View Full Version : Virtumonde Infecon
Hi Spybot forum helpers, after a long, long sunday trying to fix my spyware problem I got stuck with Virtumonde, help will be really appreciated since this its a very annoying Malware and I reached my "Do it Yourself" limit, :P ...
Here its my HJT Log:
e of Trend Micro HijackThis v2.0.2
Scan saved at 22:23:58, on 31/08/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\Bonjour\mDNSResponder.exe
C:\Archivos de programa\Archivos comunes\InterVideo\DeviceService\DevSvc.exe
C:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Archivos de programa\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Archivos de programa\Java\jre6\bin\jusched.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Archivos de programa\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\devldr32.exe
C:\Archivos de programa\Eset\nod32kui.exe
c:\Archivos de programa\Archivos comunes\Protexis\License Service\PsiService_2.exe
C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe
C:\Archivos de programa\CyberLink\Shared Files\RichVideo.exe
C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\svchost.exe
C:\ARCHIV~1\CYBERL~1\INSTAN~1\Win2K\IBurn.exe
C:\ARCHIV~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Archivos de programa\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Windows Live\Messenger\msnmsgr.exe
C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Archivos de programa\Archivos comunes\Teleca Shared\CapabilityManager.exe
C:\Archivos de programa\RALINK\Common\RaUI.exe
C:\Archivos de programa\Archivos comunes\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Archivos de programa\Archivos comunes\Teleca Shared\Generic.exe
C:\Archivos de programa\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Archivos de programa\Spybot - Search & Destroy\SpybotSD.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Archivos de programa\Windows Live Toolbar\msn_sl.exe
C:\Documents and Settings\Administrador\Escritorio\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=80744
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - E:\Archivos de programa\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Archivos de programa\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\archivos de programa\google\googletoolbar2.dll
O3 - Toolbar: rafbsvnx - {B36B25DB-E0B4-4058-BEBF-DB0C12B38C89} - C:\WINDOWS\rafbsvnx.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Archivos de programa\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [TkBellExe] "C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RemoteControl] "C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Archivos de programa\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [InstantBurn] C:\ARCHIV~1\CYBERL~1\INSTAN~1\Win2K\IBurn.exe
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\ARCHIV~1\ARCHIV~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\ARCHIV~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Archivos de programa\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [a07d2bf6] rundll32.exe "C:\WINDOWS\system32\cfeqlcjv.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Archivos de programa\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\ckvo.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Servicio de red')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Archivos de programa\RALINK\Common\RaUI.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Archivos de programa\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARCHIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARCHIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/ES-ES/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.es/scan_es/scan8/oscan8.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {A9ED6AA2-D9D4-4D71-9586-E293E2E3580B} (GameDesire Marbles&Diamonds&Runes) - http://67.15.101.33/g_bin/eng/marbles_2_0_0_32.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Archivos de programa\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Archivos de programa\Archivos comunes\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Archivos de programa\Ares\chatServer.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Archivos de programa\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Archivos de programa\Archivos comunes\InterVideo\DeviceService\DevSvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Archivos de programa\Archivos comunes\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c8d33df875e1c0) (gupdate1c8d33df875e1c0) - Google Inc. - C:\Archivos de programa\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Archivos de programa\Java\jre6\bin\jqs.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Archivos de programa\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Archivos de programa\Archivos comunes\Protexis\License Service\PsiService_2.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Archivos de programa\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Archivos de programa\Archivos comunes\PCSuite\Services\ServiceLayer.exe
--
End of file - 11045 bytes
pskelley
2008-09-01, 22:03
Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance)
http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.
Make sure you read and follow the directions, anything else will slow the process and waste both of our time. I suggest you keep this computer offline except when troubleshooting, the junk may download more. If you have any tool I use, delete it and download it new from the link I provide. Read and follow the directions carefully, the tools will not work unless you do.
This can be a tough infection to remove so do not expect fast or easy.
Because the directions appear to not have been read, HJT is located unsafely. Follow my instructions to fix this.
1) We need first to disable TeaTimer that it doesn't interfere with fixes. You can re-enable it when you're clean again:
* Run Spybot-S&D in Advanced Mode.
* If it is not already set to do this Go to the Mode menu select "Advanced Mode"
* On the left hand side, Click on Tools
* Then click on the Resident Icon in the List
* Uncheck "Resident TeaTimer" and OK any prompts.
* Restart your computer.
(leave TT disabled until we finish)
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
2) Remove any old copies of combofix before you proceed.
Thanks to sUBs and anyone else who helped with this fix.
It is important that it is saved directly to your Desktop.
Download ComboFix from Here (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) to your Desktop
Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
Post the combofix log and a new HJT log. <<< follow the instructions in #3 to properly locate HJT.
Tutorial
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
3) Download Trend Micro Hijack This™ to your Desktop
http://download.bleepingcomputer.com/hijackthis/HJTInstall.exe
Doubleclick the HJTInstall.exe to start it.
By default it will install HijackThis in the Program Files\Trendmicro folder and create a desktop shortcut.
HijackThis will open after install. Press the Scan button below.
This will start the scan and open a log.
Copy and paste the contents of the log in your next reply.
Thanks
Thank you very much for your Repply Pskelly, you are very Kind doing this in your spare time, here are my two logs:
ComboFix 08-09-05.02 - Administrador 2008-09-06 14:19:21.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.34.3082.18.136 [GMT -4:00]
Se ejecuta desde: C:\Documents and Settings\Administrador\Escritorio\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrador\Escritorio\WindowsXP-KB310994-SP2-Pro-BootDisk-ESN.exe
* Creado un nuevo punto de restauración
* Resident AV is active
.
(((((((((((((((((((((((((((((((((((( Otras eliminaciones )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Kliber\Escritorio\Privacy Protector.url
C:\WINDOWS\cookies.ini
C:\WINDOWS\edwa.exe
C:\WINDOWS\system32\caforntq.dll
C:\WINDOWS\system32\ddcYsTmJ.dll
C:\WINDOWS\system32\dhjegwjo.dll
C:\WINDOWS\system32\dykexyyp.ini
C:\WINDOWS\system32\igspnegr.ini
C:\WINDOWS\system32\iqomwteo.ini
C:\WINDOWS\system32\JmTsYcdd.ini
C:\WINDOWS\system32\JmTsYcdd.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\ojwgejhd.ini
C:\WINDOWS\system32\pyyxekyd.dll
C:\WINDOWS\system32\qtnrofac.ini
C:\WINDOWS\system32\vjclqefc.ini
C:\WINDOWS\twmxbsqrbtv.dll
C:\x0.cmd
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_XPROTECTOR
-------\Service_XPROTECTOR
(((((((((((((((((( Archivos creados desde 2008-08-06 - 2008-09-06 )))))))))))))))))))))))))))))))))
.
2008-09-02 12:14 . 2008-09-02 12:14 <DIR> d-------- C:\Documents and Settings\ANCASTIL\Datos de programa\Teleca
2008-09-02 12:14 . 2008-09-02 12:14 <DIR> d-------- C:\Documents and Settings\ANCASTIL\Datos de programa\Sony Ericsson
2008-08-31 21:35 . 2008-08-31 21:35 <DIR> d-------- C:\VundoFix Backups
2008-08-31 18:54 . 2008-08-31 19:37 3,694 --a------ C:\WINDOWS\system32\tmp.reg
2008-08-31 15:24 . 2008-08-31 17:12 145 --a------ C:\WINDOWS\wininit.ini
2008-08-27 19:46 . 2008-08-27 21:00 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\Spybot - Search & Destroy
2008-08-27 19:46 . 2008-08-27 19:51 <DIR> d-------- C:\Archivos de programa\Spybot - Search & Destroy
2008-08-27 19:33 . 2008-08-27 19:33 <DIR> d-------- C:\Documents and Settings\Administrador\Datos de programa\Teleca
2008-08-27 19:32 . 2008-08-27 19:32 <DIR> d-------- C:\Documents and Settings\Administrador\Datos de programa\PC Suite
2008-08-22 21:16 . 2008-08-22 21:16 70,656 --a------ C:\WINDOWS\system32\msvbcr40.dll
2008-08-22 21:10 . 2008-08-22 21:46 <DIR> d-------- C:\Documents and Settings\Kliber\Datos de programa\TmpRecentIcons
2008-08-22 21:10 . 2008-08-22 18:08 86,016 --a------ C:\WINDOWS\tqwolser.exe
2008-08-20 13:24 . 2008-08-20 13:24 <DIR> d-------- C:\WINDOWS\system32\es
2008-08-20 13:24 . 2008-08-20 13:24 <DIR> d-------- C:\WINDOWS\system32\bits
2008-08-20 13:24 . 2008-08-20 13:24 <DIR> d-------- C:\WINDOWS\l2schemas
2008-08-20 13:20 . 2008-08-20 13:24 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-08-19 09:43 . 2008-04-13 22:18 1,737,856 --------- C:\WINDOWS\system32\mtxparhd.dll
2008-08-19 09:42 . 2008-04-13 22:18 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll
2008-08-18 19:09 . 2008-08-18 19:13 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-08-18 19:09 . 2008-08-18 19:13 1,409 --a------ C:\WINDOWS\QTFont.for
2008-08-14 10:49 . 2008-04-11 15:05 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-12 15:21 . 2008-08-12 15:22 <DIR> d-------- C:\DVDVideoSoft
2008-08-12 15:20 . 2008-08-12 15:20 <DIR> d-------- C:\Archivos de programa\DVDVideoSoft
2008-08-12 15:20 . 2008-08-12 15:21 <DIR> d-------- C:\Archivos de programa\Archivos comunes\DVDVideoSoft
2008-08-07 11:28 . 2008-08-12 14:27 <DIR> d-------- C:\Documents and Settings\Kliber\Datos de programa\Vso
2008-08-07 11:27 . 2008-08-07 11:27 <DIR> d-------- C:\Archivos de programa\VSO
.
(((((((((((((((((((((((((((((((((((((( Reporte Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-06 17:57 --------- d-----w C:\Archivos de programa\Google
2008-09-01 23:23 --------- d-----w C:\Documents and Settings\All Users\Datos de programa\Google Updater
2008-08-24 22:33 --------- d-----w C:\Archivos de programa\r2 Studios
2008-08-15 07:07 --------- d-----w C:\Documents and Settings\All Users\Datos de programa\Microsoft Help
2008-08-07 20:59 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-07-30 23:35 --------- d-----w C:\Documents and Settings\Kliber\Datos de programa\MyPhoneExplorer
2008-07-30 23:35 --------- d-----w C:\Archivos de programa\MyPhoneExplorer
2008-07-30 19:47 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-07-30 19:47 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_ggsemc_01005.Wdf
2008-07-30 19:36 21,672 ----a-w C:\WINDOWS\system32\drivers\ggsemc.sys
2008-07-30 19:36 13,352 ----a-w C:\WINDOWS\system32\drivers\ggflt.sys
2008-07-30 19:34 --------- d-----w C:\Documents and Settings\All Users\Datos de programa\Sony Ericsson
2008-07-30 19:33 --------- d-----w C:\Archivos de programa\Sony Ericsson
2008-07-29 00:28 --------- d-----w C:\Archivos de programa\eMule
2008-07-28 01:16 --------- d-----w C:\Documents and Settings\Administrador\Datos de programa\Sony Ericsson
2008-07-28 00:22 --------- d-----w C:\Archivos de programa\Eset
2008-07-25 01:12 --------- d-----w C:\Documents and Settings\Kliber\Datos de programa\CyberLink
2008-07-24 19:10 --------- d--h--w C:\Archivos de programa\InstallShield Installation Information
2008-07-24 19:10 --------- d-----w C:\Archivos de programa\LGGSM
2008-07-23 21:55 --------- d-----w C:\Archivos de programa\Inicio
2008-07-23 00:45 502,368 ----a-w C:\WINDOWS\system32\drivers\amon.sys
2008-07-22 20:18 --------- d-----w C:\Archivos de programa\FileZilla FTP Client
2008-07-22 20:11 --------- d-----w C:\Archivos de programa\Bonjour
2008-07-22 17:31 --------- d-----w C:\Archivos de programa\Windows Live Toolbar
2008-07-22 00:26 --------- d-----w C:\Archivos de programa\RegCleaner
2008-07-11 02:15 88 --sh--r C:\Documents and Settings\All Users\Datos de programa\06EB96A50D.sys
2008-07-11 02:15 2,828 --sha-w C:\Documents and Settings\All Users\Datos de programa\KGyGaAvL.sys
2008-07-07 00:05 --------- d-----w C:\Documents and Settings\All Users\Datos de programa\Corel
2007-12-30 23:56 25,600 ----a-w C:\Documents and Settings\Kliber\usbsermptxp.sys
2007-12-30 23:56 22,768 ----a-w C:\Documents and Settings\Kliber\usbsermpt.sys
2007-11-29 22:38 22,328 ----a-w C:\Documents and Settings\Kliber\Datos de programa\PnkBstrK.sys
.
