deloitte.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://portal.es.deloitte.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://portal.es.deloitte.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by PMS.
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://autoconfig.es.deloitte.com/w2kie60dt.ins
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.72:8080
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: Plugin Class - {56CD20F0-7C09-11D5-A768-0050042307CE} - C:\Program Files\SAP\SAP Tutor\PlayerIE.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKCU\..\Run: [EFS Assistant] C:\Program Files\Microsoft EFS Assistant\EFSAssistant.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [quyuxd] c:\documents and settings\alprieto\local settings\application data\quyuxd.exe quyuxd
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O14 - IERESET.INF: START_PAGE_URL=http://portal.es.deloitte.com
O15 - Trusted Zone: http://*.alphacorporate.es
O15 - Trusted Zone: http://*.arthurandersen.es
O15 - Trusted Zone: http://esmadln0002.es.deloitte.com
O15 - Trusted Zone: http://esmadln0004.es.deloitte.com
O15 - Trusted Zone: *.deloitte.com
O15 - Trusted Zone: http://*.deloitte.es
O15 - Trusted Zone: http://*.es.deloitte.com
O15 - Trusted Zone: *.garrigues.com
O15 - Trusted Zone: http://*.garrigues.com
O15 - Trusted Zone: http://*.gms.com
O15 - Trusted Zone: http://*.msspain.com
O15 - Trusted Zone: http://*.sggestion.es
O15 - Trusted Zone: http://*.alphacorporate.es (HKLM)
O15 - Trusted Zone: http://*.arthurandersen.es (HKLM)
O15 - Trusted Zone: http://esmadln0002.es.deloitte.com (HKLM)
O15 - Trusted Zone: http://esmadln0004.es.deloitte.com (HKLM)
O15 - Trusted Zone: *.deloitte.com (HKLM)
O15 - Trusted Zone: http://*.deloitte.es (HKLM)
O15 - Trusted Zone: http://*.es.deloitte.com (HKLM)
O15 - Trusted Zone: *.garrigues.com (HKLM)
O15 - Trusted Zone: http://*.garrigues.com (HKLM)
O15 - Trusted Zone: http://*.gms.com (HKLM)
O15 - Trusted Zone: http://*.msspain.com (HKLM)
O15 - Trusted Zone: http://*.sggestion.es (HKLM)
O15 - Trusted IP range: 10.*.*.*
O15 - Trusted IP range: 10.74.16.29
O15 - Trusted IP range: 10.*.*.* (HKLM)
O15 - Trusted IP range: 10.74.16.29 (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1209938071062
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1210685272390
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft Terminal Services Client Control (redist)) - http://webservices.es.deloitte.com/msrdp.cab
O16 - DPF: {A2505C6C-6F17-456F-89D2-4301FBDC6EC7} (Iewiper Control) - https://myoffice.deloitte.es/nortel_cacheable/iewiper.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = es.deloitte.com
O17 - HKLM\Software\..\Telephony: DomainName = es.deloitte.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = es.deloitte.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = es.deloitte.com,deloitte.com,pmsaie.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = es.deloitte.com,deloitte.com,pmsaie.com
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: Check Point SecuRemote Service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
O23 - Service: Check Point SecuRemote WatchDog (SR_WatchDog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe

Espero la ayuda de los expertos jejejeje

Muchas gracias

**ElPiedra** · 26/06/08, 19:18:16

Hola notecomesnada, te doy la bienvenida al Foro de InfoSpyware.

Paso 1- Descarga, Instala y/o actualiza estas herramientas: (pero no los ejecutes aun)

Paso 2- Con todos los programas cerrados, ejecuta HijackThis y dale

a las siguientes entradas:

O4 - HKCU\..\Run: [quyuxd] c:\documents and settings\alprieto\local settings\application data\quyuxd.exe quyuxd

Paso 3- Ejecuta estas herramientas, de a una:

Malwarebytes' Anti-Malware
*Nota* Es importante que envíes a "Cuarentena" todo lo que este detecte antes de copiar y pegarnos su reporte.

Antes de usar ComboFix....
Desactiva temporalmente el Antivirus y/o Antispyware.
Cierra todas las ventanas abiertas.
Hacele doble clic al archivo ComboFix.exe y seguí las instrucciones.
Cuando termine, generara un registro en C:\ComboFix.txt.
- *Nota* Mientras CF este trabajando no mover el mouse ya que pararía su proceso.
- *Nota* ComboFix puede reiniciar automáticamente el PC para completar el proceso de eliminación.

