Problemas con Google después de "desinfectar" (Solucionado)

Buscar

		Foro de Spyware » Spyware - Adware - Hijackers - Malwares » Temas Solucionados
Problemas con Google después de "desinfectar" (Solucionado)

Para evitar Virus, Spyware y otros Malwares, te recomendamos mantenerte informado en: InfoSpyware Blog

Temas Solucionados Casos de HijackThis y Malwares resueltos.
(Solo lectura)

Enviar a:

Herramientas

post #1

03/07/08, 12:15:58

Magustin

Usuario

Registrado: jul 2008

Ubicación: En Madrid

Mensajes: 5

Problemas con Google después de "desinfectar" (Solucionado)

Hola a todos, y gracias y felicidades de antemano por vuestra labor. Me ha sido de gran ayuda.

Tengo un equipo en el que tenía bastantes problemas con adwares y spywares, entre ellos vundo, virtumondo y unos cuantos más.

He estado bastantes días navegando por vuestro foro, y he tratado de seguir a pies juntillas las indicaciones que he encontrado, y con éxito, porque si no están del todo eliminados (que no lo sé, y esta es mi primera pregunta) al menos están a raya.

Instalé SUPERantispyware, Spywareblaster y Spybot.
Desinstale, no sin dificultad, el "Restaurar el sistema", ya que estoy con XP. Por cierto... ¿debería volver a activarlo? Supongo que sí.
Pasé el AVG, y el Karpesky online.

Y después de varios intentos y varias pasadas, por fin me dicen todos que estoy libre de bichos. El AVG me alguna advertencia con indica ciertas entradas del registro (que no termino de entender muy bien) pero no identifica ningún virus.

PROBLEMAS:

- Al iniciar el equipo, me aparece una ventana que me indica que no encuentra el archivo: bkhjqgwu.dll (he tratado de buscar con ese nombre, pero no encuentro nada).

- Puedo trabajar aparentemente de forma normal en el equipo, y puedo navegar (utilizo Firefox), pero cuando hago una busqueda con Google se queda página cargando indefinidamente y no funciona.

Os adjunto el log de Hijackthis, a ver si me podeis echar un cable.

De nuevo gracias de antemano. Saludos.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:00:13, on 03/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AppServ\Apache2.2\bin\httpd.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\bmwebcfg.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\GtFlashSwitch\GtFlashSwitch.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\AppServ\MySQL\bin\mysqld-nt.exe
C:\Program Files\AppServ\Apache2.2\bin\httpd.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Distillr\Acrotray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.ex e
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Orange\GlobeTrotter Connect\GlobeTrotter Connect.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.es/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/fuji/defaults/su/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://es.yahoo.com/fsc/
R3 - URLSearchHook: Barra Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: {117fb12b-1099-3c0a-40d4-05eafbb094c5} - {5c490bbf-ae50-4d04-a0c3-9901b21bf711} - C:\WINDOWS\system32\iqvisapf.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {83b41ba8-b614-4c0b-98e2-df2c642b9491} - (no file)
O2 - BHO: (no name) - {A57859D1-13CC-4780-A943-A8F70290835E} - C:\WINDOWS\system32\jkkKaxXP.dll (file missing)
O3 - Toolbar: PDF de Adobe - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: SYSTRAN Web Translator 5.0 - {A5899B52-3AF9-4F56-85FE-AD7B3BE8490F} - C:\Program Files\SYSTRAN\5.0\Personal\IEPlugIn.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [84092bdf] rundll32.exe "C:\WINDOWS\system32\bkhjqgwu.dll",b
O4 - HKLM\..\Run: [BM873a1843] Rundll32.exe "C:\WINDOWS\system32\eenymrhd.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: GlobeTrotter Connect.lnk = C:\Program Files\Orange\GlobeTrotter Connect\GlobeTrotter Connect.exe
O8 - Extra context menu item: Convertir a PDF de Adobe - res://C:\Program Files\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir a PDF existente - res://C:\Program Files\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir destino de vínculo a PDF existente - res://C:\Program Files\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir destino de vínculo en archivo PDF de Adobe - res://C:\Program Files\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir selección a archivo PDF existente - res://C:\Program Files\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir selección a PDF de Adobe - res://C:\Program Files\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir vínculos seleccionados a PDF de Adobe - res://C:\Program Files\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir vínculos seleccionados a PDF existente - res://C:\Program Files\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Crear un favorito móvil... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/spanish/kavwebscan_unicode.cab
O16 - DPF: {1F831FA6-42FC-11D4-95A6-0080AD30DCE1} (InstaFred) - file://C:\Program Files\MDT6\InstFred.ocx
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (Control de AcDcToday) - file://C:\Program Files\MDT6\AcDcToday.ocx
O16 - DPF: {AE563726-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\MDT6\InstBanr.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (Control AcPreview) - file://C:\Program Files\MDT6\AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{B99B0F4C-7E83-4C0C-B2D3-F304B5DF2F7F}: NameServer = 80.58.61.250,80.58.61.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{C6CBD2F6-60DB-419E-B360-EA0157140B45}: NameServer = 194.179.1.100
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\PROGRA~1\GOOGLE\GOOGLE~2\GOEC62~1.DLL,AVGRSSTX. DLL,avgrsstx.dll iqvisapf.dll
O20 - Winlogon Notify: !saswinlogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: ddcYoMEu - ddcYoMEu.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\Program Files\AppServ\Apache2.2\bin\httpd.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bytemobile Web Configurator (bmwebcfg) - Bytemobile, Inc. - C:\WINDOWS\system32\bmwebcfg.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Administrador de Google Desktop 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GtFlashSwitch - OptionNV - C:\Program Files\Common Files\GtFlashSwitch\GtFlashSwitch.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: mysql - Unknown owner - C:\Program.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Programador de LiveUpdate automático - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: SentinelProtectionServer - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

--
End of file - 12797 bytes

InfoSpyware

post #2

05/07/08, 16:28:33

GPastor

FS-Admin

Registrado: mar 2005

Ubicación: Lima - Perú

Mensajes: 22.227

Re: Problemas con Google después de "desinfectar"

Hola, te doy la bienvenida al Foro de InfoSpyware, sigue estos pasos:

- Descarga la herramienta ComboFix.exe y guárdala en el escritorio.

Desactiva temporalmente el Antivirus y/o Antispyware.
Cierra todas las ventanas abiertas.
Haz doble clic al archivo ComboFix.exe y sigue las instrucciones.
Cuando termine, generará un registro en C:\ComboFix.txt.
- *Nota* Mientras CF este trabajando no mover el mouse ya que pararía su proceso.
- *Nota* ComboFix puede reiniciar automáticamente el PC para completar el proceso de eliminación.

Cita:

Atención!! No use ComboFix a menos que se le haya indicado específicamente en su mensaje por un integrante de nuestro Staff. Es una herramienta de gran alcance destinada por su creador a ser usada bajo la orientación y supervisión de un experto, no para uso privado. El uso de ComboFix incorrectamente podría generar problemas en su sistema. Por favor, lea las "Negaciones de la Garantía" de ComboFix.

Reinicia y pega el reporte de C:\ComboFix.txt en este mismo mensaje.