((((((((((((((((((((((((((((((((( Cargando Puntos Reg ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vac¡as & entradas leg¡timas predeterminadas no son mostradas
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{77D7E795-33C5-4323-974D-A2A49AB75517}]
2008-08-31 15:09 133616 --a----t- C:\Archivos de programa\Google\Update\1.2.131.11\GoopdateBho.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"msnmsgr"="C:\Archivos de programa\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"swg"="C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-05 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 7700480]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 86016]
"SunJavaUpdateSched"="C:\Archivos de programa\Java\jre6\bin\jusched.exe" [2008-05-16 136600]
"GrooveMonitor"="C:\Archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"nod32kui"="C:\Archivos de programa\Eset\nod32kui.exe" [2008-07-22 921600]
"TkBellExe"="C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe" [2007-10-25 185632]
"RemoteControl"="C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="C:\Archivos de programa\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"InstantBurn"="C:\ARCHIV~1\CYBERL~1\INSTAN~1\Win2K\IBurn.exe" [2006-12-21 589824]
"Adobe_ID0EYTHM"="C:\ARCHIV~1\ARCHIV~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 1884160]
"PCSuiteTrayApplication"="C:\ARCHIV~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" [2006-06-15 229376]
"Sony Ericsson PC Suite"="C:\Archivos de programa\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744]
"Adobe Reader Speed Launcher"="C:\Archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"nwiz"="nwiz.exe" [2006-10-22 C:\WINDOWS\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= ctwdm32.dll
"VIDC.YV12"= yv12vfw.dll
"msacm.ac3filter"= ac3filter.acm
[HKLM\~\startupfolder\C:^Documents and Settings^Kliber^Menú Inicio^Programas^Inicio^Recorte de pantalla e Inicio rápido de OneNote 2007.lnk]
path=C:\Documents and Settings\Kliber\Menú Inicio\Programas\Inicio\Recorte de pantalla e Inicio rápido de OneNote 2007.lnk
backup=C:\WINDOWS\pss\Recorte de pantalla e Inicio rápido de OneNote 2007.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Kliber^Menú Inicio^Programas^Inicio^Registration Myst V]
path=C:\Documents and Settings\Kliber\Menú Inicio\Programas\Inicio\Registration Myst V
backup=C:\WINDOWS\pss\Registration Myst VStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-13 22:19 1695232 C:\Archivos de programa\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 C:\Archivos de programa\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
--------- 2005-10-11 18:25 1961984 C:\Archivos de programa\Ahead\Nero BackItUp\NBJ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
--a------ 2006-06-27 16:21 1449984 C:\Archivos de programa\Nokia\Nokia PC Suite 6\PcSync2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-01-05 22:44 68856 C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-10-25 21:42 185632 C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]
--------- 2004-08-14 04:42 36864 C:\Archivos de programa\mobile PhoneTools\WatchDog.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Archivos de programa\\eMule\\emule.exe"=
"C:\\Archivos de programa\\Bonjour\\mDNSResponder.exe"=
"C:\\Archivos de programa\\Archivos comunes\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"D:\\Archivos de programa\\Wolfenstein - Enemy Territory\\ET.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"D:\\Archivos de programa\\SmartFTP\\SmartFTP.exe"=
"C:\\Archivos de programa\\Joost\\xulrunner\\tvprunner.exe"=
"C:\\Archivos de programa\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Archivos de programa\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Archivos de programa\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Archivos de programa\\CyberLink\\PowerDirector\\PDR.exe"=
"C:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Archivos de programa\\Windows Live\\Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
R0 CLBStor;InstantBurn Storage Helper Driver;C:\WINDOWS\system32\drivers\CLBStor.sys [2006-12-21 10368]
R2 CLBUDF;CyberLink InstantBurn UDF Filesystem;C:\WINDOWS\system32\drivers\CLBUDF.sys [2006-12-21 153728]
R2 JavaQuickStarterService;Java Quick Starter;C:\Archivos de programa\Java\jre6\bin\jqs.exe [2008-05-16 147456]
R2 PSI_SVC_2;Protexis Licensing V2;c:\Archivos de programa\Archivos comunes\Protexis\License Service\PsiService_2.exe [2007-07-24 185632]
S2 gupdate1c8d33df875e1c0;Google Update Service (gupdate1c8d33df875e1c0);C:\Archivos de programa\Google\Update\GoogleUpdate.exe [2008-08-31 133104]
S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys [2008-07-30 13352]
S3 KS-959;Kingsun KS-959 USB Infrared Adapter;C:\WINDOWS\system32\DRIVERS\KS-959.sys [2005-09-04 19034]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS [2004-03-23 17280]
S3 usb2vcom;USB Data Cable;C:\WINDOWS\system32\DRIVERS\usb2vcom.sys [2006-02-19 29152]
S3 w200bus;Sony Ericsson W200 driver (WDM);C:\WINDOWS\system32\DRIVERS\w200bus.sys [2006-11-07 61504]
S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w200mdfl.sys [2006-11-07 9328]
S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w200mdm.sys [2006-11-07 97056]
S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w200mgmt.sys [2006-11-07 88560]
S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w200obex.sys [2006-11-07 86368]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{37bf07b4-8a76-11dc-965c-00115b9146a2}]
\Shell\AutoRun\command - G:\1rfw8hjr.com
\Shell\explore\Command - G:\1rfw8hjr.com
\Shell\open\Command - G:\1rfw8hjr.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fa5e7305-803e-11dc-9652-00115b9146a2}]
\Shell\AutoRun\command - I:\8de.bat
\Shell\explore\Command - I:\8de.bat
\Shell\open\Command - I:\8de.bat
.
Contenido de carpeta 'Tareas Programadas'
.
- - - - ORPHANS REMOVED - - - -
BHO-{0E932955-FCA9-4A55-B9EC-B389AEE228F1} - (no file)
BHO-{14F3DF6C-ECBB-40AB-9074-D686A55040FB} - (no file)
BHO-{1B4CB3AB-3F1A-46B0-9BC7-3470A70EE334} - (no file)
BHO-{65478C06-58B2-4033-8C23-B102C10B3246} - (no file)
BHO-{7BAFC198-2DEF-43CD-ACA6-AB49EEF5EFF7} - C:\WINDOWS\system32\ddcYsTmJ.dll
BHO-{C095CFFA-550F-4AB2-B798-F2959865F5C2} - (no file)
BHO-{CF2878D5-E17B-4B39-B5AC-E7077790CB0A} - (no file)
BHO-{FFA94DB6-9502-417A-BF05-D489CA1B4DB3} - (no file)
HKCU-Run-kamsoft - C:\WINDOWS\system32\ckvo.exe
HKLM-Run-a07d2bf6 - C:\WINDOWS\system32\cfeqlcjv.dll
Notify-cbXQhIAs - (no file)
MSConfigStartUp-amva - C:\WINDOWS\system32\amvo.exe
MSConfigStartUp-kamsoft - C:\WINDOWS\system32\ckvo.exe
MSConfigStartUp-StartupDelayer - C:\Archivos de programa\r2 Studios\Startup Delayer\Startup Launcher GUI.exe
.
------- Supplementary Scan -------
.