Atención!! No use ComboFix a menos que se le haya indicado específicamente en su mensaje por un integrante de nuestro Staff. Es una herramienta de gran alcance destinada por su creador a ser usada bajo la orientación y supervisión de un experto, no para uso privado. El uso de ComboFix incorrectamente podría generar problemas en su sistema. Por favor, lea las "Negaciones de la Garantía" de ComboFix.

Paso 4- Descarga CCleaner y ejecútalo usando primero su opción de "Limpiador" para borrar cookies, temporales de Internet y todos los archivos que este te muestre como obsoletos, y luego usa su opción de "Registro" para limpiar todo el registro de Windows (haciendo copia de seguridad).

Reinicia y nos contas los resultados. junto con el reporte de

Paso 5- Reinicia en modo normal y nos dejas los reportes de:

Malwarebytes' Anti-Malware
C:\ComboFix.txt en este mismo mensaje.

**Nota**
- Para mayor comodidad imprime los pasos.
- Recuerda regresar y contarnos los resultados.

Salu2

**notecomesnada** · 30/06/08, 08:16:01

jode pues al parecer ya esta todo solucionado. ni restro de los pop up.
Muchisimas gracias

os adjunto el resultado de los log:
COMBOFIX
ComboFix 08-06-20.4 - alprieto 2008-06-30 14:06:42.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1381 [GMT 2:00]
Running from: C:\Documents and Settings\alprieto\Desktop\New Folder\ComboFix.exe
* Created a new restore point
* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\alprieto\Local Settings\Application Data\quyuxd.dat
C:\Documents and Settings\alprieto\Local Settings\Application Data\quyuxd.exe
C:\Documents and Settings\alprieto\Local Settings\Application Data\quyuxd_nav.dat
C:\Documents and Settings\alprieto\Local Settings\Application Data\quyuxd_navps.dat
C:\WINDOWS\SETUP640_23-10001615.EXE
C:\WINDOWS\system32\_000005_.tmp.dll

----- BITS: Possible infected sites -----

hxxp://ESMADEM001.es.deloitte.com
.
((((((((((((((((((((((((( Files Created from 2008-05-28 to 2008-06-30 )))))))))))))))))))))))))))))))
.

