Foro de InfoSpyware - Foro de Hijackthis - Foro de Virus

Hola amigos. Llevo dos dias luchando y ya estoy cansado. Despues que me entrase el gusano (no me acuerdo el nombre) que genera un archivo hlddr.exe, y pasarle varios antivirus on line y demas mata virus (elibagla, etc), aun no tengo limpio el pc. No me deja instalar ningun antivirus ya que peta los que pongo.Tambien tengo problemas con la tarjeta wi-fi ya que las desconfigura.

Bueno, no soy mas pesado y os dejo el log:

Gracias de antemano

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:15:52, on 03/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\SYSTEM32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Archivos de programa\Lavasoft\Ad-Aware\aawservice.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\netdde.exe
D:\Archivos de programa\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
D:\Archivos de programa\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
D:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\system32\tcpsvcs.exe
D:\Archivos de programa\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
D:\WINDOWS\System32\svchost.exe
D:\Archivos de programa\IVT Corporation\BlueSoleil\BsHelpCS.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Archivos de programa\Internet Explorer\iexplore.exe
D:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WLLoginProxy.exe
D:\Archivos de programa\DAP\DAP.exe
D:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.20minutos.es/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
R3 - URLSearchHook: Barra Yahoo! con bloqueador de ventanas emergentes - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Archivos de programa\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Archivos de programa\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\archivos de programa\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Archivos de programa\Google\GoogleToolbarNotifier\2.0.301.7164 \swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Archivos de programa\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\archivos de programa\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Archivos de programa\Windows Live Toolbar\msntb.dll
O3 - Toolbar: SYSTRAN Toolbar - {95daa571-4def-4a6d-97d8-98a346672a24} - mscoree.dll (file missing)
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O4 - HKLM\..\Run: [D-Link D-Link Wireless N DWA-140] D:\Archivos de programa\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] D:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100429 -Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648; InfoPath.1)
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Servicio de red')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Clean Traces - D:\Archivos de programa\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - D:\Archivos de programa\DAP\dapextie.htm
O8 - Extra context menu item: &Windows Live Search - res://D:\Archivos de programa\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Abrir en nueva ficha de fondo - res://D:\Archivos de programa\Windows Live Toolbar\Components\es-es\msntabres.dll.mui/229?a3d9de2f35a84d04ae37993b878536c
O8 - Extra context menu item: Abrir en nueva ficha en primer plano - res://D:\Archivos de programa\Windows Live Toolbar\Components\es-es\msntabres.dll.mui/230?a3d9de2f35a84d04ae37993b878536c
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Consultar los diccionarios (SYSTRAN) - res://D:\Archivos de programa\SYSTRAN\6\\GUIres.dll/lookup.js
O8 - Extra context menu item: Download &all with DAP - D:\Archivos de programa\DAP\dapextie2.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://D:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Traducir (SYSTRAN) - res://D:\Archivos de programa\SYSTRAN\6\\GUIres.dll/translate.js
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Archivos de programa\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Archivos de programa\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\WINDOWS\bdoscandel.exe
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Archivos de programa\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Archivos de programa\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: d:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: D:\Archivos de programa\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://*.download.microsoft.com
O15 - Trusted Zone: http://*.update.microsoft.com
O15 - Trusted Zone: http://*.windowsupdate.com
O15 - Trusted Zone: http://*.windowsupdate.microsoft.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/spanish//kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/OnlineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1181931475253
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://yosoielamo09.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://activex.webcam.nl/AxisCamControl.cab
O16 - DPF: {B785FA3C-1DE9-4D20-8396-613C486FE95E} (AeatCtl Class) - https://www5.aeat.es/es13/h/cactivex.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O20 - Winlogon Notify: smtpapi32 - D:\WINDOWS\SYSTEM32\smtpapi32.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Archivos de programa\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - D:\Archivos de programa\Archivos comunes\Adobe Systems Shared\Service\Adobelmsvc.exe (file missing)
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - D:\Archivos de programa\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: BlueSoleilCS - Unknown owner - D:\Archivos de programa\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: BsHelpCS - Unknown owner - D:\Archivos de programa\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Archivos de programa\Archivos comunes\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Archivos de programa\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Servicio de uso compartido de red del Reproductor de Windows Media (WMPNetworkSvc) - Unknown owner - D:\Archivos de programa\Windows Media Player\WMPNetwk.exe (file missing)

--
End of file - 10961 bytes

Hola amalurio, te doy la bienvenida al Foro de InfoSpyware.


ForoSpyware lo mantenemos voluntarios que tenemos nuestros trabajos y obligaciones fuera, por lo que no estamos 24/7, a lo que te pedimos paciencia en el análisis y respuesta de tu caso. Si 48hrs después de dejarnos el reporte de DSS no recibes una respuesta me puedes enviar un mp de recordatorio.

1. Descargar Deckard's System Scanner (DSS) y guárdalo en tu escritorio.
   
2. Cerrar todas las ventanas abiertas.
   
3. Hacele doble clic al archivo DSS.exe y seguí las instrucciones.
   
4. Cuando termine, abrirá de forma automática un archivo llamado main.txt el cual tenes que pegar su contenido en este mismo mensaje utilizando el botón de respuesta.
   • *Nota* Si no se abre el log, puede encontrar el archivo en la carpeta C:\Deckard\System Scanner .
   • *Nota* Si está utilizando Vista, es necesario hacer clic con el botón derecho en el icono dss.exe y seleccionar Ejecutar como Administrador.

• Una vez generado el reporte es importante que no reinicies tu equipo ya que algunos malwares contienen nombres aleatorios que se modifican en cada reinicio.
  
  
• Al momento de efectuar los pasos es importante que estén los navegadores y programas cerrados por lo que o imprime los pasos o cópialos al bloc de notas para que los tengas a mano.
  
  
• Te recomiendo suscribirte al feed de nuestro Blog de InfoSpyware para estar al tanto de las nuevas amenazas que circulan por la red y así en un futuro puedas prevenirlas.

Salu2

Hola amigos,

os dejo copia del log Main.txt, tal como indicais.

Gracias por todo.