Saludos

Novedades del Foro | Antivirus Online | Eliminar Malwares | Políticas del Foro | Blog

* Ayúdanos haciendo una DONACIÓN para poder seguir Ayudando.
* Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
* No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

post #3

07/07/08, 18:09:04

Magustin

Usuario

Registrado: jul 2008

Ubicación: En Madrid

Mensajes: 5

Re: Problemas con Google después de "desinfectar"

Muchas gracias GPastor, por tu interés, y disculpa el retraso. Me ha sido imposible hacerlo antes, pero he seguido tus instrucciones, y aquí tienes el fichero del ComboFix.

Esperaré tu respuesta, gracias de nuevo.

Un saludo,

Magustin

ComboFix 08-07-05.1 - Agustín 2008-07-06 20:40:28.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.34.1033.18.1400 [GMT 2:00]
Running from: D:\Software Instalado\Antispyware\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\LocalService\Application Data\wsnpoem
C:\Documents and Settings\LocalService\Application Data\wsnpoem\audio.dll
C:\Documents and Settings\NetworkService\Application Data\wsnpoem
C:\Documents and Settings\NetworkService\Application Data\wsnpoem\audio.dll
C:\WINDOWS\BM873a1843.txt
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\bceaupuf.dll
C:\WINDOWS\system32\BrWebIns.dll
C:\WINDOWS\system32\bwbwtlxn.ini
C:\WINDOWS\system32\CJSsAJlm.ini
C:\WINDOWS\system32\CJSsAJlm.ini2
C:\WINDOWS\system32\eenymrhd.dll
C:\WINDOWS\system32\grgdpwla.dll
C:\WINDOWS\system32\kqdmemte.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mhkugctw.dll
C:\WINDOWS\system32\omimlfis.dll
C:\WINDOWS\system32\PXxaKkkj.ini
C:\WINDOWS\system32\PXxaKkkj.ini2
C:\WINDOWS\system32\supymdvs.ini
C:\WINDOWS\system32\svokslwf.dll
C:\WINDOWS\system32\tmcmdtyu.ini
C:\WINDOWS\system32\uoqcjchi.ini
C:\WINDOWS\system32\urwiwrqg.dll
C:\WINDOWS\system32\uwgqjhkb.ini
C:\WINDOWS\system32\zlib.dll

.
((((((((((((((((((((((((( Files Created from 2008-06-06 to 2008-07-06 )))))))))))))))))))))))))))))))
.

2008-07-03 16:59 . 2008-07-03 16:59 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-24 23:56 . 2008-07-05 13:58 <DIR> d-------- C:\Documents and Settings\Agust¡n_2.PORTATIL.000
2008-06-24 23:43 . 2008-06-24 23:43 <DIR> d-------- C:\Documents and Settings\Agust¡n_2.PORTATIL
2008-06-24 23:40 . 2008-06-24 23:40 <DIR> d-------- C:\Documents and Settings\Agust¡n_2
2008-06-24 14:03 . 2008-06-24 14:03 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-06-24 08:02 . 2008-06-24 08:02 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-06-24 08:02 . 2008-06-24 08:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-24 01:16 . 2008-06-24 01:16 <DIR> d-------- C:\Program Files\CCleaner
2008-06-24 01:11 . 2008-06-24 01:11 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-06-24 01:11 . 2008-06-25 09:18 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-24 01:10 . 2008-06-24 01:10 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-24 00:46 . 2008-06-24 11:41 269 --a------ C:\WINDOWS\wininit.ini
2008-06-24 00:20 . 2008-06-24 00:20 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-24 00:20 . 2008-06-24 01:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-24 00:00 . 2008-06-24 00:00 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-06-23 03:20 . 2008-07-06 20:49 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-06-23 03:20 . 2008-06-23 03:20 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll.old
2008-06-23 03:20 . 2008-07-04 09:50 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-06-23 03:19 . 2008-06-23 03:19 <DIR> d-------- C:\Program Files\AVG
2008-06-23 03:19 . 2008-07-04 09:50 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-06-23 01:58 . 2008-06-23 03:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-06-23 01:55 . 2008-06-23 01:55 <DIR> d-------- C:\Program Files\Kaspersky Anti-Virus 7.0.1.325
2008-06-20 11:38 . 2008-07-06 18:57 110,405 --a------ C:\WINDOWS\BM873a1843.xml
2008-06-19 15:05 . 2008-06-25 09:03 <DIR> d--h----- C:\$AVG8.VAULT$
2008-06-19 14:59 . 2008-06-23 03:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-06-19 13:35 . 2008-06-19 13:35 25,600 --a------ C:\d.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-07-06 18:47 --------- d-----w C:\Documents and Settings\LocalService\Application Data\WTablet
2008-07-03 15:01 12,799 ----a-w C:\Program Files\hijackthis.log
2008-06-30 10:37 --------- d-----w C:\Program Files\MDT6
2008-06-22 23:48 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-22 23:46 --------- d-----w C:\Program Files\CuadernosMadrid
2008-06-19 13:44 --------- d-----w C:\Program Files\Desktop
2008-06-06 22:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-03 20:21 --------- d-----w C:\Program Files\Orange
2008-06-03 20:21 --------- d-----w C:\Program Files\Common Files\GtFlashSwitch
2008-05-11 18:17 --------- d-----w C:\Program Files\AppServ
2005-12-13 14:10 73,646 ----a-w C:\Program Files\Léame.htm
2005-12-13 06:10 78,148 ----a-w C:\Program Files\LeiaMe.htm
2005-12-13 06:10 71,842 ----a-w C:\Program Files\Leggimi.htm
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 14:00 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 15:22 1289000]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 14:56 64512]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-05-03 19:21 7405568]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-08-25 16:25 737369]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.e xe" [2001-07-09 11:50 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00 132496]
"StatusClient"="C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-16 17:51 36864]
"TomcatStartup"="C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2003-03-31 20:28 155648]
"BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-06-28 08:46 622592]
"SetDefPrt"="C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe" [2005-01-26 19:02 49152]
"ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe" [2006-06-29 13:18 77824]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 11:22 517768]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-03-29 00:45 29744]
"Acrobat Assistant 7.0"="C:\Program Files\Distillr\Acrotray.exe" [2006-01-12 20:52 483328]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-04-15 17:13 45056]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 11:22 155648]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-04 09:51 1232152]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-10 14:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"nwiz"="nwiz.exe" [2006-05-03 19:21 1519616 C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-11 18:36 16267776 C:\WINDOWS\RTHDCPL.EXE]
"SkyTel"="SkyTel.EXE" [2006-05-16 18:04 2879488 C:\WINDOWS\SkyTel.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 14:00 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
GlobeTrotter Connect.lnk - C:\Program Files\Orange\GlobeTrotter Connect\GlobeTrotter Connect.exe [2007-10-30 09:36:44 729088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!saswinlogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\GOOGLE\GOOGLE~2\GOEC62~ 1.DLL,AVGRSSTX.DLL,avgrsstx.dll iqvisapf.dll C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\ff_vfw.dll
"vidc.wmv3"= C:\PROGRA~1\COMBIN~1\Filters\wmv9vcm.dll
=

