Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:13:40, on 24/02/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\Avira\AntiVir Desktop\avguard.exe
C:\Archivos de programa\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe
C:\Hijack\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\msppam32.exe,
O1 - Hosts: 65.75.216.6
O1 - Hosts: 205.238.40.54
O1 - Hosts: 65.75.216.6 cache0.winmx.com test3201.winmx.com test3206.winmx.com
O1 - Hosts: 65.75.216.7 cache1.winmx.com test3202.winmx.com test3207.winmx.com
O1 - Hosts: 82.43.229.238 cache2.winmx.com test3203.winmx.com test3208.winmx.com
O1 - Hosts: 205.238.40.1 cache3.winmx.com test3204.winmx.com
O1 - Hosts: 205.238.40.2 cache4.winmx.com test3205.winmx.com
O1 - Hosts: 65.75.216.6 c3310.z1301.winmx.com c3310.z1302.winmx.com c3310.z1303.winmx.com c3310.z1304.winmx.com c3310.z1305.winmx.com c3310.z1306.winmx.com
O1 - Hosts: 65.75.216.6 c3311.z1301.winmx.com c3311.z1302.winmx.com c3311.z1303.winmx.com c3311.z1304.winmx.com c3311.z1305.winmx.com c3311.z1306.winmx.com
O1 - Hosts: 65.75.216.6 c3312.z1301.winmx.com c3312.z1302.winmx.com c3312.z1303.winmx.com c3312.z1304.winmx.com c3312.z1305.winmx.com c3312.z1306.winmx.com
O1 - Hosts: 65.75.216.7 c3313.z1301.winmx.com c3313.z1302.winmx.com c3313.z1303.winmx.com c3313.z1304.winmx.com c3313.z1305.winmx.com c3313.z1306.winmx.com
O1 - Hosts: 65.75.216.7 c3314.z1301.winmx.com c3314.z1302.winmx.com c3314.z1303.winmx.com c3314.z1304.winmx.com c3314.z1305.winmx.com c3314.z1306.winmx.com
O1 - Hosts: 65.75.216.7 c3315.z1301.winmx.com c3315.z1302.winmx.com c3315.z1303.winmx.com c3315.z1304.winmx.com c3315.z1305.winmx.com c3315.z1306.winmx.com
O1 - Hosts: 82.43.229.238 c3316.z1301.winmx.com c3316.z1302.winmx.com c3316.z1303.winmx.com c3316.z1304.winmx.com c3316.z1305.winmx.com c3316.z1306.winmx.com
O1 - Hosts: 82.43.229.238 c3317.z1301.winmx.com c3317.z1302.winmx.com c3317.z1303.winmx.com c3317.z1304.winmx.com c3317.z1305.winmx.com c3317.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3318.z1301.winmx.com c3318.z1302.winmx.com c3318.z1303.winmx.com c3318.z1304.winmx.com c3318.z1305.winmx.com c3318.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3319.z1301.winmx.com c3319.z1302.winmx.com c3319.z1303.winmx.com c3319.z1304.winmx.com c3319.z1305.winmx.com c3319.z1306.winmx.com
O1 - Hosts: 65.75.216.6 c3520.z1301.winmx.com c3520.z1302.winmx.com c3520.z1303.winmx.com c3520.z1304.winmx.com c3520.z1305.winmx.com c3520.z1306.winmx.com
O1 - Hosts: 65.75.216.6 c3521.z1301.winmx.com c3521.z1302.winmx.com c3521.z1303.winmx.com c3521.z1304.winmx.com c3521.z1305.winmx.com c3521.z1306.winmx.com
O1 - Hosts: 65.75.216.6 c3522.z1301.winmx.com c3522.z1302.winmx.com c3522.z1303.winmx.com c3522.z1304.winmx.com c3522.z1305.winmx.com c3522.z1306.winmx.com
O1 - Hosts: 65.75.216.7 c3523.z1301.winmx.com c3523.z1302.winmx.com c3523.z1303.winmx.com c3523.z1304.winmx.com c3523.z1305.winmx.com c3523.z1306.winmx.com
O1 - Hosts: 65.75.216.7 c3524.z1301.winmx.com c3524.z1302.winmx.com c3524.z1303.winmx.com c3524.z1304.winmx.com c3524.z1305.winmx.com c3524.z1306.winmx.com
O1 - Hosts: 65.75.216.7 c3525.z1301.winmx.com c3525.z1302.winmx.com c3525.z1303.winmx.com c3525.z1304.winmx.com c3525.z1305.winmx.com c3525.z1306.winmx.com