2008-06-30 13:46 . 2008-06-30 13:46 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-30 13:46 . 2008-06-30 13:46 <DIR> d-------- C:\Documents and Settings\alprieto\Application Data\Malwarebytes
2008-06-30 13:46 . 2008-06-30 13:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-30 13:46 . 2008-06-28 14:16 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-30 13:46 . 2008-06-28 14:16 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-30 10:30 . 2008-06-30 10:30 <DIR> d-------- C:\temp
2008-06-25 10:03 . 2008-06-25 10:03 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-25 09:31 . 2008-06-25 09:31 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-06-25 09:31 . 2008-06-25 09:31 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-25 09:31 . 2008-06-25 09:31 <DIR> d-------- C:\Documents and Settings\alprieto\Application Data\SUPERAntiSpyware.com
2008-06-25 09:31 . 2008-06-25 09:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-25 09:20 . 2008-06-25 09:20 <DIR> d-------- C:\Program Files\CCleaner
2008-06-25 09:09 . 2008-06-25 09:09 378 --a------ C:\WINDOWS\system32\mapisvc.inf
2008-06-23 09:05 . 2008-06-23 09:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-06-19 10:12 . 2008-06-19 10:12 <DIR> d-------- C:\Documents and Settings\alprieto\Application Data\deskUNPDF
2008-06-16 13:51 . 2008-06-16 13:51 <DIR> d-------- C:\Documents and Settings\alprieto\Application Data\InstallShield
2008-06-10 18:51 . 2008-06-10 18:51 <DIR> d-------- C:\Program Files\Zattoo
2008-06-03 16:14 . 2008-06-03 16:14 244 --ah----- C:\sqmnoopt10.sqm
2008-06-03 16:14 . 2008-06-03 16:14 232 --ah----- C:\sqmdata10.sqm
2008-06-03 15:54 . 2008-06-03 15:54 244 --ah----- C:\sqmnoopt09.sqm
2008-06-03 15:54 . 2008-06-03 15:54 232 --ah----- C:\sqmdata09.sqm
2008-05-20 10:16 . 2008-05-20 10:16 244 --ah----- C:\sqmnoopt08.sqm
2008-05-20 10:16 . 2008-05-20 10:16 232 --ah----- C:\sqmdata08.sqm
2008-05-20 10:13 . 2008-05-20 10:13 244 --ah----- C:\sqmnoopt07.sqm
2008-05-20 10:13 . 2008-05-20 10:13 232 --ah----- C:\sqmdata07.sqm
2008-05-19 19:25 . 2008-05-19 19:25 244 --ah----- C:\sqmnoopt06.sqm
2008-05-19 19:25 . 2008-05-19 19:25 232 --ah----- C:\sqmdata06.sqm
2008-05-19 16:37 . 2008-05-19 16:37 244 --ah----- C:\sqmnoopt05.sqm
2008-05-19 16:37 . 2008-05-19 16:37 232 --ah----- C:\sqmdata05.sqm
2008-05-19 16:36 . 2008-05-19 16:36 244 --ah----- C:\sqmnoopt04.sqm
2008-05-19 16:36 . 2008-05-19 16:36 232 --ah----- C:\sqmdata04.sqm
2008-05-19 16:35 . 2008-05-19 16:35 244 --ah----- C:\sqmnoopt03.sqm
2008-05-19 16:35 . 2008-05-19 16:35 232 --ah----- C:\sqmdata03.sqm
2008-05-19 14:51 . 2008-05-19 14:51 244 --ah----- C:\sqmnoopt02.sqm
2008-05-19 14:51 . 2008-05-19 14:51 244 --ah----- C:\sqmnoopt01.sqm
2008-05-19 14:51 . 2008-05-19 14:51 232 --ah----- C:\sqmdata02.sqm
2008-05-19 14:51 . 2008-05-19 14:51 232 --ah----- C:\sqmdata01.sqm
2008-05-19 14:49 . 2008-05-19 14:49 244 --ah----- C:\sqmnoopt00.sqm
2008-05-19 14:49 . 2008-05-19 14:49 232 --ah----- C:\sqmdata00.sqm
2008-05-06 11:04 . 2008-05-06 11:04 <DIR> d-------- C:\Program Files\Microsoft Office Communicator
2008-05-05 17:19 . 2008-05-05 17:19 <DIR> d-------- C:\Program Files\Enterprise Vault
2008-05-05 10:00 . 2008-05-05 10:02 <DIR> d-------- C:\Documents and Settings\alprieto\Contacts
2008-05-05 00:23 . 2008-05-05 00:23 <DIR> d-------- C:\Documents and Settings\Alvaro\Contacts
2008-05-05 00:21 . 2008-05-05 00:21 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-05-05 00:21 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-05-05 00:04 . 2008-05-05 00:19 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-05 00:03 . 2008-05-05 00:21 <DIR> d-------- C:\Program Files\Windows Live
2008-05-04 23:59 . 2008-05-05 00:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-04 23:58 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-05-04 23:58 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-05-04 23:58 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-05-04 23:58 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-25 14:36 --------- d-----w C:\Program Files\Google
2008-06-25 07:08 --------- d-----w C:\Program Files\DTSC
2008-06-16 11:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-16 11:51 --------- d-----w C:\Program Files\Deloitte
2008-05-29 14:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\VMware
2008-05-29 13:59 --------- d-----w C:\Documents and Settings\LocalService\Application Data\VMware
2008-05-04 22:01 --------- d-----w C:\Program Files\BitComet
2008-05-03 22:50 --------- d-----w C:\Program Files\Java
2008-04-26 12:06 2,560 ----a-w C:\WINDOWS\system32\bitcometres.dll
2008-04-08 11:53 143,740 ----a-w C:\WINDOWS\ADDADMINS.EXE
2008-03-26 22:00 1,442,816 ----a-w C:\WINDOWS\system32\lmxp32.dll
2008-03-25 11:51 18,790 ----a-w C:\WINDOWS\system32\ddmon.dll
2008-03-10 11:25 466,982 ----a-w C:\WINDOWS\PMSbackup.EXE
.