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"=
"C:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\ja vaw.exe"=
"C:\\Program Files\\VoipStunt.com\\VoipStunt\\VoipStunt.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 u1pvdbs;SONY USB CAMERA Base Driver;C:\WINDOWS\system32\DRIVERS\u1pvdbs.sys [2001-08-01 11:58]
R1 avgldx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-04 09:50]
R1 tidnet;TID NDIS Protocol Driver;C:\WINDOWS\system32\DRIVERS\tidnet.sys [2006-07-12 14:23]
R2 Apache2.2;Apache2.2;C:\Program Files\AppServ\Apache2.2\bin\httpd.exe [2007-01-09 18:17]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-04 09:50]
R2 GtFlashSwitch;GtFlashSwitch;C:\Program Files\Common Files\GtFlashSwitch\GtFlashSwitch.exe [2007-02-09 13:48]
R2 Programador de LiveUpdate automático;Programador de LiveUpdate automático;C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-09-08 15:45]
R2 UCDBW;UCDBW;C:\WINDOWS\system32\drivers\UCDBW.sys [2000-08-11 10:36]
R3 SvanRT2Wave;SvanRT2Wave Service;C:\WINDOWS\system32\drivers\SvanRT2Wave.sy s [2006-06-20 15:53]
R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilte r.sys [2006-02-14 15:18]
R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2006-02-14 15:19]
S1 pqasghjd;pqasghjd;C:\WINDOWS\system32\pqasghjd.sys []
S2 SSIPDDP;SSIPDDP Parallel port device driver;C:\WINDOWS\system32\DRIVERS\SSIPDDP.SYS [1998-07-07 09:14]
S2 Ud1w;Ud1w;C:\WINDOWS\system32\drivers\Ud1w.sys [1999-03-16 03:01]
S3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;C:\WINDOWS\system32\Drivers\BrSerIf.sys [2006-01-18 23:44]
S3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\WINDOWS\system32\Drivers\BrUsbSer.sys [2006-01-19 04:17]
S3 GoogleDesktopManager-022208-143751;Administrador de Google Desktop 5.7.802.22438;C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-03-29 00:45]
S3 GTMNDISIRPXP;GT M 3G+ IRP NDIS;C:\WINDOWS\system32\DRIVERS\Gtm51Irp.sys [2007-04-14 05:05]
S3 GTPTSER;GT PT SER;C:\WINDOWS\system32\DRIVERS\gtptser.sys [2007-04-14 05:05]
S3 GTUQBUS;GT UQ BUS;C:\WINDOWS\system32\DRIVERS\gtuqbus.sys [2007-04-14 05:06]
S3 Romer;CIMCORE USB Driver;C:\WINDOWS\system32\Drivers\CimCore.sys [2006-10-04 11:54]
S3 StreamSurge;StreamSurge Driver (miniport);C:\WINDOWS\system32\DRIVERS\ss.sys []
S3 u1pvdsm;SONY USB CAMERA Video Capture Device;C:\WINDOWS\system32\DRIVERS\u1pvdsm.sys [2001-08-01 11:59]
S3 Wibukey2;Wibukey2;C:\WINDOWS\system32\drivers\wibu key2.sys [2004-09-02 04:10]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{0264a792-5a77-11dc-bb28-001060d1202e}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{03f715fe-af2c-11dc-bc17-001060d1202e}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{03f715ff-af2c-11dc-bc17-001060d1202e}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{0b5defb6-8808-11dc-bbb0-001060d1202e}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{0b5defb8-8808-11dc-bbb0-001060d1202e}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{0b5defba-8808-11dc-bbb0-001060d1202e}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{2107ce29-9786-11dc-bbde-001060d1202e}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{35895752-b469-11dc-bc1f-00030d523d08}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{69b4796d-8d9a-11dc-bbbf-001060d1202e}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{6bca24a6-8d48-11dc-bbb9-001060d1202e}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{6bca24a7-8d48-11dc-bbb9-001060d1202e}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{6c3df589-9422-11dc-bbd5-001060d1202e}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{890582a8-5ec0-11dc-baeb-00030d523d08}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{890582a9-5ec0-11dc-baeb-00030d523d08}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{890582aa-5ec0-11dc-baeb-00030d523d08}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{96a66173-89a0-11dc-bbb1-0018de74da4c}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{9a374e20-31aa-11dd-bd32-001060d1202e}]
\Shell\AutoRun\command - F:\.\setup.exe AUTORUN=1

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{a2037eb6-af24-11dc-bc16-001060d1202e}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{a2037eb7-af24-11dc-bc16-001060d1202e}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{a2037eb8-af24-11dc-bc16-001060d1202e}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{a2037eb9-af24-11dc-bc16-001060d1202e}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{abce1bd7-418f-11dc-badf-00030d523d08}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{ade816ac-c50d-11dc-bc38-00030d523d08}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{ade816ad-c50d-11dc-bc38-00030d523d08}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{ade816ae-c50d-11dc-bc38-00030d523d08}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{b0f387ae-6753-11dc-bafd-00030d523d08}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{bd457ede-8d4d-11dc-bbba-001060d1202e}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{d42bd224-c510-11dc-bc39-00030d523d08}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{d44636a6-c52d-11dc-bc3a-00030d523d08}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{d44636a7-c52d-11dc-bc3a-00030d523d08}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{d5e401f2-8d54-11dc-bbbd-001060d1202e}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{d5e401f3-8d54-11dc-bbbd-001060d1202e}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{d5e401f4-8d54-11dc-bbbd-001060d1202e}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{d5e401f5-8d54-11dc-bbbd-001060d1202e}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{d5e401f7-8d54-11dc-bbbd-001060d1202e}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{d5e401f8-8d54-11dc-bbbd-001060d1202e}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{d5e401f9-8d54-11dc-bbbd-001060d1202e}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{d5e401fa-8d54-11dc-bbbd-001060d1202e}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{d5e401fb-8d54-11dc-bbbd-001060d1202e}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{d5e401fc-8d54-11dc-bbbd-001060d1202e}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{e2a1a620-43f7-11dc-bae4-00030d523d08}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{e2a1a623-43f7-11dc-bae4-00030d523d08}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{e2a1a624-43f7-11dc-bae4-00030d523d08}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{e2a1a625-43f7-11dc-bae4-00030d523d08}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{e2a1a626-43f7-11dc-bae4-00030d523d08}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{e6bdc396-bed4-11dc-bc2a-001060d1202e}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{e6bdc399-bed4-11dc-bc2a-001060d1202e}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{e6bdc39a-bed4-11dc-bc2a-001060d1202e}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{f9070ede-425b-11dc-bae3-00030d523d08}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{f9070ee0-425b-11dc-bae3-00030d523d08}]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{f9070ee2-425b-11dc-bae3-00030d523d08}]
\Shell\AutoRun\command - F:\AutoRun.exe