Deckard's System Scanner v20071014.68
Run by carlos on 2008-08-05 00:48:03
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
5: 2008-08-04 22:48:23 UTC - RP5 - Deckard's System Scanner Restore Point
4: 2008-08-04 14:54:53 UTC - RP4 - Quitado Ad-Aware
3: 2008-08-03 20:05:34 UTC - RP3 - Installed Kaspersky Anti-Virus 2009.
2: 2008-08-03 16:04:44 UTC - RP2 - Eliminado Kaspersky Anti-Virus 6.0.
1: 2008-08-03 15:13:21 UTC - RP1 - Punto de control del sistema


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as carlos.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:54:59, on 05/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\SYSTEM32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\ctfmon.exe
D:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\netdde.exe
D:\Archivos de programa\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
D:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
D:\Archivos de programa\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
D:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\system32\tcpsvcs.exe
D:\Archivos de programa\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
D:\WINDOWS\System32\svchost.exe
D:\Archivos de programa\IVT Corporation\BlueSoleil\BsHelpCS.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Archivos de programa\DAP\DAP.EXE
D:\Documents and Settings\carlos\Mis documentos\My Completed Downloads\dss.exe
D:\ARCHIV~1\TRENDM~1\HIJACK~1\carlos.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.20minutos.es/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
R3 - URLSearchHook: Barra Yahoo! con bloqueador de ventanas emergentes - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Archivos de programa\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - D:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Archivos de programa\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\archivos de programa\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Archivos de programa\Google\GoogleToolbarNotifier\2.0.301.7164 \swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Archivos de programa\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\archivos de programa\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Archivos de programa\Windows Live Toolbar\msntb.dll
O3 - Toolbar: SYSTRAN Toolbar - {95daa571-4def-4a6d-97d8-98a346672a24} - mscoree.dll (file missing)
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O4 - HKLM\..\Run: [D-Link D-Link Wireless N DWA-140] D:\Archivos de programa\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe
O4 - HKLM\..\Run: [AVP] "D:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] D:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100429 -Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648; InfoPath.1)
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Servicio de red')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Clean Traces - D:\Archivos de programa\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - D:\Archivos de programa\DAP\dapextie.htm
O8 - Extra context menu item: &Windows Live Search - res://D:\Archivos de programa\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Abrir en nueva ficha de fondo - res://D:\Archivos de programa\Windows Live Toolbar\Components\es-es\msntabres.dll.mui/229?a3d9de2f35a84d04ae37993b878536c
O8 - Extra context menu item: Abrir en nueva ficha en primer plano - res://D:\Archivos de programa\Windows Live Toolbar\Components\es-es\msntabres.dll.mui/230?a3d9de2f35a84d04ae37993b878536c
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Consultar los diccionarios (SYSTRAN) - res://D:\Archivos de programa\SYSTRAN\6\\GUIres.dll/lookup.js
O8 - Extra context menu item: Download &all with DAP - D:\Archivos de programa\DAP\dapextie2.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://D:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Traducir (SYSTRAN) - res://D:\Archivos de programa\SYSTRAN\6\\GUIres.dll/translate.js
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Archivos de programa\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Archivos de programa\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\WINDOWS\bdoscandel.exe
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Archivos de programa\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Archivos de programa\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: d:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: D:\Archivos de programa\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://*.download.microsoft.com
O15 - Trusted Zone: http://*.update.microsoft.com
O15 - Trusted Zone: http://*.windowsupdate.com
O15 - Trusted Zone: http://*.windowsupdate.microsoft.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/spanish//kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/OnlineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1181931475253
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://yosoielamo09.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://activex.webcam.nl/AxisCamControl.cab
O16 - DPF: {B785FA3C-1DE9-4D20-8396-613C486FE95E} (AeatCtl Class) - https://www5.aeat.es/es13/h/cactivex.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O20 - AppInit_DLLs: D:\ARCHIV~1\KASPER~1\KASPER~1\mzvkbd.dll
O23 - Service: Adobe LM Service - Unknown owner - D:\Archivos de programa\Archivos comunes\Adobe Systems Shared\Service\Adobelmsvc.exe (file missing)
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - D:\Archivos de programa\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - D:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: BlueSoleilCS - Unknown owner - D:\Archivos de programa\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: BsHelpCS - Unknown owner - D:\Archivos de programa\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Archivos de programa\Archivos comunes\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Archivos de programa\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Servicio de uso compartido de red del Reproductor de Windows Media (WMPNetworkSvc) - Unknown owner - D:\Archivos de programa\Windows Media Player\WMPNetwk.exe (file missing)

--
End of file - 11288 bytes

-- File Associations -----------------------------------------------------------

.txt - txtfile - shell\open\command - Notepad.exe "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 vax347b - d:\windows\system32\drivers\vax347b.sys
R0 vax347s - d:\windows\system32\drivers\vax347s.sys
R2 ousbehci (OrangeWare USB Enhanced Host Controller Service) - d:\windows\system32\drivers\ousbehci.sys <Not Verified; OrangeWare Corporation; USB 2.0 Enhanced Host Controller Driver>
R3 maestro (ESS Maestro Audio Driver (WDM)) - d:\windows\system32\drivers\es198xdl.sys <Not Verified; ESS Technology, Inc.; ES1983 Adapter Driver For Dell Notebooks>
R3 ousb2hub (OrangeWare USB 2.0 Root Hub Support) - d:\windows\system32\drivers\ousb2hub.sys <Not Verified; OrangeWare Corporation; USB 2.0 Hub Driver>

S0 st3shark - d:\windows\system32\drivers\st3shark.sys (file missing)
S1 nod32drv - d:\windows\system32\drivers\nod32drv.sys (file missing)
S2 tmcomm - d:\windows\system32\drivers\tmcomm.sys (file missing)
S3 BRGSp50 (BRGSp50 NDIS Protocol Driver) - d:\windows\system32\drivers\brgsp50.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
S3 cdrmkaun - d:\docume~1\carlos\config~1\temp\cdrmkaun.sys (file missing)
S3 grmnusb - d:\windows\system32\drivers\grmnusb.sys <Not Verified; GARMIN Corp.; Garmin USB GPS>
S3 NETMW145 (Belkin N1 Wireless Notebook Card Service for Windows XP) - d:\windows\system32\drivers\netmw145.sys <Not Verified; Marvell Semiconductor, Inc; Device driver for Marvell 802.11n NIC>
S3 NSNDIS5 (NSNDIS5 NDIS Protocol Driver) - d:\windows\system32\nsndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); NetStumbler>
S3 PCANDIS5 (PCANDIS5 Protocol Driver) - d:\windows\system32\pcandis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
S3 rt2870 (Ralink 802.11n USB Wireless LAN Card Driver) - d:\windows\system32\drivers\rt2870.sys <Not Verified; Ralink Technology, Corp.; Ralink 802.11n Wireless Adapters>
S3 ZD1211U(3COM Corporation) (3COM OfficeConnect Wireless 11g Compact USB Adapter(3COM Corporation)) - d:\windows\system32\drivers\zd1211u.sys <Not Verified; 3COM Corporation; 3COM OfficeConnect Wireless 11g Compact USB Adapter>
S3 ZDPNDIS5 (ZDPNDIS5 NDIS Protocol Driver) - d:\windows\system32\zdpndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
S3 ZDPSp50 (ZDPSp50 NDIS Protocol Driver) - d:\windows\system32\drivers\zdpsp50.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AdobeActiveFileMonitor5.0 (Adobe Active File Monitor V5) - d:\archivos de programa\adobe\photoshop elements 5.0\photoshopelementsfileagent.exe
R2 BlueSoleilCS - d:\archivos de programa\ivt corporation\bluesoleil\bluesoleilcs.exe <Not Verified; ; BlueSoleilCS Module>
R3 BsHelpCS - d:\archivos de programa\ivt corporation\bluesoleil\bshelpcs.exe <Not Verified; ; BsHelpCS Module>

