Publicidad

Estado
Cerrado para nuevas respuestas.
I

IRH

Guest
Código:
Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 1:17:26, on 27/04/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

C:\Acer\Empowering Technology\ePresentation\ePresentation.exe

C:\WINDOWS\system32\rundll32.exe

C:\Acer\Empowering Technology\ePower\ePower_DMC.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE

C:\WINDOWS\vsnp2std.exe

C:\WINDOWS\AcerOrbiCam.exe

C:\Acer\Empowering Technology\eRecovery\eRAgent.exe

C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE

C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe

C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE

C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

C:\Program Files\Mouse\Amoumain.exe

C:\Program Files\Support.com\bin\tgcmd.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe

C:\WINDOWS\system32\DrvMon.exe

C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe

C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe

C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe

C:\DOCUME~1\usuario\LOCALS~1\Temp\RtkBtMnt.exe

C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

C:\Program Files\Network Associates\VirusScan\Mcshield.exe

C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe

C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\BitLord\BitLord.exe

C:\Program Files\Zamaan's Software\Browser Hijack Retaliator 4.5\BHR.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://trucoswindows.net/

R3 - URLSearchHook: Barra Yahoo! con bloqueador de ventanas emergentes - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll

R3 - URLSearchHook: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll

O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll

O2 - BHO: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll

O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE

O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe

O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe

O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1

O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe

O4 - HKLM\..\Run: [eLockMonitor] C:\Acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe

O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe

O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe

O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"

O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE

O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe

O4 - HKLM\..\Run: [Acer OrbiCam] C:\WINDOWS\AcerOrbiCam.exe

O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe

O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

O4 - HKLM\..\Run: [WheelMouse] Amoumain.exe

O4 - HKLM\..\Run: [hcenter] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [BHR] C:\Program Files\Zamaan's Software\Browser Hijack Retaliator 4.5\BHR.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

O4 - HKCU\..\Run: [DrvMon.exe] C:\WINDOWS\system32\DrvMon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Herramienta de búsqueda de soportes de Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe

O4 - Global Startup: Acer Empowering Technology.lnk = ?

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll

O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1165853829531

O16 - DPF: {B785FA3C-1DE9-4D20-8396-613C486FE95E} (AeatCtl Class) - https://www5.aeat.es/es13/h/cactivex.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: eLock Service (eLockService) -   - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Servicio de registro de McAfee (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe

O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
--
 

Lestat

Ex- Mod
Miembro
Empieza haciendo esto:

En Este Orden:

Actualiza tu sistema, Buscar actualizaciones con Windows Update (Si no puedes Omite este paso)

Borra todas las cookies y el registro con CCleaner:

Vete a Panel de Control--> Java y elimina todos los archivos temporales. (Si utilizas JAVA)

Borrar archivos temporales--> Desde Inicio, Ejecutar, escribe %TEMP%, pulsa Enter y elimina todo el contenido.

Pasale el superantispyware. (Actualizalo, y al acabar el Scaneo elije la opción eliminar, después guarda el report y lo pegas)

Ademas, haz un Scan on Line

Pega un nuevo Log del Hijackthis, mas los Reports de superantispyware y el Scan on Line.

Un Saludo
 
I

IRH

Guest
NUEVO LOG:
Código:
[SPOILER][CODE]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 9:22:11, on 27/04/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

C:\Acer\Empowering Technology\ePresentation\ePresentation.exe

C:\WINDOWS\system32\rundll32.exe

C:\Acer\Empowering Technology\ePower\ePower_DMC.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE

C:\WINDOWS\vsnp2std.exe

C:\WINDOWS\AcerOrbiCam.exe

C:\Acer\Empowering Technology\eRecovery\eRAgent.exe

C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE

C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE

C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe

C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

C:\Program Files\Mouse\Amoumain.exe

C:\Program Files\Support.com\bin\tgcmd.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Zamaan's Software\Browser Hijack Retaliator 4.5\BHR.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe

C:\WINDOWS\system32\DrvMon.exe

C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe

C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe

C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe

C:\DOCUME~1\usuario\LOCALS~1\Temp\RtkBtMnt.exe

C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

C:\Program Files\Network Associates\VirusScan\Mcshield.exe

C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe

C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://trucoswindows.net/

R3 - URLSearchHook: Barra Yahoo! con bloqueador de ventanas emergentes - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll

R3 - URLSearchHook: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll

O2 - BHO: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll

O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll

O3 - Toolbar: Barra Yahoo! con bloqueador de ventanas emergentes - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE

O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe

O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe

O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1

O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe

O4 - HKLM\..\Run: [eLockMonitor] C:\Acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe

O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe

O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe

O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"

O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE

O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe

O4 - HKLM\..\Run: [Acer OrbiCam] C:\WINDOWS\AcerOrbiCam.exe

O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe

O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

O4 - HKLM\..\Run: [WheelMouse] Amoumain.exe

O4 - HKLM\..\Run: [hcenter] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [BHR] C:\Program Files\Zamaan's Software\Browser Hijack Retaliator 4.5\BHR.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

O4 - HKCU\..\Run: [DrvMon.exe] C:\WINDOWS\system32\DrvMon.exe

O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Herramienta de búsqueda de soportes de Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe

O4 - Global Startup: Acer Empowering Technology.lnk = ?

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1165853829531

O16 - DPF: {B785FA3C-1DE9-4D20-8396-613C486FE95E} (AeatCtl Class) - https://www5.aeat.es/es13/h/cactivex.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: eLock Service (eLockService) -   - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Servicio de registro de McAfee (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe

O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
--
[/CODE][/SPOILER]
REPORT SUPERANTISPAY
Código:
SUPERAntiSpyware Scan Log

http://www.superantispyware.com

Generated 04/27/2008 at 03:10 AM

Application Version : 4.0.1154

Core Rules Database Version : 3448

Trace Rules Database Version: 1440

Scan type       : Quick Scan

Total Scan Time : 00:26:06

Memory items scanned      : 746

Memory threats detected   : 0

Registry items scanned    : 472

Registry threats detected : 1

File items scanned        : 10582

File threats detected     : 1

Adware.Tracking Cookie

    C:\Documents and Settings\usuario\Cookies\usuario[arroba]tradedoubler[2].txt

Adware.Zango/ShoppingReport

    HKU\S-1-5-21-171074283-4088172634-3203378981-1005\Software\ShoppingReport

REPORT VIRUSSCAN

11/12/2006    12:26:06    Versión del motor                                           =5100

11/12/2006    12:26:06    Versión DAT                                                 =4915

11/12/2006    12:26:06    Número de definiciones de virus en EXTRA.DAT                =Ninguno

11/12/2006    12:26:06    Nombres de los virus que puede detectar EXTRA.DAT           =Ninguno

11/12/2006    12:26:05    Análisis iniciado    ACER-796297FE27\usuario    Analizar todos los discos duros

11/12/2006    12:43:43    Resumen de análisis    ACER-796297FE27\usuario    Resumen de análisis

11/12/2006    12:43:43    Resumen de análisis    ACER-796297FE27\usuario    Procesos analizados    : 71

11/12/2006    12:43:43    Resumen de análisis    ACER-796297FE27\usuario    Procesos detectados   : 0

11/12/2006    12:43:43    Resumen de análisis    ACER-796297FE27\usuario    Procesos limpiados    : 0

11/12/2006    12:43:43    Resumen de análisis    ACER-796297FE27\usuario    Sectores de arranque analizados : 1

11/12/2006    12:43:43    Resumen de análisis    ACER-796297FE27\usuario    Sectores de arranque: 0

11/12/2006    12:43:43    Resumen de análisis    ACER-796297FE27\usuario    Sectores de arranque limpiados: 0

11/12/2006    12:43:43    Resumen de análisis    ACER-796297FE27\usuario    Archivos analizados: 54832

11/12/2006    12:43:43    Resumen de análisis    ACER-796297FE27\usuario    Archivos con detecciones: 0

11/12/2006    12:43:43    Resumen de análisis    ACER-796297FE27\usuario    Detecciones de archivos   : 0

11/12/2006    12:43:43    Resumen de análisis    ACER-796297FE27\usuario    Archivos limpiados: 0