.
- - - - ORPHANS REMOVED - - - -

BHO-{5c490bbf-ae50-4d04-a0c3-9901b21bf711} - C:\WINDOWS\system32\iqvisapf.dll
BHO-{83b41ba8-b614-4c0b-98e2-df2c642b9491} - (no file)
BHO-{A57859D1-13CC-4780-A943-A8F70290835E} - C:\WINDOWS\system32\jkkKaxXP.dll
HKLM-Run-84092bdf - C:\WINDOWS\system32\bkhjqgwu.dll
HKLM-Run-BM873a1843 - C:\WINDOWS\system32\eenymrhd.dll
Notify-ddcYoMEu - ddcYoMEu.dll

************************************************** ************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-06 20:50:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************

[HKEY_LOCAL_MACHINE\System\controlset004\Services\m ysql]
"ImagePath"="\"C:\Program Files\AppServ\MySQL\bin\mysqld-nt\" --defaults-file=C:\PROGRA~1\AppServ\MySQL\my.ini mysql"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\bmwebcfg.exe
C:\WINDOWS\system32\drivers\CDANTSRV.EXE
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\AppServ\MySQL\bin\mysqld-nt.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.ex e
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\WINDOWS\system32\imapi.exe
.
************************************************** ************************
.
Completion time: 2008-07-06 20:59:52 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-06 18:59:44

Pre-Run: 1,767,411,712 bytes free
28 dirs 1,798,209,536 bytes libres

334 --- E O F --- 2007-10-11 07:49:59

post #4

08/07/08, 20:42:57

GPastor

FS-Admin

Registrado: mar 2005

Ubicación: Lima - Perú

Mensajes: 22.227

Re: Problemas con Google después de "desinfectar"

ComboFix detectó y eliminó ya algunos Malwares, pero todavía quedaron algunas cosas para sacar, sigue estos pasos:

1.-Abrir el Notepad

Clic en INICIO > EJECUTAR >
Y ahí pones notepad.exe y ACEPTAR

2.- Ahora copia y pega este código dentro del Notepad

Código HTML:

KillAll::

File::
C:\WINDOWS\system32\avgrsstx.dll.old
C:\WINDOWS\BM873a1843.xml
C:\d.exe

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0264a792-5a77-11dc-bb28-001060d1202e}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{03f715fe-af2c-11dc-bc17-001060d1202e}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{03f715ff-af2c-11dc-bc17-001060d1202e}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0b5defb6-8808-11dc-bbb0-001060d1202e}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0b5defb8-8808-11dc-bbb0-001060d1202e}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0b5defba-8808-11dc-bbb0-001060d1202e}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2107ce29-9786-11dc-bbde-001060d1202e}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{35895752-b469-11dc-bc1f-00030d523d08}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{69b4796d-8d9a-11dc-bbbf-001060d1202e}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6bca24a6-8d48-11dc-bbb9-001060d1202e}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6bca24a7-8d48-11dc-bbb9-001060d1202e}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6c3df589-9422-11dc-bbd5-001060d1202e}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{890582a8-5ec0-11dc-baeb-00030d523d08}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{890582a9-5ec0-11dc-baeb-00030d523d08}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{890582aa-5ec0-11dc-baeb-00030d523d08}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{96a66173-89a0-11dc-bbb1-0018de74da4c}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9a374e20-31aa-11dd-bd32-001060d1202e}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a2037eb6-af24-11dc-bc16-001060d1202e}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a2037eb7-af24-11dc-bc16-001060d1202e}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a2037eb8-af24-11dc-bc16-001060d1202e}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a2037eb9-af24-11dc-bc16-001060d1202e}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{abce1bd7-418f-11dc-badf-00030d523d08}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ade816ac-c50d-11dc-bc38-00030d523d08}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ade816ad-c50d-11dc-bc38-00030d523d08}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ade816ae-c50d-11dc-bc38-00030d523d08}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b0f387ae-6753-11dc-bafd-00030d523d08}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bd457ede-8d4d-11dc-bbba-001060d1202e}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d42bd224-c510-11dc-bc39-00030d523d08}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d44636a6-c52d-11dc-bc3a-00030d523d08}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d44636a7-c52d-11dc-bc3a-00030d523d08}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5e401f2-8d54-11dc-bbbd-001060d1202e}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5e401f3-8d54-11dc-bbbd-001060d1202e}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5e401f4-8d54-11dc-bbbd-001060d1202e}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5e401f5-8d54-11dc-bbbd-001060d1202e}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5e401f7-8d54-11dc-bbbd-001060d1202e}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5e401f8-8d54-11dc-bbbd-001060d1202e}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5e401f9-8d54-11dc-bbbd-001060d1202e}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5e401fa-8d54-11dc-bbbd-001060d1202e}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5e401fb-8d54-11dc-bbbd-001060d1202e}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5e401fc-8d54-11dc-bbbd-001060d1202e}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e2a1a620-43f7-11dc-bae4-00030d523d08}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e2a1a623-43f7-11dc-bae4-00030d523d08}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e2a1a624-43f7-11dc-bae4-00030d523d08}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e2a1a625-43f7-11dc-bae4-00030d523d08}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e2a1a626-43f7-11dc-bae4-00030d523d08}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e6bdc396-bed4-11dc-bc2a-001060d1202e}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e6bdc399-bed4-11dc-bc2a-001060d1202e}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e6bdc39a-bed4-11dc-bc2a-001060d1202e}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f9070ede-425b-11dc-bae3-00030d523d08}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f9070ee0-425b-11dc-bae3-00030d523d08}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f9070ee2-425b-11dc-bae3-00030d523d08}]

3.- Graba este archivo con el nombre CFScript.txt

4.- Arrastrar y soltar el archivo CFScript.txt dentro del archivo ComboFix.exe como lo muestra la animación de abajo. Esto activara ComboFix nuevamente.

Reinicia y nos cuentas los resultados. junto con un nuevo reporte de ComboFix y uno de Hijackthis.

Saludos

post #5

10/07/08, 12:39:40

Magustin

Usuario

Registrado: jul 2008

Ubicación: En Madrid

Mensajes: 5

Re: Problemas con Google después de "desinfectar"

Hola Gpastor, muchas gracias por tus consejos. Creí haberte contestado, pero he entrado hoy y veo que por lo que sea el mensaje no entró en el foro. TE lo repito y te copio los logs de Combofix y hijacthis, siguiendo tus instruccines.

A ver qué puedes contarme. Muchas gracias de antemano.

Un saludo,

Magustin

ComboFix 08-07-05.1 - Agustín 2008-07-10 10:34:16.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.34.1033.18.1612 [GMT 2:00]
Running from: D:\Software Instalado\Antispyware\ComboFix.exe
Command switches used :: D:\Software Instalado\Antispyware\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\d.exe
C:\WINDOWS\BM873a1843.xml
C:\WINDOWS\system32\avgrsstx.dll.old
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Agustín_2.PORTATIL.000\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\WINDOWS\BM873a1843.xml
C:\WINDOWS\system32\_000008_.tmp.dll
C:\WINDOWS\system32\_000009_.tmp.dll
C:\WINDOWS\system32\avgrsstx.dll.old

.
((((((((((((((((((((((((( Files Created from 2008-06-10 to 2008-07-10 )))))))))))))))))))))))))))))))
.

