Ingresar
Registrarme
Ayuda
Este tema está cerrado
Pues hace unos dias estube batallando con algunos virus y ahora parece que ya todo esta estable, solo tengo problemas para eliminar algunos archivos que me muestra como infectados con el Virus.Win32.Virut.ce, la ubicacion de casi todos estos estan en la ruta C:\Windows\System32\DriverStore\FileRepository y ya de ahi varia en algunas carpetas pero todos los archivos infectados son .exe, el problema es que el antivirus (Kaspersky) no me da la opcion de desinfectar, solo permite ignorar la amenaza y si me voy a la ruta para eliminarlos de forma manual Windows (vista) me dice que necesito permisos para poder realizar esa accion y solo me da opcion de reintentar o cancelar pero de ahi ya no puedo hacer nada, quisiera saber si me pueden ayudar con ese problema...
aqui les dejo el log del hijackthis por si les sirve de algo, espero me puedan ayudar, desde ya gracias!!!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:15:32 p.m., on 04/07/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18248)
Boot mode: Safe mode
Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User '?')
O4 - HKUS\S-1-5-19\..\RunOnce: [] (User '?')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User '?')
O4 - HKUS\S-1-5-20\..\RunOnce: [] (User '?')
O4 - HKUS\S-1-5-21-2826126612-341877328-3438544454-1000\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [] (User '?')
O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user')
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Estadísticas del componente Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {8731163E-77B9-4F91-9122-F112521C28AF} (MMSPlayerX Class) - http://mmbox.itelcel...r/mmsPlayer.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: @%SystemRoot%\system32\PresentationHost.exe,-3309 (FontCache3.0.0.0) - Unknown owner - C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 6301 bytes
Problema para eliminar archivos Win32.Virut.ce
MultiCita #2 
- No Spiware
-
- Grupo: Globales
- Mensajes: 21063
- Registrado: 15-August 04
Posted 04 July 2009 - 10:48 PM
Realiza los siguientes pasos y nos pasas los resultados:
1º Actualiza tu sistema Aqui (Si no te deja actualizar pasa al siguiente paso)
2º Borra todas las cookies y el registro con CCleaner
3º Vete a Inicio- Panel de Control--> Java (si usas Java) y elimina todos los archivos temporales.
4º Borrar archivos temporales--> Desde Inicio, Ejecutar, escribe %TEMP%, pulsa Enter y elimina todo el contenido.
5º Pásale el Malwarebytes AntiMalware. (Actualizalo, y al acabar el Scaneo elije la opcion eliminar, despues guarda el report y lo pegas) [Si tienes alguna duda aquí tienes un Manual de Malwarebytes AntiMalware]
6º Ademas, haz un :
Scan on line:
http://www.bitdefend...m/scan8/ie.html
Debes usar el Internet Explorer y aceptar los active x
Le pones que elimine lo que te detecte.
Nos copias ese reporte, el del Malwarebytes Antimalware y un nuevo log del hijackthis.
Saludos
Caito
1º Actualiza tu sistema Aqui (Si no te deja actualizar pasa al siguiente paso)
2º Borra todas las cookies y el registro con CCleaner
3º Vete a Inicio- Panel de Control--> Java (si usas Java) y elimina todos los archivos temporales.
4º Borrar archivos temporales--> Desde Inicio, Ejecutar, escribe %TEMP%, pulsa Enter y elimina todo el contenido.
5º Pásale el Malwarebytes AntiMalware. (Actualizalo, y al acabar el Scaneo elije la opcion eliminar, despues guarda el report y lo pegas) [Si tienes alguna duda aquí tienes un Manual de Malwarebytes AntiMalware]
6º Ademas, haz un :
Scan on line:
http://www.bitdefend...m/scan8/ie.html
Debes usar el Internet Explorer y aceptar los active x
Le pones que elimine lo que te detecte.
Nos copias ese reporte, el del Malwarebytes Antimalware y un nuevo log del hijackthis.
Saludos
Caito
#3
- Miembro Avanzado
-
- Grupo: Members
- Mensajes: 63
- Registrado: 22-February 06
Posted 05 July 2009 - 12:58 AM
Aqui te dejo los logs de Hijackthis y antimalaware, el scan online no lo pude hacer creo que algo quedo dañado por la infeccion, y si estaba ejecutando el IE como administrador asi que ese no es el problema...
bien, este es el hijack
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:53:33 p.m., on 04/07/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18248)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User '?')
O4 - HKUS\S-1-5-19\..\RunOnce: [] (User '?')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User '?')
O4 - HKUS\S-1-5-20\..\RunOnce: [] (User '?')
O4 - HKUS\S-1-5-21-2826126612-341877328-3438544454-1000\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [] (User '?')
O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user')
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Estadísticas del componente Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {8731163E-77B9-4F91-9122-F112521C28AF} (MMSPlayerX Class) - http://mmbox.itelcel...r/mmsPlayer.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: @%SystemRoot%\system32\PresentationHost.exe,-3309 (FontCache3.0.0.0) - Unknown owner - C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 7008 bytes
y este el de antimalaware
Malwarebytes' Anti-Malware 1.38
Versión de la Base de Datos: 2374
Windows 6.0.6001 Service Pack 1
04/07/2009 06:17:20 p.m.
mbam-log-2009-07-04 (18-17-20).txt
Tipo de examen : Examen Completo (C:\|D:\|)
Objetos examinados: 275493
Tiempo transcurrido: 59 minute(s), 29 second(s)
Procesos en Memoria Infectados: 0
Módulos en Memoria Infectados: 0
Claves del Registro Infectadas: 7
Valores del Registro Infectados: 0
Elementos de Datos del Registro Infectados: 0
Carpetas Infectadas: 0
Ficheros Infectados: 0
Procesos en Memoria Infectados:
(No se han detectado elementos maliciosos)
Módulos en Memoria Infectados:
(No se han detectado elementos maliciosos)
Claves del Registro Infectadas:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Valores del Registro Infectados:
(No se han detectado elementos maliciosos)
Elementos de Datos del Registro Infectados:
(No se han detectado elementos maliciosos)
Carpetas Infectadas:
(No se han detectado elementos maliciosos)
Ficheros Infectados:
(No se han detectado elementos maliciosos)
espero su ayuda, Gracias!!!
bien, este es el hijack
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:53:33 p.m., on 04/07/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18248)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User '?')
O4 - HKUS\S-1-5-19\..\RunOnce: [] (User '?')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User '?')
O4 - HKUS\S-1-5-20\..\RunOnce: [] (User '?')
O4 - HKUS\S-1-5-21-2826126612-341877328-3438544454-1000\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [] (User '?')
O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user')
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Estadísticas del componente Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {8731163E-77B9-4F91-9122-F112521C28AF} (MMSPlayerX Class) - http://mmbox.itelcel...r/mmsPlayer.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: @%SystemRoot%\system32\PresentationHost.exe,-3309 (FontCache3.0.0.0) - Unknown owner - C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 7008 bytes
y este el de antimalaware
Malwarebytes' Anti-Malware 1.38
Versión de la Base de Datos: 2374
Windows 6.0.6001 Service Pack 1
04/07/2009 06:17:20 p.m.
mbam-log-2009-07-04 (18-17-20).txt
Tipo de examen : Examen Completo (C:\|D:\|)
Objetos examinados: 275493
Tiempo transcurrido: 59 minute(s), 29 second(s)
Procesos en Memoria Infectados: 0
Módulos en Memoria Infectados: 0
Claves del Registro Infectadas: 7
Valores del Registro Infectados: 0
Elementos de Datos del Registro Infectados: 0
Carpetas Infectadas: 0
Ficheros Infectados: 0
Procesos en Memoria Infectados:
(No se han detectado elementos maliciosos)
Módulos en Memoria Infectados:
(No se han detectado elementos maliciosos)
Claves del Registro Infectadas:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Valores del Registro Infectados:
(No se han detectado elementos maliciosos)
Elementos de Datos del Registro Infectados:
(No se han detectado elementos maliciosos)
Carpetas Infectadas:
(No se han detectado elementos maliciosos)
Ficheros Infectados:
(No se han detectado elementos maliciosos)
espero su ayuda, Gracias!!!
#4
- No Spiware
-
- Grupo: Globales
- Mensajes: 21063
- Registrado: 15-August 04
Posted 05 July 2009 - 02:55 PM
Baja este programa:
Dr.Web CureIt
ftp://ftp.drweb.com/...rweb-cureit.exe
Manual:
http://www.trucoswin...web-cureit.html
Doble click en drweb-cureit.exe
Clic en Star para que comience el scaneo
Al principio verifica la memoria y tienes que cliquear Yes cuando te pregunte si quieres que tal archivo sea curado (cure it ),esto es un scan rápido
Tambien te puede aparecer un pop up ofreciendo la posibilidad de comprar el programa ,solo elimina ese pop up y sigue…
Cuando ese scan termine haz clic en Options > Change settings
Elige la solapa Scan y destildas "Heuristic analysis".
Ahora vuelve a la ventana principal y eliges los discos a scanear:
elige “All Drives”,un punto rojo te indica cuales elegiste
Haz clic en la flecha verde ubicada a la derecha y comenzará el scaneo
Click 'Yes to all' si te pregunta si quieres “Cure” o “Move “ los archivos
Cuando el scaneo termine te fijas en los archivos encontrados y junto a ellos se halla un ícono trata de cliquear en ese y si puedes cliquea en otro ícono a la derecha y elige Move incurable
Esto pondrá esos archivos en “%userprofile%\DoctorWeb\quarantaine-folder”si no han podido “curarse”.
Ahora en el Menu principal clic en File y elige save report list
Guarda ese reporte en tu escritorio (el nombre será DrWeb.csv)
Cierra el programa.
Pon ese reporte y un nuevo log
saludos
caito
Dr.Web CureIt
ftp://ftp.drweb.com/...rweb-cureit.exe
Manual:
http://www.trucoswin...web-cureit.html
Doble click en drweb-cureit.exe
Clic en Star para que comience el scaneo
Al principio verifica la memoria y tienes que cliquear Yes cuando te pregunte si quieres que tal archivo sea curado (cure it ),esto es un scan rápido
Tambien te puede aparecer un pop up ofreciendo la posibilidad de comprar el programa ,solo elimina ese pop up y sigue…
Cuando ese scan termine haz clic en Options > Change settings
Elige la solapa Scan y destildas "Heuristic analysis".
Ahora vuelve a la ventana principal y eliges los discos a scanear:
elige “All Drives”,un punto rojo te indica cuales elegiste
Haz clic en la flecha verde ubicada a la derecha y comenzará el scaneo
Click 'Yes to all' si te pregunta si quieres “Cure” o “Move “ los archivos
Cuando el scaneo termine te fijas en los archivos encontrados y junto a ellos se halla un ícono trata de cliquear en ese y si puedes cliquea en otro ícono a la derecha y elige Move incurable
Esto pondrá esos archivos en “%userprofile%\DoctorWeb\quarantaine-folder”si no han podido “curarse”.
Ahora en el Menu principal clic en File y elige save report list
Guarda ese reporte en tu escritorio (el nombre será DrWeb.csv)
Cierra el programa.
Pon ese reporte y un nuevo log
saludos
caito
#5
- Miembro Avanzado
-
- Grupo: Members
- Mensajes: 63
- Registrado: 22-February 06
Posted 07 July 2009 - 05:30 PM
Hasta ahora puedo postear respuesta, fijate que corri el Dr. Web y me sigue detectando los mismos archivos infectados, cuando trata de curarlos no lo puede hacer y cuando los quiere mover tampoco lo hace, marca error de escritura no te pongo ese reporte porque no me lo genero, de hecho corri el programa dos veces para obtenmerlo y nada, ademas de que se tarda bastante, no estoy seguro cuanto pero me imagino que fueron como 10 horas, es normal eso?
Te digo que paso cuando quise guradar el reporte, la primera vez me fui a archivo >guardar reporte y simplemente se cerro el programa, volvi a correrlo y cuando termino hice lo mismo pero esta vez como que flasheo un pantallazo azul y despues me reseteo la maquina y por el tiempo que tarda en escanear decidi ya no pasarlo y ponerte aqui lo que me paso, algun consejo?
aqui te vuelvo a dejar un nuevo reporte de hijack como lo pediste:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:21:19 a.m., on 07/07/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18248)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User '?')
O4 - HKUS\S-1-5-19\..\RunOnce: [] (User '?')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User '?')
O4 - HKUS\S-1-5-20\..\RunOnce: [] (User '?')
O4 - HKUS\S-1-5-21-2826126612-341877328-3438544454-1000\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [] (User '?')
O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user')
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Estadísticas del componente Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {8731163E-77B9-4F91-9122-F112521C28AF} (MMSPlayerX Class) - http://mmbox.itelcel...r/mmsPlayer.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: @%SystemRoot%\system32\PresentationHost.exe,-3309 (FontCache3.0.0.0) - Unknown owner - C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 7214 bytes
Te digo que paso cuando quise guradar el reporte, la primera vez me fui a archivo >guardar reporte y simplemente se cerro el programa, volvi a correrlo y cuando termino hice lo mismo pero esta vez como que flasheo un pantallazo azul y despues me reseteo la maquina y por el tiempo que tarda en escanear decidi ya no pasarlo y ponerte aqui lo que me paso, algun consejo?
aqui te vuelvo a dejar un nuevo reporte de hijack como lo pediste:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:21:19 a.m., on 07/07/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18248)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User '?')