------- Sigcheck -------

2004-08-04 14:00 14336 8f078ae4ed187aaabc0a305146de6716 C:\WINDOWS\system32\svchost.exe
2004-08-04 14:00 14336 8f078ae4ed187aaabc0a305146de6716 C:\WINDOWS\system32\dllcache\svchost.exe

2005-03-02 20:19 577024 1800f293bccc8ede8a70e12b88d80036 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
2007-03-08 17:48 578048 7aa4f6c00405dfc4b70ed4214e7d687b C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
2007-03-08 17:36 577536 b409909f6e2e8a7067076ed748abf1e7 C:\WINDOWS\SDtemp\Download\4d9d678c0d8af22c04a4a7fc7f1ff86c\sp2gdr\user32.dll
2007-03-08 17:48 578048 7aa4f6c00405dfc4b70ed4214e7d687b C:\WINDOWS\SDtemp\Download\4d9d678c0d8af22c04a4a7fc7f1ff86c\sp2qfe\user32.dll
2007-03-08 17:36 577536 b409909f6e2e8a7067076ed748abf1e7 C:\WINDOWS\system32\user32.dll
2007-03-08 17:36 577536 b409909f6e2e8a7067076ed748abf1e7 C:\WINDOWS\system32\dllcache\user32.dll

2004-08-04 14:00 82944 2ed0b7f12a60f90092081c50fa0ec2b2 C:\WINDOWS\system32\ws2_32.dll
2004-08-04 14:00 82944 2ed0b7f12a60f90092081c50fa0ec2b2 C:\WINDOWS\system32\dllcache\ws2_32.dll

2006-05-10 07:25 663552 d94cffdb53e7ac867438e2dfd50e7cbc C:\WINDOWS\$hf_mig$\KB916281\SP2QFE\wininet.dll
2007-08-20 12:02 825344 357d54bf94fe9d6d8505a96b5c2a3bca C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
2007-12-07 04:01 825344 b5b411bb229ae6ead7652a32ed47bfb9 C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
2007-08-22 14:55 665600 a1bc17eb3758d73c3938b2318820f5b4 C:\WINDOWS\ie7\wininet.dll
2007-08-13 19:54 818688 a4a0fc92358f39538a6494c42ef99fe9 C:\WINDOWS\ie7updates\KB939653-IE7\wininet.dll
2007-08-20 12:04 824832 774435e499d8e9643ec961a6103c361f C:\WINDOWS\ie7updates\KB944533-IE7\wininet.dll
2007-02-20 11:48 658944 30d1c47e40efbb792ff8d3c3b51ce507 C:\WINDOWS\SDtemp\Download\e7315ae76f5adc7c9afda4e7adacef1d\SP2GDR\wininet.dll
2007-02-20 11:52 665600 b258c922d22deec880b60720531d7627 C:\WINDOWS\SDtemp\Download\e7315ae76f5adc7c9afda4e7adacef1d\SP2QFE\wininet.dll
2007-12-07 04:21 824832 806d274c9a6c3aaea5eae8e4af841e04 C:\WINDOWS\system32\wininet.dll
2007-12-07 04:21 824832 806d274c9a6c3aaea5eae8e4af841e04 C:\WINDOWS\system32\dllcache\wininet.dll

2006-04-20 14:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\system32\drivers\tcpip.sys

2004-08-04 14:00 502272 01c3346c241652f43aed8e2149881bfe C:\WINDOWS\system32\winlogon.exe
2004-08-04 14:00 502272 01c3346c241652f43aed8e2149881bfe C:\WINDOWS\system32\dllcache\winlogon.exe

2006-01-10 03:01 182528 aa898f84d2b59129fb92e143a2c73434 C:\WINDOWS\system32\dllcache\ndis.sys
2006-01-10 03:01 182528 aa898f84d2b59129fb92e143a2c73434 C:\WINDOWS\system32\drivers\ndis.sys

2004-08-04 14:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\dllcache\ip6fw.sys
2004-08-04 14:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys

2005-03-02 02:36 2056832 d8aba3eab509627e707a3b14f00fbb6b C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
2007-02-28 11:15 2059392 4d3dbdccbf97f5ba1e74f322b155c3ba C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
2007-02-28 11:15 2059392 4d3dbdccbf97f5ba1e74f322b155c3ba C:\WINDOWS\SDtemp\Download\10e16e65c532d077de7c89a212bd8df8\sp2qfe\ntkrnlpa.exe
2007-02-28 11:15 2017280 2dfb215e291e3d9b1cf9a6739b3bf16c C:\WINDOWS\system32\ntkrnlpa.exe
2007-02-28 11:15 2059392 4d3dbdccbf97f5ba1e74f322b155c3ba C:\WINDOWS\system32\dllcache\ntkrnlpa.exe