2008-07-06 20:59 . 2008-07-06 20:59 <DIR> d-------- C:\Documents and Settings\Agustín_2.PORTATIL.000
2008-07-06 20:59 . 2008-07-06 20:59 <DIR> d-------- C:\Documents and Settings\Agustín
2008-07-06 20:59 . <DIR> C:\Documents and Settings\AgustÝn_2.PORTATIL.000\Local Settings
2008-07-06 20:59 . <DIR> C:\Documents and Settings\AgustÝn_2.PORTATIL.000\Local Settings
2008-07-06 20:59 . <DIR> C:\Documents and Settings\AgustÝn\Local Settings
2008-07-06 20:59 . <DIR> C:\Documents and Settings\AgustÝn\Local Settings
2008-07-03 16:59 . 2008-07-03 16:59 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-24 23:56 . 2008-07-05 13:58 <DIR> d-------- C:\Documents and Settings\Agust¡n_2.PORTATIL.000
2008-06-24 23:43 . 2008-06-24 23:43 <DIR> d-------- C:\Documents and Settings\Agust¡n_2.PORTATIL
2008-06-24 23:40 . 2008-06-24 23:40 <DIR> d-------- C:\Documents and Settings\Agust¡n_2
2008-06-24 14:03 . 2008-06-24 14:03 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-06-24 08:02 . 2008-06-24 08:02 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-06-24 08:02 . 2008-06-24 08:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-24 01:16 . 2008-06-24 01:16 <DIR> d-------- C:\Program Files\CCleaner
2008-06-24 01:11 . 2008-06-24 01:11 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-06-24 01:11 . 2008-06-25 09:18 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-24 01:10 . 2008-06-24 01:10 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-24 00:46 . 2008-06-24 11:41 269 --a------ C:\WINDOWS\wininit.ini
2008-06-24 00:20 . 2008-06-24 00:20 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-24 00:20 . 2008-06-24 01:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-24 00:00 . 2008-06-24 00:00 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-06-23 03:20 . 2008-07-10 02:24 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-06-23 03:20 . 2008-07-04 09:50 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-06-23 03:19 . 2008-06-23 03:19 <DIR> d-------- C:\Program Files\AVG
2008-06-23 03:19 . 2008-07-04 09:50 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-06-23 01:58 . 2008-06-23 03:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-06-23 01:55 . 2008-06-23 01:55 <DIR> d-------- C:\Program Files\Kaspersky Anti-Virus 7.0.1.325
2008-06-19 15:05 . 2008-07-10 09:33 <DIR> d--h----- C:\$AVG8.VAULT$
2008-06-19 14:59 . 2008-06-23 03:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-07-10 08:40 --------- d-----w C:\Documents and Settings\LocalService\Application Data\WTablet
2008-07-03 15:01 12,799 ----a-w C:\Program Files\hijackthis.log
2008-06-30 10:37 --------- d-----w C:\Program Files\MDT6
2008-06-22 23:48 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-22 23:46 --------- d-----w C:\Program Files\CuadernosMadrid
2008-06-19 13:44 --------- d-----w C:\Program Files\Desktop
2008-06-06 22:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-03 20:21 --------- d-----w C:\Program Files\Orange
2008-06-03 20:21 --------- d-----w C:\Program Files\Common Files\GtFlashSwitch
2008-05-11 18:17 --------- d-----w C:\Program Files\AppServ
2005-12-13 14:10 73,646 ----a-w C:\Program Files\Léame.htm
2005-12-13 06:10 78,148 ----a-w C:\Program Files\LeiaMe.htm
2005-12-13 06:10 71,842 ----a-w C:\Program Files\Leggimi.htm
.

((((((((((((((((((((((((((((( snapshot@2008-07-06_20.59.27.86 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-06 18:47:02 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-10 08:39:28 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-10 08:39:56 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_208.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 14:00 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 15:22 1289000]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 14:56 64512]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-05-03 19:21 7405568]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-08-25 16:25 737369]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.e xe" [2001-07-09 11:50 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00 132496]
"StatusClient"="C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-16 17:51 36864]
"TomcatStartup"="C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2003-03-31 20:28 155648]
"BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-06-28 08:46 622592]
"SetDefPrt"="C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe" [2005-01-26 19:02 49152]
"ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe" [2006-06-29 13:18 77824]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 11:22 517768]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-03-29 00:45 29744]
"Acrobat Assistant 7.0"="C:\Program Files\Distillr\Acrotray.exe" [2006-01-12 20:52 483328]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-04-15 17:13 45056]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 11:22 155648]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-04 09:51 1232152]
"84092bdf"="C:\WINDOWS\system32\bkhjqgwu.dll" [BU]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-10 14:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"nwiz"="nwiz.exe" [2006-05-03 19:21 1519616 C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-11 18:36 16267776 C:\WINDOWS\RTHDCPL.EXE]
"SkyTel"="SkyTel.EXE" [2006-05-16 18:04 2879488 C:\WINDOWS\SkyTel.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 14:00 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
GlobeTrotter Connect.lnk - C:\Program Files\Orange\GlobeTrotter Connect\GlobeTrotter Connect.exe [2007-10-30 09:36:44 729088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!saswinlogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\GOOGLE\GOOGLE~2\GOEC62~ 1.DLL,AVGRSSTX.DLL,avgrsstx.dll iqvisapf.dll C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\ff_vfw.dll
"vidc.wmv3"= C:\PROGRA~1\COMBIN~1\Filters\wmv9vcm.dll
=

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"=
"C:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\ja vaw.exe"=
"C:\\Program Files\\VoipStunt.com\\VoipStunt\\VoipStunt.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 u1pvdbs;SONY USB CAMERA Base Driver;C:\WINDOWS\system32\DRIVERS\u1pvdbs.sys [2001-08-01 11:58]
R1 avgldx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-04 09:50]
R1 tidnet;TID NDIS Protocol Driver;C:\WINDOWS\system32\DRIVERS\tidnet.sys [2006-07-12 14:23]
R2 Apache2.2;Apache2.2;C:\Program Files\AppServ\Apache2.2\bin\httpd.exe [2007-01-09 18:17]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-04 09:50]
R2 GtFlashSwitch;GtFlashSwitch;C:\Program Files\Common Files\GtFlashSwitch\GtFlashSwitch.exe [2007-02-09 13:48]
R2 Programador de LiveUpdate automático;Programador de LiveUpdate automático;C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-09-08 15:45]
R2 UCDBW;UCDBW;C:\WINDOWS\system32\drivers\UCDBW.sys [2000-08-11 10:36]
R3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;C:\WINDOWS\system32\Drivers\BrSerIf.sys [2006-01-18 23:44]
R3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\WINDOWS\system32\Drivers\BrUsbSer.sys [2006-01-19 04:17]
R3 SvanRT2Wave;SvanRT2Wave Service;C:\WINDOWS\system32\drivers\SvanRT2Wave.sy s [2006-06-20 15:53]
R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilte r.sys [2006-02-14 15:18]
R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2006-02-14 15:19]
S1 pqasghjd;pqasghjd;C:\WINDOWS\system32\pqasghjd.sys []
S2 SSIPDDP;SSIPDDP Parallel port device driver;C:\WINDOWS\system32\DRIVERS\SSIPDDP.SYS [1998-07-07 09:14]
S2 Ud1w;Ud1w;C:\WINDOWS\system32\drivers\Ud1w.sys [1999-03-16 03:01]
S3 GoogleDesktopManager-022208-143751;Administrador de Google Desktop 5.7.802.22438;C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-03-29 00:45]
S3 GTMNDISIRPXP;GT M 3G+ IRP NDIS;C:\WINDOWS\system32\DRIVERS\Gtm51Irp.sys [2007-04-14 05:05]
S3 GTPTSER;GT PT SER;C:\WINDOWS\system32\DRIVERS\gtptser.sys [2007-04-14 05:05]
S3 GTUQBUS;GT UQ BUS;C:\WINDOWS\system32\DRIVERS\gtuqbus.sys [2007-04-14 05:06]
S3 Romer;CIMCORE USB Driver;C:\WINDOWS\system32\Drivers\CimCore.sys [2006-10-04 11:54]
S3 StreamSurge;StreamSurge Driver (miniport);C:\WINDOWS\system32\DRIVERS\ss.sys []
S3 u1pvdsm;SONY USB CAMERA Video Capture Device;C:\WINDOWS\system32\DRIVERS\u1pvdsm.sys [2001-08-01 11:59]
S3 Wibukey2;Wibukey2;C:\WINDOWS\system32\drivers\wibu key2.sys [2004-09-02 04:10]

