hi, Spybot has informed that I have the virtumonde. I coul´d run the kapersky online. So here is my HJT Log and ComboFix Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:34:10, on 08/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Archivos de programa\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
E:\Archivos de programa\CyberLink\Shared Files\RichVideo.exe
E:\WINDOWS\System32\svchost.exe
E:\Archivos de programa\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
E:\Archivos de programa\Canon\CAL\CALMAIN.exe
E:\WINDOWS\system32\VTTimer.exe
E:\WINDOWS\system32\S3trayp.exe
E:\WINDOWS\RTHDCPL.EXE
E:\Archivos de programa\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE
E:\Archivos de programa\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
E:\ARCHIV~1\MUSICM~1\MUSICM~1\MMDiag.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe
E:\Archivos de programa\Musicmatch\Musicmatch Jukebox\mim.exe
E:\Archivos de programa\Panda Software\Panda Antivirus Platinum\pavProxy.exe
E:\WINDOWS\explorer.exe
E:\Archivos de programa\Mozilla Firefox\firefox.exe
E:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=https%3A%2F%2Fmail.google.com%2Fmail%2F%3Fhl%3Des%26tab%3Dwm%26nsr%3D1%26ui%3Dhtml%26zy%3Dl&ltmpl=default&ltmplcache=2&hl=es
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SCANINICIO] "E:\Archivos de programa\Panda Software\Panda Antivirus Platinum\Inicio.exe"
O4 - HKLM\..\Run: [APVXDWIN] "E:\Archivos de programa\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [QuickTime Task] "E:\Archivos de programa\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MimBoot] E:\ARCHIV~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [RemoteControl] "E:\Archivos de programa\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] E:\Archivos de programa\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] E:\Archivos de programa\Logitech\Video\LogiTray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'Servicio de red')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Archivos de programa\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Archivos de programa\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Archivos de programa\Messenger\msmsgs.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - E:\Archivos de programa\Canon\CAL\CALMAIN.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - E:\Archivos de programa\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - E:\Archivos de programa\CyberLink\Shared Files\RichVideo.exe

--
End of file - 5443 bytes



COMBOFIX LOG:

ComboFix 08-05-07.1 - JULIAN 2008-05-08 13:54:20.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.3082.18.399 [GMT -5:00]
Se ejecuta desde: E:\Documents and Settings\JULIAN\Escritorio\ComboFix.exe
* Creado un nuevo punto de restauración

ADVERTENCIA - ESTE EQUIPO NO TIENE INSTALADA LA CONSOLA DE RECUPERACION!
.

(((((((((((((((((((((((((((((((((((( Otras eliminaciones )))))))))))))))))))))))))))))))))))))))))))))))))
.

E:\WINDOWS\pskt.ini
E:\WINDOWS\system32\DfLRBJlm.ini
E:\WINDOWS\system32\DfLRBJlm.ini2
E:\WINDOWS\system32\dyalrdcg.dll
E:\WINDOWS\system32\jilSCJlm.ini
E:\WINDOWS\system32\jilSCJlm.ini2
E:\WINDOWS\system32\njotggoc.ini
E:\WINDOWS\system32\pdsgtedw.ini
E:\WINDOWS\system32\PoUwaGgh.ini
E:\WINDOWS\system32\PoUwaGgh.ini2
E:\WINDOWS\system32\RAdedfii.ini
E:\WINDOWS\system32\RAdedfii.ini2
E:\WINDOWS\system32\ssqNExXO.dll
E:\WINDOWS\system32\uvcbjaxm.dll

.
(((((((((((((((((( Archivos creados desde 2008-04-08 - 2008-05-08 )))))))))))))))))))))))))))))))))
.