O8 -: &Windows Live Search - C:\Archivos de programa\Windows Live Toolbar\msntb.dll/search.htm
O8 -: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 -: E&xportar a Microsoft Excel - C:\ARCHIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O16 -: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.es/scan_es/scan8/oscan8.cab
C:\WINDOWS\Downloaded Program Files\oscan8.inf
C:\WINDOWS\bdoscandellang.ini
C:\WINDOWS\bdoscandel.exe
C:\WINDOWS\Downloaded Program Files\live.ini
C:\WINDOWS\Downloaded Program Files\scanoptions.tsi
C:\WINDOWS\Downloaded Program Files\lang.ini
C:\WINDOWS\Downloaded Program Files\ipsupd.dll
C:\WINDOWS\Downloaded Program Files\bdupd.dll
C:\WINDOWS\Downloaded Program Files\libfn.dll
C:\WINDOWS\Downloaded Program Files\bdcore.dll
C:\WINDOWS\Downloaded Program Files\oscan8.ocx
O16 -: {A9ED6AA2-D9D4-4D71-9586-E293E2E3580B} - hxxp://67.15.101.33/g_bin/eng/marbles_2_0_0_32.cab
C:\WINDOWS\Downloaded Program Files\Marbles.inf
C:\WINDOWS\Downloaded Program Files\Marbles.dll
O16 -: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game02.zylom.com/activex/zylomgamesplayer.cab
C:\WINDOWS\Downloaded Program Files\ZylomGamesPlayer.inf
C:\WINDOWS\Downloaded Program Files\zylomgamesplayer.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-06 14:30:24
Windows 5.1.2600 Service Pack 3 NTFS
escaneando procesos ocultos ...
escaneando entradas ocultas de autostart ...
escaneando archivos ocultos ...
el escaneo se completo con exito
archivos ocultos: 0
**************************************************************************
.
--------------------- DLLs cargados bajo los procesos en ejecuci¢n ---------------------
PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Archivos de programa\Eset\pr_imon.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Archivos de programa\Bonjour\mDNSResponder.exe
C:\Archivos de programa\Archivos comunes\InterVideo\DeviceService\DevSvc.exe
C:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Archivos de programa\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Archivos de programa\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\devldr32.exe
C:\Archivos de programa\RALINK\Common\RaUI.exe
C:\Archivos de programa\Archivos comunes\Teleca Shared\CapabilityManager.exe
C:\Archivos de programa\Archivos comunes\PCSuite\Services\ServiceLayer.exe
C:\Archivos de programa\Archivos comunes\Teleca Shared\Generic.exe
C:\Archivos de programa\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
.
**************************************************************************
.
Tiempo completado: 2008-09-06 14:38:34 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-06 18:38:18
Pre-Run: 20,407,468,032 bytes libres
Post-Run: 21,975,678,976 bytes libres
WindowsXP-KB310994-SP2-Pro-BootDisk-ESN.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
282 --- E O F --- 2008-08-22 02:10:27
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:43:08, on 06/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Bonjour\mDNSResponder.exe
C:\Archivos de programa\Archivos comunes\InterVideo\DeviceService\DevSvc.exe
C:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Archivos de programa\Java\jre6\bin\jqs.exe
C:\Archivos de programa\Google\Update\GoogleUpdate.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Archivos de programa\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
c:\Archivos de programa\Archivos comunes\Protexis\License Service\PsiService_2.exe
C:\Archivos de programa\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Archivos de programa\Java\jre6\bin\jusched.exe
C:\Archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe
C:\Archivos de programa\Eset\nod32kui.exe
C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe
C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\devldr32.exe
C:\ARCHIV~1\CYBERL~1\INSTAN~1\Win2K\IBurn.exe
C:\ARCHIV~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Archivos de programa\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Windows Live\Messenger\msnmsgr.exe
C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Archivos de programa\RALINK\Common\RaUI.exe
C:\Archivos de programa\Archivos comunes\Teleca Shared\CapabilityManager.exe
C:\Archivos de programa\Archivos comunes\PCSuite\Services\ServiceLayer.exe
C:\Archivos de programa\Archivos comunes\Teleca Shared\Generic.exe
C:\Archivos de programa\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=80744
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - E:\Archivos de programa\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Archivos de programa\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre6\bin\ssv.dll
O2 - BHO: Google Update Helper - {77D7E795-33C5-4323-974D-A2A49AB75517} - C:\Archivos de programa\Google\Update\1.2.131.11\GoopdateBho.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Archivos de programa\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Archivos de programa\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Archivos de programa\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Archivos de programa\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - E:\Archivos de programa\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Archivos de programa\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Archivos de programa\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [TkBellExe] "C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RemoteControl] "C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Archivos de programa\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [InstantBurn] C:\ARCHIV~1\CYBERL~1\INSTAN~1\Win2K\IBurn.exe
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\ARCHIV~1\ARCHIV~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\ARCHIV~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Archivos de programa\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Archivos de programa\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Servicio de red')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Archivos de programa\RALINK\Common\RaUI.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Archivos de programa\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARCHIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARCHIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/ES-ES/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.es/scan_es/scan8/oscan8.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {A9ED6AA2-D9D4-4D71-9586-E293E2E3580B} (GameDesire Marbles&Diamonds&Runes) - http://67.15.101.33/g_bin/eng/marbles_2_0_0_32.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Archivos de programa\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Archivos de programa\Archivos comunes\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Archivos de programa\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Archivos de programa\Archivos comunes\InterVideo\DeviceService\DevSvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Archivos de programa\Archivos comunes\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c8d33df875e1c0) (gupdate1c8d33df875e1c0) - Google Inc. - C:\Archivos de programa\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Archivos de programa\Java\jre6\bin\jqs.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Archivos de programa\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Archivos de programa\Archivos comunes\Protexis\License Service\PsiService_2.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Archivos de programa\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Archivos de programa\Archivos comunes\PCSuite\Services\ServiceLayer.exe
--
End of file - 12025 bytes
pskelley
2008-09-06, 21:58
Thanks for returning your information, before we start, this item:
O2 - BHO: Google Update Helper - {77D7E795-33C5-4323-974D-A2A49AB75517} - C:\Archivos de programa\Google\Update\1.2.131.11\GoopdateBho.dll
77D7E795-33C5-4323-974D-A2A49AB75517 <<< the CLSID ID number does not reconcile with Google:
http://www.google.com/search?hl=en&q=77D7E795-33C5-4323-974D-A2A49AB75517&btnG=Search
The legitimate CLSID for that item is:
ADD57508-1A52-4FAA-A7B3-A3ADE8FAEFEC
http://www.castlecops.com/tk42996-Google_Update_Class.html
C:\Archivos de programa\Google\Update\1.2.131.11\GoopdateBho.dll <<< make sure you follow that pathway to this file and scan it here:
http://virusscan.jotti.org/
Post that information, you may need to show all files and folders:
http://www.xtra.co.nz/help/0,,4155-1916458,00.html
Post that information for me to view.
G:\1rfw8hjr.com <<< see this: http://www.prevx.com/filenames/X1566175445894560401-0/1RFW8HJR.COM.html
I:\8de.bat <<< and this: http://www.prevx.com/filenames/2700767618900971341-X1065720716/8DE.BAT.html
You are using an infected USB device to infect your computer. We will need to disinfect the computer and the device. You must take more care about what you stick into your computer!