11/12/2006    12:43:43    Resumen de análisis    ACER-796297FE27\usuario    Archivos migrados: 0

11/12/2006    12:43:43    Resumen de análisis    ACER-796297FE27\usuario    Archivos eliminados: 0

11/12/2006    12:43:43    Resumen de análisis    ACER-796297FE27\usuario    Archivos analizados   : 29

11/12/2006    12:43:43    Resumen de análisis    ACER-796297FE27\usuario    Tiempo de ejecución: 0:17:38

11/12/2006    12:43:43    Análisis completado    ACER-796297FE27\usuario    Analizar todos los discos duros

27/04/2008    2:48:44    Versión del motor                                           =5200

27/04/2008    2:48:44    Versión DAT                                                 =5282

27/04/2008    2:48:44    Número de definiciones de virus en EXTRA.DAT                =Ninguno

27/04/2008    2:48:44    Nombres de los virus que puede detectar EXTRA.DAT           =Ninguno

27/04/2008    2:48:35    Análisis iniciado    ACER-796297FE27\usuario    Analizar todos los discos duros

27/04/2008    3:33:23    Resumen de análisis    ACER-796297FE27\usuario    Resumen de análisis

27/04/2008    3:33:23    Resumen de análisis    ACER-796297FE27\usuario    Procesos analizados    : 76

27/04/2008    3:33:23    Resumen de análisis    ACER-796297FE27\usuario    Procesos detectados   : 0

27/04/2008    3:33:23    Resumen de análisis    ACER-796297FE27\usuario    Procesos limpiados    : 0

27/04/2008    3:33:23    Resumen de análisis    ACER-796297FE27\usuario    Sectores de arranque analizados : 1

27/04/2008    3:33:23    Resumen de análisis    ACER-796297FE27\usuario    Sectores de arranque: 0

27/04/2008    3:33:23    Resumen de análisis    ACER-796297FE27\usuario    Sectores de arranque limpiados: 0

27/04/2008    3:33:23    Resumen de análisis    ACER-796297FE27\usuario    Archivos analizados: 79179

27/04/2008    3:33:23    Resumen de análisis    ACER-796297FE27\usuario    Archivos con detecciones: 0

27/04/2008    3:33:23    Resumen de análisis    ACER-796297FE27\usuario    Detecciones de archivos   : 0

27/04/2008    3:33:23    Resumen de análisis    ACER-796297FE27\usuario    Archivos limpiados: 0

27/04/2008    3:33:23    Resumen de análisis    ACER-796297FE27\usuario    Archivos migrados: 0

27/04/2008    3:33:23    Resumen de análisis    ACER-796297FE27\usuario    Archivos eliminados: 0

27/04/2008    3:33:23    Resumen de análisis    ACER-796297FE27\usuario    Archivos analizados   : 27

27/04/2008    3:33:23    Resumen de análisis    ACER-796297FE27\usuario    Tiempo de ejecución: 0:44:48

27/04/2008    3:33:23    Análisis completado    ACER-796297FE27\usuario    Analizar todos los discos duros

27/04/2008    9:27:14    Versión del motor                                           =5200

27/04/2008    9:27:14    Versión DAT                                                 =5282

27/04/2008    9:27:14    Número de definiciones de virus en EXTRA.DAT                =Ninguno

27/04/2008    9:27:14    Nombres de los virus que puede detectar EXTRA.DAT           =Ninguno

27/04/2008    9:27:12    Análisis iniciado    ACER-796297FE27\usuario    Analizar todos los discos duros

27/04/2008    9:59:42    Resumen de análisis    ACER-796297FE27\usuario    Resumen de análisis

27/04/2008    9:59:42    Resumen de análisis    ACER-796297FE27\usuario    Procesos analizados    : 75

27/04/2008    9:59:42    Resumen de análisis    ACER-796297FE27\usuario    Procesos detectados   : 0

27/04/2008    9:59:42    Resumen de análisis    ACER-796297FE27\usuario    Procesos limpiados    : 0

27/04/2008    9:59:42    Resumen de análisis    ACER-796297FE27\usuario    Sectores de arranque analizados : 1

27/04/2008    9:59:42    Resumen de análisis    ACER-796297FE27\usuario    Sectores de arranque: 0