2005-03-02 03:04 2179456 28187802b7c368c0d3aef7d4c382aabb C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2007-02-28 11:55 2182144 5a5c8db4aa962c714c8371fbdf189fc9 C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
2007-02-28 11:55 2182144 5a5c8db4aa962c714c8371fbdf189fc9 C:\WINDOWS\SDtemp\Download\10e16e65c532d077de7c89a212bd8df8\sp2qfe\ntoskrnl.exe
2007-02-28 11:53 2137600 e6679c3023b17d8b78946bc5df53fa20 C:\WINDOWS\system32\ntoskrnl.exe
2007-02-28 11:55 2182144 5a5c8db4aa962c714c8371fbdf189fc9 C:\WINDOWS\system32\dllcache\ntoskrnl.exe

2004-08-04 14:00 1032192 a0732187050030ae399b241436565e64 C:\WINDOWS\explorer.exe
2004-08-04 14:00 1032192 a0732187050030ae399b241436565e64 C:\WINDOWS\system32\dllcache\explorer.exe

2004-08-04 14:00 108032 c6ce6eec82f187615d1002bb3bb50ed4 C:\WINDOWS\system32\services.exe
2004-08-04 14:00 108032 c6ce6eec82f187615d1002bb3bb50ed4 C:\WINDOWS\system32\dllcache\services.exe

2004-08-04 14:00 13312 84885f9b82f4d55c6146ebf6065d75d2 C:\WINDOWS\system32\lsass.exe
2004-08-04 14:00 13312 84885f9b82f4d55c6146ebf6065d75d2 C:\WINDOWS\system32\dllcache\lsass.exe

2004-08-04 14:00 15360 24232996a38c0b0cf151c2140ae29fc8 C:\WINDOWS\system32\ctfmon.exe
2004-08-04 14:00 15360 24232996a38c0b0cf151c2140ae29fc8 C:\WINDOWS\system32\dllcache\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
"EFS Assistant"="C:\Program Files\Microsoft EFS Assistant\EFSAssistant.exe" [2007-05-22 16:39 62888]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-06-26 16:13 1207080]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]
"Communicator"="C:\Program Files\Microsoft Office Communicator\Communicator.exe" [2007-07-23 10:33 5803368]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 16:58 1744896]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"consentpromptbehavioradmin"= 0 (0x0)
"enableinstallerdetection"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisablePersonalDirChange"= 1 (0x1)
"NoTaskGrouping"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\disallowrun]
"1"= emule.exe