S3 Adobe LM Service - "d:\archivos de programa\archivos comunes\adobe systems shared\service\adobelmsvc.exe" (file missing)
S3 WMPNetworkSvc (Servicio de uso compartido de red del Reproductor de Windows Media) - "d:\archivos de programa\windows media player\wmpnetwk.exe" (file missing)
S4 a2AntiMalware (a-squared Anti-Malware Service) - "d:\archivos de programa\a-squared anti-malware\a2service.exe" (file missing)
S4 Avg7UpdSvc (AVG7 Update Service) - d:\archiv~1\grisoft\avgfre~1\avgupsvc.exe (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Adaptador de red 1394
Device ID: V1394\NIC1394\2F591010424FC000
Manufacturer: Microsoft
Name: Adaptador de red 1394
PNP Device ID: V1394\NIC1394\2F591010424FC000
Service: NIC1394


-- Scheduled Tasks -------------------------------------------------------------

2008-08-05 00:05:01 270 --a------ D:\WINDOWS\Tasks\Comprobar actualizaciones de Windows Live Toolbar.job
2008-08-01 17:15:07 438 --a------ D:\WINDOWS\Tasks\Mantenimiento con 1 clic.job
2008-08-01 17:15:05 424 --a------ D:\WINDOWS\Tasks\Maintenance en 1 clic.job
2008-07-26 10:35:23 298 --a------ D:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-07-05 and 2008-08-05 -----------------------------

2008-08-03 22:08:56 96559 --a------ D:\WINDOWS\system32\drivers\klin.dat
2008-08-03 22:08:56 87855 --a------ D:\WINDOWS\system32\drivers\klick.dat
2008-08-03 22:06:05 0 d-------- D:\Archivos de programa\Kaspersky Lab
2008-08-03 18:59:57 0 d-------- D:\Archivos de programa\Trend Micro
2008-08-03 11:02:16 311328 --ahs---- D:\WINDOWS\system32\drivers\fidbox2.dat
2008-08-03 11:02:16 3885088 --ahs---- D:\WINDOWS\system32\drivers\fidbox.dat
2008-08-03 10:40:56 0 d-------- D:\Archivos de programa\FileASSASSIN
2008-08-02 17:15:03 553984 -ra------ D:\WINDOWS\system32\drivers\NETMW145.sys <Not Verified; Marvell Semiconductor, Inc; Device driver for Marvell 802.11n NIC>
2008-08-01 19:58:29 248320 --a------ D:\WINDOWS\system32\drivers\ZD1211U.sys <Not Verified; 3COM Corporation; 3COM OfficeConnect Wireless 11g Compact USB Adapter>
2008-08-01 19:58:25 0 d-------- D:\Archivos de programa\3COM Technology Corporation
2008-08-01 17:18:22 0 d-------- D:\Archivos de programa\Belkin
2008-08-01 17:03:45 0 d--hs---- D:\Documents and Settings\carlos\Recent
2008-07-26 20:39:50 0 d-------- D:\WINDOWS\system32\drivers\downld
2008-07-22 17:07:12 0 d-------- D:\TEXAS
2008-07-22 16:28:52 0 d-------- D:\Archivos de programa\IVT Corporation
2008-07-22 16:28:32 0 --a------ D:\WINDOWS\system32\0
2008-07-22 16:28:32 32 --a------ D:\WINDOWS\0
2008-07-07 21:51:00 0 d-------- D:\Archivos de programa\QuickTime
2008-07-07 21:45:26 0 d-------- D:\Archivos de programa\Apple Software Update
2008-07-07 20:54:07 0 d-------- D:\Archivos de programa\Microsoft SQL Server Compact Edition


-- Find3M Report ---------------------------------------------------------------

2008-08-05 00:32:35 0 d-------- D:\Archivos de programa\Mozilla Thunderbird
2008-08-05 00:31:39 8360 --a------ D:\WINDOWS\system32\nvModes.dat
2008-08-04 23:14:48 0 d-------- D:\Archivos de programa\eMule
2008-08-04 16:55:33 0 d-------- D:\Archivos de programa\Archivos comunes\Wise Installation Wizard
2008-08-04 07:40:19 0 d-------- D:\Archivos de programa\DAP
2008-08-03 22:38:23 510200 --a------ D:\WINDOWS\system32\perfh00A.dat
2008-08-03 22:38:23 92694 --a------ D:\WINDOWS\system32\perfc00A.dat
2008-08-03 21:29:23 0 d-------- D:\Archivos de programa\Everest Poker
2008-08-03 14:24:39 0 d-------- D:\Archivos de programa\Easy Video Joiner
2008-08-02 16:41:26 0 d--h----- D:\Archivos de programa\InstallShield Installation Information
2008-08-02 08:47:45 0 d-------- D:\Archivos de programa\AGEIA Technologies
2008-08-01 18:00:11 7 --a------ D:\WINDOWS\system32\ANIWZCSUSERNAME
2008-08-01 17:47:56 0 d-------- D:\Archivos de programa\D-Link
2008-07-30 22:35:17 0 d-------- D:\Archivos de programa\Rainlendar2
2008-07-30 19:25:33 0 d-------- D:\Archivos de programa\Archivos comunes
2008-07-30 19:15:05 0 d-------- D:\Documents and Settings\carlos\Datos de programa\AVGTOOLBAR
2008-07-30 18:43:26 0 d-------- D:\Archivos de programa\EsetOnlineScanner
2008-07-29 09:01:13 0 d-------- D:\Archivos de programa\TrojanHunter 5.0
2008-07-23 16:54:03 80 --a------ D:\WINDOWS\system32\msjatdat
2008-07-23 01:52:01 0 d-------- D:\Archivos de programa\CompeGPS
2008-07-07 20:57:53 0 d-------- D:\Archivos de programa\Windows Live
2008-07-04 17:13:20 0 d-------- D:\Documents and Settings\carlos\Datos de programa\Mozilla
2008-06-27 01:43:52 0 d-------- D:\Archivos de programa\Sudowin
2008-06-24 20:22:59 0 d-------- D:\Archivos de programa\Timeline Interactive
2008-06-24 19:21:09 0 d-------- D:\Archivos de programa\ReminderCube2
2008-06-24 16:32:56 0 d-------- D:\Archivos de programa\GeoShow3D Alpina
2008-06-24 16:06:36 0 d-------- D:\Archivos de programa\Earth Resource Mapping
2008-06-13 17:36:23 0 d--hs--c- D:\Archivos de programa\Archivos comunes\WindowsLiveInstaller
2008-06-13 16:43:08 0 d-------- D:\Documents and Settings\carlos\Datos de programa\Adobe
2008-06-11 21:38:11 0 d-------- D:\Documents and Settings\carlos\Datos de programa\MSN6
2008-06-11 19:49:31 0 d-------- D:\Archivos de programa\Movie Maker
2008-06-09 22:13:45 6116 --a------ D:\WINDOWS\BricoPackFoldersDelete.cmd
2008-06-09 22:13:44 65314 --a------ D:\WINDOWS\BricoPackUninst.cmd
2008-06-09 22:13:42 220160 --a------ D:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Sistema operativo Microsoft® Windows®>
2008-06-08 21:15:49 0 d-------- D:\Documents and Settings\carlos\Datos de programa\GARMIN
2008-06-08 21:06:23 0 d-------- D:\Archivos de programa\EasyGPS


