set2008
2008-09-11, 03:49
Hi I need help for this...:red:
many thanks for your support...:)
:mad::mad::mad:
my log is:
Logfile of random's system information tool (written by random/random)
Run by Leonardo at 2008-09-10 21:46:37
Microsoft Windows XP Professional
System drive C: has 34 GB (88%) free of 38 GB
Total RAM: 255 MB (32% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:47:26 p.m., on 10/09/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Eset\nod32kui.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Archivos de programa\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Leonardo\Mis documentos\RSIT.exe
C:\Archivos de programa\trend micro\Leonardo.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60446
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60446
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60446
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {55737035-1B75-48DD-A4D8-66155D8AC7A3} - C:\WINDOWS\system32\opnlJdeE.dll
O2 - BHO: (no name) - {C9FACE63-92B5-47D1-894E-F06AE76644B7} - C:\WINDOWS\System32\ssqRLFvV.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [nod32kui] "C:\Archivos de programa\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Archivos de programa\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1220797520144
O20 - AppInit_DLLs: ompkfa.dll nxbngw.dll tfhfiu.dll
O20 - Winlogon Notify: opnlJdeE - C:\WINDOWS\SYSTEM32\opnlJdeE.dll
O23 - Service: Google Updater Service (gusvc) - Google - C:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Archivos de programa\Eset\nod32krn.exe
--
End of file - 3661 bytes
Registry dump
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll [2008-07-07 1562448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{55737035-1B75-48DD-A4D8-66155D8AC7A3}]
C:\WINDOWS\system32\opnlJdeE.dll [2008-09-09 27648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C9FACE63-92B5-47D1-894E-F06AE76644B7}]
C:\WINDOWS\System32\ssqRLFvV.dll [2008-09-10 236544]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E718888-423F-11D2-876E-00A0C9082467} - &Radio - C:\WINDOWS\System32\msdxm.ocx [2001-09-28 847388]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"=C:\Archivos de programa\Eset\nod32kui.exe [2008-09-07 949376]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotSnD"=C:\Archivos de programa\Spybot - Search & Destroy\SpybotSD.exe [2008-07-07 4891472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="ompkfa.dll nxbngw.dll tfhfiu.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\opnlJdeE]
C:\WINDOWS\system32\opnlJdeE.dll [2008-09-09 27648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{55737035-1B75-48DD-A4D8-66155D8AC7A3}"=C:\WINDOWS\system32\opnlJdeE.dll [2008-09-09 27648]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\System32\ssqRLFvV
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
File associations
.js - edit - C:\WINDOWS\System32\Notepad.exe %1
.js - open - C:\WINDOWS\System32\WScript.exe "%1" %*
.vbs - edit - C:\WINDOWS\System32\Notepad.exe %1
.vbs - open - C:\WINDOWS\System32\WScript.exe "%1" %*
List of files/folders created in the last three months
2008-09-10 19:15:59 ----SH---- C:\WINDOWS\System32\rgcskhea.ini
2008-09-10 19:15:54 ----A---- C:\WINDOWS\System32\aehkscgr.dll
2008-09-10 19:08:38 ----A---- C:\WINDOWS\System32\tfhfiu.dll
2008-09-10 19:08:23 ----A---- C:\WINDOWS\System32\xnjbobph.dll
2008-09-10 19:08:12 ----A---- C:\WINDOWS\System32\jqhejdwd.dll
2008-09-10 19:07:12 ----SH---- C:\WINDOWS\System32\rxokvhia.ini
2008-09-10 19:06:49 ----A---- C:\WINDOWS\System32\cblkvlcu.dll
2008-09-10 18:50:10 ----A---- C:\WINDOWS\System32\hrmaqmtt.dll
2008-09-10 18:48:47 ----SH---- C:\WINDOWS\System32\aahonlwi.ini
2008-09-10 18:47:59 ----A---- C:\WINDOWS\System32\jkpksrsu.dll
2008-09-10 18:47:10 ----ASH---- C:\WINDOWS\System32\VvFLRqss.ini2
2008-09-10 18:47:10 ----ASH---- C:\WINDOWS\System32\VvFLRqss.ini
2008-09-10 18:46:49 ----A---- C:\WINDOWS\System32\ssqRLFvV.dll
2008-09-10 18:32:27 ----A---- C:\WINDOWS\System32\gaftftng.tmp
2008-09-10 16:53:01 ----SH---- C:\WINDOWS\System32\gaftftng.ini
2008-09-10 16:52:48 ----A---- C:\WINDOWS\System32\gntftfag.dll
2008-09-10 16:52:39 ----A---- C:\WINDOWS\pskt.ini
2008-09-10 16:52:31 ----A---- C:\WINDOWS\System32\anscmrjw.dll
2008-09-10 13:59:40 ----D---- C:\Archivos de programa\trend micro
2008-09-10 13:59:36 ----D---- C:\rsit
2008-09-10 12:39:23 ----A---- C:\WINDOWS\ntbtlog.txt
2008-09-09 21:38:34 ----A---- C:\WINDOWS\System32\mcrh.tmp
2008-09-09 20:27:26 ----A---- C:\WINDOWS\System32\nxbngw.dll
2008-09-09 20:27:22 ----A---- C:\WINDOWS\System32\fwganjlf.dll
2008-09-09 16:56:02 ----A---- C:\WINDOWS\wininit.ini
2008-09-09 16:55:42 ----SH---- C:\WINDOWS\System32\cwwotpac.ini
2008-09-09 10:51:36 ----SH---- C:\WINDOWS\System32\hltolbpj.ini
2008-09-09 10:49:40 ----A---- C:\WINDOWS\System32\OMPKFA.DLL.ren
2008-09-09 10:49:35 ----A---- C:\WINDOWS\System32\cergtgat.dll
2008-09-09 10:49:29 ----A---- C:\WINDOWS\BM3768b064.txt
2008-09-09 10:48:57 ----A---- C:\WINDOWS\System32\3f784786-.txt
2008-09-09 10:48:19 ----ASH---- C:\WINDOWS\System32\fMllknpo.ini2
2008-09-09 10:48:19 ----ASH---- C:\WINDOWS\System32\fMllknpo.ini
2008-09-09 10:48:09 ----A---- C:\WINDOWS\System32\opnkllMf.dll.ren
2008-09-09 10:43:02 ----A---- C:\WINDOWS\System32\opnlJdeE.dll
2008-09-09 08:14:02 ----D---- C:\Documents and Settings\Leonardo\Datos de programa\Macromedia
2008-09-09 06:17:40 ----D---- C:\Documents and Settings\Leonardo\Datos de programa\Google
2008-09-09 05:56:57 ----D---- C:\Documents and Settings\All Users\Datos de programa\Adobe
2008-09-09 05:46:52 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2008-09-09 05:35:01 ----D---- C:\Documents and Settings\All Users\Datos de programa\NOS
2008-09-09 05:34:57 ----D---- C:\Archivos de programa\NOS
2008-09-08 21:33:47 ----D---- C:\Archivos de programa\BitTorrent
2008-09-07 15:40:50 ----A---- C:\WINDOWS\System32\imon.dll
2008-09-07 15:37:50 ----D---- C:\Archivos de programa\ESET
2008-09-07 14:03:39 ----D---- C:\Archivos de programa\eMule
2008-09-07 14:00:18 ----A---- C:\WINDOWS\IE4 Error Log.txt
2008-09-07 13:04:45 ----D---- C:\Documents and Settings\All Users\Datos de programa\Spybot - Search & Destroy
2008-09-07 13:04:45 ----D---- C:\Archivos de programa\Spybot - Search & Destroy
2008-09-07 12:10:27 ----A---- C:\WINDOWS\System32\mdimon.dll
2008-09-07 12:05:26 ----D---- C:\Archivos de programa\Microsoft.NET
2008-09-07 12:02:09 ----D---- C:\Archivos de programa\Archivos comunes\DESIGNER
2008-09-07 12:01:44 ----D---- C:\Archivos de programa\Microsoft Works
2008-09-07 12:01:13 ----D---- C:\Archivos de programa\Microsoft Visual Studio
2008-09-07 11:59:55 ----D---- C:\WINDOWS\SHELLNEW
2008-09-07 11:58:58 ----D---- C:\Archivos de programa\Microsoft Office
2008-09-07 11:53:54 ----RHD---- C:\MSOCache
2008-09-07 11:43:43 ----D---- C:\WINDOWS\System32\bits
