Como si tuviera TANTA paciencia... Bueno, valió la pena. Parece que varios archivos se borraron, pero mejor revísalo tú. Aquí van el HiJack y el Combo Fix:
Te lo agradezco de nuevo, Caito. Mi computadora empieza a ver la luz.
PD: No me respondiste. ¿Me podrías recomendar algún antivirus de tiempo real?
----------------------------------------------------
ComboFix 08-10-10.01 - Usuario 2008-10-10 16:02:39.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.34.3082.18.225 [GMT -6:00]
Se ejecuta desde: C:\Documents and Settings\Usuario\Escritorio\ComboFix.exe
* Creado un nuevo punto de restauración
ADVERTENCIA - ESTE EQUIPO NO TIENE INSTALADA LA CONSOLA DE RECUPERACION! .
(((((((((((((((((((((((((((((((((((( Otras eliminaciones )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Usuario\Favoritos\Videos.url
C:\Documents and Settings\Usuario\Menú Inicio\Programas\Videos.url
C:\InfoSat.txt
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\WINDOWS\IE4 Error Log.txt
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\wmdrtc32.dl_
C:\WINDOWS\system32\wmdrtc32.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Servicios )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_MYWEBSEARCHSERVICE
-------\Service_MyWebSearchService
(((((((((((((((((( Archivos creados desde 2008-09-10 - 2008-10-10 )))))))))))))))))))))))))))))))))
.
2008-10-07 20:23 . 2008-10-10 09:19 <DIR> d-------- C:\Archivos de programa\CCleaner
2008-10-07 18:52 . 2008-10-07 18:52 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\TEMP
2008-10-07 18:52 . 2008-10-07 19:44 <DIR> d-------- C:\Archivos de programa\SpywareBlaster
2008-10-07 17:36 . 2008-10-07 17:36 <DIR> d-------- C:\Documents and Settings\Usuario\Datos de programa\Malwarebytes
2008-10-07 17:36 . 2008-10-07 17:36 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\Malwarebytes
2008-10-07 17:36 . 2008-10-07 17:36 <DIR> d-------- C:\Archivos de programa\Malwarebytes' Anti-Malware
2008-10-07 17:36 . 2008-09-10 00:08 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-07 17:36 . 2008-09-10 00:08 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-06 17:21 . 2008-10-06 17:21 <DIR> d-------- C:\Archivos de programa\Sierra
2008-10-04 13:09 . 2008-10-04 13:09 <DIR> d-------- C:\Archivos de programa\Ares
2008-10-04 11:54 . 2008-10-04 11:54 691,160 --a------ C:\Archivos de programa\installer-58539-4es-Windows-Live-Messenger-Spanish-Castellano.exe
2008-10-04 11:22 . 2008-10-04 11:22 <DIR> d-------- C:\spoolerlogs
2008-10-02 19:26 . 2008-10-02 19:26 <DIR> d-------- C:\Archivos de programa\MSECache
2008-09-29 20:44 . 2008-09-23 18:12 48,640 --a------ C:\WINDOWS\system32\xrv.exe
2008-09-29 20:44 . 2008-09-23 18:12 48,640 --a------ C:\WINDOWS\system32\dsqyml.exe
2008-09-29 20:44 . 2008-09-23 18:12 48,640 ---h----- C:\Documents and Settings\Usuario\tkoxy.exe
2008-09-29 20:44 . 2008-09-23 18:12 48,640 ---h----- C:\Documents and Settings\Usuario\aamehg.exe
2008-09-28 14:23 . 2008-09-28 14:23 <DIR> d-------- C:\Archivos de programa\Archivos comunes\Blizzard Entertainment
2008-09-28 12:37 . 2008-09-28 12:38 <DIR> d-------- C:\Documents and Settings\Usuario\Datos de programa\Desktopicon
2008-09-28 12:36 . 2008-09-28 12:36 <DIR> d--h----- C:\WINDOWS\PIF
2008-09-27 22:34 . 2008-10-02 14:20 <DIR> d-------- C:\Archivos de programa\Spybot - Search & Destroy
2008-09-27 22:30 . 2008-09-27 22:30 96,559 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-09-27 22:30 . 2008-09-27 22:30 87,855 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-09-27 22:29 . 2008-10-04 11:07 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\Kaspersky Lab