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
03/08/2008 22:59 62728 --a------ D:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"D-Link D-Link Wireless N DWA-140"="D:\Archivos de programa\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe" []
"AVP"="D:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [25/04/2008 18:21]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="D:\WINDOWS\system32\ctfmon.exe" [20/08/2004 00:42]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\runonce]
"Shockwave Updater"=D:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP ~1.EXE -Update -1100429 -Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648; InfoPath.1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=D:\ARCHIV~1\KASPER~1\KASPER~1\mzvkb d.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\tga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\wd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^B4Playing Smart Tool.lnk]
backup=D:\WINDOWS\pss\B4Playing Smart Tool.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^D-Link AirPlus G+ Wireless Adapter Utility.lnk]
path=D:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\D-Link AirPlus G+ Wireless Adapter Utility.lnk
backup=D:\WINDOWS\pss\D-Link AirPlus G+ Wireless Adapter Utility.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\3COM]
D:\Archivos de programa\3COM Technology Corporation\3COM Wireless USB Utility\Wlan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"D:\Archivos de programa\Adobe\Photoshop Elements 5.0\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"D:\Archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
"D:\Archivos de programa\AntiVir\avgnt.exe" /min

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationA gent]
"rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BtTray]
"D:\Archivos de programa\IVT Corporation\BlueSoleil\BtTray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
D:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hldrrr]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kav]
"D:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"D:\Archivos de programa\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
"D:\Archivos de programa\Ahead\Nero BackItUp\NBJ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"D:\Archivos de programa\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"D:\Archivos de programa\Java\jre1.6.0_02\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THGuard]
"D:\Archivos de programa\TrojanHunter 5.0\THGuard.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"D:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"fsbwsys"=2 (0x2)
"a2AntiMalware"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"AntiVirService"=2 (0x2)
"AntiVirScheduler"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run-]
"MSMSGS"="D:\Archivos de programa\Messenger\msmsgs.exe" /background
"CTFMON.EXE"=D:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
"NeroFilterCheck"=D:\WINDOWS\system32\NeroCheck.ex e
"NvCplDaemon"=RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
"Adobe Reader Speed Launcher"="D:\Archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"QuickTime Task"="D:\Archivos de programa\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp




-- Hosts -----------------------------------------------------------------------

127.0.0.1 ad.a8.net
127.0.0.1 asy.a8ww.net
127.0.0.1 www.aaa-livedoor.net #[Trojan-PSW.Win32.Maran.ei]
127.0.0.1 www.abx4.com #[Adware.ABXToolbar]
127.0.0.1 acezip.net #[SiteAdvisor.acezip.net]
127.0.0.1 www.acezip.net #[Win32/Adware.180Solutions]
127.0.0.1 phpadsnew.abac.com
127.0.0.1 a.abnad.net
127.0.0.1 b.abnad.net
127.0.0.1 c.abnad.net #[eTrust.Tracking.Cookie]

12210 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-08-05 00:59:12 ------------

Hola amalurio.

Paso 1- Descarga, Instala y/o actualiza estas herramientas: (pero no los ejecutes aun)

• ComboFix.exe
• Malwarebytes' Anti-Malware

Paso 2- Con todos los programas cerrados, ejecuta HijackThis y dale a las siguientes entradas:


O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)

O3 - Toolbar: SYSTRAN Toolbar - {95daa571-4def-4a6d-97d8-98a346672a24} - mscoree.dll (file missing)

O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Archivos de programa\PartyPoker\PartyPoker.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Archivos de programa\PartyPoker\PartyPoker.exe (file missing)

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)




Paso 3- Ejecuta estas herramientas, de a una:

• Malwarebytes' Anti-Malware
  *Nota* Es importante que envíes a "Cuarentena" todo lo que este detecte antes de copiar y pegarnos su reporte.

• Antes de usar ComboFix....
• Desactiva temporalmente el Antivirus y/o Antispyware.
• Cierra todas las ventanas abiertas.
• Hacele doble clic al archivo ComboFix.exe y seguí las instrucciones.
• Cuando termine, generara un registro en C:\ComboFix.txt.
  • *Nota* Mientras CF este trabajando no mover el mouse ya que pararía su proceso.
  • *Nota* ComboFix puede reiniciar automáticamente el PC para completar el proceso de eliminación.

Paso 4- Descarga CCleaner y ejecútalo usando primero su opción de "Limpiador" para borrar cookies, temporales de Internet y todos los archivos que este te muestre como obsoletos, y luego usa su opción de "Registro" para limpiar todo el registro de Windows (haciendo copia de seguridad).

Reinicia y nos contas los resultados. junto con el reporte de

Paso 5- Reinicia en modo normal y nos dejas los reportes de:

• Malwarebytes' Anti-Malware
• C:\ComboFix.txt en este mismo mensaje.

**Nota**
- Para mayor comodidad imprime los pasos.
- Recuerda regresar y contarnos los resultados.

Salu2

Hola amigos,

Perdonar que no respondiera antes pero hemos estado la familia unos dias en el campo.

Bueno, al trabajo. He realizado todos los pasos y a continuacion os paso los reportes de Malwarebytes' Anti-Malware y ComboFix.txt .

REPORTE Malwarebytes' Anti-Malware

Malwarebytes' Anti-Malware 1.24
Versión de la Base de Datos: 1034
Windows 5.1.2600 Service Pack 2

09:25:10 09/08/2008
mbam-log-8-9-2008 (09-25-10).txt

Tipo de examen : Examen Rápido
Objetos examinados: 41710
Tiempo transcurrido: 18 minute(s), 55 second(s)

Procesos en Memoria Infectados: 0
Módulos en Memoria Infectados: 0
Claves del Registro Infectadas: 4
Valores del Registro Infectados: 0
Elementos de Datos del Registro Infectados: 0
Carpetas Infectadas: 2
Ficheros Infectados: 235

Procesos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Módulos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Claves del Registro Infectadas:
HKEY_CURRENT_USER\SOFTWARE\Casino Tropez (Adware.Casino) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Casino Tropez (Adware.Casino) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Casino King (Adware.Casino) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Casino King (Adware.Casino) -> Quarantined and deleted successfully.

Valores del Registro Infectados:
(No se han detectado elementos maliciosos)

Elementos de Datos del Registro Infectados:
(No se han detectado elementos maliciosos)

Carpetas Infectadas:
D:\WINDOWS\system32\drivers\down (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\downld (Trojan.Agent) -> Quarantined and deleted successfully.

