PDA

View Full Version : problems :(


errores
2009-03-15, 20:49
This is the log of DDS:


DDS (Ver_09-02-01.01) - NTFSx86
Run by Xavier at 20:42:54,66 on 15/03/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.2.1252.34.3082.18.1536.680 [GMT 1:00]

AV: Panda Platinum Internet Security *On-access scanning enabled* (Outdated)
AV: Eset NOD32 antivirus system 2.51 *On-access scanning enabled* (Updated)
FW: Panda Platinum Internet Security *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Archivos de programa\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Archivos de programa\Java\jre6\bin\jqs.exe
C:\Archivos de programa\NTR global\NTRconnect\NTRconnect.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
svchost.exe C:\WINDOWS\TEMP\VRT1.tmp
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\makehm.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Archivos de programa\Ahead\Nero\nero.exe
C:\Archivos de programa\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\imapi.exe
C:\Archivos de programa\Spybot - Search & Destroy\SpybotSD.exe
C:\Documents and Settings\Xavier\Escritorio\ELISTARA.BC%D8CB%D8%D8I.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SYSTEM32\taskmgr.exe
C:\Archivos de programa\Internet Explorer\IEXPLORE.EXE
C:\Archivos de programa\Safer Networking\RunAlyzer\RunAlyzer.exe
C:\Documents and Settings\Xavier\Escritorio\dds.com

============== Pseudo HJT Report ===============

uStart Page = about:blank
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\c++.exe,c:\windows\system32\makehm.exe,
mWinlogon: UIHost=c:\documents and settings\all users\datos de programa\tuneup software\tuneup utilities\winstyler\tu_logonui.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\archivos de programa\archivos comunes\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\archivos de programa\java\jre6\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\archivos de programa\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\archivos de programa\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [reader_s] c:\documents and settings\xavier\reader_s.exe
uRun: [services] c:\windows\services.exe
mRun: [reader_s] c:\windows\system32\reader_s.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [UnlockerAssistant] "c:\archivos de programa\unlocker\UnlockerAssistant.exe"
mRun: [services] c:\windows\services.exe
mRunOnce: [ReEXEc] c:\documents and settings\xavier\escritorio\ELISTARA.BC%D8CB%D8%D8I.EXE
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [reader_s] c:\documents and settings\xavier\reader_s.exe
dRun: [services] c:\windows\services.exe
dRun: [msnmsgr] "c:\archivos de programa\windows live\messenger\msnmsgr.exe" /background
uExplorerRun: [services] c:\windows\services.exe
mExplorerRun: [services] c:\windows\services.exe
dExplorerRun: [services] c:\windows\services.exe
StartupFolder: c:\documents and settings\all users\menú inicio\programas\inicio\kill.bat
IE: Append to existing PDF - c:\archivos de programa\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\archivos de programa\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\archivos de programa\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\archivos de programa\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\archivos de programa\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\archivos de programa\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\archivos de programa\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\archivos de programa\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xportar a Microsoft Excel - c:\archiv~1\micros~2\office11\EXCEL.EXE/3000
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\archiv~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\archivos de programa\spybot - search & destroy\SDHelper.dll
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.2.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.es/scan_es/scan8/oscan8.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {E6ACF817-0A85-4EBE-9F0A-096C6488CFEA} - hxxps://www.ntrconnect.com/main/mod/setup/ntractivex118_24.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5387/mcfscan.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\archiv~1\archiv~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\archivos de programa\superantispyware\SASWINLO.DLL
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\xavier\datosd~1\mozilla\firefox\profiles\10yol9i9.default\
FF - prefs.js: browser.startup.homepage - www.google.es
FF - plugin: c:\archivos de programa\mozilla firefox\plugins\npbittorrent.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300

============= SERVICES / DRIVERS ===============

R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [2008-4-28 39472]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-8-17 28544]
R0 protect;protect;c:\windows\system32\drivers\protect.sys [2009-3-15 18944]
R1 SASDIFSV;SASDIFSV;c:\archivos de programa\superantispyware\sasdifsv.sys [2008-5-28 8944]
R1 SASKUTIL;SASKUTIL;c:\archivos de programa\superantispyware\SASKUTIL.SYS [2008-5-28 55024]
R2 ntrconnect;NTRconnect;c:\archivos de programa\ntr global\ntrconnect\NTRconnect.exe [2008-6-10 132096]
S3 aawservice;Ad-Aware 2007 Service;c:\archivos de programa\lavasoft\ad-aware 2007\aawservice.exe [2007-6-5 581632]
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter;c:\windows\system32\drivers\NSDriver.sys [2007-6-4 9344]
S3 restore;restore;c:\windows\system32\drivers\restore.sys [2009-3-8 6656]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [2008-11-18 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [2008-11-18 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [2008-11-18 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [2008-11-18 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [2008-11-18 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [2008-11-18 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [2008-11-18 115752]
S3 SASENUM;SASENUM;c:\archivos de programa\superantispyware\SASENUM.SYS [2008-5-28 7408]
S3 TSCOMM;CommStudio Virtual Adapter by TamoSoft;c:\windows\system32\drivers\tscomm.sys [2008-5-7 40232]
S4 NOD32krn;NOD32 Kernel Service;c:\archivos de programa\eset\nod32krn.exe [2008-8-23 528384]

============== File Associations ===============

inffile=Notepad.exe "%1"
inifile=Notepad.exe "%1"
txtfile=Notepad.exe "%1"