.
************************************************** ************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-10 11:01:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************

[HKEY_LOCAL_MACHINE\System\controlset004\Services\m ysql]
"ImagePath"="\"C:\Program Files\AppServ\MySQL\bin\mysqld-nt\" --defaults-file=C:\PROGRA~1\AppServ\MySQL\my.ini mysql"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\bmwebcfg.exe
C:\WINDOWS\system32\drivers\CDANTSRV.EXE
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\AppServ\MySQL\bin\mysqld-nt.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.ex e
C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\WINDOWS\system32\imapi.exe
.
************************************************** ************************
.
Completion time: 2008-07-10 11:09:16 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-10 09:09:05
ComboFix2.txt 2008-07-06 18:59:53

Pre-Run: 1,619,828,736 bytes free
28 dirs 1,609,588,736 bytes libres

219 --- E O F --- 2007-10-11 07:49:59

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:15:18, on 10/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AppServ\Apache2.2\bin\httpd.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\bmwebcfg.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\GtFlashSwitch\GtFlashSwitch.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\AppServ\MySQL\bin\mysqld-nt.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\Program Files\AppServ\Apache2.2\bin\httpd.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.ex e
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Distillr\Acrotray.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Orange\GlobeTrotter Connect\GlobeTrotter Connect.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.es/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/fuji/defaults/su/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://es.yahoo.com/fsc/
R3 - URLSearchHook: Barra Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: PDF de Adobe - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: SYSTRAN Web Translator 5.0 - {A5899B52-3AF9-4F56-85FE-AD7B3BE8490F} - C:\Program Files\SYSTRAN\5.0\Personal\IEPlugIn.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [84092bdf] rundll32.exe "C:\WINDOWS\system32\bkhjqgwu.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: GlobeTrotter Connect.lnk = C:\Program Files\Orange\GlobeTrotter Connect\GlobeTrotter Connect.exe
O8 - Extra context menu item: Convertir a PDF de Adobe - res://C:\Program Files\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir a PDF existente - res://C:\Program Files\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir destino de vínculo a PDF existente - res://C:\Program Files\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir destino de vínculo en archivo PDF de Adobe - res://C:\Program Files\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir selección a archivo PDF existente - res://C:\Program Files\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir selección a PDF de Adobe - res://C:\Program Files\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir vínculos seleccionados a PDF de Adobe - res://C:\Program Files\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir vínculos seleccionados a PDF existente - res://C:\Program Files\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Crear un favorito móvil... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/spanish/kavwebscan_unicode.cab
O16 - DPF: {1F831FA6-42FC-11D4-95A6-0080AD30DCE1} (InstaFred) - file://C:\Program Files\MDT6\InstFred.ocx
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (Control de AcDcToday) - file://C:\Program Files\MDT6\AcDcToday.ocx
O16 - DPF: {AE563726-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\MDT6\InstBanr.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (Control AcPreview) - file://C:\Program Files\MDT6\AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{B99B0F4C-7E83-4C0C-B2D3-F304B5DF2F7F}: NameServer = 80.58.61.250,80.58.61.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{C6CBD2F6-60DB-419E-B360-EA0157140B45}: NameServer = 194.179.1.100
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\PROGRA~1\GOOGLE\GOOGLE~2\GOEC62~1.DLL,AVGRSSTX. DLL,avgrsstx.dll iqvisapf.dll C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: !saswinlogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\Program Files\AppServ\Apache2.2\bin\httpd.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bytemobile Web Configurator (bmwebcfg) - Bytemobile, Inc. - C:\WINDOWS\system32\bmwebcfg.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Administrador de Google Desktop 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GtFlashSwitch - OptionNV - C:\Program Files\Common Files\GtFlashSwitch\GtFlashSwitch.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: mysql - Unknown owner - C:\Program.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Programador de LiveUpdate automático - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: SentinelProtectionServer - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

--
End of file - 12728 bytes

post #6

10/07/08, 16:02:21

GPastor

FS-Admin

Registrado: mar 2005

Ubicación: Lima - Perú

Mensajes: 22.227

Re: Problemas con Google después de "desinfectar"

Aún hay cosas por reparar, sigue estos pasos:

- Desactiva el Tea Timer para que no interfiera en la limpieza y reinicia el sistema.

1.-Abrir el Notepad

Clic en INICIO > EJECUTAR >
Y ahí pones notepad.exe y ACEPTAR

2.- Ahora copia y pega este código dentro del Notepad

Código HTML:

KillAll::

File::
C:\WINDOWS\system32\bkhjqgwu.dll
C:\WINDOWS\system32\pqasghjd.sys

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"84092bdf"=-

Reinicia y nos cuentas los resultados. junto con un nuevo reporte de ComboFix y uno de Hijackthis.

Saludos

post #7

17/07/08, 03:23:12

Magustin

Usuario

Registrado: jul 2008

Ubicación: En Madrid

Mensajes: 5

Re: Problemas con Google después de "desinfectar"

Muchas gracias de nuevo GPastor,

He seguido tus indicaciones, y te adjunto los logs de Hijackthis y Combofix.

Un pregunta. En su momento, siguiendo las instrucciones de los 10 pasos iniciales, apagé la opción de "Restaurar Sistema", ya que trabajo con XP profesional. ¿Debo volver a encenderla?

Saludos,

Magustín

ComboFix 08-07-13.14 - Agustín 2008-07-17 7:57:13.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.34.1033.18.1582 [GMT 2:00]
Running from: D:\Software Instalado\Antispyware\ComboFix.exe
Command switches used :: D:\Software Instalado\Antispyware\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\bkhjqgwu.dll
C:\WINDOWS\system32\pqasghjd.sys
.

((((((((((((((((((((((((( Files Created from 2008-06-17 to 2008-07-17 )))))))))))))))))))))))))))))))
.

2008-07-06 20:59 . 2008-07-06 20:59 <DIR> d-------- C:\Documents and Settings\Agustín_2.PORTATIL.000
2008-07-06 20:59 . 2008-07-06 20:59 <DIR> d-------- C:\Documents and Settings\Agustín
2008-07-03 16:59 . 2008-07-03 16:59 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-24 23:56 . 2008-07-10 21:49 <DIR> d-------- C:\Documents and Settings\Agust¡n_2.PORTATIL.000
2008-06-24 23:43 . 2008-06-24 23:43 <DIR> d-------- C:\Documents and Settings\Agust¡n_2.PORTATIL
2008-06-24 23:40 . 2008-06-24 23:40 <DIR> d-------- C:\Documents and Settings\Agust¡n_2
2008-06-24 14:03 . 2008-06-24 14:03 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-06-24 08:02 . 2008-06-24 08:02 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-06-24 08:02 . 2008-06-24 08:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-24 01:16 . 2008-06-24 01:16 <DIR> d-------- C:\Program Files\CCleaner
2008-06-24 01:11 . 2008-06-24 01:11 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-06-24 01:11 . 2008-06-25 09:18 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-24 01:10 . 2008-06-24 01:10 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-24 00:46 . 2008-06-24 11:41 269 --a------ C:\WINDOWS\wininit.ini
2008-06-24 00:20 . 2008-06-24 00:20 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-24 00:20 . 2008-06-24 01:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-24 00:00 . 2008-06-24 00:00 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-06-23 03:20 . 2008-07-17 07:35 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-06-23 03:20 . 2008-07-04 09:50 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-06-23 03:19 . 2008-06-23 03:19 <DIR> d-------- C:\Program Files\AVG
2008-06-23 03:19 . 2008-07-04 09:50 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-06-23 01:58 . 2008-06-23 03:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-06-23 01:55 . 2008-06-23 01:55 <DIR> d-------- C:\Program Files\Kaspersky Anti-Virus 7.0.1.325
2008-06-19 15:05 . 2008-07-11 11:29 <DIR> d--h----- C:\$AVG8.VAULT$
2008-06-19 14:59 . 2008-06-23 03:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-07-17 06:04 --------- d-----w C:\Documents and Settings\LocalService\Application Data\WTablet
2008-07-14 12:02 --------- d-----w C:\Program Files\MDT6
2008-07-03 15:01 12,799 ----a-w C:\Program Files\hijackthis.log
2008-06-22 23:48 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-22 23:46 --------- d-----w C:\Program Files\CuadernosMadrid
2008-06-19 13:44 --------- d-----w C:\Program Files\Desktop
2008-06-06 22:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-03 20:21 --------- d-----w C:\Program Files\Orange
2008-06-03 20:21 --------- d-----w C:\Program Files\Common Files\GtFlashSwitch
2005-12-13 14:10 73,646 ----a-w C:\Program Files\Léame.htm
2005-12-13 06:10 78,148 ----a-w C:\Program Files\LeiaMe.htm
2005-12-13 06:10 71,842 ----a-w C:\Program Files\Leggimi.htm
.

((((((((((((((((((((((((((((( snapshot@2008-07-06_20.59.27.86 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-17 06:03:43 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_174.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 14:00 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 15:22 1289000]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 14:56 64512]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-05-03 19:21 7405568]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-08-25 16:25 737369]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.e xe" [2001-07-09 11:50 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00 132496]
"StatusClient"="C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-16 17:51 36864]
"TomcatStartup"="C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2003-03-31 20:28 155648]
"BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-06-28 08:46 622592]
"SetDefPrt"="C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe" [2005-01-26 19:02 49152]
"ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe" [2006-06-29 13:18 77824]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 11:22 517768]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-03-29 00:45 29744]
"Acrobat Assistant 7.0"="C:\Program Files\Distillr\Acrotray.exe" [2006-01-12 20:52 483328]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-04-15 17:13 45056]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 11:22 155648]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-04 09:51 1232152]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-10 14:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"nwiz"="nwiz.exe" [2006-05-03 19:21 1519616 C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-11 18:36 16267776 C:\WINDOWS\RTHDCPL.EXE]
"SkyTel"="SkyTel.EXE" [2006-05-16 18:04 2879488 C:\WINDOWS\SkyTel.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 14:00 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
GlobeTrotter Connect.lnk - C:\Program Files\Orange\GlobeTrotter Connect\GlobeTrotter Connect.exe [2007-10-30 09:36:44 729088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!saswinlogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\ff_vfw.dll
"vidc.wmv3"= C:\PROGRA~1\COMBIN~1\Filters\wmv9vcm.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"=
"C:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\ja vaw.exe"=
"C:\\Program Files\\VoipStunt.com\\VoipStunt\\VoipStunt.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 u1pvdbs;SONY USB CAMERA Base Driver;C:\WINDOWS\system32\DRIVERS\u1pvdbs.sys [2001-08-01 11:58]
R1 avgldx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-04 09:50]
R1 tidnet;TID NDIS Protocol Driver;C:\WINDOWS\system32\DRIVERS\tidnet.sys [2006-07-12 14:23]
R2 Apache2.2;Apache2.2;C:\Program Files\AppServ\Apache2.2\bin\httpd.exe [2007-01-09 18:17]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-04 09:50]
R2 GtFlashSwitch;GtFlashSwitch;C:\Program Files\Common Files\GtFlashSwitch\GtFlashSwitch.exe [2007-02-09 13:48]
R2 Programador de LiveUpdate automático;Programador de LiveUpdate automático;C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-09-08 15:45]
R2 UCDBW;UCDBW;C:\WINDOWS\system32\drivers\UCDBW.sys [2000-08-11 10:36]
R3 SvanRT2Wave;SvanRT2Wave Service;C:\WINDOWS\system32\drivers\SvanRT2Wave.sy s [2006-06-20 15:53]
R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilte r.sys [2006-02-14 15:18]
R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2006-02-14 15:19]
S1 pqasghjd;pqasghjd;C:\WINDOWS\system32\pqasghjd.sys []
S2 SSIPDDP;SSIPDDP Parallel port device driver;C:\WINDOWS\system32\DRIVERS\SSIPDDP.SYS [1998-07-07 09:14]
S2 Ud1w;Ud1w;C:\WINDOWS\system32\drivers\Ud1w.sys [1999-03-16 03:01]
S3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;C:\WINDOWS\system32\Drivers\BrSerIf.sys [2006-01-18 23:44]
S3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\WINDOWS\system32\Drivers\BrUsbSer.sys [2006-01-19 04:17]
S3 GoogleDesktopManager-022208-143751;Administrador de Google Desktop 5.7.802.22438;C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-03-29 00:45]
S3 GTMNDISIRPXP;GT M 3G+ IRP NDIS;C:\WINDOWS\system32\DRIVERS\Gtm51Irp.sys [2007-04-14 05:05]
S3 GTPTSER;GT PT SER;C:\WINDOWS\system32\DRIVERS\gtptser.sys [2007-04-14 05:05]
S3 GTUQBUS;GT UQ BUS;C:\WINDOWS\system32\DRIVERS\gtuqbus.sys [2007-04-14 05:06]
S3 Romer;CIMCORE USB Driver;C:\WINDOWS\system32\Drivers\CimCore.sys [2006-10-04 11:54]
S3 StreamSurge;StreamSurge Driver (miniport);C:\WINDOWS\system32\DRIVERS\ss.sys []
S3 u1pvdsm;SONY USB CAMERA Video Capture Device;C:\WINDOWS\system32\DRIVERS\u1pvdsm.sys [2001-08-01 11:59]
S3 Wibukey2;Wibukey2;C:\WINDOWS\system32\drivers\wibu key2.sys [2004-09-02 04:10]

.
************************************************** ************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-17 08:04:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************

[HKEY_LOCAL_MACHINE\System\controlset004\Services\m ysql]
"ImagePath"="\"C:\Program Files\AppServ\MySQL\bin\mysqld-nt\" --defaults-file=C:\PROGRA~1\AppServ\MySQL\my.ini mysql"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\bmwebcfg.exe
C:\WINDOWS\system32\drivers\CDANTSRV.EXE
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\AppServ\MySQL\bin\mysqld-nt.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.ex e
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
.
************************************************** ************************
.
Completion time: 2008-07-17 8:13:54 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-17 06:13:48
ComboFix2.txt 2008-07-10 09:09:17
ComboFix3.txt 2008-07-06 18:59:53

Pre-Run: 855,023,616 bytes free
28 dirs 840,675,328 bytes libres

198 --- E O F --- 2007-10-11 07:49:59

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:14:54, on 17/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AppServ\Apache2.2\bin\httpd.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\bmwebcfg.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\GtFlashSwitch\GtFlashSwitch.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\AppServ\MySQL\bin\mysqld-nt.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\Program Files\AppServ\Apache2.2\bin\httpd.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.ex e
C:\Program Files\Distillr\Acrotray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Orange\GlobeTrotter Connect\GlobeTrotter Connect.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.es/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/fuji/defaults/su/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://es.yahoo.com/fsc/
R3 - URLSearchHook: Barra Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: PDF de Adobe - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: SYSTRAN Web Translator 5.0 - {A5899B52-3AF9-4F56-85FE-AD7B3BE8490F} - C:\Program Files\SYSTRAN\5.0\Personal\IEPlugIn.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: GlobeTrotter Connect.lnk = C:\Program Files\Orange\GlobeTrotter Connect\GlobeTrotter Connect.exe
O8 - Extra context menu item: Convertir a PDF de Adobe - res://C:\Program Files\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir a PDF existente - res://C:\Program Files\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir destino de vínculo a PDF existente - res://C:\Program Files\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir destino de vínculo en archivo PDF de Adobe - res://C:\Program Files\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir selección a archivo PDF existente - res://C:\Program Files\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir selección a PDF de Adobe - res://C:\Program Files\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir vínculos seleccionados a PDF de Adobe - res://C:\Program Files\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir vínculos seleccionados a PDF existente - res://C:\Program Files\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Crear un favorito móvil... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/spanish/kavwebscan_unicode.cab
O16 - DPF: {1F831FA6-42FC-11D4-95A6-0080AD30DCE1} (InstaFred) - file://C:\Program Files\MDT6\InstFred.ocx
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (Control de AcDcToday) - file://C:\Program Files\MDT6\AcDcToday.ocx
O16 - DPF: {AE563726-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\MDT6\InstBanr.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (Control AcPreview) - file://C:\Program Files\MDT6\AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{B99B0F4C-7E83-4C0C-B2D3-F304B5DF2F7F}: NameServer = 80.58.61.250,80.58.61.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{C6CBD2F6-60DB-419E-B360-EA0157140B45}: NameServer = 194.179.1.100
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !saswinlogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\Program Files\AppServ\Apache2.2\bin\httpd.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bytemobile Web Configurator (bmwebcfg) - Bytemobile, Inc. - C:\WINDOWS\system32\bmwebcfg.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Administrador de Google Desktop 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GtFlashSwitch - OptionNV - C:\Program Files\Common Files\GtFlashSwitch\GtFlashSwitch.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: mysql - Unknown owner - C:\Program.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Programador de LiveUpdate automático - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: SentinelProtectionServer - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

--
End of file - 12448 bytes

post #8

17/07/08, 15:21:20

GPastor

FS-Admin

Registrado: mar 2005

Ubicación: Lima - Perú

Mensajes: 22.227

Re: Problemas con Google después de "desinfectar"

ComboFix ya se encargó de eliminar los archivos de malwares encontrados en tu PC, por lo que si todo esta funcionado bien, damos por terminado el tema.

Con respecto a tu pregunta, te la respondo con estas indicaciones:

Para terminar solo te quedaría quitar CF de la siguiente manera:

Ir a Inicio > Ejecutar
Escribir lo siguiente: ComboFix /u como muestra la imagen debajo:

Esto realizara las siguientes tareas:

Se borraran:
- ComboFix: sus archivos y carpetas.
- VundoFix: copias de seguridad (si está presente)
- La carpeta C:\Deckard (si está presente)
- La carpeta C: _OtMoveIt (si está presente)
Restablece la configuración del reloj.
Ocultar extensiones de archivo (si es necesario.)
Oculta los archivos que estaban ocultos
Reactiva el "Restaurar Sistema"

Para evitar este tipo de infecciones te recomiendo usar un navegador mas seguro como Firefox

Saludos

post #9

22/07/08, 08:00:57

Magustin

Usuario

Registrado: jul 2008

Ubicación: En Madrid

Mensajes: 5

Re: Problemas con Google después de "desinfectar" (Solucionado)

¡¡ Mil gracias !!

Me habéis solucionado un problemón. No sé quienes habéis sido, ni cuantos, ni cómo haces para dedicar tiempo a este tipo de cosas, pero vuestra labor, vuestra ayuda desinteresada me parecen maravillosas.

Muchas gracias de nuevo.

Magustín

« Tema Anterior | Próximo Tema »

Herramientas
Mostrar Versión Imprimible Enviar por Correo

Reglas del foro
No puedes crear nuevos temas No puedes responder temas No puedes subir adjuntos No puedes editar tus mensajes BB code is activado Las caritas están activado Código [IMG] está activado Código HTML está desactivado Trackbacks are desactivado Pingbacks are activado Refbacks are activado Políticas del foro

Temas Similares

Tema	Autor	Foro	Respuestas	Último mensaje
Problemas con tarjeta PCI con USB 2.0 (Solucionado)	susanar	Foro de Hardware	12	01/03/06 11:08:25
no me deja conectarme IE6	Oliverastro	Foro Oficial de HijackThis en español	9	23/02/06 13:19:07
Problemas despues de limpiar el registro con el reag seaker (Solucionado)	Josip Nogic	Foro de Software	3	14/02/06 22:32:23
Publicidad no deseada!! (Solucionado)	anonimo14001	Temas Solucionados	6	21/12/05 22:20:17
Problema con pagina de inicio (About:Blank) (solucionado)	Joselo1984	Temas Solucionados	17	09/08/05 23:46:54

Todas las horas son GMT -4. La hora es 10:09:34.

InfoSpyware es miembro de ASAP - Alliance of Security Analysis Professionals

Foro de InfoSpyware - Foro de Hijackthis - Foro de Virus