Ficheros Infectados:
D:\WINDOWS\system32\drivers\down\14497165.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\14501682.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\14505627.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\14516283.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\14522832.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\14523143.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\14527389.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\14529772.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\14532366.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\14533768.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\14536802.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\14544423.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\14545805.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\14565413.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\14573525.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\14583239.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\14684815.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\14688110.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\14728328.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\14739604.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\14739974.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\14740746.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\14742388.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\14745352.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\14746704.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\14747235.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\14763118.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\14774825.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\14792350.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\14843083.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\14844485.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\14850453.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\14885664.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\14966350.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\14970246.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\15069669.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\15078091.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\15079403.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\15089477.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\15090038.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\15101234.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\15136465.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\15166738.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\15171595.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\15221777.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\15244340.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\15263037.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\15292118.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\15389549.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\15403999.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\15460941.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\15488611.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\15658335.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\15671113.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\15685584.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\15708968.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\15762675.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\15788282.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\16144093.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\16184912.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\17099938.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\17105506.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\17110343.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\17127027.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\17127548.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\17132885.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\17135880.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\17139615.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\17141197.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\17144392.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\17151081.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\17152423.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\17346583.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\17349146.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\17349637.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\17350638.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\17353513.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\17355916.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\17574981.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\17579678.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\2121490.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\2127849.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\2132987.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\2150822.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\2154558.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\2160206.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\2172433.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\2175227.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\2177190.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\2179554.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\2186323.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\2187505.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\227627.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\2412328.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\2413820.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\2417916.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\2422102.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\2425657.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\2428732.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\243970.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\2657831.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\2663920.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\291989.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\29391873.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\29397040.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\29400986.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\29416538.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\29416608.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\29420955.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\29423468.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\29426102.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\29427414.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\29429627.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\29435726.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\29436938.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\29630276.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\29631017.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\29631557.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\29632218.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\29634982.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\29636565.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\29854117.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\29858143.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\29948994.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\29979027.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\30018824.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\30026856.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\30052503.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\30052593.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\30057750.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\30060835.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\30064580.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\30066283.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\30071350.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\30079512.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\30085710.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\30119719.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\30120500.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\310216.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\311107.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\31993614.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\31998231.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\32001976.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\32017839.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\32017859.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\32021464.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\32024618.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\32026922.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\32028214.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\32030677.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\32036255.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\32039079.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\32064015.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\32064155.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\322834.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\327270.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\338126.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\3401821.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\340519.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\346888.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\3471111.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\3495666.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\3508685.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\3526290.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\3527762.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\3536775.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\3638111.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\3643258.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\3646313.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\3650188.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\3666912.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\3668525.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\44311336.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\44311947.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\44312247.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\44312257.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\44312628.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\44312928.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\44520967.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\44521468.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\44521658.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\44522139.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\44522369.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\44523030.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\465719.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\501981.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\512446.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\513398.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\518084.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\524043.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\528650.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\528890.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\531934.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\537382.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\550201.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\551332.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\558012.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\581506.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\584049.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\58764308.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\58798858.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\58803675.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\58822191.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\58823213.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\58828611.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\58840908.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\58843812.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\58855029.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\58859084.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\58867166.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\58868508.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\59062827.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\59067174.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\607443.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\609706.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\61084224.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\61144411.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\61144881.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\61145322.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\61145382.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\625399.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\626771.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\657365.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\down\670574.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\downld\1513356.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\downld\1539373.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\downld\1548486.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\downld\1552762.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\downld\1699423.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\downld\1718340.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\downld\1748654.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\downld\1756605.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\downld\1760331.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\downld\1829951.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\downld\1844271.exe (Trojan.Agent) -> Quarantined and deleted successfully.



REPORTE DE ComboFix.txt

ComboFix 08-08-08.07 - carlos 2008-08-09 9:31:45.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.34.3082.18.262 [GMT 2:00]
Se ejecuta desde: D:\Documents and Settings\carlos\Mis documentos\My Completed Downloads\ComboFix.exe
* Creado un nuevo punto de restauración

ADVERTENCIA - ESTE EQUIPO NO TIENE INSTALADA LA CONSOLA DE RECUPERACION!
.

(((((((((((((((((((((((((((((((((((( Otras eliminaciones )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\InfoSat.txt

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IPRIP
-------\Legacy_SROSA
-------\Service_Iprip


(((((((((((((((((( Archivos creados desde 2008-07-09 - 2008-08-09 )))))))))))))))))))))))))))))))))
.