O1 - Hosts: 82.43.229.238 c3526.z1301.winmx.com c3526.z1302.winmx.com c3526.z1303.winmx.com c3526.z1304.winmx.com c3526.z1305.winmx.com c3526.z1306.winmx.com
O1 - Hosts: 82.43.229.238 c3527.z1301.winmx.com c3527.z1302.winmx.com c3527.z1303.winmx.com c3527.z1304.winmx.com c3527.z1305.winmx.com c3527.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3528.z1301.winmx.com c3528.z1302.winmx.com c3528.z1303.winmx.com c3528.z1304.winmx.com c3528.z1305.winmx.com c3528.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3529.z1301.winmx.com c3529.z1302.winmx.com c3529.z1303.winmx.com c3529.z1304.winmx.com c3529.z1305.winmx.com c3529.z1306.winmx.com
O1 - Hosts: 65.75.216.6 winmx-com.winmxgroup.com winmx-com-v30.winmxgroup.com
O1 - Hosts: 205.238.40.54 winmx-com.winmxgroup.com winmx-com-v30.winmxgroup.com
O1 - Hosts: 65.75.216.6 test0.winmxgroup.net test5.winmxgroup.net
O1 - Hosts: 65.75.216.7 test1.winmxgroup.net test6.winmxgroup.net
O1 - Hosts: 82.43.229.238 test2.winmxgroup.net
O1 - Hosts: 205.238.40.1 test3.winmxgroup.net
O1 - Hosts: 205.238.40.2 test4.winmxgroup.net
O1 - Hosts: 65.75.216.6 cache0.winmxgroup.com cache5.winmxgroup.com cache0.winmxgroup.net cache5.winmxgroup.net cache10.winmxgroup.net cache15.winmxgroup.net
O1 - Hosts: 65.75.216.7 cache1.winmxgroup.com cache6.winmxgroup.com cache1.winmxgroup.net cache6.winmxgroup.net cache11.winmxgroup.net cache16.winmxgroup.net
O1 - Hosts: 82.43.229.238 cache2.winmxgroup.com cache7.winmxgroup.com cache2.winmxgroup.net cache7.winmxgroup.net cache12.winmxgroup.net cache17.winmxgroup.net
O1 - Hosts: 205.238.40.1 cache3.winmxgroup.com cache8.winmxgroup.com cache3.winmxgroup.net cache8.winmxgroup.net cache13.winmxgroup.net cache18.winmxgroup.net
O1 - Hosts: 205.238.40.2 cache4.winmxgroup.com cache9.winmxgroup.com cache4.winmxgroup.net cache9.winmxgroup.net cache14.winmxgroup.net cache19.winmxgroup.net
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Burn4Free Toolbar Helper - {D187A56B-A33F-4CBE-9D77-459FC0BAE012} - C:\Archivos de programa\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Archivos de programa\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Archivos de programa\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: BS.Player ControlBar - {2C688203-7EB3-4327-9995-1CB417BA23F9} - C:\Archivos de programa\BS.Player ControlBar\BSToolbar.dll
O3 - Toolbar: Burn4Free Toolbar - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - C:\Archivos de programa\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O23 - Service: Avira AntiVir Programador (AntiVirSchedulerService) - Avira GmbH - C:\Archivos de programa\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Archivos de programa\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Archivos de programa\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Archivos de programa\Lavasoft\Ad-Aware\AAWService.exe
--
End of file - 10110 bytes
Microsoft Windows XP Professional 5.1.2600.3.1252.34.3082.18.1023.496 [GMT 1:00]
Running from: c:\downloads\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
((((((((((((((((((((((((( Files Created from 2010-01-24 to 2010-02-24 )))))))))))))))))))))))))))))))
.
