Foro de InfoSpyware - Foro de Hijackthis - Foro de Virus

me aparecen continuamente ventanas de publicidad, la conexion de internet va muy lenta y el navegador me redirecciona a otras webs. este es el log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:52:02, on 05/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Documents and Settings\Maria Levene\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.live.com/sphome.aspx
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.es/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.es/0SEESES/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
F2 - REG:system.ini: Shell=
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O3 - Toolbar: PDF de Adobe - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NVRotateSysTray] rundll32.exe C:\WINDOWS\system32\nvsysrot.dll,Enable
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Maria Levene\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O8 - Extra context menu item: Convertir a PDF de Adobe - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir a PDF existente - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir destino de vínculo a PDF existente - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir destino de vínculo en archivo PDF de Adobe - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir selección a archivo PDF existente - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir selección a PDF de Adobe - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir vínculos seleccionados a PDF de Adobe - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir vínculos seleccionados a PDF existente - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/spanish//kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by126w.bay126.mail.live.com/mail/resources/MsnPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {5F8A33E7-6A32-4EE0-887A-134C627CB052} (Easy Upload Tool Combo Control) - http://marysss.myphotoalbum.com/EasyUploadTool.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://navigatela.lacity.org/download/mgaxctrl.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{08EF5502-2E82-48D0-BE55-FB171968B721}: NameServer = 85.255.113.141;85.255.112.145
O17 - HKLM\System\CCS\Services\Tcpip\..\{28A45864-5D5B-4E9E-9F75-9B3F9B0C0030}: NameServer = 85.255.113.141;85.255.112.145
O17 - HKLM\System\CCS\Services\Tcpip\..\{DDC92183-9D97-4EB0-8D9F-E23D85B537FF}: NameServer = 85.255.113.141;85.255.112.145
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.141;85.255.112.145
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.141;85.255.112.145
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Servicio Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DirectX common - Unknown owner - C:\WINDOWS\system32\dxwizard.exe (file missing)
O23 - Service: DirectX multi version - Unknown owner - C:\WINDOWS\system32\dxcombin.exe (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Update Service (gupdate1c95326c76c74ea) (gupdate1c95326c76c74ea) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe
O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IWin service - Unknown owner - C:\WINDOWS\system32\iwinapp.exe (file missing)
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NMSAccessU - Unknown owner - C:\WINDOWS\system32\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Win PPPe - Unknown owner - C:\WINDOWS\system32\winser.exe (file missing)
O23 - Service: Windows sharing object - Unknown owner - C:\WINDOWS\system32\winvercp.exe (file missing)
O23 - Service: WinTrust32 - Unknown owner - C:\WINDOWS\system32\wintrust32.exe (file missing)
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 13875 bytes

Hola maerys, te doy la bienvenida al Foro de InfoSpyware.

Paso 1- Descarga, Instala y/o actualiza estas herramientas: (pero no los ejecutes aun)

• ComboFix.exe
• Malwarebytes' Anti-Malware

Paso 2- Con todos los programas cerrados, ejecuta HijackThis y dale a las siguientes entradas:


R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll

F2 - REG:system.ini: Shell=

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll

O17 - HKLM\System\CCS\Services\Tcpip\..\{08EF5502-2E82-48D0-BE55-FB171968B721}: NameServer = 85.255.113.141;85.255.112.145
O17 - HKLM\System\CCS\Services\Tcpip\..\{28A45864-5D5B-4E9E-9F75-9B3F9B0C0030}: NameServer = 85.255.113.141;85.255.112.145
O17 - HKLM\System\CCS\Services\Tcpip\..\{DDC92183-9D97-4EB0-8D9F-E23D85B537FF}: NameServer = 85.255.113.141;85.255.112.145
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.141;85.255.112.145
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.141;85.255.112.145

O23 - Service: DirectX common - Unknown owner - C:\WINDOWS\system32\dxwizard.exe (file missing)

O23 - Service: DirectX multi version - Unknown owner - C:\WINDOWS\system32\dxcombin.exe (file missing)






Paso 3- Ejecuta estas herramientas, de a una:

• Malwarebytes' Anti-Malware
  *Nota* Es importante que envíes a "Cuarentena" todo lo que este detecte antes de copiar y pegarnos su reporte.

• Antes de usar ComboFix....
• Desactiva temporalmente el Antivirus y/o Antispyware.
• Cierra todas las ventanas abiertas.
• Hacele doble clic al archivo ComboFix.exe y seguí las instrucciones.
• Cuando termine, generara un registro en C:\ComboFix.txt.
  • *Nota* Mientras CF este trabajando no mover el mouse ya que pararía su proceso.
  • *Nota* ComboFix puede reiniciar automáticamente el PC para completar el proceso de eliminación.

Paso 4- Descarga CCleaner y ejecútalo usando primero su opción de "Limpiador" para borrar cookies, temporales de Internet y todos los archivos que este te muestre como obsoletos, y luego usa su opción de "Registro" para limpiar todo el registro de Windows (haciendo copia de seguridad).

Reinicia y nos contas los resultados. junto con el reporte de

Paso 5- Reinicia en modo normal y nos dejas los reportes de:

• Malwarebytes' Anti-Malware
• C:\ComboFix.txt en este mismo mensaje.

**Nota**
- Para mayor comodidad imprime los pasos.
- Recuerda regresar y contarnos los resultados.

Salu2

Gracias por la ayuda. Seguí todos los pasos y estos son los reportes:

Malwarebytes' Anti-Malware

Malwarebytes' Anti-Malware 1.32
Versión de la Base de Datos: 1616
Windows 5.1.2600 Service Pack 3

06/01/2009 21:59:19
mbam-log-2009-01-06 (21-59-19).txt

Tipo de examen : Examen Rápido
Objetos examinados: 71998
Tiempo transcurrido: 9 minute(s), 34 second(s)

Procesos en Memoria Infectados: 0
Módulos en Memoria Infectados: 0
Claves del Registro Infectadas: 1
Valores del Registro Infectados: 0
Elementos de Datos del Registro Infectados: 20
Carpetas Infectadas: 2
Ficheros Infectados: 8

Procesos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Módulos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Claves del Registro Infectadas:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{f919fbd3-a96b-4679-af26-f551439bb5fd} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Valores del Registro Infectados:
(No se han detectado elementos maliciosos)

Elementos de Datos del Registro Infectados:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.141;85.255.112.145 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Tcpip\Parameters\Interfaces\{08ef5502-2e82-48d0-be55-fb171968b721}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.113.141;85.255.112.145 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Tcpip\Parameters\Interfaces\{08ef5502-2e82-48d0-be55-fb171968b721}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.141;85.255.112.145 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Tcpip\Parameters\Interfaces\{28a45864-5d5b-4e9e-9f75-9b3f9b0c0030}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.113.141;85.255.112.145 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Tcpip\Parameters\Interfaces\{28a45864-5d5b-4e9e-9f75-9b3f9b0c0030}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.141;85.255.112.145 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Tcpip\Parameters\Interfaces\{ddc92183-9d97-4eb0-8d9f-e23d85b537ff}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.141;85.255.112.145 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\T cpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.141;85.255.112.145 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\T cpip\Parameters\Interfaces\{08ef5502-2e82-48d0-be55-fb171968b721}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.113.141;85.255.112.145 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\T cpip\Parameters\Interfaces\{08ef5502-2e82-48d0-be55-fb171968b721}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.141;85.255.112.145 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\T cpip\Parameters\Interfaces\{28a45864-5d5b-4e9e-9f75-9b3f9b0c0030}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.113.141;85.255.112.145 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\T cpip\Parameters\Interfaces\{28a45864-5d5b-4e9e-9f75-9b3f9b0c0030}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.141;85.255.112.145 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\T cpip\Parameters\Interfaces\{ddc92183-9d97-4eb0-8d9f-e23d85b537ff}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.141;85.255.112.145 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\T cpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.113.141;85.255.112.145 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\T cpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.141;85.255.112.145 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\T cpip\Parameters\Interfaces\{08ef5502-2e82-48d0-be55-fb171968b721}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.113.141;85.255.112.145 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\T cpip\Parameters\Interfaces\{08ef5502-2e82-48d0-be55-fb171968b721}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.141;85.255.112.145 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\T cpip\Parameters\Interfaces\{28a45864-5d5b-4e9e-9f75-9b3f9b0c0030}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.113.141;85.255.112.145 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\T cpip\Parameters\Interfaces\{28a45864-5d5b-4e9e-9f75-9b3f9b0c0030}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.141;85.255.112.145 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\T cpip\Parameters\Interfaces\{ddc92183-9d97-4eb0-8d9f-e23d85b537ff}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.113.141;85.255.112.145 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\T cpip\Parameters\Interfaces\{ddc92183-9d97-4eb0-8d9f-e23d85b537ff}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.141;85.255.112.145 -> Quarantined and deleted successfully.

Carpetas Infectadas:
C:\resycled (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Documents and Settings\Maria Levene\Start Menu\Programs\extravideo (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Ficheros Infectados:
C:\Documents and Settings\Maria L\Local Settings\Application Data\yskag_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Maria L\Local Settings\Application Data\yskag_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Maria L\Local Settings\Application Data\yskag.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Maria L\Local Settings\Application Data\yskag.exe (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msqpdxorvdhrsr.dll (Trojan.Agent) -> Delete on reboot.
C:\Program Files\Mozilla Firefox\Components\iamfamous.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\msqpdxpqltoiqn.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\msqpdxserv.sys (Trojan.Agent) -> Quarantined and deleted successfully.


ComboFix

ComboFix 09-01-05.05 - Maria Levene 2009-01-06 22:18:07.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.34.1033.18.1022.502 [GMT 1:00]
Se ejecuta desde: c:\documents and settings\Maria L\Desktop\ComboFix.exe
* Creado un nuevo punto de restauración

ADVERTENCIA - ESTE EQUIPO NO TIENE INSTALADA LA CONSOLA DE RECUPERACION!
.

(((((((((((((((((((((((((((((((((((( Otras eliminaciones )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Downloaded Program Files\setup.inf
c:\windows\system32\AutoRun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Servicios )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ACTIVE_COMMON_SERVICE
-------\Legacy_IWIN_SERVICE
-------\Legacy_POWERMANAGER
-------\Legacy_WINTRUST32
-------\Legacy_WIN_PPPE
-------\Service_IWin service
-------\Service_Win PPPe
-------\Service_WinTrust32


(((((((((((((((((( Archivos creados desde 2008-12-06 - 2009-01-06 )))))))))))))))))))))))))))))))))
.

2009-01-06 21:41 . 2009-01-06 21:41 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-06 21:41 . 2009-01-06 21:41 <DIR> d-------- c:\documents and settings\Maria L\Application Data\Malwarebytes
2009-01-06 21:41 . 2009-01-06 21:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-31 15:31 . 2008-12-31 15:31 <DIR> d-------- c:\program files\Trend Micro
2008-12-31 02:43 . 2008-12-31 02:43 <DIR> d-------- c:\program files\gs
2008-12-31 02:42 . 2008-12-31 03:04 <DIR> d-------- c:\program files\PDF Writer
2008-12-31 02:42 . 2008-12-31 02:41 90,112 --a------ c:\windows\system32\custmon2k.dll
2008-12-31 02:42 . 2008-12-31 02:41 53,248 --a------ c:\windows\system32\uninstpw.exe
2008-12-31 02:42 . 2008-12-31 02:41 24,576 --a------ c:\windows\system32\custsave.exe
2008-12-21 00:28 . 2008-12-21 02:01 137 --a------ c:\windows\system32\iwinapp.bin
2008-12-21 00:28 . 2008-12-21 02:01 136 --a------ c:\windows\system32\ole.inf
2008-12-16 00:23 . 2008-12-16 00:23 <DIR> d-------- C:\VundoFix Backups
2008-12-14 22:37 . 2008-12-15 06:34 135 --a------ c:\windows\system32\neth.bin
2008-12-14 22:36 . 2008-12-15 06:34 139 --a------ c:\windows\system32\odbc.inf
2008-12-14 22:32 . 2008-12-14 22:37 133 --a------ c:\windows\system32\dxwizard.bin
2008-12-14 22:30 . 2008-12-21 02:01 138 --a------ c:\windows\system32\service.inf
2008-12-14 22:27 . 2008-12-14 22:27 3,120 --a------ c:\windows\system32\CB4CPW8G.ocx
2008-12-14 22:27 . 2008-12-15 06:34 135 --a------ c:\windows\system32\netmsg.bin
2008-12-14 22:26 . 2008-12-14 22:26 <DIR> d-------- c:\program files\Planetwide Games

.
(((((((((((((((((((((((((((((((((((((( Reporte Find3M )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
2009-01-06 21:24 --------- d-----w c:\program files\DNA
2009-01-06 21:24 --------- d-----w c:\documents and settings\Maria L\Application Data\DNA
2009-01-04 17:41 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-04 17:41 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-12-22 20:28 --------- d-----w c:\program files\Google
2008-12-21 01:01 --------- d-----w c:\documents and settings\Maria L\Application Data\BitTorrent
2008-12-20 21:56 --------- d-----w c:\program files\Windows Live Safety Center
2008-12-18 17:47 --------- d-----w c:\documents and settings\Maria L\Application Data\Autodesk
2008-12-18 17:47 --------- d-----w c:\documents and settings\All Users\Application Data\Autodesk
2008-12-18 17:05 --------- d-----w c:\program files\Autodesk
2008-12-18 04:10 --------- d-----w c:\program files\Common Files\Autodesk Shared
2008-12-18 00:48 102,136 ----a-w c:\documents and settings\Maria L\Application Data\GDIPFONTCACHEV1.DAT
2008-12-17 23:17 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-12-17 23:15 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-14 20:49 --------- d-----w c:\program files\Boris FX, Inc
2008-12-13 00:59 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-01 01:37 --------- d-----w c:\program files\Virtual Earth 3D
2008-11-29 23:06 --------- d-----w c:\documents and settings\Maria L\Application Data\BSplayer
2008-11-29 23:04 --------- d-----w c:\program files\Webteh
2008-11-24 20:33 --------- d-----w c:\program files\Apple Software Update
2008-11-24 20:31 --------- d-----w c:\program files\iTunes
2008-11-24 20:31 --------- d-----w c:\program files\iPod
2008-11-24 20:31 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-24 20:29 --------- d-----w c:\program files\QuickTime
2008-11-24 20:28 --------- d-----w c:\program files\Common Files\Apple
2008-11-24 16:01 284 ----a-w c:\documents and settings\Maria L\Application Data\ViewerApp.dat
2008-11-23 22:36 --------- d-----w c:\documents and settings\Maria L\Application Data\Winamp
2008-11-23 22:25 --------- d-----w c:\program files\Winamp
2008-11-23 22:24 --------- d-----w c:\program files\Winamp Toolbar
2008-11-23 22:24 --------- d-----w c:\documents and settings\All Users\Application Data\Winamp Toolbar
2008-11-20 22:43 --------- d-----w c:\program files\Font Visualizer
2008-11-20 20:11 --------- d-----w c:\program files\TuneUp Utilities 2008
2008-11-20 20:11 --------- d-----w c:\documents and settings\Maria L\Application Data\TuneUp Software
2008-11-20 20:11 --------- d-----w c:\documents and settings\All Users\Application Data\TuneUp Software
2008-11-20 20:09 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-11-19 02:33 --------- d-----w c:\program files\InterActual
2008-11-18 12:51 --------- d-----w c:\program files\proDAD
2008-11-18 12:51 --------- d-----w c:\program files\LooksBuilderSE
2008-11-18 12:51 --------- d-----w c:\documents and settings\Maria L\Application Data\proDAD
2008-11-18 12:47 --------- d-----w c:\program files\Pinnacle
2008-11-18 12:26 --------- d-----w c:\program files\Common Files\Pinnacle
2008-11-18 12:26 --------- d-----w c:\documents and settings\All Users\Application Data\Pinnacle Studio Ultimate
2008-11-18 12:17 --------- d-----w c:\program files\Common Files\Yahoo!
2008-11-18 12:17 --------- d-----w c:\documents and settings\All Users\Application Data\Studio 12
2008-11-18 12:17 --------- d-----w c:\documents and settings\All Users\Application Data\Pinnacle Studio Plus
2008-11-16 18:56 --------- d-----w c:\documents and settings\Maria L\Application Data\FotoPrix
2008-11-16 18:50 --------- d-----w c:\program files\Fotoprix
2008-11-13 11:12 --------- d-----w c:\program files\Quick Screen Recorder
2008-11-13 09:07 --------- d-----w c:\documents and settings\Maria L\Application Data\U3
2008-11-10 17:02 --------- d-----w c:\program files\Pivot Stickfigure Animator
2008-11-10 16:14 --------- d-----w c:\program files\Amic Utilities
2008-11-10 15:48 --------- d-----w c:\documents and settings\Maria L\Application Data\Pavtube
2008-11-10 15:43 --------- d-----w c:\program files\Total Video Converter
2008-11-10 14:16 --------- d-----w c:\program files\Zelscope
.

((((((((((((((((((((((((((((((((( Cargando Puntos Reg ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vacías & entradas legítimas predeterminadas no son mostradas
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-21 342848]
"Google Update"="c:\documents and settings\Maria L\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-11-14 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-08-25 356352]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 761948]
"NVRotateSysTray"="c:\windows\system32\nvsysrot.dl l" [2006-05-01 49152]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-01 7557120]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-02 802816]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-02 696320]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-08-18 1447168]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-04 36352]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"TPSMain"="TPSMain.exe" [2005-08-04 c:\windows\system32\TPSMain.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-09-22 c:\windows\RTHDCPL.EXE]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-03-13 233472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.X264"= x264vfw.dll
"vidc.mjpx"= Pvmjpg30.dll
"VIDC.PIM1"= pclepim1.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0pfdnnt \0pfdnnt \0pfdnnt \0pfdnnt

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk
backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Búsqueda en el escritorio de Windows.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Búsqueda en el escritorio de Windows.lnk
backup=c:\windows\pss\Búsqueda en el escritorio de Windows.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Inicio rápido de Adobe Acrobat.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Inicio rápido de Adobe Acrobat.lnk
backup=c:\windows\pss\Inicio rápido de Adobe Acrobat.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Inicio rápido de HP Image Zone.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Inicio rápido de HP Image Zone.lnk
backup=c:\windows\pss\Inicio rápido de HP Image Zone.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
--a------ 2006-01-12 21:52 483328 c:\program files\Adobe\Acrobat 7.0\Distillr\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a------ 2004-05-12 15:18 241664 c:\program files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2007-03-11 21:34 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
--a------ 2004-03-23 09:05 172032 c:\windows\system32\spool\drivers\w32x86\3\hpztsb1 0.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPWG myPrintMileage Agent]
--a------ 2003-11-03 03:06 102400 c:\program files\Hewlett-Packard\hp deskjet 9300 series\Toolbox\mpm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-14 01:12 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
--a------ 2006-03-30 17:45 313472 c:\program files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a------ 2005-12-13 15:50 88204 c:\windows\agrsmmsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-05-03 18:43 69632 c:\windows\ALCMTR.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run-]
"TOSCDSPD"=c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"BitTorrent DNA"="c:\program files\DNA\btdna.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"DLA"=c:\windows\System32\DLA\DLACTRLW.EXE
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"ehTray"=c:\windows\ehome\ehtray.exe
"nwiz"=nwiz.exe /installquiet /keeploaded /nodetect
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe"
"TFncKy"=TFncKy.exe
"NeroFilterCheck"=c:\windows\system32\NeroCheck.ex e
"SmoothView"=c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
"Tvs"=c:\program files\TOSHIBA\Tvs\TvsTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Toshiba\\ConfigFree\\CFXFER.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\Maria L\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Maria L\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Google\\Google SketchUp 7\\SketchUp.exe"=
"c:\\Program Files\\Google\\Google SketchUp 7\\LayOut\\LayOut.exe"=

R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [2007-02-10 11264]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfw tdir.sys [2008-08-18 34312]
R3 X10Hid;X10 Hid Device;c:\windows\system32\drivers\x10hid.sys [2006-09-27 7040]
R4 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-08-18 468224]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-09-21 33752]
S4 DirectX common;DirectX common;c:\windows\system32\dxwizard.exe --> c:\windows\system32\dxwizard.exe [?]
S4 DirectX multi version;DirectX multi version;c:\windows\system32\dxcombin.exe --> c:\windows\system32\dxcombin.exe [?]
S4 gupdate1c95326c76c74ea;Google Update Service (gupdate1c95326c76c74ea);c:\program files\Google\Update\GoogleUpdate.exe [2008-11-30 133104]
S4 Windows sharing object;Windows sharing object;c:\windows\system32\winvercp.exe --> c:\windows\system32\winvercp.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{0ba4f0a4-91fe-11dd-a1ee-00037afd45ce}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{3ca12a8a-9b60-11dd-a203-00037afd45ce}]
\Shell\AutoRun\command - F:\npeuinst.exe
.
Contenido de carpeta 'Tareas Programadas'

2008-11-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-01-06 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-11-30 21:18]

2009-01-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4081133898-2535043647-477597902-1005.job
- c:\documents and settings\Maria L\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-14 01:49]

2009-01-06 c:\windows\Tasks\Mantenimiento con 1 clic.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 09:18]
.
- - - - HUÉRFANOS ELIMINADOS - - - -

MSConfigStartUp-hpqSRMon - c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe
MSConfigStartUp-Sony Ericsson PC Suite - c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
MSConfigStartUp-yskag - c:\documents and settings\maria levene\local settings\application data\yskag.exe
MSConfigStartUp-CFSServ - CFSServ.exe


.
------- Análisis Suplementario -------
.
uStart Page = hxxp://www.google.es/
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source? }
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://g.msn.es/0SEESES/SAOS01?FORM=TOOLBR
IE: Convertir a PDF de Adobe - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir a PDF existente - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir destino de vínculo a PDF existente - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir destino de vínculo en archivo PDF de Adobe - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir selección a archivo PDF existente - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir selección a PDF de Adobe - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir vínculos seleccionados a PDF de Adobe - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convertir vínculos seleccionados a PDF existente - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xportar a Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

c:\windows\system32\unicows.dll - c:\windows\Downloaded Program Files\ImageUploader3.ocx
O16 -: {5F8A33E7-6A32-4EE0-887A-134C627CB052}
hxxp://marysss.myphotoalbum.com/EasyUploadTool.cab
c:\windows\Downloaded Program Files\ImageUploader3.inf
FF - ProfilePath - c:\documents and settings\Maria L\Application Data\Mozilla\Firefox\Profiles\8s1zifxn.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.es/
FF - component: c:\program files\Mozilla Firefox\components\iamfamous.dll
FF - plugin: c:\documents and settings\Maria L\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\program files\Google\Google Earth Plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.133.33\npGoogleOneClick7.d ll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
.

************************************************** ************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-06 22:24:07
Windows 5.1.2600 Service Pack 3 NTFS

escaneando procesos ocultos ...

escaneando entradas ocultas de autostart ...

escaneando archivos ocultos ...

el escaneo se completo con exito
archivos ocultos: 0

************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-4081133898-2535043647-477597902-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*NULL*]
"??"=hex:ec,6d,e5,ad,00,b4,4b,c7,4f,95,7a,ac,49,25 ,45,9d,9a,6f,44,cd,b7,34,ee,\
75,8a,d0,15,95,65,8d,1c,79,5d,06,0d,da,d5,4a,68,fb ,3e,bc,05,f7,ef,3d,ee,46,\
7c,91,99,b7,23,38,aa,2c,0c,d9,63,5b,a4,3d,67,98,3b ,df,74,64,ca,54,8d,f3,39,\
6f,e2,04,8d,f0,1f,78,77,77,34,8e,d6,55,2f,f3,dc,33 ,5e,f5,09,9d,07,68,ca,2d,\
c7,4f,b8,37,06,34,87,0e,11,a2,53,44,35,75,b4,b3,e7 ,8d,7d,c4,7a,8b,ea,5f,80,\
35,ec,7c,cd,b7,61,e0,99,24,70,43,5e,2c,d9,79,8f,06 ,17,79,10,98,a0,a0,a4,49,\
2c,63,bd,76,ca,ab,47,d8,19,cf,a0,2b,5e,da,ac,a0,b3 ,6c,80,d7,ab,d2,1c,43,2e,\
41,60,80,78,da,a1,d7,e7,6b,8b,49,d4,5f,71,23,75,97 ,6d,af,7e,6c,34,90,a3,fb,\
9b,96,de,14,ae,d5,b0,22,41,55,a4,99,d9,2d,e2,73,c1 ,41,24,c7,a9,ef,9e,5c,89,\
fd,43,12,ba,b6,39,28,ee,c3,5c,ed,e8,4b,dd,7d,7a,b3 ,a4,01,fc,7d,03,e6,14,e5,\
94,18,2c,1a,91,69,cb,78,e0,19,e6,ce,75,1a,9d,a9,15 ,a5,e7,94,de,4a,ba,62,6f,\
c5,ac,ae,56,55,f6,e0,ea,34,e7,45,a4,e1,2e,b9,5c,e6 ,2f,36,7a,43,74,45,2f,15,\
25,66,dd,be,2b,5f,41,ec,d2,82,23,0b,3d,24,9a,8a,f6 ,f3,ee,34,55,c8,5d,65,5a,\
11,88,95,3e,79,50,b1,a6,aa,b0,d7,6f,12,6d,61,20,73 ,4e,e6,e7,9b,a7,c5,4c,32,\
ce,36,43,78,f9,8c,a5,66,c7,90,3d,53,1c,d1,e0,97,96 ,68,0d,21,54,3a,64,b0,81,\
b2,02,4d,a4,9a,ab,b6,62,3d,6b,ea,da,22,11,7f,f8,4f ,8c,44,96,13,33,d2,84,f4,\
28,f3,b3,88,d4,b1,8b,49,d5,8f,da,a9,ad,6f,bf,cc,bf ,e5,63,a4,46,0b,1c,1b,d1,\
38,70,cb,3a,74,83,2a,4d,70,cb,a3,be,6a,cb,e3,b6,7a ,bb,e3,ae,7a
"??"=hex:df,50,bc,af,e7,fa,bb,f7,77,4c,00,b9,c0,04 ,61,3e

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4 B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*NULL*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af ,b0,29,a3,98,98,93,d5,1c,eb,\
48,b5,63,2e,e8,e1,00,eb,16,2b,de,88,4e,17,ee,73,8d ,d1,de,e2,63,26,f1,3f,c8,\
ff,68,e5,c8,fa,a6,44,75,ee,dc,2e,e8,e1,00,eb,16,2b ,de,7b,42,ec,f0,1f,19,0e,\
5b,64,0c,fb,c7

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98 A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*NULL*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66 ,8b,46,0d,96,62,be,03,96,1a,\
d8,c1,6d,46,47,15,b0,92,4b,c7,ef,d9,16,ac,9f,09,de ,3e,10,6a,9c,d6,61,af,45,\
84,18,24,24,66,20,54,a8,64,95,71,3b,04,66,8b,46,0d ,96,53,74,3b,62,5c,f2,f2,\
0e,43,3b,28,d7

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373F B-9CD8-4e47-B990-5A4466C16034}\InprocServer32*NULL*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e ,55,20,c9,26,72,55,db,2b,d5,\
81,4a,6e,7a,45,05,fd,91,e8,6f,31,33,8b,fc,2d,2c,02 ,5e,92,ff,7c,85,e0,43,d4,\
0e,fe,7e,fb,2d,c0,d2,48,98,70,25,da,ec,7e,55,20,c9 ,26,b9,db,c1,01,89,10,97,\
13,c1,f3,71,8b

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CC D-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*NULL*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0 ,57,5a,93,61,e3,94,c7,5a,50,\
76,ec,9a,6b,65,49,6a,7e,99,74,f7,eb,ad,03,a6,c9,f1 ,96,dd,86,8c,21,01,be,91,\
eb,e7,65,99,91,7a,34,5d,fb,fd,86,8c,21,01,be,91,eb ,e7,b1,e4,0f,96,9e,c7,10,\
8a,4f,94,d3,fc

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F 9-A916-4339-B91B-DED8E83632C0}\InprocServer32*NULL*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73 ,a8,13,5c,05,d6,4e,e0,00,d7,\
54,2c,ab,e9,02,6c,fa,fb,1d,47,57,22,ae,ff,b1,55,a2 ,6b,72,f5,1d,4d,73,a8,13,\
5c,05,6a,3a,a6,80,78,25,03,bd,cd,44,cd,b9,a6,33,6c ,cd,5d,1e,2f,57,c6,f4,e5,\
60,96,6f,73,a8

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E 8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*NULL*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:50,93,e5,ab ,ec,6a,4e,ab,5f,78,62,6a,37,\
46,07,b0,50,93,e5,ab,ec,6a,4e,ab,40,55,b3,a3,4f,58 ,21,20,df,20,58,62,78,6b,\
cf,c8,64,bf,90,e5,e0,4f,14,f3,50,93,e5,ab,ec,6a,4e ,ab,ec,fb,b9,ad,05,ba,02,\
5c,98,fc,0e,d4

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30 B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*NULL*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba ,b1,f8,68,02,ab,2f,0d,01,84,\
fd,bf,8f,97,20,4e,9a,c7,f1,35,ee,c0,e9,58,12,9f,a0 ,87,19,fb,a7,78,e6,12,2f,\
9a,ea,e3,0e,1d,a9,bf,f9,0f,fd,fb,a7,78,e6,12,2f,9a ,ea,da,71,03,66,c5,e0,06,\
fb,7d,a1,c2,5b

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654C A-EB84-4df9-915B-37E957082D6D}\InprocServer32*NULL*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b ,a0,85,96,ab,e1,3b,d8,96,19,\
0b,90,a4,aa,52,c6,00,84,3c,26,64,35,c7,ca,4b,81,f4 ,f0,fe,01,3a,48,fc,e8,04,\
4a,f1,fc,f1,91,44,d9,2b,5b,26,aa,52,c6,00,84,3c,26 ,64,14,72,c7,ef,49,e2,56,\
37,22,cf,fa,fd

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E 8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*NULL*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91 ,28,9e,14,cc,3e,b7,1f,09,33,\
fb,44,89,b2,46,9a,e2,1b,fe,1b,94,b6,45,95,4c,c8,f3 ,a9,f5,f6,0f,4e,58,98,5b,\
89,c9,df,79,0c,d5,f0,9b,f2,99,b2,46,9a,e2,1b,fe,1b ,94,1e,f1,2c,e8,9f,39,71,\
bf,a6,1b,f5,08

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE 5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*NULL*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a ,a8,c4,f8,b9,c0,5b,86,55,c6,\
a3,47,53,37,a4,aa,c3,a6,15,56,0a,ba,11,b9,96,d4,d7 ,a1,55,3d,ce,ea,26,2d,45,\
aa,78,09,5d,8a,06,59,2b,bf,71,37,a4,aa,c3,a6,15,56 ,0a,8d,e4,a8,f1,06,f6,4d,\
c4,f6,90,68,46

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02AD D-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*NULL*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:f8,31,0f,a9 ,5f,a0,ec,fb,a2,9e,18,3d,7d,\
06,b1,bf,f8,31,0f,a9,5f,a0,ec,fb,89,3f,67,e2,44,11 ,99,d8,2a,b7,cc,b5,b9,7f,\
41,e7,29,fb,e9,fa,3e,9f,8e,47,f8,31,0f,a9,5f,a0,ec ,fb,97,fc,6e,3e,25,49,e3,\
d0,25,05,a1,5c

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE 2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*NULL*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f ,d4,3b,6b,70,17,fd,6b,79,9c,\
c2,84,b7,05,73,21,dd,54,d8,4a,c5,f0,92,b5,01,99,12 ,f8,05,6c,43,2d,1e,aa,22,\
2f,9c,de,ed,a4,b8,d5,35,bb,7b,6c,43,2d,1e,aa,22,2f ,9c,2c,ea,1c,14,02,99,2b,\
2b,95,81,50,1e
.
--------------------- DLLs cargados bajo los procesos en ejecución ---------------------

- - - - - - - > 'winlogon.exe'(1224)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Otros procesos en ejecución ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Toshiba\ConfigFree\CFSvcs.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
c:\progra~1\COMMON~1\X10\Common\X10nets.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\rundll32.exe
c:\program files\Synaptics\SynTP\Toshiba.exe
c:\windows\system32\TPSBattM.exe
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
.
************************************************** ************************
.
Tiempo completado: 2009-01-06 22:27:53 - Reiniciando la máquina [Maria L]
ComboFix-quarantined-files.txt 2009-01-06 21:27:51

Pre-Run: 47.121.391.616 bytes free
Post-Run: 47,330,476,032 bytes libres

440 --- E O F --- 2008-12-13 02:04:27



HijackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:55:57, on 06/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Documents and Settings\Maria L\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.es/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.es/0SEESES/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: PDF de Adobe - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NVRotateSysTray] rundll32.exe C:\WINDOWS\system32\nvsysrot.dll,Enable
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Maria Levene\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O8 - Extra context menu item: Convertir a PDF de Adobe - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir a PDF existente - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir destino de vínculo a PDF existente - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir destino de vínculo en archivo PDF de Adobe - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir selección a archivo PDF existente - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir selección a PDF de Adobe - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir vínculos seleccionados a PDF de Adobe - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir vínculos seleccionados a PDF existente - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/spanish//kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by126w.bay126.mail.live.com/mail/resources/MsnPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {5F8A33E7-6A32-4EE0-887A-134C627CB052} (Easy Upload Tool Combo Control) - http://marysss.myphotoalbum.com/EasyUploadTool.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://navigatela.lacity.org/download/mgaxctrl.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Servicio Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Update Service (gupdate1c95326c76c74ea) (gupdate1c95326c76c74ea) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe
O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NMSAccessU - Unknown owner - C:\WINDOWS\system32\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Windows sharing object - Unknown owner - C:\WINDOWS\system32\winvercp.exe (file missing)
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 12194 bytes

Hola, ComboFix ya se encargo de eliminar los archivos de malwares encontrados en tu PC, por lo que tendrías que comentarnos como esta funcionado todo luego de reiniciar ?

Salu2

Parece que todo funciona correctamente, muchas gracias!

Hola,

Para terminar solo te quedaría desinstalar CF de la siguiente manera:

• Ir a Inicio > Ejecutar
• Escribir lo siguiente: ComboFix /u como muestra la imagen debajo:
  
  
  • 
• Esto activara el desinstalador de ComboFix abriendo su pantalla principal y luego de unos segundos veras ("ComboFix is uninstalled")

Salu2