Malwarebytes' Anti-Malware 1.44
Versión de la Base de Datos: 3811
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
02/03/2010 5:21:51
mbam-log-2010-03-02 (05-21-51).txt
Tipo de examen : Examen Completo (C:\|)
Objetos examinados: 287661
Tiempo transcurrido: 1 hour(s), 4 minute(s), 54 second(s)
Procesos en Memoria Infectados: 2
Módulos en Memoria Infectados: 1
Claves del Registro Infectadas: 64
Valores del Registro Infectados: 4
Elementos de Datos del Registro Infectados: 0
Carpetas Infectadas: 32
Ficheros Infectados: 108
Procesos en Memoria Infectados:
C:\Documents and Settings\All Users\Datos de programa\QuestService\questservice139.exe (Adware.DoubleD) -> Unloaded process successfully.
C:\Archivos de programa\QuestService\questservice.exe (Adware.DoubleD) -> Unloaded process successfully.
Módulos en Memoria Infectados:
C:\Archivos de programa\QuestService\questservice.dll (Adware.DoubleD) -> Delete on reboot.
Claves del Registro Infectadas:
HKEY_CLASSES_ROOT\explorerbar.cmw (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{f5b8c69c-9b45-4a6a-9380-df225c546ae7} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{629cd6c2-e4c5-4554-aeb8-12e4e2cd40ff} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b72681c0-a222-4b21-a0e2-53a5a5ca3d41} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b72681c0-a222-4b21-a0e2-53a5a5ca3d41} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{b72681c0-a222-4b21-a0e2-53a5a5ca3d41} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b72681c0-a222-4b21-a0e2-53a5a5ca3d41} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.cmw.1 (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.funexplorer (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{ac5ab953-ed25-4f9c-87f0-b086b0178ffa} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6160f76a-1992-4b17-a32d-0c706d159105} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{42c7c39f-3128-4a17-bdb7-91c46032b5b9} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{42c7c39f-3128-4a17-bdb7-91c46032b5b9} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{42c7c39f-3128-4a17-bdb7-91c46032b5b9} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{42c7c39f-3128-4a17-bdb7-91c46032b5b9} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.funexplorer.1 (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.funredirector (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{883dfc00-8a21-411d-956c-73a4e4b7d16f} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{480098c6-f6ad-4c61-9b5c-2bae228a34d1} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{eb4a577d-bcad-4b1c-8af2-9a74b8dd3431} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{eb4a577d-bcad-4b1c-8af2-9a74b8dd3431} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{eb4a577d-bcad-4b1c-8af2-9a74b8dd3431} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{eb4a577d-bcad-4b1c-8af2-9a74b8dd3431} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.funredirector.1 (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.tcp (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{2a743834-05f4-4ed4-8a1c-41332b10ac0c} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1081d532-7de4-40bd-b912-388fa6b27c78} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cac89ff9-34a9-4431-8cfe-292a47f843bc} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Explorer\Bars\{cac89ff9-34a9-4431-8cfe-292a47f843bc} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cac89ff9-34a9-4431-8cfe-292a47f843bc} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{cac89ff9-34a9-4431-8cfe-292a47f843bc} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cac89ff9-34a9-4431-8cfe-292a47f843bc} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.tcp.1 (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1d74e9dd-8987-448b-b2cb-67fff2b8a932} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{565dd573-549e-4da9-8cd7-6ae3df25339a} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{877f3eab-4462-44df-8475-6064eafd7fbf} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d74e9dd-8987-448b-b2cb-67fff2b8a932} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1d74e9dd-8987-448b-b2cb-67fff2b8a932} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1d74e9dd-8987-448b-b2cb-67fff2b8a932} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3de88beb-f271-484a-ba71-01d30f439f0c} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{50ad41d2-b1f0-47cc-9ea7-395355eaeebd} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8ceb185e-81a5-46d3-bc20-c555d605afbd} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a72522ba-9ff3-4c83-abc6-9b476728a396} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c5762628-ae15-4ca6-96c4-b00dd17f3419} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d062e03e-65ca-49e4-9b15-31938ba98922} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d45817b8-3ead-4d1d-8fca-ec63a8e35de2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Explorer\Bars\{b72681c0-a222-4b21-a0e2-53a5a5ca3d411} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d45817b8-3ead-4d1d-8fca-ec63a8e35de2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{d45817b8-3ead-4d1d-8fca-ec63a8e35de2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\questservice (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Web Search Operator (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\AppDataLow\SOFTWARE\Internet Today (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Automated Content Enhancer (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Customized Platform Advancer (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\QuestService (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Web Search Operator (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\QuestService Service (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Automated Content Enhancer (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Customized Platform Advancer (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Media Access Startup (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Media Access Startup (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Funband Serach (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Funband Serach (Adware.DoubleD) -> Quarantined and deleted successfully.
Valores del Registro Infectados:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{d45817b8-3ead-4d1d-8fca-ec63a8e35de2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{8141440e-08f0-4339-9959-5c31c6a69f23} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{e63605fc-d583-4c81-867f-9457bdb3ea1b} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{e889f097-b0be-471b-89ad-b86b6f04b506} (Adware.DoubleD) -> Quarantined and deleted successfully.
Elementos de Datos del Registro Infectados:
(No se han detectado elementos maliciosos)
Carpetas Infectadas:
C:\Archivos de programa\Internet Today (Adware.Agent) -> Quarantined and deleted successfully.
C:\Archivos de programa\Internet Today\1.1.0.1190 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Archivos de programa\Web Search Operator (Adware.Agent) -> Quarantined and deleted successfully.
C:\Archivos de programa\Web Search Operator\3.1.0.1840 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Archivos de programa\Web Search Operator\3.1.0.1840\Data (Adware.Agent) -> Quarantined and deleted successfully.
C:\Archivos de programa\Web Search Operator\3.1.0.1840\FF (Adware.Agent) -> Quarantined and deleted successfully.