2008-09-27 22:29 . 2008-10-01 02:32 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-09-27 22:29 . 2008-10-01 02:32 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-09-27 22:29 . 2008-10-01 02:32 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-09-27 22:29 . 2008-10-01 02:32 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-09-27 22:12 . 2008-10-07 20:26 <DIR> d-------- C:\Archivos de programa\Unlocker
2008-09-27 22:08 . 2008-09-27 22:08 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-09-22 12:49 . 2008-09-22 12:49 4,253 --a------ C:\Usuario000000.ERR
2008-09-22 12:43 . 2008-10-10 16:07 5,477 --a------ C:\WINDOWS\system32\drivers\nkhhmo.sys
2008-09-21 19:13 . 2008-09-30 21:25 <DIR> d-------- C:\Archivos de programa\Kaspersky Lab
2008-09-21 19:06 . 2008-09-21 19:06 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\Kaspersky Lab Setup Files
2008-09-21 18:10 . 2008-09-21 18:10 <DIR> d-------- C:\KAV
2008-09-21 17:23 . 2008-09-28 00:24 <DIR> d-------- C:\Archivos de programa\Starcraft
2008-09-21 15:41 . 2008-10-02 14:20 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\Spybot - Search & Destroy
2008-09-21 15:33 . 2008-09-21 15:33 <DIR> d-------- C:\Archivos de programa\Trend Micro
2008-09-21 13:54 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-09-21 12:49 . 2008-09-21 12:49 <DIR> d-------- C:\Archivos de programa\Candleworks
2008-09-13 23:26 . 2008-09-13 23:26 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\Microgaming
2008-09-13 23:26 . 2008-09-13 23:26 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\MGS
2008-09-13 23:19 . 2008-10-07 19:26 <DIR> d-------- C:\WINDOWS\system32\FlashAX
2008-09-12 00:00 . 2008-09-17 19:06 <DIR> d-------- C:\WINDOWS\tmpie
.
(((((((((((((((((((((((((((((((((((((( Reporte Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-06 23:28 --------- d--h--w C:\Archivos de programa\InstallShield Installation Information
2008-10-04 17:35 --------- d-----w C:\Archivos de programa\Windows Live
2008-10-04 16:56 4,772,352 ----a-w C:\b6B08MUx.exe
2008-10-04 16:56 1,732,608 -c--a-w C:\Archivos de programa\FreeChess.exe
2008-10-03 17:08 --------- d-----w C:\Documents and Settings\All Users\Datos de programa\WLInstaller
2008-10-01 06:38 --------- d-----w C:\Documents and Settings\Usuario\Datos de programa\Skype
2008-09-24 19:30 --------- d-----w C:\Documents and Settings\Usuario\Datos de programa\AdobeUM
2008-09-21 21:21 --------- d-----w C:\Archivos de programa\Canon
2008-09-21 21:17 --------- d-----w C:\Documents and Settings\All Users\Datos de programa\ScanSoft
2008-09-21 21:16 --------- d-----w C:\Archivos de programa\Windows Live Toolbar
2008-09-17 23:01 --------- d-----w C:\Documents and Settings\Usuario\Datos de programa\skypePM
2008-09-11 08:42 --------- d-----w C:\Documents and Settings\Usuario\Datos de programa\LimeWire
2008-09-07 18:07 --------- d-----w C:\Archivos de programa\Java
2008-09-06 00:57 --------- d-----w C:\Archivos de programa\Project64 1.6
2008-09-04 04:45 486,152 ----a-w C:\ChromeSetup.exe
2008-08-31 21:08 4,096 ----a-w C:\WINDOWS\system32\drivers\nocashio.sys
2008-08-23 05:17 --------- d-----w C:\Archivos de programa\LimeWire
2008-08-19 16:04 --------- d-----w C:\Archivos de programa\VirtualDJ
2008-07-18 18:39 615,936 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-05-28 18:57 5,832,656 -c--a-w C:\Archivos de programa\Firefox Setup 2.0.0.14.exe
2008-05-28 16:03 17,906,544 -c--a-w C:\Archivos de programa\Install_Messenger.exe
2008-05-28 05:57 690,648 -c--a-w C:\Archivos de programa\installer-71172-4es-Linux-MSN-Messenger-Engine-Spanish-Castellano.exe
2008-05-28 05:40 20,783,104 -c--a-w C:\Archivos de programa\AcrobatUpd812_all_incr.msp
2008-05-28 05:32 4,502,280 -c--a-w C:\Archivos de programa\LimeWireWin.exe
2008-05-28 05:25 2,402,832 -c--a-w C:\Archivos de programa\WLinstaller.exe
2008-05-28 05:10 31,452,632 -c--a-w C:\Archivos de programa\kav7.0.1.325es.exe
.