1) C:\Archivos de programa\Java\jre6\ <<< check Java for an update, see this information:
http://forums.spybot.info/showpost.php?p=12880&postcount=2
2) Open notepad and copy/paste the text in the codebox below into it:
File::
C:\WINDOWS\tqwolser.exe
G:\1rfw8hjr.com
I:\8de.bat
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{37bf07b4-8a76-11dc-965c-00115b9146a2}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fa5e7305-803e-11dc-9652-00115b9146a2}]
Folder::
C:\VundoFix Backups
Save this as CFScript
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Referring to the picture above, drag CFScript into ComboFix.exe.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log. (wait until you finish to post the logs)
3) Download and Run Flash_Disinfector
http://www.techsupportforum.com/sectools/sUBs/Flash_Disinfector.exe
Download Flash_Disinfector from here and save it to your Desktop.
Doubleclick on Flash_Disinfector.exe to run it and follow the prompts.
Wait until it has finished scanning and then exit the program.
The utility may ask you to insert your flash drive and/or other removable drives. This may include your mobile phone.
Please do so and allow the utility to clean up those drives as well.
4) Please download ATF Cleaner by Atribune
http://www.atribune.org/public-beta/ATF-Cleaner.exe
Save it to your Desktop. Run ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.
*Cleaning Prefetch may results in a few slow starts until the folder is repopulated:
http://www.windowsnetworking.com/articles_tutorials/Gaining-Speed-Empty-Prefetch-XP.html
5) Download Malwarebytes' Anti-Malware to your Desktop
http://www.besttechie.net/tools/mbam-setup.exe
* Double-click mbam-setup.exe and follow the prompts to install the program.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform FULL SCAN, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
* Please post the log from CFScript, the log from MBAM and a new HJT log.
Remember to include the information from the jotti scan.
Please tell me how the computer is running now.
Gracias
Hi PsKelley! About the file you told me to scan ( ,C:\Archivos de programa\Google\Update\1.2.131.11\GoopdateBho.dll) here its the result:
Service load: 0% 100%
File: GoopdateBho.dll
Status: OK(Note: file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5: e6a4b5081916cd2675348db66ac0a19f
Packers detected: -
Scanner results
Scan taken on 07 Sep 2008 22:13:48 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing
1) C:\Archivos de programa\Java\jre6\ <<< check Java for an update, see this information:
Old Java versions were removed, new stable version its Installed.
2) Open notepad and copy/paste the text in the codebox below into it:
Here its the Combofix Log:
ComboFix 08-09-05.02 - Administrador 2008-09-06 19:48:27.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.34.3082.18.243 [GMT -4:00]
Se ejecuta desde: C:\Documents and Settings\Administrador\Escritorio\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrador\Escritorio\CFScript.txt
* Creado un nuevo punto de restauración
* Resident AV is active
.
(((((((((((((((((((((((((((((((((((( Otras eliminaciones )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\VundoFix Backups
C:\WINDOWS\tqwolser.exe
G:\autorun.inf
.
(((((((((((((((((( Archivos creados desde 2008-08-06 - 2008-09-06 )))))))))))))))))))))))))))))))))
.
2008-09-06 19:45 . 2008-09-06 19:45 <DIR> d-------- C:\Archivos de programa\Sun
2008-09-06 19:45 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-09-06 19:40 . 2008-09-06 19:45 <DIR> d-------- C:\Archivos de programa\Java
2008-09-06 19:40 . 2008-09-06 19:40 <DIR> d-------- C:\Archivos de programa\Archivos comunes\Java
2008-09-06 14:42 . 2008-09-06 14:42 <DIR> d-------- C:\Archivos de programa\Trend Micro
2008-09-06 14:38 . 2008-09-06 14:38 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Configuraci¾n local
2008-09-06 14:38 . 2008-09-06 14:38 <DIR> d-------- C:\Documents and Settings\NetworkService\Configuraci¾n local
2008-09-06 14:38 . 2008-09-06 14:38 <DIR> d-------- C:\Documents and Settings\LocalService\Configuraci¾n local
2008-09-06 14:38 . 2008-09-06 14:38 <DIR> d-------- C:\Documents and Settings\Kliber\Configuraci¾n local
2008-09-06 14:38 . 2008-09-06 14:38 <DIR> d-------- C:\Documents and Settings\ANCASTIL\Configuraci¾n local
2008-09-06 14:38 . 2008-09-06 14:38 <DIR> d-------- C:\Documents and Settings\Administrador\Configuraci¾n local
2008-09-02 12:14 . 2008-09-02 12:14 <DIR> d-------- C:\Documents and Settings\ANCASTIL\Datos de programa\Teleca
2008-09-02 12:14 . 2008-09-02 12:14 <DIR> d-------- C:\Documents and Settings\ANCASTIL\Datos de programa\Sony Ericsson
2008-08-31 18:54 . 2008-08-31 19:37 3,694 --a------ C:\WINDOWS\system32\tmp.reg
2008-08-31 15:24 . 2008-08-31 17:12 145 --a------ C:\WINDOWS\wininit.ini
2008-08-27 19:46 . 2008-08-27 21:00 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\Spybot - Search & Destroy
2008-08-27 19:46 . 2008-08-27 19:51 <DIR> d-------- C:\Archivos de programa\Spybot - Search & Destroy
2008-08-27 19:33 . 2008-08-27 19:33 <DIR> d-------- C:\Documents and Settings\Administrador\Datos de programa\Teleca
2008-08-27 19:32 . 2008-08-27 19:32 <DIR> d-------- C:\Documents and Settings\Administrador\Datos de programa\PC Suite
2008-08-22 21:16 . 2008-08-22 21:16 70,656 --a------ C:\WINDOWS\system32\msvbcr40.dll
2008-08-22 21:10 . 2008-08-22 21:46 <DIR> d-------- C:\Documents and Settings\Kliber\Datos de programa\TmpRecentIcons
2008-08-20 13:24 . 2008-08-20 13:24 <DIR> d-------- C:\WINDOWS\system32\es
2008-08-20 13:24 . 2008-08-20 13:24 <DIR> d-------- C:\WINDOWS\system32\bits
2008-08-20 13:24 . 2008-08-20 13:24 <DIR> d-------- C:\WINDOWS\l2schemas
2008-08-20 13:20 . 2008-08-20 13:24 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-08-19 09:43 . 2008-04-13 22:18 1,737,856 --------- C:\WINDOWS\system32\mtxparhd.dll
2008-08-19 09:42 . 2008-04-13 22:18 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll
2008-08-18 19:09 . 2008-08-18 19:13 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-08-18 19:09 . 2008-08-18 19:13 1,409 --a------ C:\WINDOWS\QTFont.for
2008-08-14 10:49 . 2008-04-11 15:05 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-12 15:21 . 2008-08-12 15:22 <DIR> d-------- C:\DVDVideoSoft
2008-08-12 15:20 . 2008-08-12 15:20 <DIR> d-------- C:\Archivos de programa\DVDVideoSoft
2008-08-12 15:20 . 2008-08-12 15:21 <DIR> d-------- C:\Archivos de programa\Archivos comunes\DVDVideoSoft
2008-08-07 11:28 . 2008-08-12 14:27 <DIR> d-------- C:\Documents and Settings\Kliber\Datos de programa\Vso
2008-08-07 11:27 . 2008-08-07 11:27 <DIR> d-------- C:\Archivos de programa\VSO
.