2008-05-08 13:31 . 2008-05-08 13:31 <DIR> d-------- E:\Archivos de programa\Trend Micro
2008-05-08 10:34 . 2008-05-08 10:34 <DIR> d-------- E:\Documents and Settings\JULIAN\Datos de programa\Malwarebytes
2008-05-08 10:33 . 2008-05-08 10:33 <DIR> d-------- E:\Documents and Settings\All Users\Datos de programa\Malwarebytes
2008-05-08 10:33 . 2008-05-08 10:34 <DIR> d-------- E:\Archivos de programa\Malwarebytes' Anti-Malware
2008-05-08 10:33 . 2008-05-05 20:46 27,048 --a------ E:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-08 10:33 . 2008-05-05 20:46 15,864 --a------ E:\WINDOWS\system32\drivers\mbam.sys
2008-05-08 08:20 . 2008-05-08 08:20 2,048 --a------ E:\WINDOWS\system32\pyrgsqgu.exe
2008-05-07 17:36 . 2008-05-07 17:36 <DIR> d-------- E:\Archivos de programa\Archivos comunes\Adobe
2008-05-07 15:04 . 2008-05-07 15:04 230 --a------ E:\WINDOWS\system32\spupdsvc.inf
2008-05-07 15:00 . 2008-05-07 15:00 2,048 --a------ E:\WINDOWS\system32\tifuhcki.exe
2008-05-06 20:16 . 2008-05-06 20:16 0 --a------ E:\WINDOWS\nsreg.dat
2008-05-06 17:42 . 2008-05-06 17:42 <DIR> d-------- E:\Archivos de programa\Antares Audio Technologies
2008-05-06 14:22 . 2008-05-07 17:32 <DIR> d-------- E:\Documents and Settings\JULIAN\Datos de programa\AdobeUM
2008-05-06 09:19 . 2008-05-06 09:19 <DIR> d-------- E:\Documents and Settings\JULIAN\Datos de programa\Elaborate Bytes
2008-05-05 17:02 . 2008-05-05 17:02 <DIR> d-------- E:\Archivos de programa\MSXML 6.0
2008-05-05 16:55 . 2008-05-08 09:08 791 --a------ E:\WINDOWS\wininit.ini
2008-05-05 15:39 . 2008-05-05 16:33 <DIR> d-------- E:\Documents and Settings\All Users\Datos de programa\Spybot - Search & Destroy
2008-05-05 15:39 . 2008-05-05 15:39 <DIR> d-------- E:\Archivos de programa\Spybot - Search & Destroy
2008-05-05 15:27 . 2008-05-08 09:35 109,843 --a------ E:\WINDOWS\BM4371f127.xml
2008-05-04 18:21 . 2008-05-04 18:21 <DIR> d-------- E:\Archivos de programa\MSXML 4.0
2008-05-04 17:00 . 2008-05-04 17:00 <DIR> d-------- E:\Archivos de programa\ASIO4ALL v2
2008-05-04 16:59 . 2002-07-07 17:14 1,294,336 --a------ E:\WINDOWS\system32\vorbis.acm
2008-05-04 16:59 . 2006-06-20 03:56 225,280 --a------ E:\WINDOWS\system32\rewire.dll
2008-05-04 16:56 . 2008-05-04 17:18 <DIR> d-------- E:\Archivos de programa\Image-Line
2008-05-04 15:31 . 2008-05-04 16:04 <DIR> d-a------ E:\Documents and Settings\All Users\Datos de programa\TEMP
2008-05-04 15:21 . 2008-05-04 15:21 <DIR> d-------- E:\Archivos de programa\MSBuild
2008-05-04 15:17 . 2008-05-04 15:17 <DIR> d-------- E:\WINDOWS\system32\XPSViewer
2008-05-04 15:16 . 2008-05-04 15:16 <DIR> d-------- E:\Archivos de programa\Reference Assemblies
2008-05-04 15:14 . 2006-06-29 13:07 14,048 --------- E:\WINDOWS\system32\spmsg2.dll
2008-05-04 14:55 . 2008-05-06 13:01 69 --a------ E:\WINDOWS\NeroDigital.ini
2008-05-04 14:51 . 2008-05-04 14:51 <DIR> d-------- E:\Documents and Settings\JULIAN\Datos de programa\Sony Setup
2008-05-04 13:16 . 2008-05-04 13:16 <DIR> d-------- E:\Archivos de programa\Opera
2008-05-03 14:12 . 2008-05-03 14:12 <DIR> d-------- E:\Documents and Settings\All Users\Datos de programa\PACE Anti-Piracy
2008-05-03 14:12 . 2008-05-03 14:12 <DIR> d-------- E:\Archivos de programa\Waves
2008-05-03 14:12 . 2008-05-03 14:12 <DIR> d-------- E:\Archivos de programa\Archivos comunes\PACE Anti-Piracy
2008-05-03 13:44 . 2008-05-03 13:44 540,672 --------- E:\WINDOWS\system32\ilinet.dll
2008-05-03 13:44 . 2008-05-03 13:44 68,928 --a------ E:\WINDOWS\system32\drivers\TPkd.sys
2008-05-03 13:44 . 2008-05-03 13:44 27,168 --a------ E:\WINDOWS\system32\drivers\iLokDrvr.sys
2008-05-03 13:44 . 2008-05-03 13:44 785 --------- E:\WINDOWS\Tpkdboot.reg
2008-05-03 13:14 . 2008-05-03 13:14 <DIR> d-------- E:\Archivos de programa\Elaborate Bytes
2008-05-03 13:12 . 2008-05-06 11:18 83 ---hs---- E:\Documents and Settings\JULIAN\Datos de programa\.zreglib
2008-05-03 13:10 . 2008-05-03 13:10 <DIR> d-------- E:\Archivos de programa\SlySoft
2008-05-03 10:40 . 2004-08-03 23:07 59,264 --a------ E:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-05-03 10:40 . 2004-08-03 23:07 59,264 --a--c--- E:\WINDOWS\system32\dllcache\usbaudio.sys
2008-05-03 10:40 . 2004-08-19 15:42 54,784 --a------ E:\WINDOWS\system32\vfwwdm32.dll
2008-05-03 10:40 . 2004-08-19 15:42 54,784 --a--c--- E:\WINDOWS\system32\dllcache\vfwwdm32.dll
2008-05-03 10:40 . 2004-08-03 23:08 31,616 --a------ E:\WINDOWS\system32\drivers\usbccgp.sys
2008-05-03 10:40 . 2004-08-03 23:08 31,616 --a--c--- E:\WINDOWS\system32\dllcache\usbccgp.sys
2008-05-03 10:36 . 2008-05-03 10:36 <DIR> d-------- E:\Archivos de programa\directx
2008-05-03 10:35 . 2008-05-03 10:35 <DIR> d-------- E:\Archivos de programa\Logitech
2008-05-03 10:34 . 2008-05-03 10:34 <DIR> d-------- E:\Archivos de programa\Archivos comunes\Logitech
2008-05-03 10:31 . 2007-07-30 19:19 271,224 --a------ E:\WINDOWS\system32\mucltui.dll
2008-05-03 10:31 . 2007-07-30 19:19 207,736 --a------ E:\WINDOWS\system32\muweb.dll
2008-05-03 10:31 . 2007-07-30 19:18 30,072 --a------ E:\WINDOWS\system32\mucltui.dll.mui
2008-05-02 23:03 . 2008-05-02 23:03 <DIR> d-------- E:\WINDOWS\ShellNew
2008-05-02 23:01 . 2008-05-02 23:01 <DIR> d-------- E:\Documents and Settings\JULIAN\Datos de programa\Microsoft Web Folders
2008-05-02 14:32 . 2008-05-02 14:32 <DIR> d-------- E:\Documents and Settings\All Users\Datos de programa\WLInstaller
2008-05-02 14:32 . 2008-05-02 14:40 <DIR> d--hsc--- E:\Archivos de programa\Archivos comunes\WindowsLiveInstaller
2008-05-02 04:16 . 2008-05-02 04:16 <DIR> d-------- E:\Archivos de programa\Archivos comunes\Ahead
2008-05-02 04:16 . 2008-05-02 04:16 <DIR> d-------- E:\Archivos de programa\Ahead
2008-05-02 04:16 . 2004-07-26 17:16 1,568,768 --------- E:\WINDOWS\system32\ImagX7.dll
2008-05-02 04:16 . 2004-07-26 17:16 476,320 --------- E:\WINDOWS\system32\ImagXpr7.dll
2008-05-02 04:16 . 2004-07-26 17:16 471,040 --------- E:\WINDOWS\system32\ImagXRA7.dll
2008-05-02 04:16 . 2004-07-26 17:16 262,144 --------- E:\WINDOWS\system32\ImagXR7.dll
2008-05-02 04:16 . 2001-07-09 11:50 155,648 --a------ E:\WINDOWS\system32\NeroCheck.exe
2008-05-02 04:16 . 2000-06-26 11:45 106,496 --a------ E:\WINDOWS\system32\TwnLib20.dll
2008-05-02 04:14 . 2008-05-02 04:15 <DIR> d-------- E:\Archivos de programa\CyberLink DVD Solution
2008-05-02 04:14 . 2005-03-31 22:17 40,960 --a------ E:\Archivos de programa\Uninstall_CDS.exe
2008-05-01 20:27 . 2008-05-02 00:52 <DIR> d-------- E:\Documents and Settings\JULIAN\Datos de programa\Any Video Converter
2008-05-01 20:27 . 2008-05-01 20:27 <DIR> d-------- E:\Archivos de programa\Any Video Converter
2008-05-01 19:40 . 2008-05-01 19:40 <DIR> d-------- E:\Archivos de programa\Riva
2008-05-01 19:40 . 2008-05-01 19:40 <DIR> d-------- E:\Archivos de programa\Archivos comunes\SWF Studio
2008-05-01 19:35 . 2008-05-01 19:35 <DIR> d-------- E:\Archivos de programa\FLVPlayer
2008-05-01 17:59 . 2007-07-09 08:19 582,656 -----c--- E:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-05-01 17:07 . 2008-05-07 15:06 <DIR> d-------- E:\WINDOWS\system32\es-es
2008-05-01 17:06 . 2001-08-24 11:00 68,608 --a------ E:\WINDOWS\system32\plugin.ocx
2008-05-01 17:06 . 2001-08-24 11:00 68,608 --a------ E:\WINDOWS\system32\dllcache\plugin.ocx
2008-05-01 16:57 . 2008-03-01 07:58 6,066,176 -----c--- E:\WINDOWS\system32\dllcache\ieframe.dll
2008-05-01 16:57 . 2007-04-17 04:32 2,455,488 -----c--- E:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-05-01 16:57 . 2007-03-08 00:10 1,040,384 -----c--- E:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-05-01 16:57 . 2008-03-01 07:58 459,264 -----c--- E:\WINDOWS\system32\dllcache\msfeeds.dll
2008-05-01 16:57 . 2008-03-01 07:58 383,488 -----c--- E:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-05-01 16:57 . 2008-03-01 07:58 267,776 -----c--- E:\WINDOWS\system32\dllcache\iertutil.dll
2008-05-01 16:57 . 2008-03-01 07:58 63,488 -----c--- E:\WINDOWS\system32\dllcache\icardie.dll
2008-05-01 16:57 . 2008-03-01 07:58 52,224 -----c--- E:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-05-01 16:57 . 2008-02-22 05:00 13,824 -----c--- E:\WINDOWS\system32\dllcache\ieudinit.exe
2008-05-01 16:55 . 2006-06-02 14:32 33,792 --a--c--- E:\WINDOWS\system32\dllcache\custsat.dll
2008-05-01 16:44 . 2008-05-01 16:44 28,352 --a------ E:\WINDOWS\system32\drivers\MxlW2k.sys
2008-05-01 16:43 . 2008-05-01 16:43 <DIR> d-------- E:\Documents and Settings\JULIAN\Datos de programa\Musicmatch
2008-05-01 16:43 . 2008-05-01 16:44 <DIR> d-------- E:\Archivos de programa\Musicmatch
2008-05-01 16:43 . 2005-03-09 14:10 1,047,552 --a------ E:\WINDOWS\system32\mfc71u.dll
2008-05-01 16:22 . 2004-08-03 23:10 48,128 --a------ E:\WINDOWS\system32\drivers\61883.sys
2008-05-01 16:22 . 2004-08-03 23:10 48,128 --a--c--- E:\WINDOWS\system32\dllcache\61883.sys
2008-05-01 16:22 . 2004-08-03 23:10 38,912 --a------ E:\WINDOWS\system32\drivers\avc.sys
2008-05-01 16:22 . 2004-08-03 23:10 38,912 --a--c--- E:\WINDOWS\system32\dllcache\avc.sys
2008-05-01 16:17 . 2008-05-01 16:17 <DIR> d-------- E:\Archivos de programa\Mackie Onyx F Series
2008-05-01 16:12 . 2008-05-01 16:12 <DIR> d-------- E:\Documents and Settings\JULIAN\Datos de programa\Publish Providers
2008-05-01 16:09 . 2008-05-01 16:09 <DIR> d-------- E:\Archivos de programa\K-Lite Codec Pack
2008-05-01 16:09 . 2006-04-20 16:00 856,064 --a------ E:\WINDOWS\system32\xvidcore.dll
2008-05-01 16:09 . 2006-05-13 23:16 118,784 --a------ E:\WINDOWS\system32\ac3acm.acm
2008-05-01 15:59 . 2008-05-01 15:59 <DIR> d-------- E:\Documents and Settings\LocalService\Men£ Inicio
2008-05-01 15:50 . 2004-08-03 22:31 716,856 --a--c--- E:\WINDOWS\system32\dllcache\imjpcus.dll
2008-05-01 15:46 . 2008-05-01 15:46 <DIR> d-------- E:\WINDOWS\ServicePackFiles
2008-05-01 15:41 . 2004-07-17 11:40 19,528 --a------ E:\WINDOWS\002489_.tmp
2008-05-01 15:38 . 2008-05-01 15:51 <DIR> d-------- E:\WINDOWS\EHome
2008-05-01 15:26 . 2008-05-01 15:26 <DIR> d-------- E:\WINDOWS\system32\bits
2008-05-01 15:26 . 2008-05-05 15:32 <DIR> d--h----- E:\WINDOWS\$hf_mig$
2008-05-01 15:10 . 2008-05-01 15:10 <DIR> d-------- E:\Documents and Settings\LocalService\Datos de programa\CyberLink
2008-05-01 14:49 . 2004-08-19 15:42 351,232 --a------ E:\WINDOWS\system32\winhttp.dll
2008-05-01 14:49 . 2004-08-19 15:42 18,944 --a------ E:\WINDOWS\system32\qmgrprxy.dll
2008-05-01 14:49 . 2004-08-19 15:41 8,192 --------- E:\WINDOWS\system32\bitsprx2.dll
2008-05-01 14:49 . 2004-08-19 15:41 7,168 --------- E:\WINDOWS\system32\bitsprx3.dll
2008-05-01 14:42 . 2008-05-01 14:42 <DIR> d-------- E:\Documents and Settings\JULIAN\Datos de programa\CyberLink
2008-05-01 14:42 . 2008-05-01 14:42 <DIR> d-------- E:\Documents and Settings\All Users\Datos de programa\CyberLink
2008-05-01 14:42 . 2007-07-30 19:19 549,720 --a------ E:\WINDOWS\system32\wuapi.dll
2008-05-01 14:42 . 2007-07-30 19:19 325,976 --a------ E:\WINDOWS\system32\wucltui.dll
2008-05-01 14:42 . 2007-07-30 19:19 216,408 --a------ E:\WINDOWS\system32\wuaucpl.cpl
2008-05-01 14:42 . 2007-07-30 19:19 203,096 --a------ E:\WINDOWS\system32\wuweb.dll
2008-05-01 14:42 . 2004-08-03 14:04 187,160 --a------ E:\WINDOWS\system32\wuaueng1.dll
2008-05-01 14:42 . 2004-08-03 14:02 170,264 --a------ E:\WINDOWS\system32\wuauclt1.exe
2008-05-01 14:42 . 2007-07-30 19:18 33,624 --a------ E:\WINDOWS\system32\wups.dll
2008-05-01 14:35 . 2002-12-17 16:23 33,340 --------- E:\WINDOWS\system32\dbmsqlgc.dll
2008-05-01 14:34 . 2008-05-01 14:34 <DIR> d-------- E:\Archivos de programa\Microsoft SQL Server
2008-05-01 14:34 . 1998-10-29 16:45 306,688 --a------ E:\WINDOWS\IsUninst.exe
2008-05-01 14:34 . 2008-05-02 23:08 456 --a------ E:\WINDOWS\ODBC.INI

.
(((((((((((((((((((((((((((((((((((((( Reporte Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-03 19:12 --------- d--h--w E:\Archivos de programa\InstallShield Installation Information
2008-05-03 04:00 --------- d-----w E:\Archivos de programa\microsoft frontpage
2008-04-30 20:53 --------- d-----w E:\Archivos de programa\Archivos comunes\InstallShield
2008-04-30 19:59 --------- d-----w E:\Archivos de programa\Realtek
2008-04-30 19:34 --------- d-----w E:\Archivos de programa\S3
2008-04-30 19:28 --------- d-----w E:\Archivos de programa\VIA
2008-04-30 19:21 558,142 ----a-w E:\WINDOWS\java\Packages\XZXRPZJV.ZIP
2008-04-30 19:21 155,995 ----a-w E:\WINDOWS\java\Packages\7BLJ7X3V.ZIP
2008-04-30 19:20 --------- d-----w E:\Archivos de programa\Servicios en línea
.

((((((((((((((((((((((((((((((((( Cargando Puntos Reg ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* entradas vac¡as & entradas leg¡timas predeterminadas no son mostradas

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5C501CB8-7542-4347-A4D9-7FC3B3D209A3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6584C510-924B-486A-A1A0-E380DE08C2DB}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8885E401-26DB-4F13-BF14-BD0A5F6B2D12}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9A7A77B7-CE86-4696-8D26-E11F26361D21}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4409A57-1501-4801-8562-AEFD622C9BEC}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E42E34F9-7107-470A-9360-E6D380745765}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F5C1A002-DE14-4B1E-84E8-9E24471E22BB}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="E:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:42 15360]
"SpybotSD TeaTimer"="E:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2006-09-21 03:36 53248 E:\WINDOWS\system32\VTTimer.exe]
"S3Trayp"="S3trayp.exe" [2006-10-09 16:14 176128 E:\WINDOWS\system32\S3Trayp.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 06:49 16269312 E:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 05:04 2879488 E:\WINDOWS\SkyTel.exe]
"SCANINICIO"="E:\Archivos de programa\Panda Software\Panda Antivirus Platinum\Inicio.exe" [2003-01-29 19:20 20480]
"APVXDWIN"="E:\Archivos de programa\Panda Software\Panda Antivirus Platinum\APVXDWIN.exe" [2003-04-30 17:57 262144]
"QuickTime Task"="E:\Archivos de programa\QuickTime\qttask.exe" [2008-05-01 12:29 98304]
"MimBoot"="E:\ARCHIV~1\MUSICM~1\MUSICM~1\mimboot.exe" [2005-03-09 19:10 11776]
"RemoteControl"="E:\Archivos de programa\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 17:35 32768]
"NeroFilterCheck"="E:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"LogitechVideoRepair"="E:\Archivos de programa\Logitech\Video\ISStart.exe" [2003-08-29 14:17 188416]
"LogitechVideoTray"="E:\Archivos de programa\Logitech\Video\LogiTray.exe" [2003-08-29 14:20 77824]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="E:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 15:42 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.enc"= ITIG726.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"E:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe"=
"E:\\Archivos de programa\\Windows Live\\Messenger\\livecall.exe"=
"E:\\Archivos de programa\\Opera\\Opera.exe"=

R0 videX32;videX32;E:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-22 22:38]
R0 xfilt;VIA SATA IDE Hot-plug Driver;E:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-02-22 22:39]
R3 S3GIGP;S3GIGP;E:\WINDOWS\system32\DRIVERS\S3gIGPm.sys [2006-11-14 20:38]
S3 echo1394;Onyx 400F service;E:\WINDOWS\system32\Drivers\echo1394.sys [2005-05-11 22:13]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0658a630-17cf-11dd-ac8f-0019663ba869}]
\Shell\AutoRun\command - jfvkcsy.bat
\Shell\explore\Command - jfvkcsy.bat
\Shell\open\Command - jfvkcsy.bat

.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-08 13:58:19
Windows 5.1.2600 Service Pack 2 NTFS

escaneando procesos ocultos ...

escaneando entradas ocultas de autostart ...

escaneando archivos ocultos ...


**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
E:\Archivos de programa\Panda Software\Panda Antivirus Platinum\Pavsrv51.exe
E:\Archivos de programa\CyberLink\Shared Files\RichVideo.exe
E:\WINDOWS\system32\wdfmgr.exe
E:\Archivos de programa\Panda Software\Panda Antivirus Platinum\Avengine.exe
E:\Archivos de programa\Canon\CAL\CALMAIN.exe
E:\ARCHIV~1\MUSICM~1\MUSICM~1\MMDiag.exe
E:\Archivos de programa\Musicmatch\Musicmatch Jukebox\mim.exe
E:\Archivos de programa\Panda Software\Panda Antivirus Platinum\Pavproxy.exe
.
**************************************************************************
.
Tiempo completado: 2008-05-08 14:04:48 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-08 19:03:45

5 dirs 12,508,876,800 bytes libres
8 dirs 12,573,523,968 bytes libres

236 --- E O F --- 2008-05-08 05:38:02



THANKS FOR YOUR HELP

Hi

Looks like you missed this => Do NOT run 'fixes' before helpers have analyzed HJT/KAV scans (http://forums.spybot.info/showthread.php?t=16806)


Disable Spybot's TeaTimer
Run Spybot-S&D in Advanced Mode
If it is not already set to do this, go to the Mode menu
select
Advanced Mode

On the left hand side, click on Tools
Then click on the Resident icon in the list
Uncheck
Resident TeaTimer
and OK any prompts.
Restart your computer


Open notepad and copy/paste the text in the quotebox below into it:



File::
E:\WINDOWS\system32\pyrgsqgu.exe
E:\WINDOWS\system32\tifuhcki.exe
E:\WINDOWS\BM4371f127.xml

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5C501CB8-7542-4347-A4D9-7FC3B3D209A3}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6584C510-924B-486A-A1A0-E380DE08C2DB}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8885E401-26DB-4F13-BF14-BD0A5F6B2D12}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9A7A77B7-CE86-4696-8D26-E11F26361D21}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4409A57-1501-4801-8562-AEFD622C9BEC}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E42E34F9-7107-470A-9360-E6D380745765}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F5C1A002-DE14-4B1E-84E8-9E24471E22BB}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0658a630-17cf-11dd-ac8f-0019663ba869}]



Save this as
CFScript


http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif

Refering to the picture above, drag CFScript into Combo-Fix.exe
Then post the resultant log.


Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.


Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


Please run an online scan with Kaspersky Online Scanner (http://www.kaspersky.com/downloads/kws/kavwebscan.html). You will be prompted to install an ActiveX component from Kaspersky, click Yes.
The program will launch and start to download the latest definition files.
Once the scanner is installed and the definitions downloaded, click Next.
Now click on Scan Settings and select the following:
Scan using the following Anti-Virus database:
Extended (If available, otherwise Standard)
Scan Options:
Scan Archives
Scan Mail Bases
Click OK.
Under
select a target to scan
, select My Computer.
The scan will take a while so be patient and let it run. As it scans your machine very deeply it could take hours to complete, Kaspersky suggests running it during a time of low activity.Once the scan is complete:
Click on the Save as Text button.
Save the file to your desktop.
Copy and paste that information into your next post if the AV content will fit into one post only. Post a fresh hjt log and above meantioned ComboFix resultant log too.


Note for Internet Explorer 7 users: If at any time you have trouble with the Accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.

If having a problme doing the above

Make sure that your Internet security settings are set to default values.

To set default security settings for Internet Explorer:

* Open Internet Explorer.
* Go to the Tools menu, then choose Internet Options.
* Click on the Security tab.
* Make sure that all four item (Internet, Local intranet, Trusted sites, and Restricted sites) are set to their default settings.

thanks for your help.

This is the new log


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:39:22, on 14/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Archivos de programa\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\HPZipm12.exe
E:\Archivos de programa\CyberLink\Shared Files\RichVideo.exe
E:\WINDOWS\System32\svchost.exe
E:\Archivos de programa\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
E:\Archivos de programa\Canon\CAL\CALMAIN.exe
E:\WINDOWS\system32\VTTimer.exe
E:\WINDOWS\system32\S3trayp.exe
E:\WINDOWS\RTHDCPL.EXE
E:\Archivos de programa\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE
E:\Archivos de programa\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
E:\ARCHIV~1\MUSICM~1\MUSICM~1\MMDiag.exe
E:\Archivos de programa\Java\jre1.6.0_06\bin\jusched.exe
E:\Archivos de programa\HP\HP Software Update\HPWuSchd2.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe
E:\Archivos de programa\Musicmatch\Musicmatch Jukebox\mim.exe
E:\Archivos de programa\Panda Software\Panda Antivirus Platinum\pavProxy.exe
E:\Archivos de programa\Windows Live\Messenger\msnmsgr.exe
E:\Archivos de programa\Windows Live\Messenger\usnsvc.exe
E:\Archivos de programa\Internet Explorer\iexplore.exe
E:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WLLoginProxy.exe
E:\Archivos de programa\Spybot - Search & Destroy\SpybotSD.exe
E:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=https%3A%2F%2Fmail.google.com%2Fmail%2F%3Fnsr%3D0%26ui%3Dhtml%26zy%3Dl&ltmpl=default&ltmplcache=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Archivos de programa\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SCANINICIO] "E:\Archivos de programa\Panda Software\Panda Antivirus Platinum\Inicio.exe"
O4 - HKLM\..\Run: [APVXDWIN] "E:\Archivos de programa\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [QuickTime Task] "E:\Archivos de programa\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MimBoot] E:\ARCHIV~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [RemoteControl] "E:\Archivos de programa\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] E:\Archivos de programa\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] E:\Archivos de programa\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Archivos de programa\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] E:\Archivos de programa\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'Servicio de red')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Archivos de programa\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Archivos de programa\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Archivos de programa\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Archivos de programa\Messenger\msmsgs.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - E:\Archivos de programa\Canon\CAL\CALMAIN.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - E:\Archivos de programa\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
O23 - Service: Pml Driver HPZ12 - HP - E:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - E:\Archivos de programa\CyberLink\Shared Files\RichVideo.exe

--
End of file - 6517 bytes

Hi

I need to see other logs too. That said, could you post following logs:
-Kaspersky online scanner report (if you're still not able to run Kaspersky scanner let me know what's the problem with it)
-ComboFix resultant log (contents of c:\combofix.txt file)

Due to inactivity, this thread will now be closed.

Note:If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than five days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.