C:\Archivos de programa\Web Search Operator\3.1.0.1840\FF\chrome (Adware.Agent) -> Quarantined and deleted successfully.
C:\Archivos de programa\Web Search Operator\3.1.0.1840\FF\chrome\content (Adware.Agent) -> Quarantined and deleted successfully.
C:\Archivos de programa\Web Search Operator\3.1.0.1840\FF\components (Adware.Agent) -> Quarantined and deleted successfully.
C:\Archivos de programa\Textual Content Provider (Adware.Agent) -> Quarantined and deleted successfully.
C:\Archivos de programa\Textual Content Provider\1.1.0.1610 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Archivos de programa\Textual Content Provider\1.1.0.1610\data (Adware.Agent) -> Quarantined and deleted successfully.
C:\Archivos de programa\Textual Content Provider\1.1.0.1610\for_anti_av (Adware.Agent) -> Quarantined and deleted successfully.
C:\Archivos de programa\Textual Content Provider\1.1.0.1610\for_anti_av\1.1.0.1610 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Archivos de programa\Automated Content Enhancer (Adware.Agent) -> Quarantined and deleted successfully.
C:\Archivos de programa\Automated Content Enhancer\4.1.0.5190 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Archivos de programa\Automated Content Enhancer\4.1.0.5190\Data (Adware.Agent) -> Quarantined and deleted successfully.
C:\Archivos de programa\Automated Content Enhancer\4.1.0.5190\FF (Adware.Agent) -> Quarantined and deleted successfully.
C:\Archivos de programa\Automated Content Enhancer\4.1.0.5190\FF\chrome (Adware.Agent) -> Quarantined and deleted successfully.
C:\Archivos de programa\Automated Content Enhancer\4.1.0.5190\FF\chrome\content (Adware.Agent) -> Quarantined and deleted successfully.
C:\Archivos de programa\Automated Content Enhancer\4.1.0.5190\FF\components (Adware.Agent) -> Quarantined and deleted successfully.
C:\Archivos de programa\Customized Platform Advancer (Adware.Agent) -> Quarantined and deleted successfully.
C:\Archivos de programa\Customized Platform Advancer\4.1.0.1800 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Archivos de programa\Customized Platform Advancer\4.1.0.1800\Data (Adware.Agent) -> Quarantined and deleted successfully.
C:\Archivos de programa\Customized Platform Advancer\4.1.0.1800\FF (Adware.Agent) -> Quarantined and deleted successfully.
C:\Archivos de programa\Customized Platform Advancer\4.1.0.1800\FF\chrome (Adware.Agent) -> Quarantined and deleted successfully.
C:\Archivos de programa\Customized Platform Advancer\4.1.0.1800\FF\chrome\content (Adware.Agent) -> Quarantined and deleted successfully.
C:\Archivos de programa\Customized Platform Advancer\4.1.0.1800\FF\components (Adware.Agent) -> Quarantined and deleted successfully.
C:\Archivos de programa\Content Management Wizard (Adware.Agent) -> Quarantined and deleted successfully.
C:\Archivos de programa\Content Management Wizard\1.1.0.1870 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Datos de programa\QuestService (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Archivos de programa\QuestService (Adware.DoubleD) -> Delete on reboot.
Ficheros Infectados:
C:\Archivos de programa\Content Management Wizard\1.1.0.1870\CMWIE.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Archivos de programa\Customized Platform Advancer\4.1.0.1800\CPAIEAddOn.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Archivos de programa\Web Search Operator\3.1.0.1840\WSO.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Archivos de programa\Textual Content Provider\1.1.0.1610\TCPIE.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Archivos de programa\Automated Content Enhancer\4.1.0.5190\ACEIEAddOn.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Archivos de programa\QuestService\uninstall.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Archivos de programa\Customized Platform Advancer\4.1.0.1800\CPAHelper.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Archivos de programa\Customized Platform Advancer\4.1.0.1800\CPApx.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Inex\Escritorio\Descargas\gameztar_installer.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D8ADEB98-E690-449F-A5D6-E0145EEF7B15}\RP213\A0092031.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D8ADEB98-E690-449F-A5D6-E0145EEF7B15}\RP213\A0092041.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D8ADEB98-E690-449F-A5D6-E0145EEF7B15}\RP213\A0092042.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D8ADEB98-E690-449F-A5D6-E0145EEF7B15}\RP213\A0092043.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D8ADEB98-E690-449F-A5D6-E0145EEF7B15}\RP213\A0092044.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D8ADEB98-E690-449F-A5D6-E0145EEF7B15}\RP213\A0092046.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D8ADEB98-E690-449F-A5D6-E0145EEF7B15}\RP213\A0092052.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D8ADEB98-E690-449F-A5D6-E0145EEF7B15}\RP213\A0092053.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D8ADEB98-E690-449F-A5D6-E0145EEF7B15}\RP213\A0092054.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D8ADEB98-E690-449F-A5D6-E0145EEF7B15}\RP213\A0092059.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D8ADEB98-E690-449F-A5D6-E0145EEF7B15}\RP213\A0092061.exe (Adware.ColorSoft) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D8ADEB98-E690-449F-A5D6-E0145EEF7B15}\RP213\A0092062.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D8ADEB98-E690-449F-A5D6-E0145EEF7B15}\RP213\A0092063.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D8ADEB98-E690-449F-A5D6-E0145EEF7B15}\RP213\A0092064.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D8ADEB98-E690-449F-A5D6-E0145EEF7B15}\RP213\A0092066.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D8ADEB98-E690-449F-A5D6-E0145EEF7B15}\RP220\A0093795.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D8ADEB98-E690-449F-A5D6-E0145EEF7B15}\RP223\A0095128.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D8ADEB98-E690-449F-A5D6-E0145EEF7B15}\RP223\A0095129.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D8ADEB98-E690-449F-A5D6-E0145EEF7B15}\RP223\A0095156.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D8ADEB98-E690-449F-A5D6-E0145EEF7B15}\RP223\A0095157.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D8ADEB98-E690-449F-A5D6-E0145EEF7B15}\RP234\A0097445.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D8ADEB98-E690-449F-A5D6-E0145EEF7B15}\RP234\A0097446.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D8ADEB98-E690-449F-A5D6-E0145EEF7B15}\RP234\A0097470.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D8ADEB98-E690-449F-A5D6-E0145EEF7B15}\RP241\A0098149.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D8ADEB98-E690-449F-A5D6-E0145EEF7B15}\RP245\A0103658.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D8ADEB98-E690-449F-A5D6-E0145EEF7B15}\RP198\A0086772.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D8ADEB98-E690-449F-A5D6-E0145EEF7B15}\RP199\A0086838.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D8ADEB98-E690-449F-A5D6-E0145EEF7B15}\RP199\A0086839.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D8ADEB98-E690-449F-A5D6-E0145EEF7B15}\RP221\A0093856.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Archivos de programa\Internet Today\1.1.0.1190\InternetToday.ico (Adware.Agent) -> Quarantined and deleted successfully.