2008-08-09 08:17 . 2008-08-09 08:17 <DIR> d-------- D:\Documents and Settings\carlos\Datos de programa\Malwarebytes
2008-08-09 08:17 . 2008-08-09 08:17 <DIR> d-------- D:\Documents and Settings\All Users\Datos de programa\Malwarebytes
2008-08-09 08:17 . 2008-08-09 08:17 <DIR> d-------- D:\Archivos de programa\Malwarebytes' Anti-Malware
2008-08-09 08:17 . 2008-07-30 20:07 38,472 --a------ D:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-09 08:17 . 2008-07-30 20:07 17,144 --a------ D:\WINDOWS\system32\drivers\mbam.sys
2008-08-05 08:17 . 2008-08-05 08:19 <DIR> d-------- D:\Archivos de programa\Executive Software
2008-08-05 04:37 . 2008-08-05 04:37 <DIR> d--hs---- D:\Diskeeper
2008-08-05 01:40 . 2008-08-05 01:40 <DIR> d-------- D:\Archivos de programa\Diskeeper Corporation
2008-08-05 00:47 . 2008-08-05 00:47 <DIR> d-------- D:\Deckard
2008-08-03 22:08 . 2008-08-08 22:09 96,976 --a------ D:\WINDOWS\system32\drivers\klin.dat
2008-08-03 22:08 . 2008-08-03 22:59 87,855 --a------ D:\WINDOWS\system32\drivers\klick.dat
2008-08-03 22:06 . 2008-08-09 07:57 <DIR> d-------- D:\Documents and Settings\All Users\Datos de programa\Kaspersky Lab
2008-08-03 22:06 . 2008-08-03 22:06 <DIR> d-------- D:\Archivos de programa\Kaspersky Lab
2008-08-03 18:59 . 2008-08-03 18:59 <DIR> d-------- D:\Archivos de programa\Trend Micro
2008-08-03 11:56 . 2008-08-03 11:56 <DIR> d-------- D:\Documents and Settings\All Users\Datos de programa\Lavasoft
2008-08-03 11:02 . 2008-08-09 09:38 3,885,088 --ahs---- D:\WINDOWS\system32\drivers\fidbox.dat
2008-08-03 11:02 . 2008-08-09 09:38 376,864 --ahs---- D:\WINDOWS\system32\drivers\fidbox2.dat
2008-08-03 11:02 . 2008-08-09 09:38 32,480 --ahs---- D:\WINDOWS\system32\drivers\fidbox.idx
2008-08-03 11:02 . 2008-08-09 09:38 3,416 --ahs---- D:\WINDOWS\system32\drivers\fidbox2.idx
2008-08-03 10:40 . 2008-08-03 10:40 <DIR> d-------- D:\Archivos de programa\FileASSASSIN
2008-08-02 17:47 . 2008-08-02 17:47 <DIR> d-------- D:\Documents and Settings\All Users\Datos de programa\Kaspersky Lab Setup Files
2008-08-02 17:15 . 2006-08-16 08:43 553,984 -ra------ D:\WINDOWS\system32\drivers\NETMW145.sys
2008-08-01 20:32 . 2001-08-24 14:00 19,456 --a------ D:\WINDOWS\system32\simptcp.dll
2008-08-01 20:32 . 2001-08-24 14:00 19,456 --a--c--- D:\WINDOWS\system32\dllcache\simptcp.dll
2008-08-01 20:30 . 2008-08-01 20:35 4,507 --a------ D:\WINDOWS\imsins.BAK
2008-08-01 19:58 . 2008-08-01 19:58 <DIR> d-------- D:\Archivos de programa\3COM Technology Corporation
2008-08-01 19:58 . 2004-10-06 18:49 248,320 --a------ D:\WINDOWS\system32\drivers\ZD1211U.sys
2008-08-01 17:57 . 2004-05-21 10:59 283,392 -ra------ D:\WINDOWS\system32\drivers\GPlus.sys
2008-08-01 17:18 . 2008-08-01 17:18 <DIR> d-------- D:\Archivos de programa\Belkin
2008-08-01 16:25 . 2008-08-01 16:25 268 --ah----- D:\sqmdata14.sqm
2008-08-01 16:25 . 2008-08-01 16:25 244 --ah----- D:\sqmnoopt14.sqm
2008-08-01 15:56 . 2008-08-01 15:56 268 --ah----- D:\sqmdata13.sqm
2008-08-01 15:56 . 2008-08-01 15:56 244 --ah----- D:\sqmnoopt13.sqm
2008-07-31 22:42 . 2008-07-31 22:42 268 --ah----- D:\sqmdata12.sqm
2008-07-31 22:42 . 2008-07-31 22:42 244 --ah----- D:\sqmnoopt12.sqm
2008-07-31 21:52 . 2008-07-31 21:52 <DIR> d-------- D:\Documents and Settings\LocalService\Datos de programa\AVG7
2008-07-30 19:15 . 2008-07-30 19:15 <DIR> d-------- D:\Documents and Settings\carlos\Datos de programa\AVGTOOLBAR
2008-07-30 16:24 . 2007-06-15 01:14 <DIR> d--h----- D:\Documents and Settings\Administrador\Reciente
2008-07-30 16:24 . 2007-06-15 00:26 <DIR> d--h----- D:\Documents and Settings\Administrador\Plantillas
2008-07-30 16:24 . 2007-06-15 01:14 <DIR> d-------- D:\Documents and Settings\Administrador\Mis documentos
2008-07-30 16:24 . 2007-06-15 01:14 <DIR> dr------- D:\Documents and Settings\Administrador\Men£ Inicio
2008-07-30 16:24 . 2007-06-15 01:14 <DIR> d--h----- D:\Documents and Settings\Administrador\Impresoras
2008-07-30 16:24 . 2008-07-30 16:26 <DIR> d-------- D:\Documents and Settings\Administrador\Favoritos
2008-07-30 16:24 . 2008-07-31 21:54 <DIR> d-------- D:\Documents and Settings\Administrador\Escritorio
2008-07-30 16:24 . 2007-06-15 01:14 <DIR> d--h----- D:\Documents and Settings\Administrador\Entorno de red
2008-07-30 16:24 . 2007-06-15 01:14 <DIR> dr-h----- D:\Documents and Settings\Administrador\Datos de programa
2008-07-30 16:24 . 2008-08-09 09:36 <DIR> d--h----- D:\Documents and Settings\Administrador\Configuraci¢n local
2008-07-30 16:24 . 2008-07-30 16:24 <DIR> d-------- D:\Documents and Settings\Administrador
2008-07-29 17:30 . 2008-07-29 17:30 <DIR> d-------- D:\Documents and Settings\All Users\Datos de programa\Grisoft
2008-07-29 17:30 . 2008-08-02 08:26 <DIR> d-------- D:\Documents and Settings\All Users\Datos de programa\avg7
2008-07-22 17:45 . 2008-07-26 10:00 115 --a------ D:\WINDOWS\system32\REMOTEDEVICE.INI
2008-07-22 17:43 . 2008-08-09 07:56 4,371 --a------ D:\WINDOWS\system32\LOCALSERVICE.INI
2008-07-22 17:42 . 2008-07-26 09:26 100 --a------ D:\WINDOWS\system32\LOCALDEVICE.INI
2008-07-22 17:07 . 2008-07-22 17:44 <DIR> d-------- D:\TEXAS
2008-07-22 16:57 . 2008-07-22 16:57 0 --a------ D:\WINDOWS\system32\BSPRINT.INI
2008-07-22 16:28 . 2008-07-22 16:28 <DIR> d-------- D:\Archivos de programa\IVT Corporation
2008-07-22 16:28 . 2008-07-22 16:57 32 --a------ D:\WINDOWS\0
2008-07-22 16:28 . 2008-07-22 16:28 0 --a------ D:\WINDOWS\system32\0
2008-07-22 16:02 . 2004-08-19 15:28 14,976 --a------ D:\WINDOWS\system32\drivers\kbdhid.sys
2008-07-22 16:02 . 2004-08-19 15:28 14,976 --a--c--- D:\WINDOWS\system32\dllcache\kbdhid.sys
2008-07-15 20:15 . 2004-05-14 16:53 462,848 --a------ D:\WINDOWS\system32\ltkrn13n.dll
2008-07-15 20:15 . 2004-05-14 16:53 450,560 --a------ D:\WINDOWS\system32\ltimg13n.dll
2008-07-15 20:15 . 2004-05-14 16:53 401,408 --a------ D:\WINDOWS\system32\lfcmp13n.dll
2008-07-15 20:15 . 2004-05-14 16:53 299,008 --a------ D:\WINDOWS\system32\ltdis13n.dll
2008-07-15 20:15 . 2004-01-12 02:09 206,336 --a------ D:\WINDOWS\system32\ltefx13n.dll
2008-07-15 20:15 . 2004-05-14 16:53 163,840 --a------ D:\WINDOWS\system32\ltfil13n.dll
2008-07-15 20:15 . 2003-11-04 15:10 69,632 --a------ D:\WINDOWS\system32\lfgif13n.dll
2008-07-15 20:15 . 2004-05-14 16:53 57,344 --a------ D:\WINDOWS\system32\lfbmp13n.dll