(((((((((((((((((((((((((((((((((((((( Reporte Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-06 17:57 --------- d-----w C:\Archivos de programa\Google
2008-09-01 23:23 --------- d-----w C:\Documents and Settings\All Users\Datos de programa\Google Updater
2008-08-24 22:33 --------- d-----w C:\Archivos de programa\r2 Studios
2008-08-15 07:07 --------- d-----w C:\Documents and Settings\All Users\Datos de programa\Microsoft Help
2008-08-07 20:59 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-08-07 20:59 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-07-30 23:35 --------- d-----w C:\Documents and Settings\Kliber\Datos de programa\MyPhoneExplorer
2008-07-30 23:35 --------- d-----w C:\Archivos de programa\MyPhoneExplorer
2008-07-30 19:47 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-07-30 19:47 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_ggsemc_01005.Wdf
2008-07-30 19:36 21,672 ----a-w C:\WINDOWS\system32\drivers\ggsemc.sys
2008-07-30 19:36 13,352 ----a-w C:\WINDOWS\system32\drivers\ggflt.sys
2008-07-30 19:36 1,419,232 ----a-w C:\WINDOWS\system32\wdfcoinstaller01005.dll
2008-07-30 19:34 --------- d-----w C:\Documents and Settings\All Users\Datos de programa\Sony Ericsson
2008-07-30 19:33 --------- d-----w C:\Archivos de programa\Sony Ericsson
2008-07-29 00:28 --------- d-----w C:\Archivos de programa\eMule
2008-07-28 01:16 --------- d-----w C:\Documents and Settings\Administrador\Datos de programa\Sony Ericsson
2008-07-28 00:22 --------- d-----w C:\Archivos de programa\Eset
2008-07-25 01:12 --------- d-----w C:\Documents and Settings\Kliber\Datos de programa\CyberLink
2008-07-24 19:10 --------- d--h--w C:\Archivos de programa\InstallShield Installation Information
2008-07-24 19:10 --------- d-----w C:\Archivos de programa\LGGSM
2008-07-23 21:55 --------- d-----w C:\Archivos de programa\Inicio
2008-07-23 00:45 502,368 ----a-w C:\WINDOWS\system32\drivers\amon.sys
2008-07-23 00:45 274,432 ----a-w C:\WINDOWS\system32\imon.dll
2008-07-22 20:18 --------- d-----w C:\Archivos de programa\FileZilla FTP Client
2008-07-22 20:11 --------- d-----w C:\Archivos de programa\Bonjour
2008-07-22 17:31 --------- d-----w C:\Archivos de programa\Windows Live Toolbar
2008-07-22 00:26 --------- d-----w C:\Archivos de programa\RegCleaner
2008-07-11 02:15 88 --sh--r C:\Documents and Settings\All Users\Datos de programa\06EB96A50D.sys
2008-07-11 02:15 2,828 --sha-w C:\Documents and Settings\All Users\Datos de programa\KGyGaAvL.sys
2008-07-07 20:27 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 00:05 --------- d-----w C:\Documents and Settings\All Users\Datos de programa\Corel
2008-06-24 16:44 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:28 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:47 248,320 ----a-w C:\WINDOWS\system32\mswsock.dll
2007-12-30 23:56 25,600 ----a-w C:\Documents and Settings\Kliber\usbsermptxp.sys
2007-12-30 23:56 22,768 ----a-w C:\Documents and Settings\Kliber\usbsermpt.sys
2007-11-29 22:38 22,328 ----a-w C:\Documents and Settings\Kliber\Datos de programa\PnkBstrK.sys
.
((((((((((((((((((((((((((((( snapshot@2008-09-06_14.37.41.00 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-16 20:17:56 139,264 ----a-w C:\WINDOWS\system32\java.exe
+ 2008-06-10 05:21:01 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2008-05-16 20:17:56 139,264 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2008-06-10 05:21:04 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
- 2008-05-16 20:17:56 143,360 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2008-06-10 06:32:34 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
.
((((((((((((((((((((((((((((((((( Cargando Puntos Reg ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vacías & entradas legítimas predeterminadas no son mostradas
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{77D7E795-33C5-4323-974D-A2A49AB75517}]
2008-08-31 15:09 133616 --a----t- C:\Archivos de programa\Google\Update\1.2.131.11\GoopdateBho.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"msnmsgr"="C:\Archivos de programa\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"swg"="C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-05 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 7700480]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 86016]
"GrooveMonitor"="C:\Archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"nod32kui"="C:\Archivos de programa\Eset\nod32kui.exe" [2008-07-22 921600]
"TkBellExe"="C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe" [2007-10-25 185632]
"RemoteControl"="C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="C:\Archivos de programa\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"InstantBurn"="C:\ARCHIV~1\CYBERL~1\INSTAN~1\Win2K\IBurn.exe" [2006-12-21 589824]
"Adobe_ID0EYTHM"="C:\ARCHIV~1\ARCHIV~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 1884160]
"PCSuiteTrayApplication"="C:\ARCHIV~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" [2006-06-15 229376]
"Sony Ericsson PC Suite"="C:\Archivos de programa\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744]
"Adobe Reader Speed Launcher"="C:\Archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="C:\Archivos de programa\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"nwiz"="nwiz.exe" [2006-10-22 C:\WINDOWS\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 15360]
C:\Documents and Settings\All Users\Men£ Inicio\Programas\Inicio\
Ralink Wireless Utility.lnk - C:\Archivos de programa\RALINK\Common\RaUI.exe [2007-07-22 618496]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= ctwdm32.dll
"VIDC.YV12"= yv12vfw.dll
"msacm.ac3filter"= ac3filter.acm
[HKLM\~\startupfolder\C:^Documents and Settings^Kliber^Menú Inicio^Programas^Inicio^Recorte de pantalla e Inicio rápido de OneNote 2007.lnk]
path=C:\Documents and Settings\Kliber\Menú Inicio\Programas\Inicio\Recorte de pantalla e Inicio rápido de OneNote 2007.lnk
backup=C:\WINDOWS\pss\Recorte de pantalla e Inicio rápido de OneNote 2007.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Kliber^Menú Inicio^Programas^Inicio^Registration Myst V]
path=C:\Documents and Settings\Kliber\Menú Inicio\Programas\Inicio\Registration Myst V
backup=C:\WINDOWS\pss\Registration Myst VStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-13 22:19 1695232 C:\Archivos de programa\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 C:\Archivos de programa\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
--------- 2005-10-11 18:25 1961984 C:\Archivos de programa\Ahead\Nero BackItUp\NBJ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
--a------ 2006-06-27 16:21 1449984 C:\Archivos de programa\Nokia\Nokia PC Suite 6\PcSync2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-01-05 22:44 68856 C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-10-25 21:42 185632 C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]
--------- 2004-08-14 04:42 36864 C:\Archivos de programa\mobile PhoneTools\WatchDog.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Archivos de programa\\eMule\\emule.exe"=
"C:\\Archivos de programa\\Bonjour\\mDNSResponder.exe"=
"C:\\Archivos de programa\\Archivos comunes\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"D:\\Archivos de programa\\Wolfenstein - Enemy Territory\\ET.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"D:\\Archivos de programa\\SmartFTP\\SmartFTP.exe"=
"C:\\Archivos de programa\\Joost\\xulrunner\\tvprunner.exe"=
"C:\\Archivos de programa\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Archivos de programa\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Archivos de programa\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Archivos de programa\\CyberLink\\PowerDirector\\PDR.exe"=
"C:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Archivos de programa\\Windows Live\\Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
R0 CLBStor;InstantBurn Storage Helper Driver;C:\WINDOWS\system32\drivers\CLBStor.sys [2006-12-21 10368]
R2 CLBUDF;CyberLink InstantBurn UDF Filesystem;C:\WINDOWS\system32\drivers\CLBUDF.sys [2006-12-21 153728]
R2 PSI_SVC_2;Protexis Licensing V2;c:\Archivos de programa\Archivos comunes\Protexis\License Service\PsiService_2.exe [2007-07-24 185632]
S2 gupdate1c8d33df875e1c0;Google Update Service (gupdate1c8d33df875e1c0);C:\Archivos de programa\Google\Update\GoogleUpdate.exe [2008-08-31 133104]
S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys [2008-07-30 13352]
S3 KS-959;Kingsun KS-959 USB Infrared Adapter;C:\WINDOWS\system32\DRIVERS\KS-959.sys [2005-09-04 19034]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS [2004-03-23 17280]
S3 usb2vcom;USB Data Cable;C:\WINDOWS\system32\DRIVERS\usb2vcom.sys [2006-02-19 29152]
S3 w200bus;Sony Ericsson W200 driver (WDM);C:\WINDOWS\system32\DRIVERS\w200bus.sys [2006-11-07 61504]
S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w200mdfl.sys [2006-11-07 9328]
S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w200mdm.sys [2006-11-07 97056]
S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w200mgmt.sys [2006-11-07 88560]
S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w200obex.sys [2006-11-07 86368]
.
Contenido de carpeta 'Tareas Programadas'
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-06 19:51:44
Windows 5.1.2600 Service Pack 3 NTFS
escaneando procesos ocultos ...
escaneando entradas ocultas de autostart ...
escaneando archivos ocultos ...
el escaneo se completo con exito
archivos ocultos: 0
**************************************************************************
.
--------------------- DLLs cargados bajo los procesos en ejecución ---------------------
PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Archivos de programa\Eset\pr_imon.dll
.
Tiempo completado: 2008-09-06 19:55:26
ComboFix-quarantined-files.txt 2008-09-06 23:55:03
ComboFix2.txt 2008-09-06 18:38:35
Pre-Run: 23,099,105,280 bytes libres
Post-Run: 23,089,856,512 bytes libres
215 --- E O F --- 2008-08-22 02:10:27
3) Download and Run Flash_Disinfector
Yep, used to stick my flash drive in street cybercafes to print documents and stuff ( thought I got rid of ckvo months ago...)
4) Please download ATF Cleaner by Atribune
Done.
5) Download Malwarebytes' Anti-Malware to your Desktop
Malwarebytes' Anti-Malware 1.26
Database version: 1120
Windows 5.1.2600 Service Pack 3
07/09/2008 17:29:59
mbam-log-2008-09-07 (17-29-59).txt
Scan type: Full Scan (C:\|D:\|E:\|G:\|)
Objects scanned: 422231
Time elapsed: 3 hour(s), 6 minute(s), 29 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 27
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 13
Files Infected: 166