O4 - HKUS\S-1-5-19\..\RunOnce: [] (User '?')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User '?')
O4 - HKUS\S-1-5-20\..\RunOnce: [] (User '?')
O4 - HKUS\S-1-5-21-2826126612-341877328-3438544454-1000\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [] (User '?')
O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user')
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Estadísticas del componente Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {8731163E-77B9-4F91-9122-F112521C28AF} (MMSPlayerX Class) - http://mmbox.itelcel...r/mmsPlayer.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: @%SystemRoot%\system32\PresentationHost.exe,-3309 (FontCache3.0.0.0) - Unknown owner - C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 7214 bytes
#6
- No Spiware
-
- Grupo: Globales
- Mensajes: 21063
- Registrado: 15-August 04
Posted 07 July 2009 - 10:53 PM
Abre el AdAware SE
Ve a AdWatch interfaz del usuario
Ve a herramientas y preferencias
En el boton de la pantalla verás dos opciones :
Activo y Automático
Activo:esto tornará Ad-Watch On//off sin necesidad de cerrarlo
Automático : toda actividad sospechosa será bloquada en forma automática
saca el tilde de ambas opciones. Luego de limpiar podrás activarlas otra vez
Luego:
Descarga la utilidad ComboFix.exe (Windows 98/ME/2000/XP)
http://download.blee...Bs/ComboFix.exe
http://www.techsuppo...Bs/ComboFix.exe
http://download.blee...Bs/ComboFix.exe
http://subs.geekstog...ta/ComboFix.exe
Desactiva temporalmente el Antivirus y/o Antispyware.
Cierra todas las ventanas abiertas.
*Nota* Mientras CF este trabajando no mover el mouse ya que pararía su proceso.
*Nota* ComboFix puede reiniciar automáticamente el PC para completar el proceso de eliminación.
-Ejecuta ComboFix.exe para iniciar el programa.
-Se abrirá la ventana del programa en modo MS-DOS. Pulsa inmediatamente la tecla "Y" (Yes) y después sobre ENTER para iniciar el proceso de detección y limpieza.
-Los iconos del Escritorio desaparecerán (esto es normal) y aparecerá el mensaje "Performing a scan of your machine".
- A continuación, aparecerá el mensaje "Preparing a log report" "This takes a while. So, please be patient".
-Seguidamente, aparecerán los mensajes "Almost done..." "A report of Combofix's actions would be produced at C:\Combofix.txt".
-Se paciente y espera a que la ventana del programa se cierre sola y se muestre el archivo C:\Combofix.txt. Los iconos del Escritorio volverán a su sitio sin necesidad de tener que reiniciar el PC.
-Por último, el informe combofix.txt mostrará los archivos detectados y eliminados, ese tal reporte lo pegas acá
- Además pon un nuevo log del hijack
Saludos
Caito
Ve a AdWatch interfaz del usuario
Ve a herramientas y preferencias
En el boton de la pantalla verás dos opciones :
Activo y Automático
Activo:esto tornará Ad-Watch On//off sin necesidad de cerrarlo
Automático : toda actividad sospechosa será bloquada en forma automática
saca el tilde de ambas opciones. Luego de limpiar podrás activarlas otra vez
Luego:
Descarga la utilidad ComboFix.exe (Windows 98/ME/2000/XP)
http://download.blee...Bs/ComboFix.exe
http://www.techsuppo...Bs/ComboFix.exe
http://download.blee...Bs/ComboFix.exe
http://subs.geekstog...ta/ComboFix.exe
Desactiva temporalmente el Antivirus y/o Antispyware.
Cierra todas las ventanas abiertas.
*Nota* Mientras CF este trabajando no mover el mouse ya que pararía su proceso.
*Nota* ComboFix puede reiniciar automáticamente el PC para completar el proceso de eliminación.
-Ejecuta ComboFix.exe para iniciar el programa.
-Se abrirá la ventana del programa en modo MS-DOS. Pulsa inmediatamente la tecla "Y" (Yes) y después sobre ENTER para iniciar el proceso de detección y limpieza.
-Los iconos del Escritorio desaparecerán (esto es normal) y aparecerá el mensaje "Performing a scan of your machine".
- A continuación, aparecerá el mensaje "Preparing a log report" "This takes a while. So, please be patient".
-Seguidamente, aparecerán los mensajes "Almost done..." "A report of Combofix's actions would be produced at C:\Combofix.txt".
-Se paciente y espera a que la ventana del programa se cierre sola y se muestre el archivo C:\Combofix.txt. Los iconos del Escritorio volverán a su sitio sin necesidad de tener que reiniciar el PC.
-Por último, el informe combofix.txt mostrará los archivos detectados y eliminados, ese tal reporte lo pegas acá
- Además pon un nuevo log del hijack
Saludos
Caito
#7
- Miembro Avanzado
-
- Grupo: Members
- Mensajes: 63
- Registrado: 22-February 06
Posted 08 July 2009 - 02:05 AM
Aqui te dejo los reportes Caito
este es el de combofix
ComboFix 09-07-07.A2 - Mara 07/07/2009 19:40.1 - NTFSx86
Running from: c:\users\Mara\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-1977552084-830720039-2976544655-500
c:\$recycle.bin\S-1-5-21-2826126612-341877328-3438544454-500
c:\recycler\S-1-5-21-0230149787-2146084638-694461594-1322
c:\users\Mara\AppData\Roaming\inst.exe
c:\windows\Installer\1d01a9.msi
c:\windows\Installer\7487d.msi
c:\windows\Installer\WMEncoder.msi
c:\windows\system32\KBL.LOG
.
((((((((((((((((((((((((( Files Created from 2009-06-08 to 2009-07-08 )))))))))))))))))))))))))))))))
.
2009-07-05 20:58 . 2009-07-05 20:58 -------- d-----w- c:\users\Mara\DoctorWeb
2009-07-04 22:15 . 2009-07-04 22:15 -------- d-----w- c:\users\Mara\AppData\Roaming\Malwarebytes
2009-07-04 22:15 . 2009-06-17 16:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-04 22:15 . 2009-07-04 22:15 -------- d-----w- c:\programdata\Malwarebytes
2009-07-04 22:15 . 2009-07-04 22:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-04 22:15 . 2009-06-17 16:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-02 04:48 . 2008-06-19 22:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-07-02 04:48 . 2009-07-02 04:48 -------- d-----w- c:\program files\Panda Security
2009-07-02 00:05 . 2009-07-02 00:05 -------- d-----w- c:\program files\Java
2009-07-01 18:57 . 2009-07-04 23:49 -------- d-----w- c:\windows\BDOSCAN8
2009-07-01 05:51 . 2009-07-01 05:51 112144 ----a-w- c:\programdata\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.1.321\X86\kl1.sys
2009-07-01 05:51 . 2009-07-01 05:51 25104 ----a-w- c:\programdata\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.1.321\ushata.dll
2009-07-01 05:51 . 2009-07-01 05:51 772624 ----a-w- c:\programdata\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.1.321\updater.dll
2009-07-01 05:51 . 2009-07-01 05:51 150032 ----a-w- c:\programdata\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.1.321\diffs.dll
2009-07-01 05:51 . 2009-07-01 05:51 354832 ----a-w- c:\programdata\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.1.321\ckahum.dll
2009-07-01 05:18 . 2008-07-09 17:41 -------- d--h--w- C:\klab
2009-07-01 05:12 . 2009-07-01 05:51 94643 ----a-w- c:\windows\system32\drivers\klick.dat
2009-07-01 05:12 . 2009-07-01 05:51 105395 ----a-w- c:\windows\system32\drivers\klin.dat
2009-07-01 05:12 . 2009-07-08 00:25 -------- d-----w- c:\programdata\Kaspersky Lab
2009-07-01 05:12 . 2009-07-01 05:12 -------- d-----w- c:\program files\Kaspersky Lab
2009-07-01 02:43 . 2009-07-01 02:43 -------- d-----w- c:\program files\Trend Micro
2009-06-30 05:15 . 2009-07-07 16:32 66019104 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-06-30 04:52 . 2009-07-01 05:01 -------- d-----w- c:\program files\Common Files\ParetoLogic
2009-06-30 04:22 . 2009-06-30 04:22 -------- d-----w- c:\program files\ESET
2009-06-30 01:32 . 2009-06-30 00:07 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-06-30 00:07 . 2009-06-30 00:06 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-06-30 00:07 . 2009-06-30 00:07 314712 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-06-30 00:07 . 2009-07-07 00:08 25440 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-06-30 00:07 . 2009-06-30 00:07 15688 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-06-30 00:07 . 2009-06-30 00:07 169312 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-06-30 00:07 . 2009-06-30 00:07 348496 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-06-30 00:07 . 2009-06-30 00:07 298336 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-06-30 00:07 . 2009-06-30 00:07 84832 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-06-30 00:06 . 2009-07-07 00:08 1630560 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Resources.dll
2009-06-30 00:06 . 2009-06-30 00:06 246128 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-06-30 00:06 . 2009-06-30 00:06 40288 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-06-30 00:06 . 2009-06-30 00:06 64160 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-06-30 00:06 . 2009-06-30 00:06 85352 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Drivers\32\AAWDriverTool.exe
2009-06-30 00:06 . 2009-06-30 00:06 664424 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-06-30 00:06 . 2009-06-30 00:06 563064 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-06-30 00:06 . 2009-06-30 00:06 566632 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-06-30 00:06 . 2009-07-07 00:07 2353480 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-06-30 00:05 . 2009-06-30 00:05 629072 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-06-30 00:05 . 2009-06-30 00:05 520024 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-06-30 00:05 . 2009-06-30 00:05 1029456 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-06-29 23:59 . 2009-06-30 00:07 -------- dc----w- c:\windows\system32\DRVSTORE
2009-06-29 23:59 . 2009-06-29 23:59 -------- dc-h--w- c:\programdata\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-29 23:59 . 2009-03-12 08:17 2902048 -c--a-w- c:\programdata\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
2009-06-29 23:58 . 2009-06-29 23:59 -------- d-----w- c:\programdata\Lavasoft
2009-06-29 23:58 . 2009-06-29 23:58 -------- d-----w- c:\program files\Lavasoft
2009-06-29 23:29 . 2009-06-29 23:29 -------- d-----w- c:\program files\CCleaner
2009-06-28 05:24 . 2009-06-29 23:59 -------- d-----w- c:\users\Mara\AppData\Roaming\DivX
2009-06-28 05:23 . 2009-07-02 15:27 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-06-23 14:55 . 2009-06-23 15:13 -------- d-----w- c:\users\Mara\AppData\Roaming\Reg Tool
2009-06-12 01:11 . 2009-04-21 11:55 2033152 ----a-w- c:\windows\system32\win32k.sys
2009-06-12 00:47 . 2009-04-23 12:42 636928 ----a-w- c:\windows\system32\localspl.dll
2009-06-12 00:46 . 2009-04-23 12:43 784896 ----a-w- c:\windows\system32\rpcrt4.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-07 16:32 . 2009-06-30 05:15 830288 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-07-06 10:42 . 2008-01-21 02:33 841216 ----a-w- c:\windows\system32\WerFaultSecure.exe
2009-07-06 10:39 . 2008-01-21 02:33 658432 ----a-w- c:\windows\system32\mstsc.exe
2009-07-06 10:38 . 2006-11-02 08:39 691200 ----a-w- c:\windows\system32\Magnify.exe
2009-07-02 00:05 . 2009-05-05 15:43 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-01 18:29 . 2009-04-14 22:03 247808 ----a-w- c:\windows\system32\wbem\WmiPrvSE.exe
2009-07-01 18:29 . 2008-01-21 02:34 626176 ----a-w- c:\windows\system32\wbem\WMIC.exe
2009-07-01 18:29 . 2008-01-21 02:34 78336 ----a-w- c:\windows\system32\wbem\WinMgmt.exe
2009-07-01 18:29 . 2008-01-21 02:34 174080 ----a-w- c:\windows\system32\wbem\wbemtest.exe
2009-07-01 18:29 . 2008-01-21 02:33 38912 ----a-w- c:\windows\system32\wbem\unsecapp.exe
2009-07-01 18:29 . 2008-01-21 02:33 41472 ----a-w- c:\windows\system32\wbem\scrcons.exe
2009-07-01 18:29 . 2008-01-21 02:33 20480 ----a-w- c:\windows\system32\wbem\mofcomp.exe
2009-07-01 18:27 . 2008-01-21 02:33 3216896 ----a-w- c:\windows\system32\WinSAT.exe
2009-07-01 18:27 . 2008-01-21 02:33 294912 ----a-w- c:\windows\system32\ssText3d.scr
2009-07-01 18:27 . 2008-01-21 02:32 8139264 ----a-w- c:\windows\system32\ssBranded.scr
2009-07-01 18:27 . 2006-11-02 08:48 10752 ----a-w- c:\windows\system32\scrnsave.scr
2009-07-01 18:27 . 2008-01-21 02:35 705536 ----a-w- c:\windows\system32\PhotoScreensaver.scr
2009-07-01 18:27 . 2008-01-21 02:32 221184 ----a-w- c:\windows\system32\Ribbons.scr
2009-07-01 18:27 . 2008-01-21 02:33 799232 ----a-w- c:\windows\system32\certutil.exe
2009-07-01 18:27 . 2008-01-21 02:33 221696 ----a-w- c:\windows\system32\Mystify.scr
2009-07-01 18:27 . 2008-01-21 02:33 880128 ----a-w- c:\windows\system32\Bubbles.scr
2009-07-01 18:27 . 2008-01-21 02:33 1371136 ----a-w- c:\windows\system32\Aurora.scr
2009-07-01 18:26 . 2006-10-17 17:05 28672 ----a-w- c:\windows\Help\OEM\scripts\launchAP.exe
2009-07-01 18:26 . 2007-10-02 10:06 24576 ----a-w- c:\windows\Help\OEM\scripts\HPHS_Launcher.exe
2009-07-01 06:29 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Sidebar
2009-07-01 06:27 . 2008-01-21 02:34 5714432 ----a-w- c:\windows\system32\logon.scr
2009-07-01 06:27 . 2008-01-21 02:33 2092544 ----a-w- c:\windows\system32\dfsr.exe
2009-07-01 06:20 . 2008-07-08 08:16 -------- d-----w- c:\program files\Apoint2K
2009-07-01 05:51 . 2007-10-31 18:41 112144 ----a-w- c:\windows\system32\drivers\kl1.sys
2009-07-01 05:11 . 2009-03-14 16:07 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2009-07-01 01:02 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-06-30 19:11 . 2008-01-21 02:34 186368 ----a-w- c:\windows\system32\SLLUA.exe
2009-06-30 19:10 . 2009-04-14 22:03 667136 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2009-06-30 19:09 . 2008-01-21 02:32 74752 ----a-w- c:\windows\system32\wlanext.exe
2009-06-30 19:08 . 2008-01-21 02:33 192000 ----a-w- c:\windows\system32\bitsadmin.exe
2009-06-30 19:07 . 2006-11-02 09:16 13312 ----a-w- c:\windows\system32\tcmsetup.exe
2009-06-30 19:06 . 2006-11-02 08:47 16896 ----a-w- c:\windows\system32\grpconv.exe
2009-06-30 19:05 . 2008-08-01 03:30 155648 ----a-w- c:\windows\system32\wscript.exe
2009-06-30 19:04 . 2008-01-21 02:34 1793024 ----a-w- c:\windows\system32\mmc.exe
2009-06-30 19:03 . 2006-11-02 08:58 13312 ----a-w- c:\windows\system32\snmptrap.exe
2009-06-30 19:03 . 2006-11-02 08:50 7680 ----a-w- c:\windows\system32\Locator.exe
2009-06-30 19:03 . 2008-01-21 02:33 60416 ----a-w- c:\windows\system32\alg.exe
2009-06-30 18:44 . 2008-01-21 02:35 311296 ----a-w- c:\windows\system32\unregmp2.exe
2009-06-30 18:41 . 2008-01-21 02:33 118272 ----a-w- c:\windows\system32\wbem\WMIADAP.exe
2009-06-30 18:40 . 2008-01-21 02:34 143360 ----a-w- c:\windows\system32\WUDFHost.exe
2009-06-30 18:40 . 2008-01-21 02:34 26112 ----a-w- c:\windows\system32\userinit.exe
2009-06-30 15:21 . 2008-01-21 02:34 20992 ----a-w- c:\windows\system32\RacAgent.exe
2009-06-30 15:20 . 2008-01-21 02:33 56320 ----a-w- c:\windows\system32\wermgr.exe
2009-06-30 15:19 . 2008-01-21 02:33 1055232 ----a-w- c:\windows\system32\VSSVC.exe
2009-06-30 15:19 . 2006-11-02 08:47 81920 ----a-w- c:\windows\system32\SystemPropertiesProtection.exe
2009-06-30 15:18 . 2006-11-02 08:48 9728 ----a-w- c:\windows\system32\verclsid.exe
2009-06-30 15:17 . 2008-01-21 02:34 151552 ----a-w- c:\windows\system32\schtasks.exe
2009-06-30 15:16 . 2008-01-21 02:33 192512 ----a-w- c:\windows\system32\wsqmcons.exe
2009-06-30 15:14 . 2008-01-21 02:33 81920 ----a-w- c:\windows\system32\consent.exe
2009-06-30 06:30 . 2008-01-21 02:33 318976 ----a-w- c:\windows\system32\cmd.exe
2009-06-30 06:30 . 2006-11-02 08:47 212992 ----a-w- c:\windows\system32\control.exe
2009-06-30 06:30 . 2008-01-21 02:34 9216 ----a-w- c:\windows\system32\LogonUI.exe
2009-06-30 06:30 . 2008-01-21 02:34 151552 ----a-w- c:\windows\system32\notepad.exe
2009-06-30 05:15 . 2006-11-02 08:48 44544 ----a-w- c:\windows\system32\rundll32.exe
2009-06-30 05:15 . 2006-11-02 09:11 9216 ----a-w- c:\windows\winhlp32.exe
2009-06-30 01:32 . 2008-03-10 04:46 -------- d-----w- c:\program files\MSN Messenger
2009-06-29 03:22 . 2009-05-27 02:55 -------- d-----w- c:\users\Mara\AppData\Roaming\Desktopicon
2009-06-26 05:43 . 2008-07-24 05:06 -------- d-----w- c:\program files\Common Files\LightScribe
2009-06-25 03:24 . 2008-07-24 05:21 108248 ----a-w- c:\users\Mara\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-22 19:37 . 2008-09-20 19:40 -------- d-----w- c:\users\Mara\AppData\Roaming\LimeWire
2009-06-15 08:01 . 2008-03-10 04:26 -------- d-----w- c:\programdata\Microsoft Help
2009-06-12 18:07 . 2008-03-10 04:04 -------- d-----w- c:\program files\Microsoft Works
2009-05-31 04:08 . 2009-05-31 04:08 -------- d-----w- c:\programdata\ABBYY
2009-05-31 03:53 . 2009-05-31 03:53 -------- d-----w- c:\users\Mara\AppData\Roaming\ABBYY
2009-05-31 03:52 . 2009-05-31 03:52 -------- d-----w- c:\program files\ABBYY
2009-05-31 03:48 . 2008-03-10 03:32 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-31 03:47 . 2009-05-31 03:47 -------- d-----w- c:\program files\ScanDrv6
2009-05-28 14:06 . 2009-05-27 03:14 -------- d-----w- c:\program files\vso
2009-05-28 14:06 . 2009-05-27 03:14 -------- d-----w- c:\users\Mara\AppData\Roaming\Vso
2009-05-28 14:06 . 2009-05-27 03:14 47360 ----a-w- c:\users\Mara\AppData\Roaming\pcouffin.sys
2009-05-28 14:06 . 2009-05-27 03:14 47360 ----a-w- c:\users\Mara\AppData\Roaming\pcouffin.sys
2009-05-27 03:37 . 2009-05-27 03:37 -------- d-----w- c:\program files\iSofter
2009-05-27 03:14 . 2009-05-27 03:14 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-05-27 02:54 . 2009-05-27 02:54 -------- d-----w- c:\program files\DsNET Corp
2009-05-22 03:02 . 2009-05-22 03:04 53248 ----a-w- c:\windows\STIASPI.DLL
2009-05-22 03:02 . 2009-05-22 03:04 77824 ------w- c:\windows\scanusd.dll
2009-05-22 02:14 . 2008-12-21 22:30 680 ----a-w- c:\users\Mara\AppData\Local\d3d9caps.dat
2009-05-16 23:57 . 2008-09-26 03:05 552 ----a-w- c:\users\Mara\AppData\Roaming\wklnhst.dat
2009-05-16 23:08 . 2008-07-08 08:36 -------- d-----w- c:\programdata\WildTangent
2009-05-13 22:08 . 2009-05-12 03:33 -------- d-----w- c:\program files\Atlas
2009-05-12 04:05 . 2009-05-12 03:59 -------- d-----w- c:\users\Mara\AppData\Roaming\GetRightToGo
2009-04-24 16:05 . 2009-06-12 01:50 827904 ----a-w- c:\windows\system32\wininet.dll
2009-04-24 16:02 . 2009-06-12 01:50 78336 ----a-w- c:\windows\system32\ieencode.dll
.
------- Sigcheck -------
[-] 2009-06-30 19:10 9216 7ED786A481924418A3E7747E5AD35B07 c:\windows\System32\ctfmon.exe
[-] 2009-06-30 19:10 9216 7ED786A481924418A3E7747E5AD35B07 c:\windows\winsxs\x86_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.0.6000.16386_none_9af9cad793a67953\ctfmon.exe
[-] 2009-06-30 18:40 26112 34FE97C2704B0F57F686334BE8040B13 c:\windows\System32\userinit.exe
[-] 2009-06-30 18:40 26112 34FE97C2704B0F57F686334BE8040B13 c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-08-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-28 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-28 137752]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-12-19 468264]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-12-06 202032]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-09-13 222504]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"Ink Monitor"="c:\program files\EPSON\Ink Monitor\InkMonitor.exe" [2009-06-30 258048]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-30 520024]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-02 148888]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1.0\r3hook.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiSpywareOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{CC7729F2-6607-4451-A04F-B52A8B5CCA32}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{5D544672-B369-467D-8744-AC8879263DA1}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{B67CFC00-98E3-4F92-AED9-7186AD056C6E}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{46DB359F-B5E9-41CF-AE14-EA19AFD0D6F9}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{0D849478-FAC9-48EA-BA9D-66E71F074B6E}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{31FF75D9-C664-459B-92F9-4833CE9BC216}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{DACD0295-24DE-4205-A331-6D6D623BA34D}"= UDP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{73A50504-5DDB-4664-9DF9-96C0461936B5}"= TCP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"TCP Query User{17B9C9BB-3D9B-4FF2-8239-A659677C562C}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{B0DD177B-9B6D-4720-A60E-4F7C8BB07487}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{98AAD321-0030-42A9-B922-D4D3E439C04F}c:\\program files\\ares\\ares.exe"= UDP:c:\program files\ares\ares.exe:Ares p2p for windows
"UDP Query User{C341584E-504D-47E4-80FA-31FFB390F872}c:\\program files\\ares\\ares.exe"= TCP:c:\program files\ares\ares.exe:Ares p2p for windows
"TCP Query User{1BDE3C10-1F89-47E0-8C12-B07DE3A23DFC}c:\\program files\\ares\\chatserver.exe"= UDP:c:\program files\ares\chatserver.exe:Ares Chat Server
"UDP Query User{AAE366A4-28F8-49EE-A6C9-E6AC405BD2D3}c:\\program files\\ares\\chatserver.exe"= TCP:c:\program files\ares\chatserver.exe:Ares Chat Server
"TCP Query User{9CAAC2C3-AF04-4469-9CC8-88EEC29637A9}c:\\programdata\\kaspersky lab setup files\\kaspersky anti-virus 7.0.1.325\\spanish\\setup.exe"= UDP:c:\programdata\kaspersky lab setup files\kaspersky anti-virus 7.0.1.325\spanish\setup.exe:Kaspersky Anti-Virus 7.0 Instalación
"UDP Query User{7EEC05CA-4A7C-4668-B536-55F9F6F76AC8}c:\\programdata\\kaspersky lab setup files\\kaspersky anti-virus 7.0.1.325\\spanish\\setup.exe"= TCP:c:\programdata\kaspersky lab setup files\kaspersky anti-virus 7.0.1.325\spanish\setup.exe:Kaspersky Anti-Virus 7.0 Instalación
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Windows\\system32\\wininit.exe"= c:\windows\system32\wininit.exe:*:enabled:@shell32.dll,-1
R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-06-30 1029456]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-06-30 64160]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-06-19 28544]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2007-10-16 20496]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
2009-07-07 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 00:06]
.
- - - - ORPHANS REMOVED - - - -
SafeBoot-Wdf01000.sys
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xportar a Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: {8731163E-77B9-4F91-9122-F112521C28AF} - hxxp://mmbox.itelcel.com/mmawap/jsp/composer/player/mmsPlayer.cab
.
.
------- File Associations -------
.
inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-07 19:47
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
c:\users\Mara\AppData\Local\Temp\catchme.dll 53248 bytes executable
scan completed successfully
hidden files: 1
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(652)
c:\progra~1\KASPER~1\KASPER~1.0\r3hook.dll
- - - - - - - > 'lsass.exe'(620)
c:\progra~1\KASPER~1\KASPER~1.0\r3hook.dll
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\dnsq.dll
.
Completion time: 2009-07-08 19:49
ComboFix-quarantined-files.txt 2009-07-08 00:49
Pre-Run: 74,007,113,728 bytes libres
Post-Run: 74,009,825,280 bytes libres
296 --- E O F --- 2009-07-06 21:42
y este el nuevo hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:02:32 p.m., on 07/07/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18248)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-21-2826126612-341877328-3438544454-1000\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User '?')
O4 - HKUS\S-1-5-21-2826126612-341877328-3438544454-1000\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User '?')
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Estadísticas del componente Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {8731163E-77B9-4F91-9122-F112521C28AF} (MMSPlayerX Class) - http://mmbox.itelcel...r/mmsPlayer.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: @%SystemRoot%\system32\PresentationHost.exe,-3309 (FontCache3.0.0.0) - Unknown owner - C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 6740 bytes
gracias por la ayuda!!
este es el de combofix
ComboFix 09-07-07.A2 - Mara 07/07/2009 19:40.1 - NTFSx86
Running from: c:\users\Mara\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-1977552084-830720039-2976544655-500
c:\$recycle.bin\S-1-5-21-2826126612-341877328-3438544454-500
c:\recycler\S-1-5-21-0230149787-2146084638-694461594-1322
c:\users\Mara\AppData\Roaming\inst.exe
c:\windows\Installer\1d01a9.msi
c:\windows\Installer\7487d.msi
c:\windows\Installer\WMEncoder.msi
c:\windows\system32\KBL.LOG
.
((((((((((((((((((((((((( Files Created from 2009-06-08 to 2009-07-08 )))))))))))))))))))))))))))))))
.
2009-07-05 20:58 . 2009-07-05 20:58 -------- d-----w- c:\users\Mara\DoctorWeb
2009-07-04 22:15 . 2009-07-04 22:15 -------- d-----w- c:\users\Mara\AppData\Roaming\Malwarebytes
2009-07-04 22:15 . 2009-06-17 16:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-04 22:15 . 2009-07-04 22:15 -------- d-----w- c:\programdata\Malwarebytes
2009-07-04 22:15 . 2009-07-04 22:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-04 22:15 . 2009-06-17 16:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-02 04:48 . 2008-06-19 22:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-07-02 04:48 . 2009-07-02 04:48 -------- d-----w- c:\program files\Panda Security
2009-07-02 00:05 . 2009-07-02 00:05 -------- d-----w- c:\program files\Java
2009-07-01 18:57 . 2009-07-04 23:49 -------- d-----w- c:\windows\BDOSCAN8
2009-07-01 05:51 . 2009-07-01 05:51 112144 ----a-w- c:\programdata\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.1.321\X86\kl1.sys
2009-07-01 05:51 . 2009-07-01 05:51 25104 ----a-w- c:\programdata\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.1.321\ushata.dll
2009-07-01 05:51 . 2009-07-01 05:51 772624 ----a-w- c:\programdata\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.1.321\updater.dll
2009-07-01 05:51 . 2009-07-01 05:51 150032 ----a-w- c:\programdata\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.1.321\diffs.dll
2009-07-01 05:51 . 2009-07-01 05:51 354832 ----a-w- c:\programdata\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.1.321\ckahum.dll
2009-07-01 05:18 . 2008-07-09 17:41 -------- d--h--w- C:\klab
2009-07-01 05:12 . 2009-07-01 05:51 94643 ----a-w- c:\windows\system32\drivers\klick.dat
2009-07-01 05:12 . 2009-07-01 05:51 105395 ----a-w- c:\windows\system32\drivers\klin.dat
2009-07-01 05:12 . 2009-07-08 00:25 -------- d-----w- c:\programdata\Kaspersky Lab
2009-07-01 05:12 . 2009-07-01 05:12 -------- d-----w- c:\program files\Kaspersky Lab
2009-07-01 02:43 . 2009-07-01 02:43 -------- d-----w- c:\program files\Trend Micro
2009-06-30 05:15 . 2009-07-07 16:32 66019104 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-06-30 04:52 . 2009-07-01 05:01 -------- d-----w- c:\program files\Common Files\ParetoLogic
2009-06-30 04:22 . 2009-06-30 04:22 -------- d-----w- c:\program files\ESET
2009-06-30 01:32 . 2009-06-30 00:07 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-06-30 00:07 . 2009-06-30 00:06 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-06-30 00:07 . 2009-06-30 00:07 314712 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-06-30 00:07 . 2009-07-07 00:08 25440 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-06-30 00:07 . 2009-06-30 00:07 15688 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-06-30 00:07 . 2009-06-30 00:07 169312 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-06-30 00:07 . 2009-06-30 00:07 348496 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-06-30 00:07 . 2009-06-30 00:07 298336 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-06-30 00:07 . 2009-06-30 00:07 84832 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-06-30 00:06 . 2009-07-07 00:08 1630560 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Resources.dll
2009-06-30 00:06 . 2009-06-30 00:06 246128 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-06-30 00:06 . 2009-06-30 00:06 40288 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-06-30 00:06 . 2009-06-30 00:06 64160 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-06-30 00:06 . 2009-06-30 00:06 85352 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Drivers\32\AAWDriverTool.exe
2009-06-30 00:06 . 2009-06-30 00:06 664424 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-06-30 00:06 . 2009-06-30 00:06 563064 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-06-30 00:06 . 2009-06-30 00:06 566632 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-06-30 00:06 . 2009-07-07 00:07 2353480 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-06-30 00:05 . 2009-06-30 00:05 629072 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-06-30 00:05 . 2009-06-30 00:05 520024 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-06-30 00:05 . 2009-06-30 00:05 1029456 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-06-29 23:59 . 2009-06-30 00:07 -------- dc----w- c:\windows\system32\DRVSTORE
2009-06-29 23:59 . 2009-06-29 23:59 -------- dc-h--w- c:\programdata\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-29 23:59 . 2009-03-12 08:17 2902048 -c--a-w- c:\programdata\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
2009-06-29 23:58 . 2009-06-29 23:59 -------- d-----w- c:\programdata\Lavasoft
2009-06-29 23:58 . 2009-06-29 23:58 -------- d-----w- c:\program files\Lavasoft
2009-06-29 23:29 . 2009-06-29 23:29 -------- d-----w- c:\program files\CCleaner
2009-06-28 05:24 . 2009-06-29 23:59 -------- d-----w- c:\users\Mara\AppData\Roaming\DivX
2009-06-28 05:23 . 2009-07-02 15:27 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-06-23 14:55 . 2009-06-23 15:13 -------- d-----w- c:\users\Mara\AppData\Roaming\Reg Tool
2009-06-12 01:11 . 2009-04-21 11:55 2033152 ----a-w- c:\windows\system32\win32k.sys
2009-06-12 00:47 . 2009-04-23 12:42 636928 ----a-w- c:\windows\system32\localspl.dll
2009-06-12 00:46 . 2009-04-23 12:43 784896 ----a-w- c:\windows\system32\rpcrt4.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-07 16:32 . 2009-06-30 05:15 830288 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-07-06 10:42 . 2008-01-21 02:33 841216 ----a-w- c:\windows\system32\WerFaultSecure.exe
2009-07-06 10:39 . 2008-01-21 02:33 658432 ----a-w- c:\windows\system32\mstsc.exe
2009-07-06 10:38 . 2006-11-02 08:39 691200 ----a-w- c:\windows\system32\Magnify.exe
2009-07-02 00:05 . 2009-05-05 15:43 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-01 18:29 . 2009-04-14 22:03 247808 ----a-w- c:\windows\system32\wbem\WmiPrvSE.exe
2009-07-01 18:29 . 2008-01-21 02:34 626176 ----a-w- c:\windows\system32\wbem\WMIC.exe
2009-07-01 18:29 . 2008-01-21 02:34 78336 ----a-w- c:\windows\system32\wbem\WinMgmt.exe
2009-07-01 18:29 . 2008-01-21 02:34 174080 ----a-w- c:\windows\system32\wbem\wbemtest.exe
2009-07-01 18:29 . 2008-01-21 02:33 38912 ----a-w- c:\windows\system32\wbem\unsecapp.exe
2009-07-01 18:29 . 2008-01-21 02:33 41472 ----a-w- c:\windows\system32\wbem\scrcons.exe
2009-07-01 18:29 . 2008-01-21 02:33 20480 ----a-w- c:\windows\system32\wbem\mofcomp.exe
2009-07-01 18:27 . 2008-01-21 02:33 3216896 ----a-w- c:\windows\system32\WinSAT.exe
2009-07-01 18:27 . 2008-01-21 02:33 294912 ----a-w- c:\windows\system32\ssText3d.scr
2009-07-01 18:27 . 2008-01-21 02:32 8139264 ----a-w- c:\windows\system32\ssBranded.scr
2009-07-01 18:27 . 2006-11-02 08:48 10752 ----a-w- c:\windows\system32\scrnsave.scr
2009-07-01 18:27 . 2008-01-21 02:35 705536 ----a-w- c:\windows\system32\PhotoScreensaver.scr
2009-07-01 18:27 . 2008-01-21 02:32 221184 ----a-w- c:\windows\system32\Ribbons.scr
2009-07-01 18:27 . 2008-01-21 02:33 799232 ----a-w- c:\windows\system32\certutil.exe
2009-07-01 18:27 . 2008-01-21 02:33 221696 ----a-w- c:\windows\system32\Mystify.scr
2009-07-01 18:27 . 2008-01-21 02:33 880128 ----a-w- c:\windows\system32\Bubbles.scr
2009-07-01 18:27 . 2008-01-21 02:33 1371136 ----a-w- c:\windows\system32\Aurora.scr
2009-07-01 18:26 . 2006-10-17 17:05 28672 ----a-w- c:\windows\Help\OEM\scripts\launchAP.exe
2009-07-01 18:26 . 2007-10-02 10:06 24576 ----a-w- c:\windows\Help\OEM\scripts\HPHS_Launcher.exe
2009-07-01 06:29 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Sidebar
2009-07-01 06:27 . 2008-01-21 02:34 5714432 ----a-w- c:\windows\system32\logon.scr
2009-07-01 06:27 . 2008-01-21 02:33 2092544 ----a-w- c:\windows\system32\dfsr.exe
2009-07-01 06:20 . 2008-07-08 08:16 -------- d-----w- c:\program files\Apoint2K
2009-07-01 05:51 . 2007-10-31 18:41 112144 ----a-w- c:\windows\system32\drivers\kl1.sys
2009-07-01 05:11 . 2009-03-14 16:07 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2009-07-01 01:02 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-06-30 19:11 . 2008-01-21 02:34 186368 ----a-w- c:\windows\system32\SLLUA.exe
2009-06-30 19:10 . 2009-04-14 22:03 667136 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2009-06-30 19:09 . 2008-01-21 02:32 74752 ----a-w- c:\windows\system32\wlanext.exe
2009-06-30 19:08 . 2008-01-21 02:33 192000 ----a-w- c:\windows\system32\bitsadmin.exe
2009-06-30 19:07 . 2006-11-02 09:16 13312 ----a-w- c:\windows\system32\tcmsetup.exe
2009-06-30 19:06 . 2006-11-02 08:47 16896 ----a-w- c:\windows\system32\grpconv.exe
2009-06-30 19:05 . 2008-08-01 03:30 155648 ----a-w- c:\windows\system32\wscript.exe
2009-06-30 19:04 . 2008-01-21 02:34 1793024 ----a-w- c:\windows\system32\mmc.exe
2009-06-30 19:03 . 2006-11-02 08:58 13312 ----a-w- c:\windows\system32\snmptrap.exe
2009-06-30 19:03 . 2006-11-02 08:50 7680 ----a-w- c:\windows\system32\Locator.exe
2009-06-30 19:03 . 2008-01-21 02:33 60416 ----a-w- c:\windows\system32\alg.exe
2009-06-30 18:44 . 2008-01-21 02:35 311296 ----a-w- c:\windows\system32\unregmp2.exe
2009-06-30 18:41 . 2008-01-21 02:33 118272 ----a-w- c:\windows\system32\wbem\WMIADAP.exe
2009-06-30 18:40 . 2008-01-21 02:34 143360 ----a-w- c:\windows\system32\WUDFHost.exe
2009-06-30 18:40 . 2008-01-21 02:34 26112 ----a-w- c:\windows\system32\userinit.exe
2009-06-30 15:21 . 2008-01-21 02:34 20992 ----a-w- c:\windows\system32\RacAgent.exe
2009-06-30 15:20 . 2008-01-21 02:33 56320 ----a-w- c:\windows\system32\wermgr.exe
2009-06-30 15:19 . 2008-01-21 02:33 1055232 ----a-w- c:\windows\system32\VSSVC.exe
2009-06-30 15:19 . 2006-11-02 08:47 81920 ----a-w- c:\windows\system32\SystemPropertiesProtection.exe
2009-06-30 15:18 . 2006-11-02 08:48 9728 ----a-w- c:\windows\system32\verclsid.exe
2009-06-30 15:17 . 2008-01-21 02:34 151552 ----a-w- c:\windows\system32\schtasks.exe
2009-06-30 15:16 . 2008-01-21 02:33 192512 ----a-w- c:\windows\system32\wsqmcons.exe
2009-06-30 15:14 . 2008-01-21 02:33 81920 ----a-w- c:\windows\system32\consent.exe
2009-06-30 06:30 . 2008-01-21 02:33 318976 ----a-w- c:\windows\system32\cmd.exe
2009-06-30 06:30 . 2006-11-02 08:47 212992 ----a-w- c:\windows\system32\control.exe
2009-06-30 06:30 . 2008-01-21 02:34 9216 ----a-w- c:\windows\system32\LogonUI.exe
2009-06-30 06:30 . 2008-01-21 02:34 151552 ----a-w- c:\windows\system32\notepad.exe
2009-06-30 05:15 . 2006-11-02 08:48 44544 ----a-w- c:\windows\system32\rundll32.exe
2009-06-30 05:15 . 2006-11-02 09:11 9216 ----a-w- c:\windows\winhlp32.exe
2009-06-30 01:32 . 2008-03-10 04:46 -------- d-----w- c:\program files\MSN Messenger
2009-06-29 03:22 . 2009-05-27 02:55 -------- d-----w- c:\users\Mara\AppData\Roaming\Desktopicon
2009-06-26 05:43 . 2008-07-24 05:06 -------- d-----w- c:\program files\Common Files\LightScribe
2009-06-25 03:24 . 2008-07-24 05:21 108248 ----a-w- c:\users\Mara\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-22 19:37 . 2008-09-20 19:40 -------- d-----w- c:\users\Mara\AppData\Roaming\LimeWire
2009-06-15 08:01 . 2008-03-10 04:26 -------- d-----w- c:\programdata\Microsoft Help
2009-06-12 18:07 . 2008-03-10 04:04 -------- d-----w- c:\program files\Microsoft Works
2009-05-31 04:08 . 2009-05-31 04:08 -------- d-----w- c:\programdata\ABBYY
2009-05-31 03:53 . 2009-05-31 03:53 -------- d-----w- c:\users\Mara\AppData\Roaming\ABBYY
2009-05-31 03:52 . 2009-05-31 03:52 -------- d-----w- c:\program files\ABBYY
2009-05-31 03:48 . 2008-03-10 03:32 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-31 03:47 . 2009-05-31 03:47 -------- d-----w- c:\program files\ScanDrv6
2009-05-28 14:06 . 2009-05-27 03:14 -------- d-----w- c:\program files\vso
2009-05-28 14:06 . 2009-05-27 03:14 -------- d-----w- c:\users\Mara\AppData\Roaming\Vso
2009-05-28 14:06 . 2009-05-27 03:14 47360 ----a-w- c:\users\Mara\AppData\Roaming\pcouffin.sys
2009-05-28 14:06 . 2009-05-27 03:14 47360 ----a-w- c:\users\Mara\AppData\Roaming\pcouffin.sys
2009-05-27 03:37 . 2009-05-27 03:37 -------- d-----w- c:\program files\iSofter
2009-05-27 03:14 . 2009-05-27 03:14 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-05-27 02:54 . 2009-05-27 02:54 -------- d-----w- c:\program files\DsNET Corp
2009-05-22 03:02 . 2009-05-22 03:04 53248 ----a-w- c:\windows\STIASPI.DLL
2009-05-22 03:02 . 2009-05-22 03:04 77824 ------w- c:\windows\scanusd.dll
2009-05-22 02:14 . 2008-12-21 22:30 680 ----a-w- c:\users\Mara\AppData\Local\d3d9caps.dat
2009-05-16 23:57 . 2008-09-26 03:05 552 ----a-w- c:\users\Mara\AppData\Roaming\wklnhst.dat
2009-05-16 23:08 . 2008-07-08 08:36 -------- d-----w- c:\programdata\WildTangent
2009-05-13 22:08 . 2009-05-12 03:33 -------- d-----w- c:\program files\Atlas
2009-05-12 04:05 . 2009-05-12 03:59 -------- d-----w- c:\users\Mara\AppData\Roaming\GetRightToGo
2009-04-24 16:05 . 2009-06-12 01:50 827904 ----a-w- c:\windows\system32\wininet.dll
2009-04-24 16:02 . 2009-06-12 01:50 78336 ----a-w- c:\windows\system32\ieencode.dll
.