2008-09-07 11:43:37 ----N---- C:\WINDOWS\System32\spmsg.dll
2008-09-07 11:43:26 ----HDC---- C:\WINDOWS\$NtUninstallKB842773$
2008-09-07 11:42:01 ----D---- C:\itshfbc
2008-09-07 11:29:33 ----N---- C:\WINDOWS\System32\bitsprx3.dll
2008-09-07 11:29:33 ----N---- C:\WINDOWS\System32\bitsprx2.dll
2008-09-07 11:29:33 ----A---- C:\WINDOWS\System32\winhttp.dll
2008-09-07 11:29:33 ----A---- C:\WINDOWS\System32\qmgrprxy.dll
2008-09-07 11:26:35 ----A---- C:\WINDOWS\System32\wups2.dll
2008-09-07 11:26:35 ----A---- C:\WINDOWS\System32\wups.dll
2008-09-07 11:26:35 ----A---- C:\WINDOWS\System32\wucltui.dll.mui
2008-09-07 11:26:35 ----A---- C:\WINDOWS\System32\wucltui.dll
2008-09-07 11:26:35 ----A---- C:\WINDOWS\System32\wuaueng.dll.mui
2008-09-07 11:26:32 ----A---- C:\WINDOWS\System32\wuapi.dll.mui
2008-09-07 11:26:32 ----A---- C:\WINDOWS\System32\wuapi.dll
2008-09-07 11:25:45 ----D---- C:\WINDOWS\SoftwareDistribution
2008-09-07 10:41:04 ----D---- C:\Documents and Settings\All Users\Datos de programa\Google
2008-09-07 10:41:04 ----D---- C:\Archivos de programa\Google
2008-09-07 10:08:31 ----D---- C:\Archivos de programa\DX Monitor
2008-09-06 19:49:20 ----D---- C:\Archivos de programa\YStress
2008-09-06 18:53:03 ----A---- C:\WINDOWS\System32\msodbc13.dll
2008-09-06 18:51:48 ----A---- C:\WINDOWS\unvise32.exe
2008-09-06 18:51:45 ----D---- C:\Archivos de programa\ScreenFlash Pro 1.3
2008-09-06 18:46:17 ----D---- C:\Archivos de programa\EasyPal
2008-09-06 18:44:46 ----D---- C:\Archivos de programa\Beam_DX
2008-09-06 18:40:31 ----D---- C:\Archivos de programa\AziPoint
2008-09-06 18:39:20 ----A---- C:\WINDOWS\azmap2.INI
2008-09-06 18:37:42 ----D---- C:\Archivos de programa\Azmap
2008-09-06 18:27:50 ----D---- C:\Archivos de programa\Wav2MP3 Wizard
2008-09-06 18:26:48 ----D---- C:\Archivos de programa\WinMorse
List of drivers
R1 nod32drv;nod32drv; C:\WINDOWS\System32\system32\drivers\nod32drv.sys []
R2 AMON;AMON; C:\WINDOWS\System32\system32\drivers\amon.sys []
R2 DLPortIO;DriverLINX Port I/O Driver; \??\C:\WINDOWS\System32\DRIVERS\DLPortIO.SYS []
R2 MixPortDriver;MixPortDriver; C:\WINDOWS\System32\drivers\MixPortDriver.sys [2002-05-03 3623]
R3 cwrwdm;Controlador WDM de SoundFusion(TM); C:\WINDOWS\System32\DRIVERS\cwrwdm.sys [2001-08-17 46848]
R3 GNCT511;Genius VideoCAM NB; C:\WINDOWS\System32\DRIVERS\gnct511.sys [2002-11-14 229376]
R3 nv4;nv4; C:\WINDOWS\System32\DRIVERS\nv4.sys [2001-08-17 731648]
R3 rtl8029;Controlador de Windows NT del adaptador Ethernet PCI basado en Realtek RTL8029(AS); C:\WINDOWS\System32\DRIVERS\RTL8029.SYS [2001-08-17 19017]
R3 usbhub;Concentrador habilitado USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2001-09-28 50688]
R3 usbuhci;Controlador minipuerto de la controladora de host universal USB de Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2001-09-28 18944]
R3 WS2IFSL;Entorno de compatibilidad con proveedores de servicios no IFS de Windows Socket 2.0; C:\WINDOWS\System32\System32\drivers\ws2ifsl.sys []
R4 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\System32\drivers\sp_rsdrv2.sys []
S2 zntport;ioctrl driver ; \??\C:\WINDOWS\System32\zntport.sys []
S3 CCDECODE;Descodificador de título cerrado; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2001-08-17 16256]
S3 giveio;giveio; \??\C:\WINDOWS\System32\giveio.sys []
S3 HidUsb;Controlador de clases HID de Microsoft; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 mouhid;Controlador HID de mouse; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-22 12416]