=============== Created Last 30 ================

2009-03-15 20:37 232 a---h--- C:\sqmdata09.sqm
2009-03-15 20:37 244 a---h--- C:\sqmnoopt09.sqm
2009-03-15 20:35 <DIR> --d----- c:\archivos de programa\Safer Networking
2009-03-15 20:30 <DIR> --d----- C:\Muestras
2009-03-15 19:33 46,080 a------- c:\windows\system32\makehm.exe
2009-03-15 19:32 124 a------- c:\windows\system32\11.tmp
2009-03-15 19:32 65,536 a------- c:\windows\system32\15.tmp
2009-03-15 19:32 29,696 a------- c:\windows\system32\13.tmp
2009-03-15 19:21 18,944 a---h--- c:\windows\system32\drivers\protect.sys
2009-03-15 19:21 64,512 a------- c:\windows\system32\c++.exe
2009-03-15 19:20 11,450,853 a------- c:\windows\services.exe.VIR
2009-03-15 19:20 65,536 a------- c:\windows\system32\12.tmp
2009-03-15 19:19 124 a------- c:\windows\system32\10.tmp
2009-03-08 23:09 24,577 a------- c:\windows\system32\28.tmp
2009-03-08 23:07 80 a------- c:\windows\system32\26.tmp
2009-03-08 23:05 24,577 a------- c:\windows\system32\24.tmp
2009-03-08 23:05 80 a------- c:\windows\system32\22.tmp
2009-03-08 23:05 24,577 a------- c:\windows\system32\20.tmp
2009-03-08 23:04 0 a------- c:\windows\system32\1F.tmp
2009-03-08 23:00 80 a------- c:\windows\system32\1C.tmp
2009-03-08 22:55 0 a------- c:\windows\system32\1A.tmp
2009-03-08 22:49 0 a------- c:\windows\system32\18.tmp
2009-03-08 22:33 80 a------- c:\windows\system32\14.tmp
2009-03-08 21:36 6,656 a------- c:\windows\system32\drivers\restore.sys
2009-03-08 21:36 25,601 a------- c:\windows\services.ex_
2009-03-08 21:36 33,280 a------- c:\windows\system32\reader_s.exe
2009-03-08 21:36 80 a------- c:\windows\system32\E.tmp
2009-03-08 17:44 33,280 a------- c:\windows\system32\reader_s.ex_
2009-03-08 17:38 <DIR> --d----- c:\docume~1\xavier\datosd~1\Desktopicon
2009-03-08 17:38 <DIR> --d----- c:\archivos de programa\Unlocker
2009-03-08 17:14 33,280 a------- c:\documents and settings\xavier\reader_s.exe
2009-03-08 15:45 664 a------- c:\windows\system32\d3d9caps.dat
2009-03-08 15:32 80 a------- c:\windows\system32\F.tmp
2009-03-08 15:28 80 a------- c:\windows\system32\C.tmp
2009-03-08 15:26 25,601 a------- c:\windows\system32\D.tmp
2009-03-08 15:26 80 a------- c:\windows\system32\A.tmp
2009-03-08 14:18 6 a------- c:\windows\_id.dat
2009-03-08 14:18 130 a------- c:\windows\adobe.bat
2009-03-08 14:18 80 a------- c:\windows\system32\17.tmp
2009-03-08 14:08 24,577 a------- c:\windows\system32\B.tmp
2009-03-08 14:08 80 a------- c:\windows\system32\9.tmp
2009-03-08 13:34 <DIR> --d----- c:\archivos de programa\DelPSGuard
2009-03-08 10:02 80 a------- c:\windows\system32\7.tmp
2009-03-08 02:31 <DIR> --d----- c:\archivos de programa\SpywareBlaster
2009-03-08 02:09 24,577 a------- c:\windows\system32\8.tmp
2009-03-08 02:09 80 a------- c:\windows\system32\6.tmp
2009-03-08 01:58 453 a------- c:\windows\wininit.ini
2009-03-08 01:25 80 a------- c:\windows\system32\4.tmp
2009-03-08 00:34 <DIR> --d----- c:\archivos de programa\Misc. Support Library (Spybot - Search & Destroy)
2009-03-08 00:34 <DIR> --d----- c:\archivos de programa\SDHelper (Spybot - Search & Destroy)
2009-03-08 00:34 <DIR> --d----- c:\archivos de programa\File Scanner Library (Spybot - Search & Destroy)
2009-03-07 11:11 0 a------- c:\windows\system32\5.tmp
2009-03-07 11:11 24,577 a------- c:\windows\system32\3.tmp
2009-03-07 11:10 80 a------- c:\windows\system32\2.tmp
2009-03-06 19:27 <DIR> --d----- c:\archivos de programa\archivos comunes\Adobe AIR
2009-03-03 23:28 <DIR> --d----- C:\RegUnlocker Backups
2009-02-22 15:43 156 a------- c:\windows\Twunk001.MTX
2009-02-22 15:43 2 a------- c:\windows\Twain001.Mtx
2009-02-22 15:43 0 a------- c:\windows\Twunk002.MTX

==================== Find3M ====================

2009-03-08 01:26 182,912 a------- c:\windows\system32\drivers\ndis.sys
2009-03-02 20:59 274,432 a------- c:\windows\system32\imon.dll

============= FINISH: 20:45:52,51 ===============
pskelley
2009-03-16, 15:31
Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance) http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.

Looks like you missed the directions but the DDS log shows c:\windows\system32\reader_s.exe
http://www.systemlookup.com/search.php?type=filename&search=reader_s.exe&s=

This is a very bad file infector that infects so many files the only real option is a complete reformat:

http://spyware-free.us/tutorials/reformat/
http://www.cyberwalker.net/faqs/how-tos/reinstall-faq.html
http://helpdesk.its.uiowa.edu/windows/instructions/reformat.htm

http://free.avg.com/66558
http://www.avast.com/eng/win32-virut.html
http://www.ca.com/us/securityadvisor/virusinfo/virus.aspx?ID=66586

:sad: