Foro de InfoSpyware - Foro de Hijackthis - Foro de Virus

hola pues asi es ya trate de todo pero no se deja elimar un troyano segun avira
Pues cuando brinca la alerta de avira le doy a aliminar y vuelve a aparecer =(

lo e intentado con malwarebytes y nada tambien tengo otro llamado Trojan remover pero ese ya no me deja abrirlo solo en la cuenta de administrador y en modo seguro

cada Antivrs me dice algo diferente el Trojan remover siempre inicia con un escaneo rapido y detecta algo en ctfmon pero me dice algo de permisos algo asi como que no tiene los permisos para moverlo

El avira me detecto una carpeta zip en
C:\Documents and Settings\*******\Local Settings\Temporary Internet Files
llamada 2z.zip imposible de eliminar y tambn acada rato se me aparece una ventana que dice que el proceso se a cerrado este se llamada avxpsd.exe ya lo renombre y dejo de aparecer la ventana me imagino ke este es el troyano

Si necitan mas informacion me decid ok gracis byebye
O si tambn aparace algo de que el hosts tiene algo y el trojan remover me dice algo de darle reset a ese archivo pero al siguiente reinicio no pasa nada y aparece lo mismo =(

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:23:01 p.m., on 26/10/2009
Platform: Windows XP SP3, v.5657 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\PROGRA~1\TEXTAL~1\TAForIE.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKLM\..\RunOnce: [Trojan Remover] "C:\Program Files\Trojan Remover\RMVTRJAN.EXE" /restart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Servicio de red')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: No-IP DUC.lnk = C:\Program Files\No-IP\DUC20.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: No-IP DUC.lnk = C:\Program Files\No-IP\DUC20.exe (User 'Default user')
O4 - Startup: No-IP DUC.lnk = C:\Program Files\No-IP\DUC20.exe
O8 - Extra context menu item: Descargar con IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Descargar con IDM el contenido de video FLV - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Descargar con IDM todos los enlaces - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Save YouTube Video - res://C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP4.htm
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Agregar entrada - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Agregar entrada en Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1255397593406
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1255397556343
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1224622532939&h=4f88e77893f8662e3fb864493 247f052/&filename=jinstall-6u7-windows-i586-jc.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AODService - Unknown owner - C:\Program Files\AMD\OverDrive\AODAssist.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Servicio Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe
O23 - Service: Droppix Service - Droppix - C:\Program Files\Common Files\Droppix\DxService.exe
O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 9025 bytes



AKI EL PRIMER REPORTE DESPUES PUDE ABRIR EL HIJACKTHIS EN MI CUENTA Y AKI SU REPORTE TAMBIEN

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:55:23 p.m., on 26/10/2009
Platform: Windows XP SP3, v.5657 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Trojan Remover\Trjscan.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\No-IP\DUC20.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\taskmgr.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\PROGRA~1\TEXTAL~1\TAForIE.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Servicio de red')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: No-IP DUC.lnk = C:\Program Files\No-IP\DUC20.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: No-IP DUC.lnk = C:\Program Files\No-IP\DUC20.exe (User 'Default user')
O4 - Startup: No-IP DUC.lnk = C:\Program Files\No-IP\DUC20.exe
O8 - Extra context menu item: Descargar con IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Descargar con IDM el contenido de video FLV - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Descargar con IDM todos los enlaces - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Save YouTube Video - res://C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP4.htm
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Agregar entrada - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Agregar entrada en Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1255397593406
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1255397556343
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1224622532939&h=4f88e77893f8662e3fb864493 247f052/&filename=jinstall-6u7-windows-i586-jc.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AODService - Unknown owner - C:\Program Files\AMD\OverDrive\AODAssist.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Servicio Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe
O23 - Service: Droppix Service - Droppix - C:\Program Files\Common Files\Droppix\DxService.exe
O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 10066 bytes

Hola ferxhito


Descarga lo siguiente:

º CCLEANER. Lo instalas según Su Manual

º MALWAREBYTE´S. Lo instalas y actualizas según su manual, PERO NO LO EJECUTES AUN
(si ya lo tienes, solo lo actualizas)

º ComboFix.exe y guárdalo en el escritorio.


Cierra todos los programas, ejecutas HijackThis , tildas las casillas de estas entradas y presionas "FIX Cheked"


O4 - HKLM\..\Run: [ctfmon.exe] ctfmon.exe



Ejecuta ComboFix.exe

• Desactiva temporalmente el Antivirus y/o Antispyware.
• Cierra todas las ventanas abiertas.
• Hacele doble clic al archivo ComboFix.exe y seguí las instrucciones.
• Cuando termine, generara un registro en C:\ComboFix.txt.
  • *Nota* Mientras CF este trabajando no mover el mouse ya que pararía su proceso.
  • *Nota* ComboFix puede reiniciar automáticamente el PC para completar el proceso de eliminación.

• Reinicia y pega el reporte de C:\ComboFix.txt en este mismo mensaje.

En tu próxima respuesta, debes poner lo siguiente:

º El reporte de malwarebyte´s, que se encuentra en su pestaña REGISTROS
º El reporte de ComboFix
º Un nuevo log de Hijackthis
º Como funciona tu pc ahora


Saludos

Ok pues ya regrese con mis resultados bueno empesemos con el hijackthis
este es antes de hacer lo de fixchek despues esas entradas desaparecieron

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:02:38 p.m., on 27/10/2009
Platform: Windows XP SP3, v.5657 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Trojan Remover\Trjscan.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\PROGRA~1\TEXTAL~1\TAForIE.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Servicio de red')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: No-IP DUC.lnk = C:\Program Files\No-IP\DUC20.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: No-IP DUC.lnk = C:\Program Files\No-IP\DUC20.exe (User 'Default user')
O4 - Startup: No-IP DUC.lnk = C:\Program Files\No-IP\DUC20.exe
O8 - Extra context menu item: Descargar con IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Descargar con IDM el contenido de video FLV - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Descargar con IDM todos los enlaces - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Save YouTube Video - res://C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP4.htm
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Agregar entrada - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Agregar entrada en Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1255397593406
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1255397556343
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1224622532939&h=4f88e77893f8662e3fb864493 247f052/&filename=jinstall-6u7-windows-i586-jc.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AODService - Unknown owner - C:\Program Files\AMD\OverDrive\AODAssist.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Servicio Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Droppix Service - Droppix - C:\Program Files\Common Files\Droppix\DxService.exe
O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 9804 bytes

DESPUES
vamos con el de malwarebytes


Malwarebytes' Anti-Malware 1.41
Versión de la Base de Datos: 3044
Windows 5.1.2600 Service Pack 3, v.5657

27/10/2009 10:11:28 p.m.
mbam-log-2009-10-27 (22-11-28).txt

Tipo de examen : Examen Completo (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|K:\|L:\|M:\|N:\|X :\|)
Objetos examinados: 362886
Tiempo transcurrido: 1 hour(s), 29 minute(s), 53 second(s)

Procesos en Memoria Infectados: 0
Módulos en Memoria Infectados: 0
Claves del Registro Infectadas: 0
Valores del Registro Infectados: 0
Elementos de Datos del Registro Infectados: 0
Carpetas Infectadas: 0
Ficheros Infectados: 9

Procesos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Módulos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Claves del Registro Infectadas:
(No se han detectado elementos maliciosos)

Valores del Registro Infectados:
(No se han detectado elementos maliciosos)

Elementos de Datos del Registro Infectados:
(No se han detectado elementos maliciosos)

Carpetas Infectadas:
(No se han detectado elementos maliciosos)

Ficheros Infectados:
C:\Documents and Settings\All Users\Documents\TumbaMSn\tumbamsn\tumbamsn.exe (Malware.NSPack) -> Quarantined and deleted successfully.
C:\Documents and Settings\mikser-kamel\My Documents\Nueva carpeta\lo siento\mi esplicaion lo siento.exe (Backdoor.Core) -> Quarantined and deleted successfully.
C:\Documents and Settings\mikser-kamel\My Documents\flashw810\SeTool2lite V1.11 by Hertyu\SeTool2lite V1.11 by Hertyu\setool2lt.exe (Malware.Packer.T) -> Quarantined and deleted successfully.
C:\Documents and Settings\mikser-kamel\My Documents\halo\Halo_Portable_By_www.guidobot.tk\Ha lo Custom Edition\kornman00v20_release.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
E:\PILib.dll (Backdoor.PoisonIvy) -> Quarantined and deleted successfully.
E:\re5\Internet_Download_Manager_v5.17\Internet.Do wnload.Manager.v5.17\Patch 5.xx (2008-12-06).exe (Trojan.Agent) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{B263AFD4-EB4A-401E-8C88-4F668DE251B8}\RP321\A0182186.dll (Backdoor.PoisonIvy) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{B263AFD4-EB4A-401E-8C88-4F668DE251B8}\RP322\A0182233.dll (Backdoor.PoisonIvy) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{B263AFD4-EB4A-401E-8C88-4F668DE251B8}\RP324\A0183407.dll (Backdoor.PoisonIvy) -> Quarantined and deleted successfully.

y por ultimo de Combofix

ComboFix 09-10-27.04 - mikser-kamel 27/10/2009 22:15.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.52.1033.18.1470.1006 [GMT -6:00]
Running from: c:\documents and settings\mikser-kamel\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Eset personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\mikser-kamel\Application Data\EurekaLog
c:\documents and settings\mikser-kamel\Application Data\EurekaLog\EurekaLog.ini
c:\documents and settings\mikser-kamel\Application Data\inst.exe
c:\windows\system32\ps2.bat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_OREANS32
-------\Legacy_TDSSSERV.SYS
-------\Service_AVPsys


((((((((((((((((((((((((( Files Created from 2009-09-28 to 2009-10-28 )))))))))))))))))))))))))))))))
.

2009-10-27 03:09 . 2009-10-27 03:09 67584 ----a-w- c:\windows\system32\avrdsa.exe.vir
2009-10-27 03:07 . 2009-10-27 03:07 -------- d-----w- c:\documents and settings\Administrator\Application Data\Simply Super Software
2009-10-25 01:58 . 2009-10-25 01:58 72520 ---ha-w- c:\windows\system32\mlfcache.dat
2009-10-25 01:21 . 2009-05-18 19:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-10-25 01:21 . 2008-04-17 18:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-10-25 01:20 . 2009-10-25 01:20 -------- d-----w- c:\program files\iPod
2009-10-25 01:20 . 2009-10-25 01:21 -------- d-----w- c:\program files\iTunes
2009-10-25 01:20 . 2009-10-25 01:21 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-25 01:19 . 2009-10-25 01:19 -------- d-----w- c:\program files\Bonjour
2009-10-25 01:19 . 2009-10-25 01:19 -------- d-----w- c:\program files\QuickTime
2009-10-25 01:17 . 2009-10-25 01:17 -------- d-----w- c:\documents and settings\mikser-kamel\Local Settings\Application Data\Apple
2009-10-25 01:17 . 2009-10-25 01:17 -------- d-----w- c:\program files\Apple Software Update
2009-10-25 01:17 . 2009-10-25 01:20 -------- d-----w- c:\program files\Common Files\Apple
2009-10-25 01:17 . 2009-10-25 01:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-10-23 03:46 . 2009-10-23 03:46 -------- d-----w- C:\Intel
2009-10-23 03:30 . 2009-10-23 03:46 -------- d-----w- c:\documents and settings\mikser-kamel\Application Data\Download Manager
2009-10-14 23:58 . 2009-10-14 23:58 41872 ----a-w- c:\windows\system32\xfcodec.dll
2009-10-14 00:34 . 2009-10-14 02:13 -------- d-----w- c:\program files\THE GODFATHER
2009-10-13 08:50 . 2009-10-13 08:51 16759 ----a-w- c:\windows\War3Unin.dat
2009-10-13 08:50 . 2009-10-13 08:50 2829 ----a-w- c:\windows\War3Unin.pif
2009-10-13 08:50 . 2009-10-13 08:50 126976 ----a-w- c:\windows\War3Unin.exe
2009-10-13 08:49 . 2009-10-26 01:13 -------- d-----w- c:\program files\Warcraft III
2009-10-13 04:24 . 2009-10-13 04:24 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
2009-10-13 04:18 . 2009-10-13 09:10 278672 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-10-13 02:50 . 2009-10-13 02:50 0 ----a-w- c:\windows\ativpsrm.bin
2009-10-13 01:51 . 2009-10-13 01:51 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-10-13 01:49 . 2009-07-03 17:09 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-10-13 01:49 . 2009-07-03 17:09 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-10-13 01:46 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-10-13 01:45 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-10-12 04:30 . 2009-09-04 22:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2009-10-12 04:30 . 2009-09-04 22:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2009-10-12 04:30 . 2009-09-04 22:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2009-10-12 04:30 . 2009-09-04 22:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2009-10-12 04:30 . 2009-09-04 22:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-10-12 04:30 . 2009-09-04 22:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2009-10-12 04:30 . 2009-09-04 22:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2009-10-12 03:51 . 2009-10-13 04:20 -------- d-----w- c:\windows\system32\XPSViewer
2009-10-12 03:50 . 2009-10-12 03:50 -------- d-----w- c:\program files\Reference Assemblies
2009-10-12 03:50 . 2006-06-29 18:07 14048 ------w- c:\windows\system32\spmsg2.dll
2009-10-03 02:49 . 2009-09-10 01:15 91856 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2009-10-03 02:48 . 2009-10-03 02:48 -------- d-----w- c:\program files\Sun
2009-10-02 01:46 . 2009-10-02 01:46 -------- d-----w- c:\documents and settings\Administrator\Application Data\.clamwin
2009-10-02 01:46 . 2009-10-02 01:46 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-09-29 19:18 . 2009-09-29 19:27 -------- d-----w- c:\documents and settings\mikser-kamel\Application Data\IcoFX
2009-09-29 19:18 . 2009-09-29 19:18 -------- d-----w- c:\program files\IcoFX 1.6
2009-09-28 09:04 . 2009-09-28 09:04 -------- d-----w- c:\documents and settings\mikser-kamel\Local Settings\Application Data\Bump Technologies, Inc
2009-09-28 09:02 . 2009-09-28 09:02 -------- d-----w- c:\documents and settings\mikser-kamel\Application Data\Bump Technologies, Inc
2009-09-28 09:01 . 2009-09-29 01:03 -------- d-----w- c:\program files\BumpTop

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-10-28 04:24 . 2009-09-13 06:59 -------- d-----w- c:\documents and settings\mikser-kamel\Application Data\DMCache
2009-10-28 01:17 . 2009-03-25 05:00 -------- d-----w- c:\program files\CCleaner
2009-10-27 11:58 . 2009-07-12 09:22 -------- d-----w- c:\documents and settings\mikser-kamel\Application Data\Vso
2009-10-27 09:23 . 2008-10-12 02:15 -------- d-----w- c:\documents and settings\mikser-kamel\Application Data\Xfire
2009-10-27 04:40 . 2009-09-22 03:07 -------- d-----w- c:\program files\Trojan Remover
2009-10-27 03:07 . 2008-11-04 09:25 129632 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-27 03:07 . 2008-12-20 20:55 -------- d-----w- c:\documents and settings\Administrator\Application Data\ATI
2009-10-25 08:39 . 2009-03-14 10:55 -------- d-----w- c:\documents and settings\mikser-kamel\Application Data\MyPhoneExplorer
2009-10-25 01:56 . 2008-10-31 07:48 -------- d-----w- c:\documents and settings\mikser-kamel\Application Data\Apple Computer
2009-10-25 01:20 . 2008-10-24 07:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-10-22 19:11 . 2008-10-12 02:15 -------- d-----w- c:\program files\Xfire
2009-10-22 07:41 . 2008-10-12 21:35 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-21 22:36 . 2008-12-06 07:29 -------- d-----w- c:\program files\TextAloud
2009-10-18 07:05 . 2008-10-23 22:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-10-18 05:28 . 2008-10-13 00:02 -------- d-----w- c:\program files\StuffPlug3
2009-10-15 06:57 . 2008-10-12 19:05 129632 ----a-w- c:\documents and settings\mikser-kamel\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-15 04:21 . 2009-05-05 07:45 -------- d-----w- c:\program files\CAPCOM
2009-10-13 08:37 . 2009-09-13 06:59 -------- d-----w- c:\documents and settings\mikser-kamel\Application Data\IDM
2009-10-13 04:24 . 2008-11-13 20:55 -------- d-----w- c:\documents and settings\mikser-kamel\Application Data\ATI
2009-10-13 04:08 . 2008-10-23 23:04 -------- d-----w- c:\program files\MSBuild
2009-10-13 03:11 . 2008-11-04 09:52 -------- d-----w- c:\program files\ATI Technologies
2009-10-13 03:09 . 2008-10-12 01:44 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-13 02:50 . 2009-07-30 11:25 -------- d-----w- c:\program files\Microsoft Silverlight
2009-10-11 10:54 . 2009-09-13 06:59 -------- d-----w- c:\program files\Internet Download Manager
2009-10-11 02:31 . 2009-07-12 09:22 -------- d-----w- c:\program files\VSO
2009-10-09 04:41 . 2008-12-19 05:54 -------- d-----w- c:\documents and settings\mikser-kamel\Application Data\Thinstall
2009-10-09 04:31 . 2009-09-22 03:26 3350 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-10-09 04:31 . 2009-09-22 03:44 56 --sh--r- c:\windows\system32\C665E7FD7D.sys
2009-10-02 20:23 . 2008-10-21 22:00 -------- d-----w- c:\documents and settings\mikser-kamel\Application Data\DAEMON Tools
2009-10-01 20:39 . 2009-06-15 07:46 -------- d-----w- c:\program files\AV VCS 3.0
2009-09-29 05:00 . 2009-03-25 05:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-29 01:05 . 2009-08-15 10:54 -------- d-----w- c:\documents and settings\mikser-kamel\Application Data\NetStat Agent
2009-09-28 07:12 . 2009-04-01 08:28 2328832 ----a-w- c:\windows\system32\TUKernel.exe
2009-09-28 03:30 . 2009-09-28 03:30 458 ----a-w- C:\heavy.bat
2009-09-28 03:28 . 2009-09-28 03:27 46 ----a-w- C:\haloloop.bat
2009-09-27 00:33 . 2009-04-18 05:02 -------- d-----w- c:\documents and settings\mikser-kamel\Application Data\Winamp
2009-09-22 03:36 . 2009-09-22 03:36 -------- d-----w- c:\documents and settings\mikser-kamel\Application Data\Corel
2009-09-22 03:07 . 2009-09-22 03:07 -------- d-----w- c:\documents and settings\mikser-kamel\Application Data\Simply Super Software
2009-09-22 03:07 . 2009-09-22 03:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2009-09-17 06:34 . 2009-03-23 08:04 -------- d-----w- c:\documents and settings\mikser-kamel\Application Data\FileZilla
2009-09-13 06:52 . 2009-09-13 06:52 -------- d-----w- c:\program files\Common Files\SourceTec
2009-09-13 06:52 . 2009-09-13 06:52 -------- d-----w- c:\program files\SourceTec
2009-09-12 04:52 . 2009-09-12 04:50 -------- d-----w- c:\program files\Sony Setup
2009-09-12 04:51 . 2009-09-12 04:51 -------- d-----w- c:\program files\Vstplugins
2009-09-12 04:51 . 2009-09-12 04:51 -------- d-----w- c:\program files\Sony
2009-09-12 00:33 . 2009-03-11 10:46 -------- d-----w- c:\documents and settings\mikser-kamel\Application Data\Sony
2009-09-10 19:54 . 2009-03-25 05:01 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 19:53 . 2009-03-25 05:01 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-10 07:52 . 2009-09-10 07:52 -------- d-----w- c:\program files\InstallShield
2009-09-10 07:48 . 2009-09-10 07:48 -------- d-----w- c:\program files\Publicación en Web
2009-09-10 01:15 . 2009-07-10 07:05 41424 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2009-09-10 01:15 . 2009-07-10 07:05 115856 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2009-09-10 01:15 . 2009-09-10 01:15 133648 ----a-w- c:\windows\system32\VBoxNetFltNotify.dll
2009-09-10 01:15 . 2009-09-10 01:15 100368 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2009-09-09 06:01 . 2009-09-09 06:01 1496576 ---h--w- c:\windows\system32\wodfamop.dll
2009-09-09 06:01 . 2009-09-09 06:01 -------- d-----w- c:\program files\Abrosoft
2009-09-04 22:44 . 2009-10-12 03:59 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-09-03 07:19 . 2009-09-03 07:19 -------- d-----w- c:\documents and settings\mikser-kamel\Application Data\ImgBurn
2009-09-03 07:18 . 2009-09-03 07:18 -------- d-----w- c:\program files\ImgBurn
2009-09-01 23:15 . 2008-11-05 07:36 -------- d-----w- c:\program files\Opera
2009-08-23 03:10 . 2009-07-12 06:29 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-06 10:22 . 2009-08-06 10:22 413756 ----a-w- c:\windows\system32\dijpg.dll
2009-08-05 09:01 . 2007-10-30 22:31 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-31 09:57 . 2009-07-31 09:57 13305 ----a-w- c:\windows\unins004.dat
2009-07-31 09:57 . 2009-07-31 09:57 687635 ----a-w- c:\windows\unins004.exe
2009-07-31 09:56 . 2009-07-31 09:56 17020 ----a-w- c:\windows\unins003.dat
2009-07-31 09:56 . 2009-07-31 09:56 687635 ----a-w- c:\windows\unins003.exe
2009-07-31 09:56 . 2009-07-31 09:56 27047 ----a-w- c:\windows\unins002.dat
2009-07-31 09:56 . 2009-07-31 09:56 687635 ----a-w- c:\windows\unins002.exe
2009-07-31 09:54 . 2009-07-31 09:54 17918 ----a-w- c:\windows\unins001.dat
2009-07-31 09:54 . 2009-07-31 09:54 687635 ----a-w- c:\windows\unins001.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ares"="c:\program files\Ares\Ares.exe" [2009-03-13 3231744]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-10-11 2799024]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2007-10-30 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-14 344064]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2009-08-04 1068424]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-03-20 213936]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-21 61440]
"SMSERIAL"="sm56hlpr.exe" - c:\windows\sm56hlpr.exe [2005-01-24 544768]
"AlcxMonitor"="ALCXMNTR.EXE" - c:\windows\Alcxmntr.exe [2004-09-07 57344]

c:\documents and settings\mikser-kamel\Start Menu\Programs\Startup\
No-IP DUC.lnk - c:\program files\No-IP\DUC20.exe [2009-4-21 1172992]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\documents and settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, credssp.dll, msnsspc.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"usnjsvc"=3 (0x3)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"Imapi Helper"=3 (0x3)
"Ati HotKey Poller"=2 (0x2)
"AresChatServer"=3 (0x3)
"mi-raysat_3dsmax8"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"WLSetupSvc"=3 (0x3)
"TuneUp.Defrag"=3 (0x3)
"Autodesk Licensing Service"=2 (0x2)
"fsrt"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"x:\\make2\\troyanos\\Spy-Net [RAT] v1.8\\spynet.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\Microsoft Games\\Halo Custom Edition\\haloce.exe"=
"c:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe"=
"c:\\Documents and Settings\\mikser-kamel\\My Documents\\y\\burlar_rapidshare_megaupload\\CryptL oad.v1.1.4.Multilenguaje\\CryptLoad.v1.1.4.Multila nguage\\RouterClient.exe"=
"c:\\Documents and Settings\\mikser-kamel\\My Documents\\Project_USB\\portables\\messenger portable.exe"=
"c:\\Program Files\\Microsoft Games\\Halo\\halo.exe"=
"c:\\Documents and Settings\\mikser-kamel\\My Documents\\y\\burlar_rapidshare_megaupload\\CryptL oad.v1.1.4.Multilenguaje\\CryptLoad.v1.1.4.Multila nguage\\CryptLoad.exe"=
"c:\\Program Files\\Microsoft Games\\Halo Server\\haloded.exe"=
"c:\\Program Files\\Java\\jre1.6.0_07\\bin\\java.exe"=
"c:\\Program Files\\Microsoft Games\\Halo Custom Edition\\haloceded.exe"=
"x:\\make2\\troyanos\\Spy-Net [RAT] v1.8\\Spy-Net _RAT_ v2.4\\SpyNet.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Java\\jre1.6.0_07\\bin\\javaw.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr .exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\MultiScan\\Tools\\wget.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"2313:UDP"= 2313:UDP:Halo CE Client Port 2313
"2312:UDP"= 2312:UDP:Nombre: Halo CE Server Port 2312
"2305:UDP"= 2305:UDP:halo ce port
"2308:TCP"= 2308:TCP:puerto halo 1
"2305:TCP"= 2305:TCP:puerto 2 de halo
"8080:TCP"= 8080:TCP:puerto