.
(((((((((((((((((((((((((((((((((((((( Reporte Find3M )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
2008-08-09 06:58 --------- d-----w D:\Archivos de programa\Mozilla Thunderbird
2008-08-09 06:04 --------- d---a-w D:\Documents and Settings\All Users\Datos de programa\TEMP
2008-08-05 06:02 --------- d-----w D:\Archivos de programa\eMule
2008-08-04 14:55 --------- d-----w D:\Archivos de programa\Archivos comunes\Wise Installation Wizard
2008-08-04 05:40 --------- d-----w D:\Archivos de programa\DAP
2008-08-03 19:29 --------- d-----w D:\Archivos de programa\Everest Poker
2008-08-03 12:24 --------- d-----w D:\Archivos de programa\Easy Video Joiner
2008-08-02 14:41 --------- d--h--w D:\Archivos de programa\InstallShield Installation Information
2008-08-02 06:47 --------- d-----w D:\Archivos de programa\AGEIA Technologies
2008-08-01 15:47 --------- d-----w D:\Archivos de programa\D-Link
2008-07-30 20:35 --------- d-----w D:\Archivos de programa\Rainlendar2
2008-07-30 16:43 --------- d-----w D:\Archivos de programa\EsetOnlineScanner
2008-07-29 07:01 --------- d-----w D:\Archivos de programa\TrojanHunter 5.0
2008-07-22 23:52 --------- d-----w D:\Archivos de programa\CompeGPS
2008-07-22 18:29 34,312 ----a-w D:\WINDOWS\system32\drivers\blueletaudio.sys
2008-07-07 19:52 --------- d-----w D:\Archivos de programa\QuickTime
2008-07-07 19:50 --------- d-----w D:\Documents and Settings\All Users\Datos de programa\Apple Computer
2008-07-07 19:45 --------- d-----w D:\Documents and Settings\All Users\Datos de programa\Apple
2008-07-07 19:45 --------- d-----w D:\Archivos de programa\Apple Software Update
2008-07-07 18:57 --------- d-----w D:\Archivos de programa\Windows Live
2008-07-07 18:54 --------- d-----w D:\Archivos de programa\Microsoft SQL Server Compact Edition
2008-07-07 18:42 --------- d-----w D:\Documents and Settings\All Users\Datos de programa\WLInstaller
2008-06-26 23:43 --------- d-----w D:\Archivos de programa\Sudowin
2008-06-24 18:22 --------- d-----w D:\Archivos de programa\Timeline Interactive
2008-06-24 17:21 --------- d-----w D:\Archivos de programa\ReminderCube2
2008-06-24 14:32 --------- d-----w D:\Archivos de programa\GeoShow3D Alpina
2008-06-24 14:06 --------- d-----w D:\Archivos de programa\Earth Resource Mapping
2008-06-13 15:36 --------- dcsh--w D:\Archivos de programa\Archivos comunes\WindowsLiveInstaller
2008-06-11 19:38 --------- d-----w D:\Documents and Settings\carlos\Datos de programa\MSN6
2008-06-11 19:38 --------- d-----w D:\Documents and Settings\All Users\Datos de programa\MSN6
2008-06-09 20:13 65,314 ----a-w D:\WINDOWS\BricoPackUninst.cmd
2008-06-09 20:13 6,116 ----a-w D:\WINDOWS\BricoPackFoldersDelete.cmd
2008-01-23 23:32 353 ----a-w D:\Documents and Settings\carlos\Datos de programa\HostEv.dat
.

------- Sigcheck -------

2007-06-13 15:22 978432 b8917899e0d8f18fcfae3c4a6b1d9435 D:\WINDOWS\explorer.exe
2007-06-13 15:10 1035776 dbb6b75cc6cb2cf8ec0bafca08aed6be D:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2001-08-24 14:00 1003520 c83d26267ca4c2dfd552d5cd639f96d2 D:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2007-06-13 15:22 978432 b8917899e0d8f18fcfae3c4a6b1d9435 D:\WINDOWS\ServicePackFiles\i386\explorer.exe
2007-06-13 15:22 1035776 f8ddb22b6efc5e630d65e241074c2404 D:\WINDOWS\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((((((( Cargando Puntos Reg ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* entradas vac¡as & entradas leg¡timas predeterminadas no son mostradas

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:42 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"DiskeeperSystray"="D:\Archivos de programa\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-10-04 12:38 163840]
"TkBellExe"="D:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe" [2008-01-19 16:16 185896]
"AVP"="D:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-04-25 18:21 201992]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:42 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\tga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\wd.sys]
@="Driver"

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^B4Playing Smart Tool.lnk]
backup=D:\WINDOWS\pss\B4Playing Smart Tool.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^D-Link AirPlus G+ Wireless Adapter Utility.lnk]
path=D:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\D-Link AirPlus G+ Wireless Adapter Utility.lnk
backup=D:\WINDOWS\pss\D-Link AirPlus G+ Wireless Adapter Utility.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hldrrr

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
D:\WINDOWS\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\3COM]
--a------ 2004-10-22 14:28 389120 D:\Archivos de programa\3COM Technology Corporation\3COM Wireless USB Utility\Wlan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2006-09-14 07:55 61440 D:\Archivos de programa\Adobe\Photoshop Elements 5.0\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 20:51 39792 D:\Archivos de programa\Adobe\Reader 8.0\Reader\Reader_SL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BtTray]
--a------ 2008-07-22 17:53 258134 D:\Archivos de programa\IVT Corporation\BlueSoleil\BtTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-20 00:42 15360 D:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 18:24 1694208 D:\Archivos de programa\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
--a------ 2005-07-14 21:35 1961984 D:\Archivos de programa\Ahead\Nero BackItUp\NBJ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 D:\Archivos de programa\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-12 04:00 132496 D:\Archivos de programa\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THGuard]
--a------ 2007-09-09 10:31 1046688 D:\Archivos de programa\TrojanHunter 5.0\THGuard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-01-19 16:16 185896 D:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationA gent]
--a------ 2004-08-20 00:43 110592 D:\WINDOWS\system32\bthprops.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"fsbwsys"=2 (0x2)
"a2AntiMalware"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"AntiVirService"=2 (0x2)
"AntiVirScheduler"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run-]
"MSMSGS"="D:\Archivos de programa\Messenger\msmsgs.exe" /background
"CTFMON.EXE"=D:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
"NeroFilterCheck"=D:\WINDOWS\system32\NeroCheck.ex e
"NvCplDaemon"=RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
"Adobe Reader Speed Launcher"="D:\Archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"QuickTime Task"="D:\Archivos de programa\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"D:\\Archivos de programa\\DAP\\DAP.exe"=
"D:\\WINDOWS\\system32\\sessmgr.exe"=
"D:\\WINDOWS\\system32\\dpnsvr.exe"=
"%windir%\\system32\\sessmgr.exe"=
"D:\\Archivos de programa\\Messenger\\msmsgs.exe"=
"D:\\Archivos de programa\\eMule\\emule.exe"=
"D:\\Documents and Settings\\carlos\\Mis documentos\\My Completed Downloads\\installer-13387-10-Nero-ShowTime-Spanish-Castellano.exe"=
"D:\\Archivos de programa\\Windows Live\\Messenger\\livecall.exe"=
"D:\\Archivos de programa\\GeoShow3D Alpina\\Geoshow3D Lite.exe"=
"D:\\Archivos de programa\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe"=
"D:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe"=
"D:\\Documents and Settings\\All Users\\Datos de programa\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2009\\english\\setup.exe"=
"D:\\WINDOWS\\system32\\mmc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"4635:TCP"= 4635:TCP:*:Disabled:elepant
"4645:UDP"= 4645:UDP:*:Disabled:elepha
"7846:TCP"= 7846:TCP:*:Disabled:messenger
"2257:TCP"= 2257:TCP:*:Disabled:messenger
"1336:TCP"= 1336:TCP:*:Disabled:messenger
"4743:TCP"= 4743:TCP:*:Disabled:messenger
"8613:TCP"= 8613:TCP:*:Disabled:messenger
"7343:TCP"= 7343:TCP:*:Disabled:messenger
"5881:TCP"= 5881:TCP:*:Disabled:messenger
"3317:TCP"= 3317:TCP:*:Disabled:messenger
"4835:TCP"= 4835:TCP:*:Disabled:messenger
"6734:TCP"= 6734:TCP:*:Disabled:messenger
"7155:TCP"= 7155:TCP:*:Disabled:messenger
"2144:TCP"= 2144:TCP:*:Disabled:messenger
"14672:UDP"= 14672:UDP:emule
"14662:TCP"= 14662:TCP:emule
"4662:TCP"= 4662:TCP:emule
"4672:UDP"= 4672:UDP:emule
"4500:TCP"= 4500:TCP:emule
"4511:UDP"= 4511:UDP:emule
"25:TCP"= 25:TCP:Se abrirán los puertos seleccionados 25