[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-11-21 15:50 233472]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ckpNotify]
ckpNotify.dll 2005-01-30 11:49 24672 C:\WINDOWS\system32\ckpNotify.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Proventia Desktop Agent.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Proventia Desktop Agent.lnk
backup=C:\WINDOWS\pss\Proventia Desktop Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TMMonitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TMMonitor.lnk
backup=C:\WINDOWS\pss\TMMonitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk
backup=C:\WINDOWS\pss\Windows Desktop Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AccelerometerSysTrayApplet]
--a------ 2006-01-16 22:01 53248 C:\WINDOWS\system32\AccelerometerSt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AgentNotifierRunKey]
--a------ 2006-06-28 02:36 180224 C:\Program Files\Iron Mountain\Connected BackupPC\AgentNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a------ 2005-12-12 15:00 88203 C:\WINDOWS\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
--a------ 2006-01-02 17:41 45056 C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
--a------ 2006-02-22 08:03 40960 C:\Program Files\HPQ\Default Settings\cpqset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 14:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
--a------ 2005-08-31 05:20 122940 C:\WINDOWS\System32\DLA\DLACTRLW.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EFS Assistant]
--a------ 2007-05-22 16:39 62888 C:\Program Files\Microsoft EFS Assistant\EFSAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\endisems_pms]
--a------ 2006-10-04 10:59 137930 C:\WINDOWS\system32\endisesm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2006-06-26 16:13 1207080 C:\Program Files\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfeeUpdaterUI]
--a------ 2007-10-25 11:04 136512 C:\Program Files\McAfee\Common Framework\UdaterUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
--a------ 2007-03-27 16:58 1744896 C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 2007-03-23 14:20 227328 C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PTHOSTTR]
--a------ 2006-02-14 11:56 122880 C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
--a------ 2006-03-02 15:39 131072 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistrarUsrDNIeCertStoreDLL]
--a------ 2007-12-18 17:56 24576 C:\WINDOWS\system32\udcs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShStatEXE]
--a------ 2006-11-30 08:50 112216 C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
--a------ 2005-05-06 14:06 716800 C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
-ra------ 2005-05-20 10:11 925696 C:\Program Files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spoo1sv.exe]
C:\WINDOWS\system32\spoo1sv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2006-03-03 18:46 761948 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VodafoneUSBPP.exe]
--a------ 2006-10-09 16:29 1024000 C:\Program Files\Huawei technologies\Vodafone Mobile Connect Modem\VodafoneUSBPP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]
--a------ 2006-03-31 13:58 184320 C:\Program Files\InterVideo\DVD Check\DVDCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--a------ 2006-10-18 21:05 204288 C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Bonjour Service"=2 (0x2)
"WLSetupSvc"=3 (0x3)
"usnjsvc"=3 (0x3)
"ose"=3 (0x3)
"IDriverT"=3 (0x3)
"Adobe LM Service"=3 (0x3)
"VMware NAT Service"=2 (0x2)
"VMnetDHCP"=2 (0x2)
"VMAuthdService"=2 (0x2)
"WMPNetworkSvc"=2 (0x2)
"VPatch"=2 (0x2)
"vmount2"=2 (0x2)
"ufad-p2v"=2 (0x2)
"ServiceLayer"=3 (0x3)
"RapApp"=2 (0x2)
"MDM"=2 (0x2)
"iPod Service"=3 (0x3)
"bmwebcfg"=2 (0x2)
"BlackICE"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"AgentService"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"22810:TCP"= 22810:TCP:BitComet 22810 TCP
"22810:UDP"= 22810:UDP:BitComet 22810 UDP

R1 tidnet;TID NDIS Protocol Driver;C:\WINDOWS\system32\DRIVERS\tidnet.sys [2005-06-08 17:01]
R2 CcmExec;SMS Agent Host;C:\WINDOWS\system32\CCM\CcmExec.exe [2007-04-13 02:50]
R2 Scap;SecureClient Application Policy Module;C:\WINDOWS\system32\DRIVERS\Scap.sys [2005-01-30 11:49]
R2 VPatch;ISS Buffer Overflow Exploit Prevention;"C:\Program Files\ISS\Proventia Desktop\vpatch.exe" [2007-09-25 13:15]
R2 VPN-1;VPN-1 Module;C:\WINDOWS\system32\drivers\vpn.sys [2005-01-30 11:49]
R2 vstor2-p2v30;Vstor2 P2V30 Virtual Storage Driver;C:\Program Files\VMware\VMware Converter\vstor2-p2v30.sys [2007-01-30 20:41]
R3 FW1;SecuRemote Miniport;C:\WINDOWS\system32\DRIVERS\fw.sys [2005-01-30 11:49]
R3 GTIPCI21;GTIPCI21;C:\WINDOWS\system32\DRIVERS\gtipci21.sys [2005-05-31 12:46]
R3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2005-06-10 15:26]
R3 MakoNT;MakoNT;C:\WINDOWS\system32\drivers\isskboep.sys [2007-05-07 17:06]
R3 prepdrvr;SMS Process Event Driver;C:\WINDOWS\system32\CCM\prepdrv.sys [2007-04-13 02:50]
R3 rap;rap;C:\WINDOWS\system32\drivers\RapDrv.sys [2007-09-25 13:15]
R4 black;black;C:\WINDOWS\system32\drivers\BlackCat.sys [2007-05-07 17:06]
S3 BDA_Capture_225;USB Digital-TV receiver Driver 2.0.1.8;C:\WINDOWS\system32\Drivers\BDA_Capture_225.sys [2006-04-04 03:36]
S3 BDA_Loader_225;USB Digital-TV Receiver Firmware Loader 6.4.11.0;C:\WINDOWS\system32\Drivers\BDA_Loader_225.sys [2006-04-11 07:32]
S3 G3GRUMDM;G3G R USB Modem;C:\WINDOWS\system32\DRIVERS\g3grumdm.sys [2005-11-18 08:58]
S3 G3GRUSER;G3G R USB Serial;C:\WINDOWS\system32\DRIVERS\g3gruser.sys [2005-11-18 08:58]
S3 GTF32BUS;GT F32 BUS;C:\WINDOWS\system32\DRIVERS\gtf32bus.sys [2006-03-17 13:30]
S3 GTPTSER;GT PT SER;C:\WINDOWS\system32\DRIVERS\gtptser.sys [2006-03-17 13:30]
S3 GTSCSER;GT SC SER;C:\WINDOWS\system32\DRIVERS\gtscser.sys [2006-03-17 13:30]
S3 OMVA;VPN-1 SecureClient Adapter;C:\WINDOWS\system32\DRIVERS\OMVA.sys [2005-01-30 11:49]
S3 W8100PCI;Marvell Libertas 802.11b/g Driver for Windows XP;C:\WINDOWS\system32\DRIVERS\mrv8k51.sys [2005-10-31 10:36]
S4 AgentService;AgentService;"C:\Program Files\Iron Mountain\Connected BackupPC\AgentService.exe" -p 16386 []
S4 ufad-p2v;VMware Converter Service;"C:\Program Files\VMware\VMware Converter\vmware-ufad.exe" -d "C:\Program Files\VMware\VMware Converter\\" -s ufad-p2v.xml []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6790a5cd-1bb5-11db-b603-843ecfd65033}]
\Shell\AutoRun\command - F:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b43622e8-22ed-11dc-b43e-0018de8c6728}]
\Shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c17de470-ee80-11dc-bbe8-0018de8c6728}]
\Shell\Auto\command - E:\wherestar.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wherestar.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ccc71220-04ab-11dd-bc01-0018de8c6728}]
\Shell\Auto\command - E:\wherestar.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wherestar.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f90f9d69-9e9e-11dc-bb4e-545543445200}]
\Shell\Auto\command - F:\wherestar.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wherestar.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fc799428-e37c-11dc-bbd0-0018de8c6728}]
\Shell\Auto\command - wherestar.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wherestar.exe