S3 MSTEE;Convertidor Tee/Sink-to-Sink de transferencia de Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2001-08-17 4992]
S3 NABTSFEC;Códec NABTS/FEC VBI; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2001-08-17 83712]
S3 NdisIP;Conexión de TV/Vídeo de Microsoft; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2001-08-17 8064]
S3 S3SAVAGE4M;S3SAVAGE4M; C:\WINDOWS\System32\DRIVERS\s3sav4m.sys [2001-08-17 77824]
S3 SiSV;SiSV; C:\WINDOWS\System32\DRIVERS\SiSV.sys [2001-08-17 50432]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2001-08-17 10752]
S3 streamip;Receptor BDA IP; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2001-08-17 14592]
S3 trid3d;trid3d; C:\WINDOWS\System32\DRIVERS\trid3dm.sys [2001-08-17 222336]
S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\System32\DRIVERS\TVICHW32.SYS []
S3 USBSTOR;Dispositivo de almacenamiento masivo de datos USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2001-08-17 21760]
S3 WSTCODEC;Códec de teletexto estándar mundial; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2001-08-17 18560]
S4 IntelIde;IntelIde; C:\WINDOWS\System32\drivers\IntelIde.sys []
List of services
R2 MDM;Machine Debug Manager; C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NOD32krn;NOD32 Kernel Service; C:\Archivos de programa\Eset\nod32krn.exe [2008-09-07 552064]
S3 gusvc;Google Updater Service; C:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-09 156656]
S3 ose;Office Source Engine; C:\Archivos de programa\Archivos comunes\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
-----------------EOF-----------------
"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)
many thanks for your support...:)
:mad::mad::mad:
my log is:
Logfile of random's system information tool (written by random/random)
Run by Leonardo at 2008-09-10 21:46:37
Microsoft Windows XP Professional
System drive C: has 34 GB (88%) free of 38 GB
Total RAM: 255 MB (32% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:47:26 p.m., on 10/09/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Eset\nod32kui.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Archivos de programa\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Leonardo\Mis documentos\RSIT.exe
C:\Archivos de programa\trend micro\Leonardo.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60446
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60446
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60446
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {55737035-1B75-48DD-A4D8-66155D8AC7A3} - C:\WINDOWS\system32\opnlJdeE.dll
O2 - BHO: (no name) - {C9FACE63-92B5-47D1-894E-F06AE76644B7} - C:\WINDOWS\System32\ssqRLFvV.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [nod32kui] "C:\Archivos de programa\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Archivos de programa\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1220797520144
O20 - AppInit_DLLs: ompkfa.dll nxbngw.dll tfhfiu.dll
O20 - Winlogon Notify: opnlJdeE - C:\WINDOWS\SYSTEM32\opnlJdeE.dll
O23 - Service: Google Updater Service (gusvc) - Google - C:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Archivos de programa\Eset\nod32krn.exe
--
End of file - 3661 bytes
Registry dump
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll [2008-07-07 1562448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{55737035-1B75-48DD-A4D8-66155D8AC7A3}]