C:\Archivos de programa\Internet Today\1.1.0.1190\InternetToday.skf (Adware.Agent) -> Quarantined and deleted successfully.
C:\Archivos de programa\Internet Today\1.1.0.1190\mfc80.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Archivos de programa\Internet Today\1.1.0.1190\Microsoft.VC80.MFC.manifest (Adware.Agent) -> Quarantined and deleted successfully.
C:\Archivos de programa\Internet Today\1.1.0.1190\PixelLogExe.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Archivos de programa\Internet Today\1.1.0.1190\SkinCrafterDll.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Archivos de programa\Internet Today\1.1.0.1190\unins000.dat (Adware.Agent) -> Quarantined and deleted successfully.
C:\Archivos de programa\Internet Today\1.1.0.1190\unins000.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Archivos de programa\Web Search Operator\3.1.0.1840\unins000.dat (Adware.Agent) -> Quarantined and deleted successfully.
C:\Archivos de programa\Web Search Operator\3.1.0.1840\unins000.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Archivos de programa\Web Search Operator\3.1.0.1840\WSOCommon.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Archivos de programa\Web Search Operator\3.1.0.1840\wsopx.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Archivos de programa\Web Search Operator\3.1.0.1840\Data\config.md (Adware.Agent) -> Quarantined and deleted successfully.
C:\Archivos de programa\Web Search Operator\3.1.0.1840\FF\chrome.manifest (Adware.Agent) -> Quarantined and deleted successfully.
C:\Archivos de programa\Web Search Operator\3.1.0.1840\FF\install.rdf (Adware.Agent) -> Quarantined and deleted successfully.
C:\Archivos de programa\Web Search Operator\3.1.0.1840\FF\chrome\WSOAddOn.jar (Adware.Agent) -> Quarantined and deleted successfully.
C:\Archivos de programa\Web Search Operator\3.1.0.1840\FF\chrome\content\WSOAddOn.js (Adware.Agent) -> Quarantined and deleted successfully.
C:\Archivos de programa\Web Search Operator\3.1.0.1840\FF\chrome\content\WSOAddOn.xul (Adware.Agent) -> Quarantined and deleted successfully.
C:\Archivos de programa\Web Search Operator\3.1.0.1840\FF\components\WSOFFAddOn.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Archivos de programa\Web Search Operator\3.1.0.1840\FF\components\WSOFFAddOn.xpt (Adware.Agent) -> Quarantined and deleted successfully.
C:\Archivos de programa\Web Search Operator\3.1.0.1840\FF\components\WSOFFHelperComponent.js (Adware.Agent) -> Quarantined and deleted successfully.
C:\Archivos de programa\Textual Content Provider\1.1.0.1610\tcppx.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Archivos de programa\Textual Content Provider\1.1.0.1610\unins000.dat (Adware.Agent) -> Quarantined and deleted successfully.
C:\Archivos de programa\Textual Content Provider\1.1.0.1610\unins000.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Archivos de programa\Textual Content Provider\1.1.0.1610\data\pxtmpdata.mx (Adware.Agent) -> Quarantined and deleted successfully.
C:\Archivos de programa\Textual Content Provider\1.1.0.1610\data\TP_Config.mx (Adware.Agent) -> Quarantined and deleted successfully.
C:\Archivos de programa\Textual Content Provider\1.1.0.1610\data\TP_Data.mx (Adware.Agent) -> Quarantined and deleted successfully.
C:\Archivos de programa\Textual Content Provider\1.1.0.1610\data\TP_DomainExcludeList.mx (Adware.Agent) -> Quarantined and deleted successfully.
C:\Archivos de programa\Textual Content Provider\1.1.0.1610\for_anti_av\1.1.0.1610\TCPIE.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Archivos de programa\Automated Content Enhancer\4.1.0.5190\ACECommon.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Archivos de programa\Automated Content Enhancer\4.1.0.5190\ACEIEAddOnSub.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Archivos de programa\Automated Content Enhancer\4.1.0.5190\ACEIEAddOnSubL.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Archivos de programa\Automated Content Enhancer\4.1.0.5190\acepx.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Archivos de programa\Automated Content Enhancer\4.1.0.5190\unins000.dat (Adware.Agent) -> Quarantined and deleted successfully.
C:\Archivos de programa\Automated Content Enhancer\4.1.0.5190\unins000.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Archivos de programa\Automated Content Enhancer\4.1.0.5190\Data\config.md (Adware.Agent) -> Quarantined and deleted successfully.
C:\Archivos de programa\Automated Content Enhancer\4.1.0.5190\FF\chrome.manifest (Adware.Agent) -> Quarantined and deleted successfully.
C:\Archivos de programa\Automated Content Enhancer\4.1.0.5190\FF\install.rdf (Adware.Agent) -> Quarantined and deleted successfully.