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\msvbcr40.msvbcr40 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\msvbcr40.msvbcr40.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\videoegg.activexloader (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{168dc258-1455-4e61-8590-9dac2f27b675} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1a8642f1-dc80-4edc-a39d-0fb62a58b455} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3f91eb90-ef62-44ee-a685-fac29af111cd} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5c29c7e4-5321-4cad-be2e-877666bed5df} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{83dfb6ee-ab18-41b5-86d4-b544a141d67e} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{88d6cf0e-cf70-4c24-bf6e-e4e414bc649c} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8f6a82a2-d7b1-443e-bb9f-f7dc887dd618} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9856e2d8-ffb2-4fe5-8cad-d5ad6a35a804} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a3d06987-c35e-49e4-8fe2-ac67b9fbfb4c} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a58c497b-3ee2-45e7-9594-daca6be2a0d0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ad0a3058-fd49-4f98-a514-fd055201835e} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ad5915ea-b61a-4dba-b5c8-ef4b2df0a3c7} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bb187c0d-6f53-4f3e-9590-98fd3a7364a2} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c5041fd9-4819-4dc4-b20e-c950b5b03d2a} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d17726cc-d4dd-4c4a-9671-471d56e413b5} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{db8cce99-59c6-4552-8bfc-058feb38d6ce} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{dc3a04ee-cdd7-4407-915c-a5502f97eecd} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e1a63484-a022-4d42-830a-fbd411514440} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e282c728-189d-419e-8ee2-1601f4b39ba5} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\videoegg.activexloader.1 (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videoegg.com/publisher,version=1.5 (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\rafbsvnx.bmvs (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Data (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Loader (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Loader\4665 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\messages (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4665 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Updater (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Updater\4665 (Adware.VideoEgg) -> Quarantined and deleted successfully.
Files Infected:
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Loader\4665\npvideoegg-loader.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FD0923BE-A338-4659-B672-01E6BAE8CCC3}\RP2\A0000010.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FD0923BE-A338-4659-B672-01E6BAE8CCC3}\RP2\A0000012.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FD0923BE-A338-4659-B672-01E6BAE8CCC3}\RP2\A0000019.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FD0923BE-A338-4659-B672-01E6BAE8CCC3}\RP2\A0000141.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Updater\updater.exe (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Updater\VideoEggBroker.exe (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Updater\VideoEggBroker.exe.old (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\edwa.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\caforntq.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\ddcYsTmJ.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\pyyxekyd.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\Cyberlink.PowerDirector.Deluxe.v6.00.1731b.Multilingual.Incl.Keymaker-CORE\CORE10k.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\DataLOCKED (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Uninstall.exe (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Data\report.log (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Loader\loader.ver (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\publisher.ver (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\avcodec.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\crashRpt.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\FLVEncoder.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\lame_enc.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\LevelMeter.ax (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\libcurlve.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\libpng.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\npvideoegg-publisher.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\VideoEgg_FLVWriter.ax (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\zlib.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\aol_watermark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\audio_combo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\audio_source.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\big_gray_logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\big_logo_cropped.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\blank_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\button_browse_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\button_browse_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\button_browse_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\camcorders_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\camcorder_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\camcorder_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_bottom_left_curve.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_bottom_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_top_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\done.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropshadow_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropshadow_horiz.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropshadow_vertical.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropzone.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_instructions.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_sent.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_sent_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_sent_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\eraser.CUR (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\eraser_cursor.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\file_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\file_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\help.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorders.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorder_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorder_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_ff.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_file_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_file_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_phone_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_phone_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcam.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcams.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcam_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcam_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\loading.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\loading_movie.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\locating.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo_bottom.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo_middle.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo_top.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\mobile_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\mobile_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\mobile_slide_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\movie_placeholder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\ok.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\ok_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\ok_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_fast_forward_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_rewind_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_rewind_to_start.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\playhead.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\powered_by.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\progress.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\refresh_list_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\refresh_list_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\refresh_list_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\restart.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\restart_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_over_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\tab_slide_deselected.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\tape_control.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_camcorder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_camcorder_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_file.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_file_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_phone.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_phone_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_webcam.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_webcam_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_medium.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_thumbnail.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload_from.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_gray.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_green.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_orange.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_red.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\waiting_for_email.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\webcams_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\webcam_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\images\webcam_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Publisher\4520\resources\VideoEgg\messages\messages.en-US.bundle (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Updater\updater.ver (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Updater\4665\libcurlve.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\VideoEgg\Updater\4665\updater.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msvbcr40.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\Microsoft\Internet Explorer\Quick Launch\VirusRemover2008.lnk (Rogue.VirusRemove) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kliber\Datos de programa\TmpRecentIcons\VirusRemover2008.lnk (Rogue.Link) -> Quarantined and deleted successfully.