C:\WINDOWS\system32\opnlJdeE.dll [2008-09-09 27648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C9FACE63-92B5-47D1-894E-F06AE76644B7}]
C:\WINDOWS\System32\ssqRLFvV.dll [2008-09-10 236544]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E718888-423F-11D2-876E-00A0C9082467} - &Radio - C:\WINDOWS\System32\msdxm.ocx [2001-09-28 847388]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"=C:\Archivos de programa\Eset\nod32kui.exe [2008-09-07 949376]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotSnD"=C:\Archivos de programa\Spybot - Search & Destroy\SpybotSD.exe [2008-07-07 4891472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="ompkfa.dll nxbngw.dll tfhfiu.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\opnlJdeE]
C:\WINDOWS\system32\opnlJdeE.dll [2008-09-09 27648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{55737035-1B75-48DD-A4D8-66155D8AC7A3}"=C:\WINDOWS\system32\opnlJdeE.dll [2008-09-09 27648]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\System32\ssqRLFvV
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
File associations
.js - edit - C:\WINDOWS\System32\Notepad.exe %1
.js - open - C:\WINDOWS\System32\WScript.exe "%1" %*
.vbs - edit - C:\WINDOWS\System32\Notepad.exe %1
.vbs - open - C:\WINDOWS\System32\WScript.exe "%1" %*
List of files/folders created in the last three months
2008-09-10 19:15:59 ----SH---- C:\WINDOWS\System32\rgcskhea.ini
2008-09-10 19:15:54 ----A---- C:\WINDOWS\System32\aehkscgr.dll
2008-09-10 19:08:38 ----A---- C:\WINDOWS\System32\tfhfiu.dll
2008-09-10 19:08:23 ----A---- C:\WINDOWS\System32\xnjbobph.dll
2008-09-10 19:08:12 ----A---- C:\WINDOWS\System32\jqhejdwd.dll
2008-09-10 19:07:12 ----SH---- C:\WINDOWS\System32\rxokvhia.ini
2008-09-10 19:06:49 ----A---- C:\WINDOWS\System32\cblkvlcu.dll
2008-09-10 18:50:10 ----A---- C:\WINDOWS\System32\hrmaqmtt.dll
2008-09-10 18:48:47 ----SH---- C:\WINDOWS\System32\aahonlwi.ini
2008-09-10 18:47:59 ----A---- C:\WINDOWS\System32\jkpksrsu.dll
2008-09-10 18:47:10 ----ASH---- C:\WINDOWS\System32\VvFLRqss.ini2
2008-09-10 18:47:10 ----ASH---- C:\WINDOWS\System32\VvFLRqss.ini
2008-09-10 18:46:49 ----A---- C:\WINDOWS\System32\ssqRLFvV.dll
2008-09-10 18:32:27 ----A---- C:\WINDOWS\System32\gaftftng.tmp
2008-09-10 16:53:01 ----SH---- C:\WINDOWS\System32\gaftftng.ini
2008-09-10 16:52:48 ----A---- C:\WINDOWS\System32\gntftfag.dll
2008-09-10 16:52:39 ----A---- C:\WINDOWS\pskt.ini
2008-09-10 16:52:31 ----A---- C:\WINDOWS\System32\anscmrjw.dll
2008-09-10 13:59:40 ----D---- C:\Archivos de programa\trend micro
2008-09-10 13:59:36 ----D---- C:\rsit
2008-09-10 12:39:23 ----A---- C:\WINDOWS\ntbtlog.txt
2008-09-09 21:38:34 ----A---- C:\WINDOWS\System32\mcrh.tmp
2008-09-09 20:27:26 ----A---- C:\WINDOWS\System32\nxbngw.dll
2008-09-09 20:27:22 ----A---- C:\WINDOWS\System32\fwganjlf.dll
2008-09-09 16:56:02 ----A---- C:\WINDOWS\wininit.ini
2008-09-09 16:55:42 ----SH---- C:\WINDOWS\System32\cwwotpac.ini
2008-09-09 10:51:36 ----SH---- C:\WINDOWS\System32\hltolbpj.ini
2008-09-09 10:49:40 ----A---- C:\WINDOWS\System32\OMPKFA.DLL.ren
2008-09-09 10:49:35 ----A---- C:\WINDOWS\System32\cergtgat.dll
2008-09-09 10:49:29 ----A---- C:\WINDOWS\BM3768b064.txt
2008-09-09 10:48:57 ----A---- C:\WINDOWS\System32\3f784786-.txt
2008-09-09 10:48:19 ----ASH---- C:\WINDOWS\System32\fMllknpo.ini2
2008-09-09 10:48:19 ----ASH---- C:\WINDOWS\System32\fMllknpo.ini
2008-09-09 10:48:09 ----A---- C:\WINDOWS\System32\opnkllMf.dll.ren
2008-09-09 10:43:02 ----A---- C:\WINDOWS\System32\opnlJdeE.dll
2008-09-09 08:14:02 ----D---- C:\Documents and Settings\Leonardo\Datos de programa\Macromedia
2008-09-09 06:17:40 ----D---- C:\Documents and Settings\Leonardo\Datos de programa\Google
2008-09-09 05:56:57 ----D---- C:\Documents and Settings\All Users\Datos de programa\Adobe
2008-09-09 05:46:52 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2008-09-09 05:35:01 ----D---- C:\Documents and Settings\All Users\Datos de programa\NOS
2008-09-09 05:34:57 ----D---- C:\Archivos de programa\NOS
2008-09-08 21:33:47 ----D---- C:\Archivos de programa\BitTorrent
2008-09-07 15:40:50 ----A---- C:\WINDOWS\System32\imon.dll
2008-09-07 15:37:50 ----D---- C:\Archivos de programa\ESET
2008-09-07 14:03:39 ----D---- C:\Archivos de programa\eMule
2008-09-07 14:00:18 ----A---- C:\WINDOWS\IE4 Error Log.txt
2008-09-07 13:04:45 ----D---- C:\Documents and Settings\All Users\Datos de programa\Spybot - Search & Destroy
2008-09-07 13:04:45 ----D---- C:\Archivos de programa\Spybot - Search & Destroy
2008-09-07 12:10:27 ----A---- C:\WINDOWS\System32\mdimon.dll
2008-09-07 12:05:26 ----D---- C:\Archivos de programa\Microsoft.NET
2008-09-07 12:02:09 ----D---- C:\Archivos de programa\Archivos comunes\DESIGNER
2008-09-07 12:01:44 ----D---- C:\Archivos de programa\Microsoft Works
2008-09-07 12:01:13 ----D---- C:\Archivos de programa\Microsoft Visual Studio
2008-09-07 11:59:55 ----D---- C:\WINDOWS\SHELLNEW
2008-09-07 11:58:58 ----D---- C:\Archivos de programa\Microsoft Office
2008-09-07 11:53:54 ----RHD---- C:\MSOCache
2008-09-07 11:43:43 ----D---- C:\WINDOWS\System32\bits
2008-09-07 11:43:37 ----N---- C:\WINDOWS\System32\spmsg.dll
2008-09-07 11:43:26 ----HDC---- C:\WINDOWS\$NtUninstallKB842773$
2008-09-07 11:42:01 ----D---- C:\itshfbc
2008-09-07 11:29:33 ----N---- C:\WINDOWS\System32\bitsprx3.dll
2008-09-07 11:29:33 ----N---- C:\WINDOWS\System32\bitsprx2.dll
2008-09-07 11:29:33 ----A---- C:\WINDOWS\System32\winhttp.dll
2008-09-07 11:29:33 ----A---- C:\WINDOWS\System32\qmgrprxy.dll
2008-09-07 11:26:35 ----A---- C:\WINDOWS\System32\wups2.dll
2008-09-07 11:26:35 ----A---- C:\WINDOWS\System32\wups.dll
2008-09-07 11:26:35 ----A---- C:\WINDOWS\System32\wucltui.dll.mui
2008-09-07 11:26:35 ----A---- C:\WINDOWS\System32\wucltui.dll
2008-09-07 11:26:35 ----A---- C:\WINDOWS\System32\wuaueng.dll.mui
2008-09-07 11:26:32 ----A---- C:\WINDOWS\System32\wuapi.dll.mui
2008-09-07 11:26:32 ----A---- C:\WINDOWS\System32\wuapi.dll
2008-09-07 11:25:45 ----D---- C:\WINDOWS\SoftwareDistribution
2008-09-07 10:41:04 ----D---- C:\Documents and Settings\All Users\Datos de programa\Google
2008-09-07 10:41:04 ----D---- C:\Archivos de programa\Google
2008-09-07 10:08:31 ----D---- C:\Archivos de programa\DX Monitor
2008-09-06 19:49:20 ----D---- C:\Archivos de programa\YStress
2008-09-06 18:53:03 ----A---- C:\WINDOWS\System32\msodbc13.dll
2008-09-06 18:51:48 ----A---- C:\WINDOWS\unvise32.exe
2008-09-06 18:51:45 ----D---- C:\Archivos de programa\ScreenFlash Pro 1.3
2008-09-06 18:46:17 ----D---- C:\Archivos de programa\EasyPal
2008-09-06 18:44:46 ----D---- C:\Archivos de programa\Beam_DX
2008-09-06 18:40:31 ----D---- C:\Archivos de programa\AziPoint
2008-09-06 18:39:20 ----A---- C:\WINDOWS\azmap2.INI
2008-09-06 18:37:42 ----D---- C:\Archivos de programa\Azmap
2008-09-06 18:27:50 ----D---- C:\Archivos de programa\Wav2MP3 Wizard
2008-09-06 18:26:48 ----D---- C:\Archivos de programa\WinMorse
List of drivers
R1 nod32drv;nod32drv; C:\WINDOWS\System32\system32\drivers\nod32drv.sys []
R2 AMON;AMON; C:\WINDOWS\System32\system32\drivers\amon.sys []
R2 DLPortIO;DriverLINX Port I/O Driver; \??\C:\WINDOWS\System32\DRIVERS\DLPortIO.SYS []
R2 MixPortDriver;MixPortDriver; C:\WINDOWS\System32\drivers\MixPortDriver.sys [2002-05-03 3623]
R3 cwrwdm;Controlador WDM de SoundFusion(TM); C:\WINDOWS\System32\DRIVERS\cwrwdm.sys [2001-08-17 46848]
R3 GNCT511;Genius VideoCAM NB; C:\WINDOWS\System32\DRIVERS\gnct511.sys [2002-11-14 229376]
R3 nv4;nv4; C:\WINDOWS\System32\DRIVERS\nv4.sys [2001-08-17 731648]
R3 rtl8029;Controlador de Windows NT del adaptador Ethernet PCI basado en Realtek RTL8029(AS); C:\WINDOWS\System32\DRIVERS\RTL8029.SYS [2001-08-17 19017]
R3 usbhub;Concentrador habilitado USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2001-09-28 50688]
R3 usbuhci;Controlador minipuerto de la controladora de host universal USB de Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2001-09-28 18944]
R3 WS2IFSL;Entorno de compatibilidad con proveedores de servicios no IFS de Windows Socket 2.0; C:\WINDOWS\System32\System32\drivers\ws2ifsl.sys []
R4 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\System32\drivers\sp_rsdrv2.sys []
S2 zntport;ioctrl driver ; \??\C:\WINDOWS\System32\zntport.sys []
S3 CCDECODE;Descodificador de título cerrado; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2001-08-17 16256]
S3 giveio;giveio; \??\C:\WINDOWS\System32\giveio.sys []
S3 HidUsb;Controlador de clases HID de Microsoft; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 mouhid;Controlador HID de mouse; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-22 12416]
S3 MSTEE;Convertidor Tee/Sink-to-Sink de transferencia de Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2001-08-17 4992]
S3 NABTSFEC;Códec NABTS/FEC VBI; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2001-08-17 83712]
S3 NdisIP;Conexión de TV/Vídeo de Microsoft; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2001-08-17 8064]
S3 S3SAVAGE4M;S3SAVAGE4M; C:\WINDOWS\System32\DRIVERS\s3sav4m.sys [2001-08-17 77824]
S3 SiSV;SiSV; C:\WINDOWS\System32\DRIVERS\SiSV.sys [2001-08-17 50432]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2001-08-17 10752]
S3 streamip;Receptor BDA IP; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2001-08-17 14592]
S3 trid3d;trid3d; C:\WINDOWS\System32\DRIVERS\trid3dm.sys [2001-08-17 222336]
S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\System32\DRIVERS\TVICHW32.SYS []
S3 USBSTOR;Dispositivo de almacenamiento masivo de datos USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2001-08-17 21760]
S3 WSTCODEC;Códec de teletexto estándar mundial; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2001-08-17 18560]
S4 IntelIde;IntelIde; C:\WINDOWS\System32\drivers\IntelIde.sys []
List of services
R2 MDM;Machine Debug Manager; C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NOD32krn;NOD32 Kernel Service; C:\Archivos de programa\Eset\nod32krn.exe [2008-09-07 552064]
S3 gusvc;Google Updater Service; C:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-09 156656]
S3 ose;Office Source Engine; C:\Archivos de programa\Archivos comunes\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
-----------------EOF-----------------
"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)