2010-02-24 17:44 . 2010-02-24 17:44 -------- d-----w- c:\windows\system32\wbem\snmp
2010-02-24 17:44 . 2010-02-24 17:44 -------- d-----w- c:\windows\system32\xircom
2010-02-24 17:44 . 2010-02-24 17:44 -------- d-----w- c:\archivos de programa\microsoft frontpage
2010-02-24 16:28 . 2010-02-24 16:36 -------- d-----w- c:\archivos de programa\RegCleaner
2010-02-24 11:16 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-24 11:16 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-24 10:45 . 2010-02-24 10:46 -------- d-----w- C:\Hijack
2010-02-21 14:41 . 2010-02-05 09:03 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-02-21 14:23 . 2010-02-21 14:23 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-02-20 18:12 . 2010-02-05 09:03 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-02-20 18:11 . 2010-02-20 18:11 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-02-20 18:11 . 2010-02-20 18:11 95024 ----a-w- c:\documents and settings\All Users\Datos de programa\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys
2010-02-20 18:11 . 2010-02-20 18:11 598368 ----a-w- c:\documents and settings\All Users\Datos de programa\Lavasoft\Ad-Aware\Update\EmailScanner.dll
2010-02-20 18:11 . 2010-02-20 18:11 566608 ----a-w- c:\documents and settings\All Users\Datos de programa\Lavasoft\Ad-Aware\Update\sbap.dll
2010-02-20 18:11 . 2010-02-20 18:11 562272 ----a-w- c:\documents and settings\All Users\Datos de programa\Lavasoft\Ad-Aware\Update\aawapi.dll
2010-02-20 18:11 . 2010-02-20 18:11 1230160 ----a-w- c:\documents and settings\All Users\Datos de programa\Lavasoft\Ad-Aware\Update\SBTE.dll
2010-02-20 18:11 . 2010-02-20 18:11 247120 ----a-w- c:\documents and settings\All Users\Datos de programa\Lavasoft\Ad-Aware\Update\SBRE.dll
2010-02-20 18:11 . 2010-02-20 18:11 94712 ----a-w- c:\documents and settings\All Users\Datos de programa\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2010-02-20 18:11 . 2010-02-20 18:11 961984 ----a-w- c:\documents and settings\All Users\Datos de programa\Lavasoft\Ad-Aware\Update\CEAPI.dll
2010-02-20 18:10 . 2010-02-20 18:11 842992 ----a-w- c:\documents and settings\All Users\Datos de programa\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2010-02-20 18:10 . 2010-02-20 18:10 1593320 ----a-w- c:\documents and settings\All Users\Datos de programa\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2010-02-20 18:01 . 2010-02-20 18:02 -------- dc-h--w- c:\documents and settings\All Users\Datos de programa\{52AC600B-5800-407E-99FF-83CD0669760B}
2010-02-20 18:01 . 2010-02-05 09:04 2954656 -c--a-w- c:\documents and settings\All Users\Datos de programa\{52AC600B-5800-407E-99FF-83CD0669760B}\Ad-AwareInstaller.exe
2010-02-20 18:00 . 2010-02-20 18:12 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Lavasoft
2010-02-20 16:31 . 2010-02-21 13:36 -------- d-----w- c:\documents and settings\Administrador\Datos de programa\Lavasoft
2010-02-20 16:31 . 2010-02-20 18:02 -------- d-----w- c:\archivos de programa\Lavasoft
2010-02-18 19:06 . 2010-02-20 13:32 -------- d-----w- c:\archivos de programa\Spybot - Search & Destroy
2010-02-18 19:06 . 2010-02-20 13:30 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Spybot - Search & Destroy
2010-02-18 17:01 . 2010-02-18 17:01 -------- d-----w- c:\documents and settings\Administrador\Datos de programa\Malwarebytes
2010-02-18 17:00 . 2010-02-24 11:17 -------- d-----w- c:\archivos de programa\Malwarebytes' Anti-Malware
2010-02-18 17:00 . 2010-02-18 17:00 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Malwarebytes
2010-02-14 17:02 . 2010-02-14 17:02 -------- d-----r- c:\documents and settings\LocalService\Favoritos
2010-02-14 17:02 . 2010-02-14 17:02 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-02-07 22:09 . 2010-02-07 22:09 -------- d-----w- c:\archivos de programa\Archivos comunes\Java
2010-02-07 22:09 . 2010-02-07 22:09 503808 ----a-w- c:\documents and settings\Administrador\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-76602fd5-n\msvcp71.dll
2010-02-07 22:09 . 2010-02-07 22:09 348160 ----a-w- c:\documents and settings\Administrador\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-76602fd5-n\msvcr71.dll
2010-02-07 22:09 . 2010-02-07 22:09 499712 ----a-w- c:\documents and settings\Administrador\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-76602fd5-n\jmc.dll
2010-02-07 22:09 . 2010-02-07 22:09 61440 ----a-w- c:\documents and settings\Administrador\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-63d06dc5-n\decora-sse.dll
2010-02-07 22:09 . 2010-02-07 22:09 12800 ----a-w- c:\documents and settings\Administrador\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-63d06dc5-n\decora-d3d.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-24 16:36 . 2008-04-14 05:48 24064 ----a-w- c:\windows\system32\ctfmon.exe
2010-02-24 12:50 . 2010-01-21 12:10 -------- d-----w- c:\documents and settings\Administrador\Datos de programa\Spotify
2010-02-24 09:45 . 2009-11-26 16:34 -------- d-----w- c:\archivos de programa\JDownloader
2010-02-14 21:30 . 2009-12-02 19:42 -------- d-----w- c:\archivos de programa\DAEMON Tools
2010-02-07 22:08 . 2009-11-26 13:57 -------- d-----w- c:\archivos de programa\Java
2010-02-06 13:14 . 2009-12-22 13:47 -------- d-----w- c:\archivos de programa\Burn4Free
2010-02-03 20:21 . 2001-08-24 12:00 51272 ----a-w- c:\windows\system32\perfc00A.dat
2010-02-03 20:21 . 2001-08-24 12:00 362534 ----a-w- c:\windows\system32\perfh00A.dat
2010-01-21 12:10 . 2010-01-21 12:10 -------- d-----w- c:\archivos de programa\Spotify
2010-01-06 21:42 . 2010-01-06 21:41 -------- d-----w- c:\archivos de programa\Supercard
2010-01-02 16:54 . 2010-01-02 16:54 -------- d-----w- c:\archivos de programa\CDex_170b2
2010-01-02 16:06 . 2009-12-31 12:33 -------- d-----w- c:\documents and settings\Administrador\Datos de programa\PC Suite
2010-01-02 12:42 . 2010-01-02 12:42 -------- d-----w- c:\documents and settings\Administrador\Datos de programa\Apple Computer
2009-12-31 16:50 . 2008-04-13 22:45 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-31 12:37 . 2009-12-31 12:34 -------- d-----w- c:\documents and settings\Administrador\Datos de programa\Nokia
2009-12-31 12:37 . 2009-12-31 12:37 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-12-31 12:37 . 2009-12-31 12:37 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-12-31 12:33 . 2009-12-31 12:33 -------- d-----w- c:\documents and settings\All Users\Datos de programa\PC Suite
2009-12-31 12:33 . 2009-12-31 12:32 -------- d-----w- c:\archivos de programa\DIFX
2009-12-31 12:33 . 2009-12-31 12:33 -------- d-----w- c:\archivos de programa\Archivos comunes\PCSuite
2009-12-31 12:32 . 2009-12-31 12:32 -------- d-----w- c:\archivos de programa\Archivos comunes\Nokia
2009-12-31 12:32 . 2009-12-31 12:31 -------- d-----w- c:\archivos de programa\Nokia
2009-12-31 12:32 . 2009-12-31 12:32 -------- d-----w- c:\archivos de programa\PC Connectivity Solution
2009-12-31 12:27 . 2009-12-31 12:27 95232 ----a-w- c:\documents and settings\All Users\Datos de programa\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\pcswpcsi.exe
2009-12-31 12:27 . 2009-12-31 12:27 8192 ----a-w- c:\documents and settings\All Users\Datos de programa\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstCCD.exe