C:\Archivos de programa\Automated Content Enhancer\4.1.0.5190\FF\chrome\ACEAddOn.jar (Adware.Agent) -> Quarantined and deleted successfully.
C:\Archivos de programa\Automated Content Enhancer\4.1.0.5190\FF\chrome\content\ACEAddOn.js (Adware.Agent) -> Quarantined and deleted successfully.
C:\Archivos de programa\Automated Content Enhancer\4.1.0.5190\FF\chrome\content\ACEAddOn.xul (Adware.Agent) -> Quarantined and deleted successfully.
C:\Archivos de programa\Automated Content Enhancer\4.1.0.5190\FF\components\ACEFFAddOn.xpt (Adware.Agent) -> Quarantined and deleted successfully.
C:\Archivos de programa\Automated Content Enhancer\4.1.0.5190\FF\components\ACEFFHelperComponent.js (Adware.Agent) -> Quarantined and deleted successfully.
C:\Archivos de programa\Customized Platform Advancer\4.1.0.1800\CPACommon.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Archivos de programa\Customized Platform Advancer\4.1.0.1800\lri.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Archivos de programa\Customized Platform Advancer\4.1.0.1800\unins000.dat (Adware.Agent) -> Quarantined and deleted successfully.
C:\Archivos de programa\Customized Platform Advancer\4.1.0.1800\unins000.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Archivos de programa\Customized Platform Advancer\4.1.0.1800\Data\config.md (Adware.Agent) -> Quarantined and deleted successfully.
C:\Archivos de programa\Customized Platform Advancer\4.1.0.1800\FF\chrome.manifest (Adware.Agent) -> Quarantined and deleted successfully.
C:\Archivos de programa\Customized Platform Advancer\4.1.0.1800\FF\install.rdf (Adware.Agent) -> Quarantined and deleted successfully.
Muchas gracias lalo por la gran ayuda a todos!C:\Archivos de programa\Customized Platform Advancer\4.1.0.1800\FF\chrome\CPAAddOn.jar (Adware.Agent) -> Quarantined and deleted successfully.
C:\Archivos de programa\Customized Platform Advancer\4.1.0.1800\FF\chrome\content\CPAAddOn.js (Adware.Agent) -> Quarantined and deleted successfully.
C:\Archivos de programa\Customized Platform Advancer\4.1.0.1800\FF\chrome\content\CPAAddOn.xul (Adware.Agent) -> Quarantined and deleted successfully.
C:\Archivos de programa\Customized Platform Advancer\4.1.0.1800\FF\components\CPAFFAddOn.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Archivos de programa\Customized Platform Advancer\4.1.0.1800\FF\components\CPAFFAddOn.xpt (Adware.Agent) -> Quarantined and deleted successfully.
C:\Archivos de programa\Customized Platform Advancer\4.1.0.1800\FF\components\CPAFFHelperComponent.js (Adware.Agent) -> Quarantined and deleted successfully.
C:\Archivos de programa\Content Management Wizard\1.1.0.1870\cmwpx.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Archivos de programa\Content Management Wizard\1.1.0.1870\cmwsh.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Archivos de programa\Content Management Wizard\1.1.0.1870\config.mx (Adware.Agent) -> Quarantined and deleted successfully.
C:\Archivos de programa\Content Management Wizard\1.1.0.1870\data.mx (Adware.Agent) -> Quarantined and deleted successfully.
C:\Archivos de programa\Content Management Wizard\1.1.0.1870\exclude.mx (Adware.Agent) -> Quarantined and deleted successfully.
C:\Archivos de programa\Content Management Wizard\1.1.0.1870\MatchingData.zd5 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Archivos de programa\Content Management Wizard\1.1.0.1870\pxtmpdata.mx (Adware.Agent) -> Quarantined and deleted successfully.
C:\Archivos de programa\Content Management Wizard\1.1.0.1870\unins000.dat (Adware.Agent) -> Quarantined and deleted successfully.
C:\Archivos de programa\Content Management Wizard\1.1.0.1870\unins000.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Datos de programa\QuestService\questservice139.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Archivos de programa\QuestService\questservice.dll (Adware.DoubleD) -> Delete on reboot.