------- Sigcheck -------
2008-04-13 20:19 43008 74699f7639e6318e21a4df695ca68b63 C:\WINDOWS\SoftwareDistribution\Download\2aeaf54e7e4b5f583622470fe7c5fdef\svchost.exe
2006-03-02 05:00 14336 fa03e1fc17f38fbdba81470d08b3e416 C:\WINDOWS\system32\svchost.exe
2006-03-02 05:00 14336 fa03e1fc17f38fbdba81470d08b3e416 C:\WINDOWS\system32\dllcache\svchost.exe
2005-03-02 12:20 578048 37ce819e8ecb3517b9981a886876ef72 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
2007-03-08 09:50 579072 237fb93c6b4330d8ee7d2448cf71c5ed C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
2006-03-02 05:00 578048 5d5c9cc377a70d036816e7ea55f3ca73 C:\WINDOWS\$NtUninstallKB890859$\user32.dll
2005-03-02 12:10 578048 dda46f3dbcf32727e93976b09fbb0e83 C:\WINDOWS\$NtUninstallKB925902$\user32.dll
2008-04-13 20:18 579584 da8898129e0075c7de4dee457514a73c C:\WINDOWS\SoftwareDistribution\Download\2aeaf54e7e4b5f583622470fe7c5fdef\user32.dll
2007-03-08 09:36 578560 fed9881c07a301271f52b51389a028c9 C:\WINDOWS\system32\user32.dll
2007-03-08 09:36 578560 fed9881c07a301271f52b51389a028c9 C:\WINDOWS\system32\dllcache\user32.dll
2008-04-13 20:18 82432 22db5b3da7005c6472d35bef3ffda5ec C:\WINDOWS\SoftwareDistribution\Download\2aeaf54e7e4b5f583622470fe7c5fdef\ws2_32.dll
2006-03-02 05:00 82944 b4a90738ba4355f187bd26d6c112082b C:\WINDOWS\system32\ws2_32.dll
2006-03-02 05:00 82944 b4a90738ba4355f187bd26d6c112082b C:\WINDOWS\system32\dllcache\ws2_32.dll
2007-01-04 08:02 667648 e20944bfb922170d6f2c8f768b99e829 C:\WINDOWS\$hf_mig$\KB928090\SP2QFE\wininet.dll
2007-04-18 06:45 668160 f83ea3cc10363e54aa27df3f1a291dbc C:\WINDOWS\$hf_mig$\KB933566\SP2QFE\wininet.dll
2008-02-16 03:31 668672 9d5363dbd44fb597f336fb32b549d7b9 C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\wininet.dll
2008-04-21 00:57 669184 4a3e48b3e817a4ef9ff4633df8aae3bb C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\wininet.dll
2008-04-21 00:43 668672 3645be3f8b46dbc73ebae038e6f8f4b5 C:\WINDOWS\$hf_mig$\KB950759\SP3GDR\wininet.dll
2008-04-21 00:30 669184 d273f0c482b866ef3f471e388588228e C:\WINDOWS\$hf_mig$\KB950759\SP3QFE\wininet.dll
2008-06-23 10:15 669696 a8fc93f6f957134e8daac1729209fcf0 C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\wininet.dll
2008-06-23 09:10 668672 ea7316bc8041cf6d885afdf3081f991c C:\WINDOWS\$hf_mig$\KB953838\SP3GDR\wininet.dll
2008-06-23 08:56 669184 24207433b012cd6b3c746d245c6ebce6 C:\WINDOWS\$hf_mig$\KB953838\SP3QFE\wininet.dll
2008-06-23 09:39 827904 10fb0b4fa340b03d8fca78b9b48df136 C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
2006-03-02 05:00 658944 80bb109560a23b9c18427855ca5305e6 C:\WINDOWS\$NtUninstallKB928090$\wininet.dll
2007-01-04 07:40 661504 4281ea6e94b4ae78a35c35d2ab37edb7 C:\WINDOWS\$NtUninstallKB933566$\wininet.dll