2009-12-31 12:27 . 2009-12-31 12:27 61440 ----a-w- c:\documents and settings\All Users\Datos de programa\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-12-31 12:27 . 2009-12-31 12:27 10240 ----a-w- c:\documents and settings\All Users\Datos de programa\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCS.exe
2009-12-31 12:27 . 2009-12-31 12:27 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Installations
2009-12-31 12:27 . 2009-12-31 12:28 33669504 ----a-w- c:\documents and settings\All Users\Datos de programa\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Nokia_PC_Suite_7_1_40_1_spa_web.exe
2009-12-30 16:54 . 2009-11-25 21:01 -------- d--h--w- c:\archivos de programa\InstallShield Installation Information
2009-12-30 16:54 . 2009-12-30 16:54 -------- d-----w- c:\archivos de programa\Escntl
2009-12-29 10:40 . 2009-12-29 10:10 -------- d-----w- c:\archivos de programa\CloneCD
2009-12-29 10:14 . 2009-12-29 10:12 24 --sh--w- c:\windows\SDA775D16.tmp
2009-12-22 13:48 . 2009-12-22 13:48 233243 ----a-w- c:\windows\Burn4Free_Toolbar_Uninstaller_2015.exe
2009-12-21 19:06 . 2008-04-14 05:48 916480 ------w- c:\windows\system32\wininet.dll
2009-12-17 16:14 . 2009-11-26 13:58 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-17 07:41 . 2009-11-25 20:29 346624 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:09 . 2008-04-14 05:48 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-04 18:22 . 2008-04-13 22:47 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-12-02 19:42 . 2009-12-02 19:42 223128 ----a-w- c:\windows\system32\drivers\dtscsi.sys
2009-12-02 19:38 . 2009-12-02 19:38 96384 ----a-w- c:\windows\system32\drivers\sptd7917.sys
2009-12-02 19:38 . 2009-12-02 19:38 642560 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-12-02 17:47 . 2009-12-02 17:47 363584 ----a-w- c:\documents and settings\Administrador\Datos de programa\id Software\quakelive\home\baseq3\cgamex86.dll
2009-12-02 17:47 . 2009-12-02 17:47 179264 ----a-w- c:\documents and settings\Administrador\Datos de programa\id Software\quakelive\home\baseq3\uix86.dll
2009-12-02 17:47 . 2009-12-02 17:47 461888 ----a-w- c:\documents and settings\Administrador\Datos de programa\id Software\quakelive\home\baseq3\qagamex86.dll
2009-12-02 17:47 . 2009-12-02 17:47 887856 ----a-w- c:\documents and settings\Administrador\Datos de programa\id Software\quakelive\home\pb\pbcl.dll
2009-12-02 17:47 . 2009-12-02 17:47 57344 ----a-w- c:\documents and settings\Administrador\Datos de programa\id Software\quakelive\home\pb\pbag.dll
2009-12-02 17:47 . 2009-12-02 17:47 2407488 ----a-w- c:\documents and settings\Administrador\Datos de programa\id Software\quakelive\home\baseq3\quakelive.dll
2009-12-02 17:42 . 2009-12-02 17:42 111928 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-12-02 17:42 . 2009-12-02 17:42 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-12-02 17:42 . 2009-12-02 17:42 2373712 ----a-w- c:\windows\system32\pbsvc.exe
2009-11-29 14:31 . 2009-11-29 14:31 1961720 ----a-w- c:\documents and settings\Administrador\Datos de programa\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2009-11-27 20:42 . 2009-11-25 20:33 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-11-27 17:13 . 2008-04-14 07:48 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 17:13 . 2008-04-14 05:48 1297920 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 16:08 . 2008-04-14 07:48 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:08 . 2008-04-14 05:48 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:08 . 2008-04-14 05:48 85504 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:08 . 2001-08-24 12:00 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:08 . 2001-08-22 22:15 8704 ----a-w- c:\windows\system32\tsbyuv.dll
.