------- Sigcheck -------
[-] 2009-06-30 19:10 9216 7ED786A481924418A3E7747E5AD35B07 c:\windows\System32\ctfmon.exe
[-] 2009-06-30 19:10 9216 7ED786A481924418A3E7747E5AD35B07 c:\windows\winsxs\x86_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.0.6000.16386_none_9af9cad793a67953\ctfmon.exe
[-] 2009-06-30 18:40 26112 34FE97C2704B0F57F686334BE8040B13 c:\windows\System32\userinit.exe
[-] 2009-06-30 18:40 26112 34FE97C2704B0F57F686334BE8040B13 c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-08-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-28 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-28 137752]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-12-19 468264]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-12-06 202032]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-09-13 222504]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"Ink Monitor"="c:\program files\EPSON\Ink Monitor\InkMonitor.exe" [2009-06-30 258048]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-30 520024]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-02 148888]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1.0\r3hook.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiSpywareOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{CC7729F2-6607-4451-A04F-B52A8B5CCA32}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{5D544672-B369-467D-8744-AC8879263DA1}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{B67CFC00-98E3-4F92-AED9-7186AD056C6E}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{46DB359F-B5E9-41CF-AE14-EA19AFD0D6F9}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{0D849478-FAC9-48EA-BA9D-66E71F074B6E}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{31FF75D9-C664-459B-92F9-4833CE9BC216}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{DACD0295-24DE-4205-A331-6D6D623BA34D}"= UDP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{73A50504-5DDB-4664-9DF9-96C0461936B5}"= TCP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"TCP Query User{17B9C9BB-3D9B-4FF2-8239-A659677C562C}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{B0DD177B-9B6D-4720-A60E-4F7C8BB07487}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{98AAD321-0030-42A9-B922-D4D3E439C04F}c:\\program files\\ares\\ares.exe"= UDP:c:\program files\ares\ares.exe:Ares p2p for windows
"UDP Query User{C341584E-504D-47E4-80FA-31FFB390F872}c:\\program files\\ares\\ares.exe"= TCP:c:\program files\ares\ares.exe:Ares p2p for windows
"TCP Query User{1BDE3C10-1F89-47E0-8C12-B07DE3A23DFC}c:\\program files\\ares\\chatserver.exe"= UDP:c:\program files\ares\chatserver.exe:Ares Chat Server
"UDP Query User{AAE366A4-28F8-49EE-A6C9-E6AC405BD2D3}c:\\program files\\ares\\chatserver.exe"= TCP:c:\program files\ares\chatserver.exe:Ares Chat Server
"TCP Query User{9CAAC2C3-AF04-4469-9CC8-88EEC29637A9}c:\\programdata\\kaspersky lab setup files\\kaspersky anti-virus 7.0.1.325\\spanish\\setup.exe"= UDP:c:\programdata\kaspersky lab setup files\kaspersky anti-virus 7.0.1.325\spanish\setup.exe:Kaspersky Anti-Virus 7.0 Instalación
"UDP Query User{7EEC05CA-4A7C-4668-B536-55F9F6F76AC8}c:\\programdata\\kaspersky lab setup files\\kaspersky anti-virus 7.0.1.325\\spanish\\setup.exe"= TCP:c:\programdata\kaspersky lab setup files\kaspersky anti-virus 7.0.1.325\spanish\setup.exe:Kaspersky Anti-Virus 7.0 Instalación
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Windows\\system32\\wininit.exe"= c:\windows\system32\wininit.exe:*:enabled:@shell32.dll,-1
R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-06-30 1029456]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-06-30 64160]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-06-19 28544]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2007-10-16 20496]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
2009-07-07 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 00:06]
.
- - - - ORPHANS REMOVED - - - -
SafeBoot-Wdf01000.sys
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xportar a Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: {8731163E-77B9-4F91-9122-F112521C28AF} - hxxp://mmbox.itelcel.com/mmawap/jsp/composer/player/mmsPlayer.cab
.
.
------- File Associations -------
.
inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-07 19:47
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
c:\users\Mara\AppData\Local\Temp\catchme.dll 53248 bytes executable
scan completed successfully
hidden files: 1
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(652)
c:\progra~1\KASPER~1\KASPER~1.0\r3hook.dll
- - - - - - - > 'lsass.exe'(620)
c:\progra~1\KASPER~1\KASPER~1.0\r3hook.dll
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\dnsq.dll
.
Completion time: 2009-07-08 19:49
ComboFix-quarantined-files.txt 2009-07-08 00:49
Pre-Run: 74,007,113,728 bytes libres
Post-Run: 74,009,825,280 bytes libres
296 --- E O F --- 2009-07-06 21:42
y este el nuevo hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:02:32 p.m., on 07/07/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18248)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-21-2826126612-341877328-3438544454-1000\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User '?')
O4 - HKUS\S-1-5-21-2826126612-341877328-3438544454-1000\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User '?')
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Estadísticas del componente Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {8731163E-77B9-4F91-9122-F112521C28AF} (MMSPlayerX Class) - http://mmbox.itelcel...r/mmsPlayer.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: @%SystemRoot%\system32\PresentationHost.exe,-3309 (FontCache3.0.0.0) - Unknown owner - C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 6740 bytes
gracias por la ayuda!!
#10
- No Spiware
-
- Grupo: Globales
- Mensajes: 21063
- Registrado: 15-August 04
Posted 08 July 2009 - 05:15 PM
Hiciste esto ?
"Abre el AdAware SE
Ve a AdWatch interfaz del usuario
Ve a herramientas y preferencias
En el boton de la pantalla verás dos opciones :
Activo y Automático
Activo:esto tornará Ad-Watch On//off sin necesidad de cerrarlo
Automático : toda actividad sospechosa será bloquada en forma automática
saca el tilde de ambas opciones. Luego de limpiar podrás activarlas otra vez"
Hazlo y repite lo del combo Fix
Saludos
Caito
"Abre el AdAware SE
Ve a AdWatch interfaz del usuario
Ve a herramientas y preferencias
En el boton de la pantalla verás dos opciones :
Activo y Automático
Activo:esto tornará Ad-Watch On//off sin necesidad de cerrarlo
Automático : toda actividad sospechosa será bloquada en forma automática
saca el tilde de ambas opciones. Luego de limpiar podrás activarlas otra vez"
Hazlo y repite lo del combo Fix
Saludos
Caito
#11
- Miembro Avanzado
-
- Grupo: Members
- Mensajes: 63
- Registrado: 22-February 06
Posted 10 July 2009 - 01:19 AM
Pues si ya habia hecho ese paso que me mencionaste, lo que hice esta vez fue desinstalar el adaware para evitar algun bloqueo y volvi a pasar el combofix, hice mal al desinstalar?...
bueno aqui te dejo los reportes...
Combofix
ComboFix 09-07-09.06 - Mara 09/07/2009 18:54.3.1 - NTFSx86
Running from: c:\users\Mara\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2009-06-09 to 2009-07-09 )))))))))))))))))))))))))))))))
.
2009-07-05 20:58 . 2009-07-05 20:58 -------- d-----w- c:\users\Mara\DoctorWeb
2009-07-04 22:15 . 2009-07-04 22:15 -------- d-----w- c:\users\Mara\AppData\Roaming\Malwarebytes
2009-07-04 22:15 . 2009-06-17 16:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-04 22:15 . 2009-07-04 22:15 -------- d-----w- c:\programdata\Malwarebytes
2009-07-04 22:15 . 2009-07-04 22:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-04 22:15 . 2009-06-17 16:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-02 04:48 . 2008-06-19 22:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-07-02 04:48 . 2009-07-02 04:48 -------- d-----w- c:\program files\Panda Security
2009-07-02 00:05 . 2009-07-02 00:05 -------- d-----w- c:\program files\Java
2009-07-01 18:57 . 2009-07-04 23:49 -------- d-----w- c:\windows\BDOSCAN8
2009-07-01 05:51 . 2009-07-01 05:51 112144 ----a-w- c:\programdata\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.1.321\X86\kl1.sys
2009-07-01 05:51 . 2009-07-01 05:51 25104 ----a-w- c:\programdata\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.1.321\ushata.dll
2009-07-01 05:51 . 2009-07-01 05:51 772624 ----a-w- c:\programdata\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.1.321\updater.dll
2009-07-01 05:51 . 2009-07-01 05:51 150032 ----a-w- c:\programdata\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.1.321\diffs.dll
2009-07-01 05:51 . 2009-07-01 05:51 354832 ----a-w- c:\programdata\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.1.321\ckahum.dll
2009-07-01 05:18 . 2008-07-09 17:41 -------- d--h--w- C:\klab
2009-07-01 05:12 . 2009-07-01 05:51 94643 ----a-w- c:\windows\system32\drivers\klick.dat
2009-07-01 05:12 . 2009-07-01 05:51 105395 ----a-w- c:\windows\system32\drivers\klin.dat
2009-07-01 05:12 . 2009-07-09 23:35 -------- d-----w- c:\programdata\Kaspersky Lab
2009-07-01 05:12 . 2009-07-01 05:12 -------- d-----w- c:\program files\Kaspersky Lab
2009-07-01 02:43 . 2009-07-01 02:43 -------- d-----w- c:\program files\Trend Micro
2009-06-30 05:15 . 2009-07-09 23:59 66717984 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-06-30 04:52 . 2009-07-01 05:01 -------- d-----w- c:\program files\Common Files\ParetoLogic
2009-06-30 04:22 . 2009-06-30 04:22 -------- d-----w- c:\program files\ESET
2009-06-29 23:59 . 2009-07-09 23:32 -------- dc----w- c:\windows\system32\DRVSTORE
2009-06-29 23:58 . 2009-07-09 23:33 -------- d-----w- c:\programdata\Lavasoft
2009-06-29 23:58 . 2009-07-09 23:33 -------- d-----w- c:\program files\Lavasoft
2009-06-29 23:29 . 2009-06-29 23:29 -------- d-----w- c:\program files\CCleaner
2009-06-28 05:24 . 2009-06-29 23:59 -------- d-----w- c:\users\Mara\AppData\Roaming\DivX
2009-06-28 05:23 . 2009-07-02 15:27 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-06-23 14:55 . 2009-06-23 15:13 -------- d-----w- c:\users\Mara\AppData\Roaming\Reg Tool
2009-06-12 01:11 . 2009-04-21 11:55 2033152 ----a-w- c:\windows\system32\win32k.sys
2009-06-12 00:47 . 2009-04-23 12:42 636928 ----a-w- c:\windows\system32\localspl.dll
2009-06-12 00:46 . 2009-04-23 12:43 784896 ----a-w- c:\windows\system32\rpcrt4.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-09 23:48 . 2009-06-30 05:15 876896 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-07-06 10:42 . 2008-01-21 02:33 841216 ----a-w- c:\windows\system32\WerFaultSecure.exe
2009-07-06 10:39 . 2008-01-21 02:33 658432 ----a-w- c:\windows\system32\mstsc.exe
2009-07-06 10:38 . 2006-11-02 08:39 691200 ----a-w- c:\windows\system32\Magnify.exe
2009-07-02 00:05 . 2009-05-05 15:43 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-01 18:29 . 2009-04-14 22:03 247808 ----a-w- c:\windows\system32\wbem\WmiPrvSE.exe
2009-07-01 18:29 . 2008-01-21 02:34 626176 ----a-w- c:\windows\system32\wbem\WMIC.exe
2009-07-01 18:29 . 2008-01-21 02:34 78336 ----a-w- c:\windows\system32\wbem\WinMgmt.exe
2009-07-01 18:29 . 2008-01-21 02:34 174080 ----a-w- c:\windows\system32\wbem\wbemtest.exe
2009-07-01 18:29 . 2008-01-21 02:33 38912 ----a-w- c:\windows\system32\wbem\unsecapp.exe
2009-07-01 18:29 . 2008-01-21 02:33 41472 ----a-w- c:\windows\system32\wbem\scrcons.exe
2009-07-01 18:29 . 2008-01-21 02:33 20480 ----a-w- c:\windows\system32\wbem\mofcomp.exe
2009-07-01 18:27 . 2008-01-21 02:33 3216896 ----a-w- c:\windows\system32\WinSAT.exe
2009-07-01 18:27 . 2008-01-21 02:33 294912 ----a-w- c:\windows\system32\ssText3d.scr
2009-07-01 18:27 . 2008-01-21 02:32 8139264 ----a-w- c:\windows\system32\ssBranded.scr
2009-07-01 18:27 . 2006-11-02 08:48 10752 ----a-w- c:\windows\system32\scrnsave.scr
2009-07-01 18:27 . 2008-01-21 02:35 705536 ----a-w- c:\windows\system32\PhotoScreensaver.scr
2009-07-01 18:27 . 2008-01-21 02:32 221184 ----a-w- c:\windows\system32\Ribbons.scr
2009-07-01 18:27 . 2008-01-21 02:33 799232 ----a-w- c:\windows\system32\certutil.exe
2009-07-01 18:27 . 2008-01-21 02:33 221696 ----a-w- c:\windows\system32\Mystify.scr
2009-07-01 18:27 . 2008-01-21 02:33 880128 ----a-w- c:\windows\system32\Bubbles.scr
2009-07-01 18:27 . 2008-01-21 02:33 1371136 ----a-w- c:\windows\system32\Aurora.scr
2009-07-01 18:26 . 2006-10-17 17:05 28672 ----a-w- c:\windows\Help\OEM\scripts\launchAP.exe
2009-07-01 18:26 . 2007-10-02 10:06 24576 ----a-w- c:\windows\Help\OEM\scripts\HPHS_Launcher.exe
2009-07-01 06:29 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Sidebar
2009-07-01 06:27 . 2008-01-21 02:34 5714432 ----a-w- c:\windows\system32\logon.scr
2009-07-01 06:27 . 2008-01-21 02:33 2092544 ----a-w- c:\windows\system32\dfsr.exe
2009-07-01 06:20 . 2008-07-08 08:16 -------- d-----w- c:\program files\Apoint2K
2009-07-01 05:51 . 2007-10-31 18:41 112144 ----a-w- c:\windows\system32\drivers\kl1.sys
2009-07-01 05:11 . 2009-03-14 16:07 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2009-07-01 01:02 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-06-30 19:11 . 2008-01-21 02:34 186368 ----a-w- c:\windows\system32\SLLUA.exe
2009-06-30 19:10 . 2009-04-14 22:03 667136 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2009-06-30 19:09 . 2008-01-21 02:32 74752 ----a-w- c:\windows\system32\wlanext.exe
2009-06-30 19:08 . 2008-01-21 02:33 192000 ----a-w- c:\windows\system32\bitsadmin.exe
2009-06-30 19:07 . 2006-11-02 09:16 13312 ----a-w- c:\windows\system32\tcmsetup.exe
2009-06-30 19:06 . 2006-11-02 08:47 16896 ----a-w- c:\windows\system32\grpconv.exe
2009-06-30 19:05 . 2008-08-01 03:30 155648 ----a-w- c:\windows\system32\wscript.exe
2009-06-30 19:04 . 2008-01-21 02:34 1793024 ----a-w- c:\windows\system32\mmc.exe
2009-06-30 19:03 . 2006-11-02 08:58 13312 ----a-w- c:\windows\system32\snmptrap.exe
2009-06-30 19:03 . 2006-11-02 08:50 7680 ----a-w- c:\windows\system32\Locator.exe
2009-06-30 19:03 . 2008-01-21 02:33 60416 ----a-w- c:\windows\system32\alg.exe
2009-06-30 18:44 . 2008-01-21 02:35 311296 ----a-w- c:\windows\system32\unregmp2.exe
2009-06-30 18:41 . 2008-01-21 02:33 118272 ----a-w- c:\windows\system32\wbem\WMIADAP.exe
2009-06-30 18:40 . 2008-01-21 02:34 143360 ----a-w- c:\windows\system32\WUDFHost.exe
2009-06-30 18:40 . 2008-01-21 02:34 26112 ----a-w- c:\windows\system32\userinit.exe
2009-06-30 15:21 . 2008-01-21 02:34 20992 ----a-w- c:\windows\system32\RacAgent.exe
2009-06-30 15:20 . 2008-01-21 02:33 56320 ----a-w- c:\windows\system32\wermgr.exe
2009-06-30 15:19 . 2008-01-21 02:33 1055232 ----a-w- c:\windows\system32\VSSVC.exe
2009-06-30 15:19 . 2006-11-02 08:47 81920 ----a-w- c:\windows\system32\SystemPropertiesProtection.exe
2009-06-30 15:18 . 2006-11-02 08:48 9728 ----a-w- c:\windows\system32\verclsid.exe
2009-06-30 15:17 . 2008-01-21 02:34 151552 ----a-w- c:\windows\system32\schtasks.exe
2009-06-30 15:16 . 2008-01-21 02:33 192512 ----a-w- c:\windows\system32\wsqmcons.exe
2009-06-30 15:14 . 2008-01-21 02:33 81920 ----a-w- c:\windows\system32\consent.exe
2009-06-30 06:30 . 2008-01-21 02:33 318976 ----a-w- c:\windows\system32\cmd.exe
2009-06-30 06:30 . 2006-11-02 08:47 212992 ----a-w- c:\windows\system32\control.exe
2009-06-30 06:30 . 2008-01-21 02:34 9216 ----a-w- c:\windows\system32\LogonUI.exe
2009-06-30 06:30 . 2008-01-21 02:34 151552 ----a-w- c:\windows\system32\notepad.exe
2009-06-30 05:15 . 2006-11-02 08:48 44544 ----a-w- c:\windows\system32\rundll32.exe
2009-06-30 05:15 . 2006-11-02 09:11 9216 ----a-w- c:\windows\winhlp32.exe
2009-06-30 01:32 . 2008-03-10 04:46 -------- d-----w- c:\program files\MSN Messenger
2009-06-29 03:22 . 2009-05-27 02:55 -------- d-----w- c:\users\Mara\AppData\Roaming\Desktopicon
2009-06-26 05:43 . 2008-07-24 05:06 -------- d-----w- c:\program files\Common Files\LightScribe
2009-06-25 03:24 . 2008-07-24 05:21 108248 ----a-w- c:\users\Mara\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-22 19:37 . 2008-09-20 19:40 -------- d-----w- c:\users\Mara\AppData\Roaming\LimeWire
2009-06-15 08:01 . 2008-03-10 04:26 -------- d-----w- c:\programdata\Microsoft Help
2009-06-12 18:07 . 2008-03-10 04:04 -------- d-----w- c:\program files\Microsoft Works
2009-05-31 04:08 . 2009-05-31 04:08 -------- d-----w- c:\programdata\ABBYY
2009-05-31 03:53 . 2009-05-31 03:53 -------- d-----w- c:\users\Mara\AppData\Roaming\ABBYY
2009-05-31 03:52 . 2009-05-31 03:52 -------- d-----w- c:\program files\ABBYY
2009-05-31 03:48 . 2008-03-10 03:32 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-31 03:47 . 2009-05-31 03:47 -------- d-----w- c:\program files\ScanDrv6
2009-05-28 14:06 . 2009-05-27 03:14 -------- d-----w- c:\program files\vso
2009-05-28 14:06 . 2009-05-27 03:14 -------- d-----w- c:\users\Mara\AppData\Roaming\Vso
2009-05-28 14:06 . 2009-05-27 03:14 47360 ----a-w- c:\users\Mara\AppData\Roaming\pcouffin.sys
2009-05-28 14:06 . 2009-05-27 03:14 47360 ----a-w- c:\users\Mara\AppData\Roaming\pcouffin.sys
2009-05-27 03:37 . 2009-05-27 03:37 -------- d-----w- c:\program files\iSofter
2009-05-27 03:14 . 2009-05-27 03:14 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-05-27 02:54 . 2009-05-27 02:54 -------- d-----w- c:\program files\DsNET Corp
2009-05-22 03:02 . 2009-05-22 03:04 53248 ----a-w- c:\windows\STIASPI.DLL
2009-05-22 03:02 . 2009-05-22 03:04 77824 ------w- c:\windows\scanusd.dll
2009-05-22 02:14 . 2008-12-21 22:30 680 ----a-w- c:\users\Mara\AppData\Local\d3d9caps.dat
2009-05-16 23:57 . 2008-09-26 03:05 552 ----a-w- c:\users\Mara\AppData\Roaming\wklnhst.dat
2009-05-16 23:08 . 2008-07-08 08:36 -------- d-----w- c:\programdata\WildTangent
2009-05-13 22:08 . 2009-05-12 03:33 -------- d-----w- c:\program files\Atlas
2009-05-12 04:05 . 2009-05-12 03:59 -------- d-----w- c:\users\Mara\AppData\Roaming\GetRightToGo
2009-04-24 16:05 . 2009-06-12 01:50 827904 ----a-w- c:\windows\system32\wininet.dll
2009-04-24 16:02 . 2009-06-12 01:50 78336 ----a-w- c:\windows\system32\ieencode.dll
.
------- Sigcheck -------
[-] 2009-06-30 19:10 9216 7ED786A481924418A3E7747E5AD35B07 c:\windows\System32\ctfmon.exe
[-] 2009-06-30 19:10 9216 7ED786A481924418A3E7747E5AD35B07 c:\windows\winsxs\x86_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.0.6000.16386_none_9af9cad793a67953\ctfmon.exe
[-] 2009-06-30 18:40 26112 34FE97C2704B0F57F686334BE8040B13 c:\windows\System32\userinit.exe
[-] 2009-06-30 18:40 26112 34FE97C2704B0F57F686334BE8040B13 c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-07-08_00.47.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2009-07-09 23:36 55784 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:02 . 2009-07-09 23:51 76082 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-07-24 05:03 . 2009-07-09 23:36 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-07-24 05:03 . 2009-07-08 00:37 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-07-24 05:03 . 2009-07-08 00:37 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-07-24 05:03 . 2009-07-09 23:36 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-07-24 05:03 . 2009-07-08 00:37 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-07-24 05:03 . 2009-07-09 23:36 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-07 23:06 . 2009-07-08 00:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-07-09 23:34 . 2009-07-09 23:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-07-07 23:06 . 2009-07-08 00:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-09 23:34 . 2009-07-09 23:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-07-25 04:41 . 2009-07-09 23:31 222226 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2008-07-24 07:08 . 2009-07-08 19:07 245404 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2008-07-24 07:08 . 2009-07-08 00:31 245404 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-08-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-28 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-28 137752]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-12-19 468264]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-12-06 202032]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-09-13 222504]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"Ink Monitor"="c:\program files\EPSON\Ink Monitor\InkMonitor.exe" [2009-06-30 258048]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-02 148888]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1.0\r3hook.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiSpywareOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{CC7729F2-6607-4451-A04F-B52A8B5CCA32}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{5D544672-B369-467D-8744-AC8879263DA1}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{B67CFC00-98E3-4F92-AED9-7186AD056C6E}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{46DB359F-B5E9-41CF-AE14-EA19AFD0D6F9}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{0D849478-FAC9-48EA-BA9D-66E71F074B6E}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{31FF75D9-C664-459B-92F9-4833CE9BC216}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{DACD0295-24DE-4205-A331-6D6D623BA34D}"= UDP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{73A50504-5DDB-4664-9DF9-96C0461936B5}"= TCP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"TCP Query User{17B9C9BB-3D9B-4FF2-8239-A659677C562C}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{B0DD177B-9B6D-4720-A60E-4F7C8BB07487}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{98AAD321-0030-42A9-B922-D4D3E439C04F}c:\\program files\\ares\\ares.exe"= UDP:c:\program files\ares\ares.exe:Ares p2p for windows
"UDP Query User{C341584E-504D-47E4-80FA-31FFB390F872}c:\\program files\\ares\\ares.exe"= TCP:c:\program files\ares\ares.exe:Ares p2p for windows
"TCP Query User{1BDE3C10-1F89-47E0-8C12-B07DE3A23DFC}c:\\program files\\ares\\chatserver.exe"= UDP:c:\program files\ares\chatserver.exe:Ares Chat Server
"UDP Query User{AAE366A4-28F8-49EE-A6C9-E6AC405BD2D3}c:\\program files\\ares\\chatserver.exe"= TCP:c:\program files\ares\chatserver.exe:Ares Chat Server
"TCP Query User{9CAAC2C3-AF04-4469-9CC8-88EEC29637A9}c:\\programdata\\kaspersky lab setup files\\kaspersky anti-virus 7.0.1.325\\spanish\\setup.exe"= UDP:c:\programdata\kaspersky lab setup files\kaspersky anti-virus 7.0.1.325\spanish\setup.exe:Kaspersky Anti-Virus 7.0 Instalación
"UDP Query User{7EEC05CA-4A7C-4668-B536-55F9F6F76AC8}c:\\programdata\\kaspersky lab setup files\\kaspersky anti-virus 7.0.1.325\\spanish\\setup.exe"= TCP:c:\programdata\kaspersky lab setup files\kaspersky anti-virus 7.0.1.325\spanish\setup.exe:Kaspersky Anti-Virus 7.0 Instalación
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Windows\\system32\\wininit.exe"= c:\windows\system32\wininit.exe:*:enabled:@shell32.dll,-1
R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-06-19 28544]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2007-10-16 20496]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xportar a Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: {8731163E-77B9-4F91-9122-F112521C28AF} - hxxp://mmbox.itelcel.com/mmawap/jsp/composer/player/mmsPlayer.cab
.
.
------- File Associations -------
.
inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-09 19:02
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-07-10 19:06
ComboFix-quarantined-files.txt 2009-07-10 00:05
ComboFix2.txt 2009-07-08 00:49
Pre-Run: 74,246,656,000 bytes libres
Post-Run: 74,223,157,248 bytes libres
265 --- E O F --- 2009-07-06 21:42
y el hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:09:37 p.m., on 09/07/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18248)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\Explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-21-2826126612-341877328-3438544454-1000\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User '?')
O4 - HKUS\S-1-5-21-2826126612-341877328-3438544454-1000\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User '?')
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Estadísticas del componente Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {8731163E-77B9-4F91-9122-F112521C28AF} (MMSPlayerX Class) - http://mmbox.itelcel...r/mmsPlayer.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: @%SystemRoot%\system32\PresentationHost.exe,-3309 (FontCache3.0.0.0) - Unknown owner - C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 6511 bytes
parece que esta vez el combofix limpio o elimino algunos de los archivos que creo yo se liberaron al quitar el adaware pero el problema original se mantiene, son 31 archivos que el kaspersky me detecta y no me da opcion de eliminar, solo me permite ignorar...
bueno aqui te dejo los reportes...
Combofix
ComboFix 09-07-09.06 - Mara 09/07/2009 18:54.3.1 - NTFSx86
Running from: c:\users\Mara\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2009-06-09 to 2009-07-09 )))))))))))))))))))))))))))))))
.
2009-07-05 20:58 . 2009-07-05 20:58 -------- d-----w- c:\users\Mara\DoctorWeb
2009-07-04 22:15 . 2009-07-04 22:15 -------- d-----w- c:\users\Mara\AppData\Roaming\Malwarebytes
2009-07-04 22:15 . 2009-06-17 16:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-04 22:15 . 2009-07-04 22:15 -------- d-----w- c:\programdata\Malwarebytes
2009-07-04 22:15 . 2009-07-04 22:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-04 22:15 . 2009-06-17 16:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-02 04:48 . 2008-06-19 22:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-07-02 04:48 . 2009-07-02 04:48 -------- d-----w- c:\program files\Panda Security
2009-07-02 00:05 . 2009-07-02 00:05 -------- d-----w- c:\program files\Java
2009-07-01 18:57 . 2009-07-04 23:49 -------- d-----w- c:\windows\BDOSCAN8
2009-07-01 05:51 . 2009-07-01 05:51 112144 ----a-w- c:\programdata\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.1.321\X86\kl1.sys
2009-07-01 05:51 . 2009-07-01 05:51 25104 ----a-w- c:\programdata\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.1.321\ushata.dll
2009-07-01 05:51 . 2009-07-01 05:51 772624 ----a-w- c:\programdata\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.1.321\updater.dll
2009-07-01 05:51 . 2009-07-01 05:51 150032 ----a-w- c:\programdata\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.1.321\diffs.dll
2009-07-01 05:51 . 2009-07-01 05:51 354832 ----a-w- c:\programdata\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.1.321\ckahum.dll
2009-07-01 05:18 . 2008-07-09 17:41 -------- d--h--w- C:\klab
2009-07-01 05:12 . 2009-07-01 05:51 94643 ----a-w- c:\windows\system32\drivers\klick.dat
2009-07-01 05:12 . 2009-07-01 05:51 105395 ----a-w- c:\windows\system32\drivers\klin.dat
2009-07-01 05:12 . 2009-07-09 23:35 -------- d-----w- c:\programdata\Kaspersky Lab
2009-07-01 05:12 . 2009-07-01 05:12 -------- d-----w- c:\program files\Kaspersky Lab
2009-07-01 02:43 . 2009-07-01 02:43 -------- d-----w- c:\program files\Trend Micro
2009-06-30 05:15 . 2009-07-09 23:59 66717984 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-06-30 04:52 . 2009-07-01 05:01 -------- d-----w- c:\program files\Common Files\ParetoLogic
2009-06-30 04:22 . 2009-06-30 04:22 -------- d-----w- c:\program files\ESET
2009-06-29 23:59 . 2009-07-09 23:32 -------- dc----w- c:\windows\system32\DRVSTORE
2009-06-29 23:58 . 2009-07-09 23:33 -------- d-----w- c:\programdata\Lavasoft
2009-06-29 23:58 . 2009-07-09 23:33 -------- d-----w- c:\program files\Lavasoft
2009-06-29 23:29 . 2009-06-29 23:29 -------- d-----w- c:\program files\CCleaner
2009-06-28 05:24 . 2009-06-29 23:59 -------- d-----w- c:\users\Mara\AppData\Roaming\DivX
2009-06-28 05:23 . 2009-07-02 15:27 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-06-23 14:55 . 2009-06-23 15:13 -------- d-----w- c:\users\Mara\AppData\Roaming\Reg Tool
2009-06-12 01:11 . 2009-04-21 11:55 2033152 ----a-w- c:\windows\system32\win32k.sys
2009-06-12 00:47 . 2009-04-23 12:42 636928 ----a-w- c:\windows\system32\localspl.dll
2009-06-12 00:46 . 2009-04-23 12:43 784896 ----a-w- c:\windows\system32\rpcrt4.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-09 23:48 . 2009-06-30 05:15 876896 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-07-06 10:42 . 2008-01-21 02:33 841216 ----a-w- c:\windows\system32\WerFaultSecure.exe
2009-07-06 10:39 . 2008-01-21 02:33 658432 ----a-w- c:\windows\system32\mstsc.exe
2009-07-06 10:38 . 2006-11-02 08:39 691200 ----a-w- c:\windows\system32\Magnify.exe
2009-07-02 00:05 . 2009-05-05 15:43 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-01 18:29 . 2009-04-14 22:03 247808 ----a-w- c:\windows\system32\wbem\WmiPrvSE.exe
2009-07-01 18:29 . 2008-01-21 02:34 626176 ----a-w- c:\windows\system32\wbem\WMIC.exe
2009-07-01 18:29 . 2008-01-21 02:34 78336 ----a-w- c:\windows\system32\wbem\WinMgmt.exe
2009-07-01 18:29 . 2008-01-21 02:34 174080 ----a-w- c:\windows\system32\wbem\wbemtest.exe
2009-07-01 18:29 . 2008-01-21 02:33 38912 ----a-w- c:\windows\system32\wbem\unsecapp.exe
2009-07-01 18:29 . 2008-01-21 02:33 41472 ----a-w- c:\windows\system32\wbem\scrcons.exe
2009-07-01 18:29 . 2008-01-21 02:33 20480 ----a-w- c:\windows\system32\wbem\mofcomp.exe
2009-07-01 18:27 . 2008-01-21 02:33 3216896 ----a-w- c:\windows\system32\WinSAT.exe
2009-07-01 18:27 . 2008-01-21 02:33 294912 ----a-w- c:\windows\system32\ssText3d.scr
2009-07-01 18:27 . 2008-01-21 02:32 8139264 ----a-w- c:\windows\system32\ssBranded.scr
2009-07-01 18:27 . 2006-11-02 08:48 10752 ----a-w- c:\windows\system32\scrnsave.scr
2009-07-01 18:27 . 2008-01-21 02:35 705536 ----a-w- c:\windows\system32\PhotoScreensaver.scr
2009-07-01 18:27 . 2008-01-21 02:32 221184 ----a-w- c:\windows\system32\Ribbons.scr
2009-07-01 18:27 . 2008-01-21 02:33 799232 ----a-w- c:\windows\system32\certutil.exe
2009-07-01 18:27 . 2008-01-21 02:33 221696 ----a-w- c:\windows\system32\Mystify.scr
2009-07-01 18:27 . 2008-01-21 02:33 880128 ----a-w- c:\windows\system32\Bubbles.scr
2009-07-01 18:27 . 2008-01-21 02:33 1371136 ----a-w- c:\windows\system32\Aurora.scr
2009-07-01 18:26 . 2006-10-17 17:05 28672 ----a-w- c:\windows\Help\OEM\scripts\launchAP.exe
2009-07-01 18:26 . 2007-10-02 10:06 24576 ----a-w- c:\windows\Help\OEM\scripts\HPHS_Launcher.exe
2009-07-01 06:29 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Sidebar
2009-07-01 06:27 . 2008-01-21 02:34 5714432 ----a-w- c:\windows\system32\logon.scr
2009-07-01 06:27 . 2008-01-21 02:33 2092544 ----a-w- c:\windows\system32\dfsr.exe
2009-07-01 06:20 . 2008-07-08 08:16 -------- d-----w- c:\program files\Apoint2K
2009-07-01 05:51 . 2007-10-31 18:41 112144 ----a-w- c:\windows\system32\drivers\kl1.sys
2009-07-01 05:11 . 2009-03-14 16:07 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2009-07-01 01:02 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-06-30 19:11 . 2008-01-21 02:34 186368 ----a-w- c:\windows\system32\SLLUA.exe
2009-06-30 19:10 . 2009-04-14 22:03 667136 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2009-06-30 19:09 . 2008-01-21 02:32 74752 ----a-w- c:\windows\system32\wlanext.exe
2009-06-30 19:08 . 2008-01-21 02:33 192000 ----a-w- c:\windows\system32\bitsadmin.exe
2009-06-30 19:07 . 2006-11-02 09:16 13312 ----a-w- c:\windows\system32\tcmsetup.exe
2009-06-30 19:06 . 2006-11-02 08:47 16896 ----a-w- c:\windows\system32\grpconv.exe
2009-06-30 19:05 . 2008-08-01 03:30 155648 ----a-w- c:\windows\system32\wscript.exe
2009-06-30 19:04 . 2008-01-21 02:34 1793024 ----a-w- c:\windows\system32\mmc.exe
2009-06-30 19:03 . 2006-11-02 08:58 13312 ----a-w- c:\windows\system32\snmptrap.exe
2009-06-30 19:03 . 2006-11-02 08:50 7680 ----a-w- c:\windows\system32\Locator.exe
2009-06-30 19:03 . 2008-01-21 02:33 60416 ----a-w- c:\windows\system32\alg.exe
2009-06-30 18:44 . 2008-01-21 02:35 311296 ----a-w- c:\windows\system32\unregmp2.exe
2009-06-30 18:41 . 2008-01-21 02:33 118272 ----a-w- c:\windows\system32\wbem\WMIADAP.exe
2009-06-30 18:40 . 2008-01-21 02:34 143360 ----a-w- c:\windows\system32\WUDFHost.exe
2009-06-30 18:40 . 2008-01-21 02:34 26112 ----a-w- c:\windows\system32\userinit.exe
2009-06-30 15:21 . 2008-01-21 02:34 20992 ----a-w- c:\windows\system32\RacAgent.exe
2009-06-30 15:20 . 2008-01-21 02:33 56320 ----a-w- c:\windows\system32\wermgr.exe
2009-06-30 15:19 . 2008-01-21 02:33 1055232 ----a-w- c:\windows\system32\VSSVC.exe
2009-06-30 15:19 . 2006-11-02 08:47 81920 ----a-w- c:\windows\system32\SystemPropertiesProtection.exe
2009-06-30 15:18 . 2006-11-02 08:48 9728 ----a-w- c:\windows\system32\verclsid.exe
2009-06-30 15:17 . 2008-01-21 02:34 151552 ----a-w- c:\windows\system32\schtasks.exe
2009-06-30 15:16 . 2008-01-21 02:33 192512 ----a-w- c:\windows\system32\wsqmcons.exe
2009-06-30 15:14 . 2008-01-21 02:33 81920 ----a-w- c:\windows\system32\consent.exe
2009-06-30 06:30 . 2008-01-21 02:33 318976 ----a-w- c:\windows\system32\cmd.exe
2009-06-30 06:30 . 2006-11-02 08:47 212992 ----a-w- c:\windows\system32\control.exe
2009-06-30 06:30 . 2008-01-21 02:34 9216 ----a-w- c:\windows\system32\LogonUI.exe
2009-06-30 06:30 . 2008-01-21 02:34 151552 ----a-w- c:\windows\system32\notepad.exe
2009-06-30 05:15 . 2006-11-02 08:48 44544 ----a-w- c:\windows\system32\rundll32.exe
2009-06-30 05:15 . 2006-11-02 09:11 9216 ----a-w- c:\windows\winhlp32.exe
2009-06-30 01:32 . 2008-03-10 04:46 -------- d-----w- c:\program files\MSN Messenger
2009-06-29 03:22 . 2009-05-27 02:55 -------- d-----w- c:\users\Mara\AppData\Roaming\Desktopicon
2009-06-26 05:43 . 2008-07-24 05:06 -------- d-----w- c:\program files\Common Files\LightScribe
2009-06-25 03:24 . 2008-07-24 05:21 108248 ----a-w- c:\users\Mara\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-22 19:37 . 2008-09-20 19:40 -------- d-----w- c:\users\Mara\AppData\Roaming\LimeWire
2009-06-15 08:01 . 2008-03-10 04:26 -------- d-----w- c:\programdata\Microsoft Help
2009-06-12 18:07 . 2008-03-10 04:04 -------- d-----w- c:\program files\Microsoft Works
2009-05-31 04:08 . 2009-05-31 04:08 -------- d-----w- c:\programdata\ABBYY
2009-05-31 03:53 . 2009-05-31 03:53 -------- d-----w- c:\users\Mara\AppData\Roaming\ABBYY
2009-05-31 03:52 . 2009-05-31 03:52 -------- d-----w- c:\program files\ABBYY
2009-05-31 03:48 . 2008-03-10 03:32 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-31 03:47 . 2009-05-31 03:47 -------- d-----w- c:\program files\ScanDrv6
2009-05-28 14:06 . 2009-05-27 03:14 -------- d-----w- c:\program files\vso
2009-05-28 14:06 . 2009-05-27 03:14 -------- d-----w- c:\users\Mara\AppData\Roaming\Vso
2009-05-28 14:06 . 2009-05-27 03:14 47360 ----a-w- c:\users\Mara\AppData\Roaming\pcouffin.sys
2009-05-28 14:06 . 2009-05-27 03:14 47360 ----a-w- c:\users\Mara\AppData\Roaming\pcouffin.sys
2009-05-27 03:37 . 2009-05-27 03:37 -------- d-----w- c:\program files\iSofter
2009-05-27 03:14 . 2009-05-27 03:14 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-05-27 02:54 . 2009-05-27 02:54 -------- d-----w- c:\program files\DsNET Corp
2009-05-22 03:02 . 2009-05-22 03:04 53248 ----a-w- c:\windows\STIASPI.DLL
2009-05-22 03:02 . 2009-05-22 03:04 77824 ------w- c:\windows\scanusd.dll
2009-05-22 02:14 . 2008-12-21 22:30 680 ----a-w- c:\users\Mara\AppData\Local\d3d9caps.dat
2009-05-16 23:57 . 2008-09-26 03:05 552 ----a-w- c:\users\Mara\AppData\Roaming\wklnhst.dat
2009-05-16 23:08 . 2008-07-08 08:36 -------- d-----w- c:\programdata\WildTangent
2009-05-13 22:08 . 2009-05-12 03:33 -------- d-----w- c:\program files\Atlas
2009-05-12 04:05 . 2009-05-12 03:59 -------- d-----w- c:\users\Mara\AppData\Roaming\GetRightToGo
2009-04-24 16:05 . 2009-06-12 01:50 827904 ----a-w- c:\windows\system32\wininet.dll
2009-04-24 16:02 . 2009-06-12 01:50 78336 ----a-w- c:\windows\system32\ieencode.dll
.
------- Sigcheck -------
[-] 2009-06-30 19:10 9216 7ED786A481924418A3E7747E5AD35B07 c:\windows\System32\ctfmon.exe
[-] 2009-06-30 19:10 9216 7ED786A481924418A3E7747E5AD35B07 c:\windows\winsxs\x86_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.0.6000.16386_none_9af9cad793a67953\ctfmon.exe
[-] 2009-06-30 18:40 26112 34FE97C2704B0F57F686334BE8040B13 c:\windows\System32\userinit.exe
[-] 2009-06-30 18:40 26112 34FE97C2704B0F57F686334BE8040B13 c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-07-08_00.47.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2009-07-09 23:36 55784 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:02 . 2009-07-09 23:51 76082 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-07-24 05:03 . 2009-07-09 23:36 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-07-24 05:03 . 2009-07-08 00:37 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-07-24 05:03 . 2009-07-08 00:37 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-07-24 05:03 . 2009-07-09 23:36 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-07-24 05:03 . 2009-07-08 00:37 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-07-24 05:03 . 2009-07-09 23:36 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-07 23:06 . 2009-07-08 00:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-07-09 23:34 . 2009-07-09 23:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-07-07 23:06 . 2009-07-08 00:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-09 23:34 . 2009-07-09 23:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-07-25 04:41 . 2009-07-09 23:31 222226 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2008-07-24 07:08 . 2009-07-08 19:07 245404 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2008-07-24 07:08 . 2009-07-08 00:31 245404 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-08-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-28 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-28 137752]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-12-19 468264]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-12-06 202032]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-09-13 222504]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"Ink Monitor"="c:\program files\EPSON\Ink Monitor\InkMonitor.exe" [2009-06-30 258048]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-02 148888]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1.0\r3hook.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiSpywareOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{CC7729F2-6607-4451-A04F-B52A8B5CCA32}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{5D544672-B369-467D-8744-AC8879263DA1}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{B67CFC00-98E3-4F92-AED9-7186AD056C6E}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{46DB359F-B5E9-41CF-AE14-EA19AFD0D6F9}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{0D849478-FAC9-48EA-BA9D-66E71F074B6E}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{31FF75D9-C664-459B-92F9-4833CE9BC216}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{DACD0295-24DE-4205-A331-6D6D623BA34D}"= UDP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{73A50504-5DDB-4664-9DF9-96C0461936B5}"= TCP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"TCP Query User{17B9C9BB-3D9B-4FF2-8239-A659677C562C}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{B0DD177B-9B6D-4720-A60E-4F7C8BB07487}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{98AAD321-0030-42A9-B922-D4D3E439C04F}c:\\program files\\ares\\ares.exe"= UDP:c:\program files\ares\ares.exe:Ares p2p for windows
"UDP Query User{C341584E-504D-47E4-80FA-31FFB390F872}c:\\program files\\ares\\ares.exe"= TCP:c:\program files\ares\ares.exe:Ares p2p for windows
"TCP Query User{1BDE3C10-1F89-47E0-8C12-B07DE3A23DFC}c:\\program files\\ares\\chatserver.exe"= UDP:c:\program files\ares\chatserver.exe:Ares Chat Server
"UDP Query User{AAE366A4-28F8-49EE-A6C9-E6AC405BD2D3}c:\\program files\\ares\\chatserver.exe"= TCP:c:\program files\ares\chatserver.exe:Ares Chat Server
"TCP Query User{9CAAC2C3-AF04-4469-9CC8-88EEC29637A9}c:\\programdata\\kaspersky lab setup files\\kaspersky anti-virus 7.0.1.325\\spanish\\setup.exe"= UDP:c:\programdata\kaspersky lab setup files\kaspersky anti-virus 7.0.1.325\spanish\setup.exe:Kaspersky Anti-Virus 7.0 Instalación
"UDP Query User{7EEC05CA-4A7C-4668-B536-55F9F6F76AC8}c:\\programdata\\kaspersky lab setup files\\kaspersky anti-virus 7.0.1.325\\spanish\\setup.exe"= TCP:c:\programdata\kaspersky lab setup files\kaspersky anti-virus 7.0.1.325\spanish\setup.exe:Kaspersky Anti-Virus 7.0 Instalación
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Windows\\system32\\wininit.exe"= c:\windows\system32\wininit.exe:*:enabled:@shell32.dll,-1
R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-06-19 28544]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2007-10-16 20496]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xportar a Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: {8731163E-77B9-4F91-9122-F112521C28AF} - hxxp://mmbox.itelcel.com/mmawap/jsp/composer/player/mmsPlayer.cab
.
.
------- File Associations -------
.
inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-09 19:02
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-07-10 19:06
ComboFix-quarantined-files.txt 2009-07-10 00:05
ComboFix2.txt 2009-07-08 00:49
Pre-Run: 74,246,656,000 bytes libres
Post-Run: 74,223,157,248 bytes libres
265 --- E O F --- 2009-07-06 21:42
y el hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:09:37 p.m., on 09/07/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18248)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\Explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-21-2826126612-341877328-3438544454-1000\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User '?')
O4 - HKUS\S-1-5-21-2826126612-341877328-3438544454-1000\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User '?')
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Estadísticas del componente Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {8731163E-77B9-4F91-9122-F112521C28AF} (MMSPlayerX Class) - http://mmbox.itelcel...r/mmsPlayer.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: @%SystemRoot%\system32\PresentationHost.exe,-3309 (FontCache3.0.0.0) - Unknown owner - C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 6511 bytes
parece que esta vez el combofix limpio o elimino algunos de los archivos que creo yo se liberaron al quitar el adaware pero el problema original se mantiene, son 31 archivos que el kaspersky me detecta y no me da opcion de eliminar, solo me permite ignorar...
#13
- Miembro Avanzado
-
- Grupo: Members
- Mensajes: 63
- Registrado: 22-February 06
Posted 11 July 2009 - 01:04 AM
Ese es el problema, que no me deja eliminarlos manualmente, ya tengo a todos bien ubicados, esta es la ruta donde se encuentran C:\Windows\System32\DriverStore\FileRepository .. pero si me voy a ahi y los intento borrar windows me dice que no tengo permisos suficientes para hacerlo, tampoco los puedo quitar desde la sesion a prueba de fallos
#14
- No Spiware
-
- Grupo: Globales
- Mensajes: 21063
- Registrado: 15-August 04
Posted 11 July 2009 - 03:02 AM
Scan on line:
http://www.bitdefend...m/scan8/ie.html
Debes usar el Internet Explorer y aceptar los active x
Le pones que elimine lo que te detecte.
Nos copias ese reporte
Saludos
Caito
http://www.bitdefend...m/scan8/ie.html
Debes usar el Internet Explorer y aceptar los active x
Le pones que elimine lo que te detecte.
Nos copias ese reporte
Saludos
Caito
#15
- Miembro Avanzado
-
- Grupo: Members
- Mensajes: 63
- Registrado: 22-February 06
Posted 12 July 2009 - 12:11 AM
no me deja hacer ese scan, hay veces que se traba al acabar de actualizar las definiciones de virus, se queda en la ventana de 100% pero nunca comienza el scan y en otras ocasiones que si brinca eso pero tampoco hace el scan y solo marca que no se pudo realizar la busqueda de virus en mi computadora, no se porque pase eso porque si estoy corriendo el IE como administrador...
como ya te comente los archivos infectados ya los tengo ubicados solo es cuestion de borrarlos pero windows no me deja
como ya te comente los archivos infectados ya los tengo ubicados solo es cuestion de borrarlos pero windows no me deja
| Topic | Started By | Stats | Last Post Info | |
|---|---|---|---|---|
 |
Eliminar Windows vista e instalar XP | KiÐ |
|
|
| |
Problema con Windows Media Center.
Se escuchan dos audios... |
starlancer |
|
|
| |
poblemas con archivos | mooki |
|
|
| |
red ethernet y wifi en la misma PC archivos compartidos+seguridad | puntano |
|
|
| |
¿Cómo grabar archivos de video de extensión rmvb?
Para poderlos ver en un reproductor de salón |
Carlah |
|