2007-04-18 06:32 661504 4c110f6f6d36b98c670241dc5ee16bc7 C:\WINDOWS\$NtUninstallKB947864$\wininet.dll
2008-02-16 03:02 662016 11526a86c37187ea6fa1e005ffd83bce C:\WINDOWS\$NtUninstallKB950759$\wininet.dll
2008-04-21 01:02 662016 9d1a3f5a45396ccc900b97610a4d05b3 C:\WINDOWS\$NtUninstallKB953838$\wininet.dll
2008-06-23 09:40 662016 39bf0afd76a83e0971712a31d9b6c364 C:\WINDOWS\ie7\wininet.dll
2007-08-13 18:54 818688 a4a0fc92358f39538a6494c42ef99fe9 C:\WINDOWS\ie7updates\KB953838-IE7\wininet.dll
2008-04-13 20:18 668672 a9a84cfc20d5f4c609e9cbf9491b8df6 C:\WINDOWS\SoftwareDistribution\Download\2aeaf54e7e4b5f583622470fe7c5fdef\wininet.dll
2008-06-23 10:28 826368 04cf52937e3fc3281a1cfcec8dff15af C:\WINDOWS\SoftwareDistribution\Download\312f6bc06a5411d2d0f1018ddc9bb82c\SP2GDR\wininet.dll
2008-06-23 09:39 827904 10fb0b4fa340b03d8fca78b9b48df136 C:\WINDOWS\SoftwareDistribution\Download\312f6bc06a5411d2d0f1018ddc9bb82c\SP2QFE\wininet.dll
2008-06-23 10:28 826368 04cf52937e3fc3281a1cfcec8dff15af C:\WINDOWS\system32\wininet.dll
2008-06-23 10:28 826368 04cf52937e3fc3281a1cfcec8dff15af C:\WINDOWS\system32\dllcache\wininet.dll
2008-08-12 20:55 818688 92995334f993e6e49c25c6d02ec04401 C:\WINDOWS\tmpie\wininet.dll
2006-04-20 06:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 10:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2008-06-20 04:44 360960 744e57c99232201ae98c49168b918f48 C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
2008-06-20 05:51 361600 9aefa14bd6b182d61e3119fa5f436d3d C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
2008-06-20 05:59 361600 ad978a1b783b5719720cff204b666c8e C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2006-03-02 05:00 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2006-04-20 05:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2007-10-30 11:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
2008-04-13 13:20 361344 93ea8d04ec73a85db02eb8805988f733 C:\WINDOWS\SoftwareDistribution\Download\2aeaf54e7e4b5f583622470fe7c5fdef\tcpip.sys
2008-06-20 04:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 04:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-13 20:19 510976 04d7a8ee388acee7ea74665e290835b1 C:\WINDOWS\SoftwareDistribution\Download\2aeaf54e7e4b5f583622470fe7c5fdef\winlogon.exe
2006-03-02 05:00 505344 fcb59d25d628b4d3181dc816d14679dd C:\WINDOWS\system32\winlogon.exe
2006-03-02 05:00 505344 fcb59d25d628b4d3181dc816d14679dd C:\WINDOWS\system32\dllcache\winlogon.exe
2008-04-13 13:20 182656 1df7f42665c94b825322fae71721130d C:\WINDOWS\SoftwareDistribution\Download\2aeaf54e7e4b5f583622470fe7c5fdef\ndis.sys
2006-03-02 05:00 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\dllcache\ndis.sys
2006-03-02 05:00 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys
2008-04-13 12:53 36608 3bb22519a194418d5fec05d800a19ad0 C:\WINDOWS\SoftwareDistribution\Download\2aeaf54e7e4b5f583622470fe7c5fdef\ip6fw.sys
2006-03-02 05:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\dllcache\ip6fw.sys
2006-03-02 05:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys
2005-03-02 12:13 2087936 3105ee37432861f0a2ad593a7bf49587 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
2007-02-28 10:08 2090496 fdcf32c232202fc93063fab4f9436977 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
2006-03-02 05:00 2087936 e08e0d33a17737a2ac4c1aad6d05f848 C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe
2005-03-02 12:07 2087936 993efc9baa39b68e21d6abd2a91f3e7b C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
2007-02-28 10:02 2088704 35dfc8d6904640b3aea89b2d67d507de C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
2008-04-13 19:57 2096896 80b86cff94e0e8c18dcbcdde9ae489ee C:\WINDOWS\SoftwareDistribution\Download\2aeaf54e7e4b5f583622470fe7c5fdef\ntkrnlpa.exe
2006-12-19 12:22 2088704 f468a0e7a36466eff56c0f4efe2f2b83 C:\WINDOWS\SoftwareDistribution\Download\93b7c984c9128979c69ceafb031bf8fa\sp2gdr\ntkrnlpa.exe
2006-12-19 12:45 2090496 e1677997d09da7c7a31b6afe05dc4bbb C:\WINDOWS\SoftwareDistribution\Download\93b7c984c9128979c69ceafb031bf8fa\sp2qfe\ntkrnlpa.exe
2007-02-28 10:02 2060032 bab5c0349afa60ef6855857f43bee58a C:\WINDOWS\system32\ntkrnlpa.exe
2007-02-28 10:02 2060032 bab5c0349afa60ef6855857f43bee58a C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2005-03-02 12:13 2210560 ea90cd3bc6862ce696c1570011519831 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2007-02-28 10:08 2213248 f1431f10b671b1b44ac74323051d13b6 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
2006-03-02 05:00 2212096 efede54511d6f2a1f0d9e411ed98704e C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe
2005-03-02 12:08 2210432 c28e7cc42978eb192e48bca1032f693f C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
2007-02-28 10:02 2211456 5669d68d4ff7a830ab805bf0084e234f C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
2008-04-13 19:57 2220032 643eb522dd9effa98f75f10f0b9326ea C:\WINDOWS\SoftwareDistribution\Download\2aeaf54e7e4b5f583622470fe7c5fdef\ntoskrnl.exe
2006-12-19 12:22 2211456 876de2de79d47af192de6f16732bea56 C:\WINDOWS\SoftwareDistribution\Download\93b7c984c9128979c69ceafb031bf8fa\sp2gdr\ntoskrnl.exe
2006-12-19 12:45 2213120 ad754ccc45b63431ba5ebfe4564e6011 C:\WINDOWS\SoftwareDistribution\Download\93b7c984c9128979c69ceafb031bf8fa\sp2qfe\ntoskrnl.exe
2007-02-28 10:02 2182784 9a8eea232fca85781187884162707f4c C:\WINDOWS\system32\ntoskrnl.exe
2007-02-28 10:02 2182784 9a8eea232fca85781187884162707f4c C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2007-06-13 07:22 1035776 f8ddb22b6efc5e630d65e241074c2404 C:\WINDOWS\explorer.exe
2007-06-13 07:10 1064448 2db32cd3d2f358687d781bc49883f4db C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2006-03-02 05:00 1063424 76c6c9ae8b07407d7d9f57b884b2ef23 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2008-04-13 20:18 1064960 5f094e78d237e4dfb2c8a85e22a01c31 C:\WINDOWS\SoftwareDistribution\Download\2aeaf54e7e4b5f583622470fe7c5fdef\explorer.exe
2007-06-13 07:22 1035776 f8ddb22b6efc5e630d65e241074c2404 C:\WINDOWS\system32\dllcache\explorer.exe
2008-04-13 20:19 137728 468b8d46d8234dc4d6488d28fee2dec3 C:\WINDOWS\SoftwareDistribution\Download\2aeaf54e7e4b5f583622470fe7c5fdef\services.exe
2006-03-02 05:00 108544 f9852f505e0699bb83d5c6321917040b C:\WINDOWS\system32\services.exe
2006-03-02 05:00 108544 f9852f505e0699bb83d5c6321917040b C:\WINDOWS\system32\dllcache\services.exe
2008-04-13 20:19 41984 9ada54bb1b06b24451ed3b98194a2f80 C:\WINDOWS\SoftwareDistribution\Download\2aeaf54e7e4b5f583622470fe7c5fdef\lsass.exe
2006-03-02 05:00 13312 2b0b88652c9f6714fd4886839b3b0442 C:\WINDOWS\system32\lsass.exe
2006-03-02 05:00 13312 2b0b88652c9f6714fd4886839b3b0442 C:\WINDOWS\system32\dllcache\lsass.exe
2008-04-13 20:18 44032 3acbd5f664d38ee12748bb6f0064420c C:\WINDOWS\SoftwareDistribution\Download\2aeaf54e7e4b5f583622470fe7c5fdef\ctfmon.exe
2006-03-02 05:00 15360 25ecfa69af1563fde8dfd31f9954497a C:\WINDOWS\system32\ctfmon.exe
2006-03-02 05:00 15360 25ecfa69af1563fde8dfd31f9954497a C:\WINDOWS\system32\dllcache\ctfmon.exe
2005-06-10 18:17 86528 ef212991bb620bd809ee82bcc39833b6 C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
2006-03-02 05:00 86528 3fd16327fe757c725ac4b464a026a436 C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe
2008-04-13 20:19 86528 b42119de2a172a406d1b4c1c6c1a3e55 C:\WINDOWS\SoftwareDistribution\Download\2aeaf54e7e4b5f583622470fe7c5fdef\spoolsv.exe
2005-06-10 17:53 57856 da81ec57acd4cdc3d4c51cf3d409af9f C:\WINDOWS\system32\spoolsv.exe
2005-06-10 17:53 57856 da81ec57acd4cdc3d4c51cf3d409af9f C:\WINDOWS\system32\dllcache\spoolsv.exe
2008-04-13 20:19 140800 e57c990cab75aae573cd552b593eecd4 C:\WINDOWS\SoftwareDistribution\Download\2aeaf54e7e4b5f583622470fe7c5fdef\wuauclt.exe
2008-07-18 22:10 53448 d316e28958873859b88d72cf47ad1ea5 C:\WINDOWS\system32\wuauclt.exe
2008-07-18 22:10 53448 d316e28958873859b88d72cf47ad1ea5 C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-04-13 20:19 55296 9a1db1461a319d3835d3779baca69ac2 C:\WINDOWS\SoftwareDistribution\Download\2aeaf54e7e4b5f583622470fe7c5fdef\userinit.exe
2006-03-02 05:00 25088 7b30b4d55b4562c733a5ddf6d6f72b3f C:\WINDOWS\system32\userinit.exe
2006-03-02 05:00 25088 7b30b4d55b4562c733a5ddf6d6f72b3f C:\WINDOWS\system32\dllcache\userinit.exe
.
((((((((((((((((((((((((((((((((( Cargando Puntos Reg ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vacías & entradas legítimas predeterminadas no son mostradas
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ares"="C:\Archivos de programa\Ares\Ares.exe" [2008-08-21 917504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Archivos de programa\QuickTime\qttask.exe" [2008-09-21 442368]
"UnlockerAssistant"="C:\Archivos de programa\Unlocker\UnlockerAssistant.exe" [2008-05-01 44544]
"dsqyml"="C:\WINDOWS\system32\dsqyml.exe" [2008-09-23 48640]
"xrv"="C:\WINDOWS\system32\xrv.exe" [2008-09-23 48640]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="Explorer.exe \"C:\\DOCUME~1\\Usuario\\CONFIG~1\\Temp\\winqfog.exe\""
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
--a------ 2008-08-21 09:45 917504 C:\Archivos de programa\Ares\Ares.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2006-03-02 05:00 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WLSetupSvc"=3 (0x3)
"usnjsvc"=3 (0x3)
"ose"=3 (0x3)
"MyWebSearchService"=2 (0x2)
"MDM"=2 (0x2)
"fsssvc"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\facturalux\\bin\\fllite.exe"=
"C:\\Archivos de programa\\LimeWire\\LimeWire.exe"=
"C:\\KAV\\Kaspersky Anti-Virus 7.0.1.325\\spanish\\setup.exe"=
"C:\\Archivos de programa\\Starcraft\\StarCraft.exe"=
"C:\\WINDOWS\\system32\\dsqyml.exe"=
"C:\\Archivos de programa\\Skype\\Phone\\Skype.exe"=
"C:\\WINDOWS\\system32\\xrv.exe"=
"C:\\DOCUME~1\\Usuario\\CONFIG~1\\Temp\\winqfog.exe"=
"C:\\DOCUME~1\\Usuario\\CONFIG~1\\Temp\\nrcgq.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 32784]
R2 NdisFileServices32;NdisFileServices32;C:\WINDOWS\system32\drivers\nkhhmo.sys [2008-10-10 5477]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{02031b9c-4bb4-11dd-b557-001617de6eec}]
\Shell\Auto\command - Cn911.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{214a98ca-0242-11dc-a1d1-001617de6eec}]
\Shell\1\Command - E:\crsvc.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL crsvc.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2a744482-21bd-11dd-a301-001617de6eec}]
\Shell\AutoRun\command - E:\un9.cmd
\Shell\explore\Command - E:\un9.cmd
\Shell\open\Command - E:\un9.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4a01ef76-07be-11dc-a1da-001617de6eec}]
\Shell\1\Command - E:\crsvc.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL crsvc.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{56fb2d98-d87d-11db-a186-001617de6eec}]
\Shell\AutoRun\command - F:\fooool.exe
\Shell\explore\Command - F:\fooool.exe
\Shell\open\Command - F:\fooool.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{58c21be2-f1ae-11db-a1ac-001617de6eec}]
\Shell\Auto\command - E:\MSOCache\doWTP_RESTORE_0.exe -autorun
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MSOCache\doWTP_RESTORE_0.exe -autorun
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{89d5215a-fe7d-11db-a1c9-001617de6eec}]
\Shell\AutoRun\command - F:\ranvrgn.exe
\Shell\explore\Command - F:\ranvrgn.exe
\Shell\open\Command - F:\ranvrgn.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{97e5ed3e-5703-11dc-a23a-001617de6eec}]
\Shell\1\Command - E:\crsvc.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL crsvc.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{97efa433-566f-11dd-b572-001617de6eec}]
\Shell\AutoRun\command - F:\gjn2pjlw.exe
\Shell\explore\Command - F:\gjn2pjlw.exe
\Shell\open\Command - F:\gjn2pjlw.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{97efa434-566f-11dd-b572-001617de6eec}]
\Shell\AutoRun\command - G:\gjn2pjlw.exe
\Shell\explore\Command - G:\gjn2pjlw.exe
\Shell\open\Command - G:\gjn2pjlw.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{99f1536a-2cf9-11dd-a30a-001617de6eec}]
\Shell\AutoRun\command - v.com
\Shell\explore\Command - v.com
\Shell\open\Command - v.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9a48f3d1-e61b-11dc-a2ca-001617de6eec}]
\Shell\1\Command - E:\crsvc.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL crsvc.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{be843635-3971-11dd-b51d-001617de6eec}]
\Shell\AutoRun\command - b.com
\Shell\explore\Command - b.com
\Shell\open\Command - b.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c2fc202c-ee7d-11db-a1a7-001617de6eec}]
\Shell\1\Command - E:\crsvc.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL crsvc.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce75751c-80a8-11dc-a282-001617de6eec}]
\Shell\AutoRun\command - E:\un9.cmd
\Shell\explore\Command - E:\un9.cmd
\Shell\open\Command - E:\un9.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{feaecd80-ff44-11dc-a2da-001617de6eec}]
\Shell\Auto\command - E:\MSOCache\doWTP_RESTORE_0.exe -autorun
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MSOCache\doWTP_RESTORE_0.exe -autorun
.
Contenido de carpeta 'Tareas Programadas'
2008-08-15 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Archivos de programa\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
2008-09-04 C:\WINDOWS\Tasks\GoogleUpdateTaskUser.job
- C:\Documents and Settings\Usuario\Configuraci []
.
- - - - HUÉRFANOS ELIMINADOS - - - -
HKCU-Run-msnmsgr - C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe
Notify-NavLogon - (no file)
MSConfigStartUp-Syslog - C:\crsvc.exe
.
------- Análisis Suplementario -------
.
FireFox -: Profile - C:\Documents and Settings\Usuario\Datos de programa\Mozilla\Firefox\Profiles\uonr1nu4.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com/
FF -: plugin - C:\Archivos de programa\Adobe\Acrobat 6.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Documents and Settings\Usuario\Configuración local\Datos de programa\Google\Update\1.2.131.11\npGoogleOneClick5.dll
.
.
------- File Associations -------
.
txtfile=Notepad.exe "%1"
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-10-10 16:06:59
Windows 5.1.2600 Service Pack 2 NTFS
escaneando procesos ocultos ...
C:\WINDOWS\system32\xrv.exe [356] 0x855E99F8
escaneando entradas ocultas de autostart ...
escaneando archivos ocultos ...
C:\WINDOWS\system32\wmdrtc32.dll 40960 bytes executable
C:\WINDOWS\system32\wmdrtc32.dl_ 26066 bytes
el escaneo se completo con exito
archivos ocultos: 2
**************************************************************************
.
------------------------ Otros procesos en ejecución ------------------------
.
C:\WINDOWS\system32\wdfmgr.exe
C:\DOCUME~1\Usuario\CONFIG~1\Temp\winqfog.exe
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nrcgq.exe
.
**************************************************************************
.
Tiempo completado: 2008-10-10 16:12:32 - Reiniciando la máquina [Usuario]
Pre-Run: 43.216.887.808 bytes libres
Post-Run: 43,763,232,768 bytes libres
373 --- E O F --- 2008-10-10 17:03:10
-------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:17:17 p.m., on 10/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Ares\Ares.exe
C:\DOCUME~1\Usuario\CONFIG~1\Temp\winqfog.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\Usuario\CONFIG~1\Temp\nrcgq.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Archivos de programa\Mozilla Firefox\firefox.exe
C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Archivos de programa\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [dsqyml] C:\WINDOWS\system32\dsqyml.exe \j
O4 - HKLM\..\Run: [xrv] C:\WINDOWS\system32\xrv.exe \j
O4 - HKCU\..\Run: [ares] "C:\Archivos de programa\Ares\Ares.exe" -h
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Servicio de red')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Archivos de programa\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cabO16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) -
http://static.slide.com/uploader/SlideImageUploader.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload.adobe.com/pub/shockwave/...ash/swflash.cabO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARCHIV~1\ARCHIV~1\Skype\SKYPE4~1.DLL
O23 - Service: Ares Chatroom server (AresChatServer) - Unknown owner - C:\descargas\Ares\chatServer.exe (file missing)
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Archivos de programa\Ahead\InCD\InCDsrv.exe
--
End of file - 3830 bytes
URGENTE! No puedo usar antivirus
Oct 7 2008, 06:06 AM