------- Sigcheck -------
[-] 2010-02-24 16:36 . C3A2915C71AE6F225EB906C25CCD29B5 . 24064 . . [1.0.0.5] . . c:\windows\system32\ctfmon.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-02-24_17.38.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-24 17:49 . 2010-02-24 17:49 16384 c:\windows\Temp\Perflib_Perfdata_184.dat
+ 2009-11-25 20:36 . 2010-02-24 17:49 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-11-25 20:36 . 2010-02-24 17:28 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-11-25 20:36 . 2010-02-24 17:49 32768 c:\windows\system32\config\systemprofile\Configuración local\Historial\History.IE5\index.dat
- 2009-11-25 20:36 . 2010-02-24 17:28 32768 c:\windows\system32\config\systemprofile\Configuración local\Historial\History.IE5\index.dat
+ 2009-11-25 20:36 . 2010-02-24 17:49 32768 c:\windows\system32\config\systemprofile\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat
- 2009-11-25 20:36 . 2010-02-24 17:28 32768 c:\windows\system32\config\systemprofile\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat
+ 2009-11-29 17:05 . 2010-02-24 17:49 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2009-11-29 17:05 . 2010-02-24 17:28 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D187A56B-A33F-4CBE-9D77-459FC0BAE012}]
2009-12-22 13:48 815104 ----a-w- c:\archivos de programa\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4F11ACBB-393F-4C86-A214-FF3D0D155CC3}"= "c:\archivos de programa\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll" [2009-12-22 815104]
[HKEY_CLASSES_ROOT\clsid\{4f11acbb-393f-4c86-a214-ff3d0d155cc3}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{4F11ACBB-393F-4C86-A214-FF3D0D155CC3}"= "c:\archivos de programa\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll" [2009-12-22 815104]
[HKEY_CLASSES_ROOT\clsid\{4f11acbb-393f-4c86-a214-ff3d0d155cc3}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\archivos de programa\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"PC Suite Tray"="c:\archivos de programa\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\archivos de programa\Archivos comunes\Java\Java Update\jusched.exe" [2010-01-11 246504]
"avgnt"="c:\archivos de programa\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2010-02-24 24064]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2009-03-08 128512]
c:\documents and settings\All Users\Men£ Inicio\Programas\Inicio\
Adobe Gamma Loader.lnk - c:\archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe [2009-12-10 113664]
Microsoft Office.lnk - c:\archivos de programa\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe,c:\windows\system32\msppam32.exe,"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
2006-09-28 19:21 57344 ----a-w- c:\archivos de programa\CloneCD\CloneCDTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
2005-12-10 14:57 133016 ----a-w- c:\archivos de programa\DAEMON Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 22:08 417792 ----a-w- c:\archivos de programa\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp]
2002-06-26 16:36 90112 ----a-w- c:\archivos de programa\Analog Devices\SoundMAX\SMTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 15:07 2260480 --sha-r- c:\archivos de programa\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2009-12-18 00:30 39424 ----a-w- c:\archivos de programa\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SoundMAX Agent Service (default)"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Archivos de programa\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Archivos de programa\\JDownloader\\JDownloader.exe"=
"c:\\Archivos de programa\\ABC\\abc.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Archivos de programa\\Spotify\\spotify.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [20/02/2010 19:12 64288]
R2 AntiVirSchedulerService;Avira AntiVir Programador;c:\archivos de programa\Avira\AntiVir Desktop\sched.exe [24/12/2009 11:58 108289]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\archivos de programa\Lavasoft\Ad-Aware\AAWService.exe [05/02/2010 10:03 1229232]
S0 jiisshcr;jiisshcr;c:\windows\system32\drivers\dxnnqa.sys --> c:\windows\system32\drivers\dxnnqa.sys [?]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [02/12/2009 20:38 642560]
.
Contents of the 'Scheduled Tasks' folder
2010-02-24 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\archivos de programa\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-05 18:11]
2010-01-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\archivos de programa\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2010-02-24 c:\windows\Tasks\User_Feed_Synchronization-{E1272F0E-535C-480E-BC07-2E3A766B2F14}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://
IE: E&xportar a Microsoft Excel - c:\archiv~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Administrador\Datos de programa\Mozilla\Firefox\Profiles\4cx4txfb.default\
FF - prefs.js: browser.startup.homepage - hxxp://
FF - plugin: c:\archivos de programa\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\archivos de programa\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\documents and settings\All Users\Datos de programa\id Software\QuakeLive\npquakezero.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2010-02-24 18:58
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-823518204-682003330-1606980848-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2d,1b,9e,b7,25,9a,cd,4c,b2,b5,8f,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2d,1b,9e,b7,25,9a,cd,4c,b2,b5,8f,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(664)
c:\windows\system32\wininet.dll
- - - - - - - > 'lsass.exe'(720)
c:\windows\system32\wininet.dll
.
Completion time: 2010-02-24 19:00:51
ComboFix-quarantined-files.txt 2010-02-24 18:00
ComboFix2.txt 2010-02-24 17:41
Pre-Run: 20.042.326.016 bytes libres
Post-Run: 20.010.487.808 bytes libres
- - End Of File - - 649173F2504D9497F37BDA78510DA9A4
msc hotline sat Virus Research Engineer