R0 klbg;Kaspersky Lab Boot Guard Driver;D:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 18:29]
R2 BlueSoleilCS;BlueSoleilCS;D:\Archivos de programa\IVT Corporation\BlueSoleil\BlueSoleilCS.exe [2008-07-22 17:53]
R2 NwSapAgent;Agente SAP;D:\WINDOWS\system32\svchost.exe [2004-08-20 00:43]
R2 ousbehci;OrangeWare USB Enhanced Host Controller Service;D:\WINDOWS\system32\Drivers\ousbehci.sys [2004-03-15 13:14]
R2 UxTuneUp;Ampliación del diseño de TuneUp;D:\WINDOWS\System32\svchost.exe [2004-08-20 00:43]
R3 BsHelpCS;BsHelpCS;D:\Archivos de programa\IVT Corporation\BlueSoleil\BsHelpCS.exe [2007-08-17 15:58]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;D:\WINDOWS\system32\DRIVERS\klim5.sys [2008-03-25 20:07]
R3 maestro;ESS Maestro Audio Driver (WDM);D:\WINDOWS\system32\drivers\es198xdl.sys [2002-06-20 17:53]
R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;D:\WINDOWS\system32\DRIVERS\ousb2hub.sys [2004-03-15 13:14]
S0 st3shark;st3shark;D:\WINDOWS\system32\DRIVERS\st3s hark.sys []
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;D:\WINDOWS\system32\Drivers\BRGSp50.sys [2005-06-08 18:44]
S3 cdrmkaun;cdrmkaun;D:\DOCUME~1\carlos\CONFIG~1\Temp \cdrmkaun.sys []
S3 NETMW145;Belkin N1 Wireless Notebook Card Service for Windows XP;D:\WINDOWS\system32\DRIVERS\NETMW145.sys [2006-08-16 08:43]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;D:\WINDOWS\system32\NSNDIS5.SYS [2004-03-24 04:12]
S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;D:\WINDOWS\system32\DRIVERS\rt2870.sys [2007-03-13 12:35]
S3 TNET1130;D-Link AirPlus G+ Wireless Adapter;D:\WINDOWS\system32\DRIVERS\GPlus.sys [2004-05-21 10:59]
S3 ZD1211U(3COM Corporation);3COM OfficeConnect Wireless 11g Compact USB Adapter(3COM Corporation);D:\WINDOWS\system32\DRIVERS\zd1211u.s ys [2004-10-06 18:49]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenido de carpeta 'Tareas Programadas'

2008-07-26 D:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- D:\Archivos de programa\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]

2008-08-09 D:\WINDOWS\Tasks\Comprobar actualizaciones de Windows Live Toolbar.job
- D:\Archivos de programa\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 12:20]

2008-08-01 D:\WINDOWS\Tasks\Maintenance en 1 clic.job
- D:\Archivos de programa\TuneUp Utilities 2007\SystemOptimizer.exe [2007-01-22 15:26]

2008-08-01 D:\WINDOWS\Tasks\Mantenimiento con 1 clic.job
- D:\Archivos de programa\TuneUp Utilities 2007\SystemOptimizer.exe [2007-01-22 15:26]
.
- - - - ORPHANS REMOVED - - - -

HKCU-RunOnce-Shockwave Updater - D:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100429 -Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET
HKLM-Run-D-Link D-Link Wireless N DWA-140 - D:\Archivos de programa\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe
MSConfigStartUp-avgnt - D:\Archivos de programa\AntiVir\avgnt.exe
MSConfigStartUp-kav - D:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - D:\Documents and Settings\carlos\Datos de programa\Mozilla\Firefox\Profiles\0elgf30z.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.20minutos.es/
FF -: plugin - C:\Program Files\Garmin GPS Plugin\npGarmin.dll
FF -: plugin - D:\Archivos de programa\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - D:\Archivos de programa\Yahoo!\Common\npyaxmpb.dll


************************************************** ************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-09 09:45:00
Windows 5.1.2600 Service Pack 2 NTFS

escaneando procesos ocultos ...

escaneando entradas ocultas de autostart ...

escaneando archivos ocultos ...

el escaneo se completo con exito
archivos ocultos: 0

************************************************** ************************
.
------------------------ Other Running Processes ------------------------
.
D:\WINDOWS\system32\netdde.exe
D:\Archivos de programa\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
D:\Archivos de programa\Executive Software\DiskeeperLite\DKService.exe
D:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\WINDOWS\system32\msiexec.exe
D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\tcpsvcs.exe
D:\Archivos de programa\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
D:\WINDOWS\system32\wdfmgr.exe
.
************************************************** ************************
.
Tiempo completado: 2008-08-09 9:53:03 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-09 07:52:50

Pre-Run: 22,272,307,200 bytes libres
Post-Run: 22,341,210,112 bytes libres

312 --- E O F --- 2008-06-19 21:20:04


Saludos cordiales y gracias por todo
(Ya os informare de los resultados)

Hola, ComboFix ya se encargo de eliminar los archivos de malwares encontrados en tu PC, por lo que tendrías que comentarnos como esta funcionado todo luego de reiniciar ?

Salu2

Hola amigos,

Gracias por toda vuestra ayuda.

Una vez reinicializado, ya funciona bien todo.


Un saludo y continuar asi,,,,,,,,,,,,,,muy bien.


Carlos