HJT new scan:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:54:00, on 07/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Bonjour\mDNSResponder.exe
C:\Archivos de programa\Archivos comunes\InterVideo\DeviceService\DevSvc.exe
C:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Archivos de programa\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Archivos de programa\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\PnkBstrA.exe
c:\Archivos de programa\Archivos comunes\Protexis\License Service\PsiService_2.exe
C:\Archivos de programa\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe
C:\Archivos de programa\Eset\nod32kui.exe
C:\WINDOWS\system32\devldr32.exe
C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe
C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe
C:\ARCHIV~1\CYBERL~1\INSTAN~1\Win2K\IBurn.exe
C:\Archivos de programa\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Archivos de programa\Archivos comunes\PCSuite\Services\ServiceLayer.exe
C:\Archivos de programa\Archivos comunes\Teleca Shared\CapabilityManager.exe
C:\Archivos de programa\Archivos comunes\Teleca Shared\Generic.exe
C:\Archivos de programa\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\notepad.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\explorer.exe
C:\Archivos de programa\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\notepad.exe
C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=80744
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - E:\Archivos de programa\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Archivos de programa\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Update Helper - {77D7E795-33C5-4323-974D-A2A49AB75517} - C:\Archivos de programa\Google\Update\1.2.131.11\GoopdateBho.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Archivos de programa\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Archivos de programa\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Archivos de programa\Java\jre6\bin\jp2ssv.dll (file missing)
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - E:\Archivos de programa\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Archivos de programa\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Archivos de programa\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [TkBellExe] "C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RemoteControl] "C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Archivos de programa\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [InstantBurn] C:\ARCHIV~1\CYBERL~1\INSTAN~1\Win2K\IBurn.exe
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\ARCHIV~1\ARCHIV~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\ARCHIV~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Archivos de programa\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Archivos de programa\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Servicio de red')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Archivos de programa\RALINK\Common\RaUI.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Archivos de programa\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARCHIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARCHIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/ES-ES/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.es/scan_es/scan8/oscan8.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {A9ED6AA2-D9D4-4D71-9586-E293E2E3580B} (GameDesire Marbles&Diamonds&Runes) - http://67.15.101.33/g_bin/eng/marbles_2_0_0_32.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Archivos de programa\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Archivos de programa\Archivos comunes\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Archivos de programa\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Archivos de programa\Archivos comunes\InterVideo\DeviceService\DevSvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Archivos de programa\Archivos comunes\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c8d33df875e1c0) (gupdate1c8d33df875e1c0) - Google Inc. - C:\Archivos de programa\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Archivos de programa\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Archivos de programa\Archivos comunes\Protexis\License Service\PsiService_2.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Archivos de programa\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Archivos de programa\Archivos comunes\PCSuite\Services\ServiceLayer.exe
--
End of file - 11966 bytes
Please tell me how the computer is running now.
My Computer its running just fine, thank you very Much PsKelley!!
just one more thing: in the "Kliber" account last time I checked start menu was dissapeared and some administrative restrictions were set; the desktop image was gone and a broken active desktop appeared, was this made by the malware?? any post there you can point me in to fix this?? very apprecciated your help PsKelley, Im in debt with you.
Mil Gracias a ti!!!
Kliber.
pskelley
2008-09-08, 01:44
Thanks for returning you information, we still have more to do, so stick with me. I understand very little Spanish, so this slows me.
Download ResetTeaTimer.bat to the Desktop
http://downloads.subratam.org/ResetTeaTimer.bat
Double click ResetTeaTimer.bat
to remove all entries set by TeaTimer (and preventing TeaTimer to restore them upon reactivation).
Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Archivos de programa\Java\jre6\bin\jp2ssv.dll (file missing)
Close all programs but HJT and all browser windows, then click on "Fix Checked"
As far as the changes made by malware, they usually go away once the malware is removed. If they do not, you might find answers here:
http://www.kellys-korner-xp.com/xp.htm
http://www.kellys-korner-xp.com/xp_tweaks.htm <<< especially here.
You might also try as administrator removing the damaged user and setting up a new user account to see if that fixes the issues?
As you can see by the amount of malware removed by the tools, you had a very infected computer. Let's proceed like this.
Remove combofix from the computer like this:
Click START then RUN
Now type or copy Combofix /u in the runbox and click OK.
Note the space between the X and the U, it needs to be there.
http://i189.photobucket.com/albums/z176/EPL47/CF_Cleanup.png
To be sure, clean the System Restore files like this:
Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
Reboot
Turn ON System Restore,
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
Run a new MBAM scan and post the results as before, I would like to see those before I move on.
Gracias
Hi PsKelley; Im glad to know the results of MBAM as they show no malware infection, your help was really needed and appreciated, you didnt lose any time since I learned a lot in the process; dont give up the fight against those malware programmers!
Malwarebytes' Anti-Malware 1.26
Database version: 1126
Windows 5.1.2600 Service Pack 3
09/09/2008 09:46:54
mbam-log-2008-09-09 (09-46-54).txt
Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 422331
Time elapsed: 2 hour(s), 57 minute(s), 23 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
pskelley
2008-09-09, 16:44
Thanks for the feedback, lt's finish like this.
Update Eset and scan your system to make sure it is running right and scanning clean. If you have problems with the program, contact ESET technical support for instrucitons.
Some good information for you:
http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html
http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/mcgill1.mspx
Here is some great information from experts in this field that will help you stay clean and safe online.
http://users.telenet.be/bluepatchy/miekiemoes/prevention.html
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml
http://www.malwarecomplaints.info/
Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.
http://users.telenet.be/bluepatchy/miekiemoes/Links.html