C:\Archivos de programa\QuestService\questservice.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Archivos de programa\Mozilla Firefox\searchPlugins\questservice139.xml (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Inex\Datos de programa\logs.dat (Bifrose.Trace) -> Quarantined and deleted successfully.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:30:26, on 02/03/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Archivos de programa\Analog Devices\Core\smax4pnp.exe
C:\Archivos de programa\Java\jre1.6.0_07\bin\jusched.exe
C:\Archivos de programa\Trend Micro\OfficeScan Client\pccntmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Archivos de programa\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Archivos de programa\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Archivos de programa\Dell\OpenManage\Client\Iap.exe
C:\Archivos de programa\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINDOWS\system32\r_server.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Archivos de programa\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
C:\Archivos de programa\Internet Explorer\IEXPLORE.EXE
C:\Archivos de programa\Java\jre1.6.0_07\bin\jucheck.exe
C:\Archivos de programa\Internet Explorer\IEXPLORE.EXE
C:\Archivos de programa\Trend Micro\BM\TMBMSRV.exe
C:\Archivos de programa\Microsoft Office\Office\EXCEL.EXE
C:\Archivos de programa\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Laptops, PCs, Desktop Computers, Monitors, Printers & PC Accessories | Dell United Kingdom
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Laptops, PCs, Desktop Computers, Monitors, Printers & PC Accessories | Dell United Kingdom
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Laptops, PCs, Desktop Computers, Monitors, Printers & PC Accessories | Dell United Kingdom
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = madnet:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 217.130.243.179;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Archivos de programa\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Archivos de programa\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Archivos de programa\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: AlxTB BHO - {F1FABE79-25FC-46de-8C5A-2C6DB9D64333} - C:\WINDOWS\system32\AlxTB1.dll (file missing)
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Archivos de programa\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Archivos de programa\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Archivos de programa\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [JobHisInit] C:\Archivos de programa\RMClient\JobHisInit.exe
O4 - HKLM\..\Run: [MplSetUp] C:\Archivos de programa\RMClient\MplSetUp.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Archivos de programa\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Archivos de programa\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Servicio de red')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acelerador de inicio de AutoCAD.lnk = C:\Archivos de programa\Archivos comunes\Autodesk Shared\acstart16.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Archivos de programa\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Inicio rápido de Adobe Reader.lnk = C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Archivos de programa\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Google Sidewiki... - res://C:\Archivos de programa\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O8 - Extra context menu item: Mail to a Friend... - Enlace eliminado
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - Enlace eliminado
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = grupomgo.es
O17 - HKLM\Software\..\Telephony: DomainName = grupomgo.es
O17 - HKLM\System\CCS\Services\Tcpip\..\{9336C0E3-AFAD-4BD0-9378-1211EB9B69D3}: NameServer = 172.16.0.1,172.16.0.2
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = grupomgo.es
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Archivos de programa\Archivos comunes\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Google Software Updater (gusvc) - Google - C:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Iap - Dell Inc - C:\Archivos de programa\Dell\OpenManage\Client\Iap.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Archivos de programa\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\r_server.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Archivos de programa\Trend Micro\OfficeScan Client\..\BM\TMBMSRV.exe
O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Archivos de programa\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: Cortafuegos de OfficeScanNT (TmPfw) - Trend Micro Inc. - C:\Archivos de programa\Trend Micro\OfficeScan Client\TmPfw.exe
O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Archivos de programa\Trend Micro\OfficeScan Client\TmProxy.exe
--
End of file - 8679 bytes
All processes killed
========== FILES ==========
File/Folder C:\WINDOWS\system32\spyne not found.
File/Folder C:\WINDOWS\system32\spynet\system.exe not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrador
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 37094453 bytes
->Flash cache emptied: 523 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4089 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 35,00 mb
OTM by OldTimer - Version 3.1.10.0 log created on 03022010_070614
Files moved on Reboot...
Registry entries deleted on Reboot...
Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 7:25:07, on 02/03/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Google\Update\1.2.183.17\GoogleCrashHandler.exe
C:\Archivos de programa\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Archivos de programa\DrWeb\spiderml.exe
C:\Archivos de programa\DrWeb\DRWEBSCD.EXE
C:\ARCHIV~1\DrWeb\spidernt.exe
C:\Archivos de programa\TaskSwitchXP\TaskSwitchXP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Archivos de programa\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\ARCHIV~1\DrWeb\SpiderNT.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Archivos de programa\TrendMicro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Enlace eliminado
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Enlace eliminado
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Enlace eliminado
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Enlace eliminado
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Enlace eliminado
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Archivos de programa\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Archivos de programa\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Archivos de programa\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [egui] "C:\Archivos de programa\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Archivos de programa\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Archivos de programa\Archivos comunes\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [sXe Injected] C:\Archivos de programa\sXe Injected\sXe Injected.exe
O4 - HKLM\..\Run: [SpIDerMail] "C:\Archivos de programa\DrWeb\spiderml.exe"
O4 - HKLM\..\Run: [DrWebScheduler] "C:\Archivos de programa\DrWeb\DRWEBSCD.EXE"
O4 - HKLM\..\Run: [SpIDerNT] C:\ARCHIV~1\DrWeb\spidernt.exe /agent
O4 - HKCU\..\Run: [TaskSwitchXP] C:\Archivos de programa\TaskSwitchXP\TaskSwitchXP.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Archivos de programa\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ares] "C:\Archivos de programa\Ares\Ares.exe" -h
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Servicio de red')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Servicio de red')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Archivos de programa\Archivos comunes\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Archivos de programa\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O9 - Extra 'Tools' menuitem: &Configuración de Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Archivos de programa\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Archivos de programa\Archivos comunes\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Archivos de programa\Archivos comunes\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O22 - SharedTaskScheduler: Precargador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Demonio de caché de las categorías de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Servicio del administrador de discos lógicos (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Archivos de programa\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Archivos de programa\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Registro de sucesos (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Archivos de programa\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Archivos de programa\Java\jre6\bin\jqs.exe
O23 - Service: Escritorio remoto compartido de NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Administrador de sesión de Ayuda de escritorio remoto (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Tarjeta inteligente (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: SpIDer Guard for Windows NT (spidernt) - Doctor Web, Ltd. - C:\ARCHIV~1\DrWeb\SpiderNT.exe
O23 - Service: Registros y alertas de rendimiento (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Instantáneas de volumen (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Adaptador de rendimiento de WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O24 - Desktop Component 0: (no name) - file:///C:/Windows/Temp/msohtml1/03/clip_image002.jpg
--
End of file - 8304 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:05:49, on 02/03/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\AppServ\Apache2.2\bin\httpd.exe
C:\Archivos de programa\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Archivos de programa\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\AppServ\Apache2.2\bin\httpd.exe
C:\AppServ\MySQL\bin\mysqld-nt.exe
C:\Archivos de programa\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Archivos de programa\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\ARCHIV~1\LAUNCH~1\LManager.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Archivos de programa\Vimicro Corporation\VMUVC\VMonitor.exe