R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [10/07/2009 01:05 a.m. 115856]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [10/07/2009 01:05 a.m. 41424]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12/07/2009 12:29 a.m. 108289]
R2 Vcs;Vcs support;c:\windows\system32\drivers\Vcs.sys [15/06/2009 01:46 a.m. 6852]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio. sys [15/05/2008 01:47 p.m. 21920]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [09/09/2009 07:15 p.m. 100368]
S2 AODService;AODService;c:\program files\AMD\OverDrive\AODAssist.exe [05/05/2009 04:45 a.m. 124256]
S3 Droppix Service;Droppix Service;c:\program files\Common Files\Droppix\DxService.exe [31/07/2009 03:47 a.m. 151552]
S3 FGCWL;FGCWL; [x]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [21/03/2009 06:58 p.m. 13352]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [06/05/2009 02:05 a.m. 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [06/05/2009 02:05 a.m. 8320]
S3 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [15/03/2009 02:13 p.m. 34064]
S3 PRODIGY;PRODIGY;c:\windows\system32\drivers\prodig y.sys [21/05/2009 01:32 a.m. 32377]
S3 s916bus;Sony Ericsson Device 916 driver (WDM);c:\windows\system32\drivers\s916bus.sys [02/11/2007 09:47 a.m. 83496]
S3 s916mdfl;Sony Ericsson Device 916 USB WMC Modem Filter;c:\windows\system32\drivers\s916mdfl.sys [02/11/2007 09:47 a.m. 15016]
S3 s916mdm;Sony Ericsson Device 916 USB WMC Modem Driver;c:\windows\system32\drivers\s916mdm.sys [02/11/2007 09:47 a.m. 109992]
S3 s916mgmt;Sony Ericsson Device 916 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s916mgmt.sys [08/05/2009 03:37 a.m. 103976]
S3 s916obex;Sony Ericsson Device 916 USB WMC OBEX Interface;c:\windows\system32\drivers\s916obex.sys [08/05/2009 03:37 a.m. 100008]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [02/10/2009 08:49 p.m. 91856]
S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\w300mgmt.sys [21/03/2009 07:02 p.m. 87824]
S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;c:\windows\system32\drivers\w300obex.sys [21/03/2009 07:02 p.m. 85696]

--- Other Services/Drivers In Memory ---

*Deregistered* - mbr

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-10-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-10-16 c:\windows\Tasks\Mantenimiento con 1 clic.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2008-02-04 22:05]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.mx/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: Descargar con IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Descargar con IDM el contenido de video FLV - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Descargar con IDM todos los enlaces - c:\program files\Internet Download Manager\IEGetAll.htm
IE: E&xportar a Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Save YouTube Video - c:\program files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP4.htm
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
FF - ProfilePath - c:\documents and settings\mikser-kamel\Application Data\Mozilla\Firefox\Profiles\vrwtjkz7.default\
FF - component: c:\documents and settings\mikser-kamel\Application Data\Mozilla\Firefox\Profiles\vrwtjkz7.default\ext ensions\mozilla_cc@internetdownloadmanager.com\com ponents\idmmzcc.dll
FF - component: c:\program files\Common Files\DVDVideoSoft\Dll\FFContextMenuY\components\F FContextMenu.dll
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Opera\program\plugins\NPDocBox.dll
FF - plugin: c:\program files\Opera\program\plugins\nppdf32.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll

---- FIREFOX POLICIES ----
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
FF - user.js: network.proxy.http_port - 0
FF - user.js: network.proxy.ssl -
FF - user.js: network.proxy.ssl_port - 0
FF - user.js: network.proxy.ftp -
FF - user.js: network.proxy.ftp_port - 0
FF - user.js: network.proxy.gopher -
FF - user.js: network.proxy.gopher_port - 0
FF - user.js: network.proxy.socks_version - 5
FF - user.js: network.proxy.socks -
FF - user.js: network.proxy.socks_port - 0
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-27 22:23
Windows 5.1.2600 Service Pack 3, v.5657 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: error reading MBR
called modules: TUKERNEL.EXE CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A2191F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x8a2191f8
Warning: possible MBR rootkit infection !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.

************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED6077 9-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):f7,63,f0,91,63,15,83,89,85,84,ed,2 b,04,a0,82,8e,c7,c0,f4,1d,89,
1e,b5,5b,45,c6,07,8a,aa,39,fd,f1,0a,82,b1,a6,17,a1 ,c3,bb,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{c70545d 3-5244-4cf2-aeb7-9eb47b3bc59a}]
@Denied: (Full) (Everyone)
"Model"=dword:0000011b
"Therad"=dword:0000001d
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(676)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2216)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a 1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_spa.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\wscntfy.exe
c:\combofix\CF9795.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\Internet Download Manager\IEMonitor.exe
c:\windows\system32\mdm.exe
c:\combofix\PEV.cfxxe
.
************************************************** ************************
.
Completion time: 2009-10-28 22:29 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-28 04:28

Pre-Run: 11,903,557,632 bytes free
Post-Run: 11,868,930,048 bytes libres

- - End Of File - - F1B2E4CBA2FE18FA39CA6C89BE2C5FE4



Pues mira la verdad muchisisisimas Gracias por tu tiempo para contestarme y sobretodo por la rapidez man muchas Gracias y en cuanto ami maquina
Ya no aparece la ventanda de que se produjo un error con aquel archivo supongo que se fue o eso espero

Pero aqui estedes son los expertos asi que mejor no canto victoria asta saber el resultado final si ya estan limpios mis registros

Muchas gracias Leosolari por tu atencion gente como tu merecen respeto byep

Hola de nuevo

Desinstala CF de esta manera:

• Ve a Inicio > Ejecutar
• Escribe lo siguiente: ComboFix /u como muestra la imagen debajo:
  
  o
• Esto activara el desinstalador de ComboFix abriendo su pantalla principal y luego de unos segundos veras ("ComboFix is uninstalled")

Esto realizara las siguientes tareas:

• Se borraran:
  • ComboFix: sus archivos y carpetas.
  • VundoFix: copias de seguridad (si está presente)
  • La carpeta C:\Deckard (si está presente)
  • La carpeta C: _OtMoveIt (si está presente)
• Restablece la configuración del reloj.
• Ocultar extensiones de archivo (si es necesario.)
• Oculta los archivos que estaban ocultos
• Reactiva el "Restaurar Sistema"

Nos comentas como va el ordenador ahora.

Saludos

Pues respecto alas ventanas de error ya no aparecen, Pero yo siento que no esta trabajando como deveria de.. porque yo suelo jugar mucho y en mis juegos se me traba un poco y ay algo raro que cuando minimizo el juego y le doya clik derecho sobre la barra del juego no me aparece el indicador (Flecha) te dejo unas capturas
Esto se me hace curioso porque lo mismo me paso cuando me infecte por un troyano bifrost en las demas barras si aparecia la flecha pero en el juego noo esta raro tu me diras ...







Bueno en las capturas no me salio bien pero menciono esto porque esactamente me paso la vez que me infecte con bifrost y tambien los juegos se me hacian lentos

PD: ya desinstale el CF

Hola



Para Mejorar el Rendimiento de tu pc, por favor, sigue estos pasos:


Haz un Scandisk a tu disco duro


Descarga ARGENTE REGITRY CLEANER

Actualiza Actualiza JAVA


Descarga ADVANCED SYSTEMCARE 3 . Lo instalas y ejecutas de esta manera:

A.- Presiona el botón LIMPIEZA WINDOWS y luego ESCANEAR. Cuando termine, presionas el botón REPARAR.

B.- Presiona el botón PREVENCION Y MEJORA y luego ESCANEAR. Cuando termine, presionas el botón REPARAR.

C.- Presiona el botón UTILIDADES y alli utilizas el LIMPIADOR DE DISCO y el DESFRAGMENTADOR DE REGISTRO-


DESFRAGMENTA el/los discos duros....con DEFRAGGLER




Reinicias el ordenador y luego Nos comentas... Saludos

Perdon por contestar asta apenas pero habia yo tenido unos problemas de internet jeje no tenia

Bueno pues sii ise loke me dijiste y siii yaa esta mas rapida la pc muchas gracias tambn elmine mushos archivos y programas pero algunos progrmas no se elmininan completamente alguna sugerencia ?

Bueno sino pues muchisisisimas graicias de verdad gracias ya estaba desesperado con ese virus y pues gracias a ustedes alfin pude sacarlo

Muchas graciassssssssssssssssssssssssssssssss Leosolari

Por cualquier otro problema, no dudes en volver a postear. Te dejo saludos.

Tema Solucionado

PD: si deseas REABRIR ESTE TEMA, presiona y tu consulta será atendida.