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-04-26 15:41:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-30 14:09:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-30 14

48
ComboFix-quarantined-files.txt 2008-06-30 12

41

Pre-Run: 9,558,368,256 bytes free
Post-Run: 9,652,408,320 bytes free

331

MALWARE
Malwarebytes' Anti-Malware 1.19
Versión de la Base de Datos: 907
Windows 5.1.2600 Service Pack 2

13:54:53 30/06/2008
mbam-log-6-30-2008 (13-54-53).txt

Tipo de examen : Examen Rápido
Objetos examinados: 47379
Tiempo transcurrido: 6 minute(s), 5 second(s)

Procesos en Memoria Infectados: 0
Módulos en Memoria Infectados: 0
Claves del Registro Infectadas: 0
Valores del Registro Infectados: 0
Elementos de Datos del Registro Infectados: 2
Carpetas Infectadas: 0
Ficheros Infectados: 1

Procesos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Módulos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Claves del Registro Infectadas:
(No se han detectado elementos maliciosos)

Valores del Registro Infectados:
(No se han detectado elementos maliciosos)

Elementos de Datos del Registro Infectados:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Carpetas Infectadas:
(No se han detectado elementos maliciosos)

Ficheros Infectados:
C:\WINDOWS\system32\nvs2.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.

**ElPiedra** · 01/07/08, 15:14:51

Hola, ComboFix ya se encargo de eliminar los archivos de malwares encontrados en tu PC, por lo que si todo esta funcionado bien, damos por terminado el tema.

Para terminar solo te quedaría desinstalar CF de la siguiente manera:

Ir a Inicio > Ejecutar
Escribir lo siguiente: ComboFix /u como muestra la imagen debajo:
Esto activara el desinstalador de ComboFix abriendo su pantalla principal y luego de unos segundos veras ("ComboFix is uninstalled")

Para evitar este tipo de infecciones te recomiendo usar un navegador mas seguro como Firefox

Salu2

Me estoy volviendo loco (Solucionado)

Herramientas

Me estoy volviendo loco (Solucionado)

Re: Me estoy volviendo loco

Re: Me estoy volviendo loco

Re: Me estoy volviendo loco