C:\Archivos de programa\ESET\ESET NOD32 Antivirus\egui.exe
C:\Archivos de programa\TaskSwitchXP\TaskSwitchXP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Skype\Phone\Skype.exe
C:\Archivos de programa\Windows Live\Messenger\msnmsgr.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\System32\svchost.exe
C:\Windows\Temp\RtkBtMnt.exe
C:\Archivos de programa\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Archivos de programa\Windows Live\Contacts\wlcomm.exe
C:\Archivos de programa\Windows Live\Messenger\msnmsgr.exe
C:\Archivos de programa\Opera\opera.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Archivos de programa\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Archivos de programa\Megaupload\Mega Manager\MegaIEMn.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Archivos de programa\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Archivos de programa\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [LManager] C:\ARCHIV~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QT Lite\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [VMonitorVMUVC] "C:\Archivos de programa\Vimicro Corporation\VMUVC\VMonitor.exe" VMUVC
O4 - HKLM\..\Run: [egui] "C:\Archivos de programa\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [TaskSwitchXP] C:\Archivos de programa\TaskSwitchXP\TaskSwitchXP.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Archivos de programa\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Archivos de programa\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Servicio de red')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Servicio de red')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARCHIV~1\ARCHIV~1\Skype\SKYPE4~1.DLL
O23 - Service: Apache2.2 - Apache Software Foundation - C:\AppServ\Apache2.2\bin\httpd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Servicio Bonjour (Bonjour Service) - Apple Inc. - C:\Archivos de programa\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Archivos de programa\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Archivos de programa\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Archivos de programa\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Archivos de programa\iPod\bin\iPodService.exe
O23 - Service: mysql - Unknown owner - C:\AppServ\MySQL\bin\mysqld-nt.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Archivos de programa\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Archivos de programa\Spyware Doctor\pctsSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Archivos de programa\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Archivos de programa\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
--
End of file - 8430 bytes
Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 18:09:13, on 02/03/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\Google\Update\1.2.183.17\GoogleCrashHandler.exe
C:\Archivos de programa\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Archivos de programa\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Archivos de programa\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Archivos de programa\TaskSwitchXP\TaskSwitchXP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Archivos de programa\Mozilla Firefox\firefox.exe
C:\Archivos de programa\TrendMicro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Enlace eliminado
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Enlace eliminado
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Enlace eliminado
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Enlace eliminado
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Enlace eliminado
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Archivos de programa\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Archivos de programa\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Archivos de programa\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [egui] "C:\Archivos de programa\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Archivos de programa\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Archivos de programa\Archivos comunes\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [sXe Injected] C:\Archivos de programa\sXe Injected\sXe Injected.exe
O4 - HKLM\..\Run: [HKLM] C:\WINDOWS\system32\spynet\system.exe
O4 - HKCU\..\Run: [TaskSwitchXP] C:\Archivos de programa\TaskSwitchXP\TaskSwitchXP.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Archivos de programa\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ares] "C:\Archivos de programa\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [HKCU] C:\WINDOWS\system32\spynet\system.exe
O4 - HKLM\..\Policies\Explorer\Run: [Policies] C:\WINDOWS\system32\spynet\system.exe
O4 - HKCU\..\Policies\Explorer\Run: [Policies] C:\WINDOWS\system32\spynet\system.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Servicio de red')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Servicio de red')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Archivos de programa\Archivos comunes\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Archivos de programa\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O9 - Extra 'Tools' menuitem: &Configuración de Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Archivos de programa\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Archivos de programa\Archivos comunes\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Archivos de programa\Archivos comunes\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O22 - SharedTaskScheduler: Precargador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Demonio de caché de las categorías de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Servicio del administrador de discos lógicos (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Archivos de programa\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Archivos de programa\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Registro de sucesos (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Archivos de programa\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Archivos de programa\Java\jre6\bin\jqs.exe
O23 - Service: Escritorio remoto compartido de NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Administrador de sesión de Ayuda de escritorio remoto (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Tarjeta inteligente (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Registros y alertas de rendimiento (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Instantáneas de volumen (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Adaptador de rendimiento de WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O24 - Desktop Component 0: (no name) - file:///C:/Windows/Temp/msohtml1/03/clip_image002.jpg
--
End of file - 8226 bytes
Rootkit::
C:\WINDOWS\system32\spynet\system.exe
File::
C:\WINDOWS\system32\spynet\system.exe
Folder::
C:\WINDOWS\system32\spynet\Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:50:58, on 02/03/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\system32\spoolsv.exe
C:\WINDOWS.0\system32\acs.exe
C:\WINDOWS.0\Explorer.EXE
C:\Archivos de programa\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS.0\RTHDCPL.EXE
C:\WINDOWS.0\system32\ctfmon.exe
C:\Archivos de programa\Windows Live\Messenger\msnmsgr.exe
C:\Archivos de programa\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Archivos de programa\Java\jre6\bin\jqs.exe
C:\WINDOWS.0\system32\wbem\wmiapsrv.exe
C:\WINDOWS.0\System32\svchost.exe
C:\Archivos de programa\Mozilla Firefox\firefox.exe
C:\WINDOWS.0\system32\wuauclt.exe
C:\Archivos de programa\Microsoft Office\OFFICE11\EXCEL.EXE
C:\Archivos de programa\Windows Live\Contacts\wlcomm.exe
C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Archivos de programa\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Archivos de programa\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [egui] "C:\Archivos de programa\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [ACU] "C:\Archivos de programa\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Archivos de programa\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Archivos de programa\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Archivos de programa\Archivos comunes\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.0\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Archivos de programa\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'Servicio de red')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Servicio de red')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{018427EA-136B-4980-8678-21216A39C7DB}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS1\Services\Tcpip\..\{018427EA-136B-4980-8678-21216A39C7DB}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS2\Services\Tcpip\..\{018427EA-136B-4980-8678-21216A39C7DB}: NameServer = 208.67.222.222,208.67.220.220
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS.0\system32\acs.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Archivos de programa\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Archivos de programa\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Archivos de programa\Java\jre6\bin\jqs.exe
--
End of file - 5520 bytes
ComboFix 10-03-02.02 - Administrador 02/03/2010 18:53:54.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.34.3082.18.2015.1705 [GMT -3:00]
Running from: c:\documents and settings\Administrador\Escritorio\ComboFix.exe
Command switches used :: c:\documents and settings\Administrador\Escritorio\CFScript.txt
FILE ::
"c:\windows\system32\spynet\system.exe"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Administrador\Datos de programa\logs.dat
c:\documents and settings\All Users\Datos de programa\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Datos de programa\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\spynet\
c:\windows\system32\spynet\\system.exe
c:\windows\system32\spynet\system.exe
c:\windows\system32\wallpaper.exe
c:\windows\system32\windowsupdate.exe
----- BITS: Possible infected sites -----
hxxp://armmf.adobe.com
.
((((((((((((((((((((((((( Files Created from 2010-02-02 to 2010-03-02 )))))))))))))))))))))))))))))))
.
2010-03-02 21:58 . 2010-03-02 21:58 -------- d-----w- c:\windows\system32\xircom
2010-03-02 21:58 . 2010-03-02 21:58 -------- d-----w- c:\windows\system32\wbem\snmp
2010-03-02 21:58 . 2010-03-02 21:58 -------- d-----w- c:\windows\system32\oobe
2010-03-02 21:58 . 2010-03-02 21:58 -------- d-----w- c:\windows\srchasst
2010-03-02 21:58 . 2010-03-02 21:58 -------- d-----w- c:\windows\msagent
2010-03-02 15:23 . 2010-03-02 15:21 92672 ----a-w- c:\windows\system32\KillBox.exe
2010-03-02 15:22 . 2010-03-02 15:22 -------- d-----w- C:\!KillBox
2010-03-02 15:17 . 2010-03-02 15:17 -------- d-----w- c:\archivos de programa\VirusTotalUploader2
2010-03-02 04:04 . 2010-03-02 04:04 -------- d-----w- C:\_OTM
2010-03-02 03:39 . 2010-03-02 03:39 -------- d-----w- c:\archivos de programa\TrendMicro
2010-03-01 21:41 . 2010-03-02 04:06 -------- d-----w- c:\documents and settings\Administrador\DoctorWeb
2010-03-01 21:40 . 2010-03-02 20:55 -------- d-----w- c:\archivos de programa\DrWeb
2010-02-24 03:18 . 2010-03-01 00:26 -------- d---a-w- c:\documents and settings\All Users\Datos de programa\TEMP
2010-02-24 03:17 . 2010-02-24 03:17 -------- d-----w- c:\archivos de programa\Archivos comunes\SourceTec
2010-02-24 03:17 . 2010-02-24 03:17 -------- d-----w- c:\archivos de programa\SourceTec
2010-02-12 17:14 . 2010-02-12 17:15 -------- d-----w- c:\archivos de programa\Google
2010-02-07 16:06 . 2010-02-21 05:19 -------- d-----w- c:\windows\system32\LogFiles
2010-02-06 17:50 . 2010-02-06 18:40 -------- d-----w- c:\archivos de programa\WebCopier
2010-02-06 17:50 . 2010-02-06 17:50 286720 ----a-w- c:\windows\iun506.exe
2010-02-03 12:59 . 2010-02-03 12:59 -------- d-----w- c:\documents and settings\All Users\Datos de programa\nView_Profiles
2010-02-03 12:27 . 2010-02-03 12:27 -------- d--h--w- c:\windows\PIF
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-02 21:58 . 2010-03-02 21:58 -------- d-----w- c:\archivos de programa\microsoft frontpage
2010-03-02 03:39 . 2010-03-02 03:39 388096 ----a-r- c:\documents and settings\Administrador\Datos de programa\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-03-01 21:40 . 2009-12-29 14:08 -------- d--h--w- c:\archivos de programa\InstallShield Installation Information
2010-03-01 03:02 . 2009-12-31 01:30 -------- d-----w- c:\archivos de programa\Valve
2010-03-01 03:01 . 2009-12-31 01:19 -------- d-----w- c:\archivos de programa\sXe Injected
2010-02-28 23:34 . 2010-01-05 00:35 -------- d-----w- c:\archivos de programa\Archivos comunes\Adobe
2010-02-22 00:05 . 2009-12-30 12:36 -------- d-----w- c:\documents and settings\Administrador\Datos de programa\CoreFTP
2010-01-18 02:44 . 2010-01-18 02:44 -------- d-----w- c:\documents and settings\Administrador\Datos de programa\Media Player Classic
2010-01-13 22:15 . 2010-01-13 22:15 7680 ----a-w- c:\documents and settings\Administrador\Datos de programa\Thinstall\KB884016\10000004a00002h\winhlp32.exe
2010-01-13 22:13 . 2010-01-13 22:13 7680 ----a-w- c:\documents and settings\Administrador\Datos de programa\Thinstall\KB884016\1000000b00002h\verclsid.exe
2010-01-13 22:12 . 2009-12-30 02:28 -------- d-----w- c:\documents and settings\Administrador\Datos de programa\Thinstall
2010-01-04 13:22 . 2010-01-04 13:21 -------- d-----w- c:\archivos de programa\Ares
2010-01-01 06:14 . 2010-01-01 06:14 59392 ----a-w- c:\documents and settings\Administrador\Datos de programa\Thinstall\Adobe Dreamweaver CS3\400000df00002i\firefox.exe
2009-12-31 13:18 . 2009-12-31 13:18 130046 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Professional_32_3082.dat
2009-12-31 13:18 . 2009-12-29 09:02 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-12-30 12:55 . 2009-12-30 12:55 59392 ----a-w- c:\documents and settings\Administrador\Datos de programa\Thinstall\Adobe Dreamweaver CS3\400000c00002i\jqsnotify.exe
2009-12-30 12:55 . 2009-12-30 12:55 59392 ----a-w- c:\documents and settings\Administrador\Datos de programa\Thinstall\Adobe Dreamweaver CS3\4000004d00002i\firefox.exe
2009-12-30 02:18 . 2009-12-30 02:18 0 ----a-w- c:\windows\nsreg.dat
2009-12-29 19:23 . 2001-08-24 18:00 90396 ----a-w- c:\windows\system32\perfc00A.dat
2009-12-29 19:23 . 2001-08-24 18:00 504656 ----a-w- c:\windows\system32\perfh00A.dat
2009-12-29 14:23 . 2009-12-29 14:23 552 ----a-w- c:\windows\system32\d3d8caps.dat
2009-12-29 09:18 . 2009-12-29 09:18 54680 ----a-w- c:\documents and settings\Administrador\Datos de programa\Thinstall\Adobe Dreamweaver CS3\%ProgramFilesDir%\Java\jre6\bin\jqsnotify.exe
2009-12-29 09:18 . 2009-12-29 09:18 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-12-29 09:10 . 2009-12-29 09:10 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-12-29 09:02 . 2009-12-29 09:02 717296 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-12-29 09:00 . 2009-12-29 09:00 21900 ----a-w- c:\windows\system32\emptyregdb.dat
.
------- Sigcheck -------
[-] 2008-04-14 . C6C729770D9C3A0AD4D2D28788E71684 . 1698816 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[7] 2008-04-14 . 7522F548A84ABAD8FA516DE5AB3931EF . 1036288 . . [6.00.2900.5512] . . c:\windows\XPize Darkside\Backup\explorer.exe
[-] 2008-04-14 . 97D44EE3E44CDC7035E3CB2EF20BABDB . 30208 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[7] 2008-04-14 . DAAE1CB1B1875B760496E7D3336DA1AD . 15360 . . [5.1.2600.5512] . . c:\windows\XPize Darkside\Backup\ctfmon.exe
[-] 2008-05-11 20:28 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
c:\windows\System32\wscntfy.exe ... is missing !!
c:\windows\System32\regsvc.dll ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TaskSwitchXP"="c:\archivos de programa\TaskSwitchXP\TaskSwitchXP.exe" [2006-08-04 62976]
"msnmsgr"="c:\archivos de programa\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"ares"="c:\archivos de programa\Ares\Ares.exe" [2009-12-06 954880]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 30208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\archivos de programa\ESET\ESET NOD32 Antivirus\egui.exe" [2008-08-18 1447168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-01 7311360]
"nwiz"="nwiz.exe" [2005-12-01 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-12-01 86016]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 577536]
"Adobe Reader Speed Launcher"="c:\archivos de programa\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\archivos de programa\Archivos comunes\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"sXe Injected"="c:\archivos de programa\sXe Injected\sXe Injected.exe" [2010-02-11 1744896]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 30208]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2009-10-29 124928]
c:\documents and settings\All Users\Men£ Inicio\Programas\Inicio\
Adobe Gamma Loader.lnk - c:\archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe [2010-1-31 113664]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):58,50,69,7a,65,5f,4c,6f,67,6f,6e,2e,65,78,65,00
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe"=
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [29/12/2009 6:02 717296]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [18/08/2008 9:27 34312]
R2 ekrn;Eset Service;c:\archivos de programa\ESET\ESET NOD32 Antivirus\ekrn.exe [18/08/2008 9:25 468224]
S2 gupdate;Google Update Service (gupdate);c:\archivos de programa\Google\Update\GoogleUpdate.exe [12/02/2010 14:14 135664]
.
Contents of the 'Scheduled Tasks' folder
2010-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\archivos de programa\Google\Update\GoogleUpdate.exe [2010-02-12 17:14]
2010-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\archivos de programa\Google\Update\GoogleUpdate.exe [2010-02-12 17:14]
2010-03-02 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 18:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.ar/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
mStart Page = hxxp://search.localstrike.com.ar/
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xportar a Microsoft Excel - c:\archiv~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\archivos de programa\Archivos comunes\SourceTec\SWF Catcher\InternetExplorer.htm
FF - ProfilePath - c:\documents and settings\Administrador\Datos de programa\Mozilla\Firefox\Profiles\2d22agij.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.localstrike.com.ar/?q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.ar/
FF - prefs.js: keyword.URL - hxxp://search.localstrike.com.ar/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - component: c:\archivos de programa\Google\Google Gears\Firefox\lib\ff35\gears.dll
FF - plugin: c:\archivos de programa\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\archivos de programa\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\archivos de programa\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -
ActiveSetup-{08B0E5JF-4FCB-11CF-AAA5-00401C6XX500} - c:\windows\system32\spynet\system.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-03-02 18:59
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, GMER - Rootkit Detector and Remover
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x89BB11F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba8ecf28
\Driver\ACPI -> ACPI.sys @ 0xba666cb8
\Driver\atapi -> atapi.sys @ 0xba5fbb40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
NDIS: NVIDIA nForce Networking Controller -> SendCompleteHandler -> NDIS.sys @ 0xba4d2bb0
PacketIndicateHandler -> NDIS.sys @ 0xba4c1a0d
SendHandler -> NDIS.sys @ 0xba4d5b40
user & kernel MBR OK
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(728)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\cscui.dll
- - - - - - - > 'lsass.exe'(784)
c:\windows\system32\setupapi.dll
- - - - - - - > 'explorer.exe'(2448)
c:\windows\system32\WININET.dll
c:\windows\System32\cscui.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\MSCTF.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\archivos de programa\Microsoft Office\OFFICE11\msohev.dll
.
------------------------ Other Running Processes ------------------------
.
c:\archivos de programa\Google\Update\1.2.183.17\GoogleCrashHandler.exe
c:\archivos de programa\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\SOUNDMAN.EXE
.
**************************************************************************
.
Completion time: 2010-03-02 19:03:45 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-02 22:03
Pre-Run: 24.690.274.304 bytes libres
Post-Run: 24.674.590.720 bytes libres
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - A1DB72365CB9AF2852CA43033C55C103
Utilizamos cookies y tecnologías similares para los siguientes fines:
¿Aceptas las cookies y estas tecnologías?
Utilizamos cookies y tecnologías similares para los siguientes fines:
¿Aceptas las cookies y estas tecnologías?