27/04/2008    9:59:42    Resumen de análisis    ACER-796297FE27\usuario    Sectores de arranque limpiados: 0

27/04/2008    9:59:42    Resumen de análisis    ACER-796297FE27\usuario    Archivos analizados: 79899

27/04/2008    9:59:42    Resumen de análisis    ACER-796297FE27\usuario    Archivos con detecciones: 0

27/04/2008    9:59:42    Resumen de análisis    ACER-796297FE27\usuario    Detecciones de archivos   : 0

27/04/2008    9:59:42    Resumen de análisis    ACER-796297FE27\usuario    Archivos limpiados: 0

27/04/2008    9:59:42    Resumen de análisis    ACER-796297FE27\usuario    Archivos migrados: 0

27/04/2008    9:59:42    Resumen de análisis    ACER-796297FE27\usuario    Archivos eliminados: 0

27/04/2008    9:59:42    Resumen de análisis    ACER-796297FE27\usuario    Archivos analizados   : 24

27/04/2008    9:59:42    Resumen de análisis    ACER-796297FE27\usuario    Tiempo de ejecución: 0:32:30

27/04/2008    9:59:42    Análisis completado    ACER-796297FE27\usuario    Analizar todos los discos duros
HE PROBADO Y ME SIGUE SALTANDO LA PUBLICIDAD.

SALUDOS
 

Lestat

Ex- Mod
Miembro
Combo Fix

1. Descarga Combofix.exe en el escritorio

2. Haz Doble click en combofix.exe y lo ejecutas, sigues los avisos

3. Al finalizar la ejecuccion produce un log localizado en: (C:\ComboFix.txt).

pegas ese report y un nuevo log

Un saludo
 
I

IRH

Guest
NUEVO LOG
Código:
C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe

C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\explorer.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://trucoswindows.net/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R3 - URLSearchHook: Barra Yahoo! con bloqueador de ventanas emergentes - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll

R3 - URLSearchHook: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll

O2 - BHO: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll

O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll

O3 - Toolbar: Barra Yahoo! con bloqueador de ventanas emergentes - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE

O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe

O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe

O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1

O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe

O4 - HKLM\..\Run: [eLockMonitor] C:\Acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe

O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe

O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe

O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"

O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE

O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe

O4 - HKLM\..\Run: [Acer OrbiCam] C:\WINDOWS\AcerOrbiCam.exe

O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe

O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

O4 - HKLM\..\Run: [WheelMouse] Amoumain.exe

O4 - HKLM\..\Run: [hcenter] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

O4 - HKCU\..\Run: [DrvMon.exe] C:\WINDOWS\system32\DrvMon.exe

O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Herramienta de búsqueda de soportes de Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe

O4 - Global Startup: Acer Empowering Technology.lnk = ?

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1165853829531

O16 - DPF: {B785FA3C-1DE9-4D20-8396-613C486FE95E} (AeatCtl Class) - https://www5.aeat.es/es13/h/cactivex.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: eLock Service (eLockService) -   - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Servicio de registro de McAfee (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe

O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

--
[/CODE][/SPOILER]
REPORT COMBOFIX
Código:
ComboFix 08-04-26.5 - usuario 2008-04-27 18:43:01.1 - FAT32x86

Microsoft Windows XP Professional  5.1.2600.2.1252.34.1033.18.388 [GMT 2:00]

Running from: C:\Documents and Settings\usuario\Desktop\ComboFix.exe

* Created a new restore point

* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\All Users\Desktop\webmediaplayer.lnk

C:\Documents and Settings\All Users\Start Menu\Programs\WebMediaPlayer

C:\Documents and Settings\All Users\Start Menu\Programs\WebMediaPlayer\Confidencialidad.url

C:\Documents and Settings\All Users\Start Menu\Programs\WebMediaPlayer\Desinstalar.lnk

C:\Documents and Settings\All Users\Start Menu\Programs\WebMediaPlayer\Términos y condiciones.url

C:\Documents and Settings\All Users\Start Menu\Programs\WebMediaPlayer\WebMediaPlayer.lnk

C:\Documents and Settings\All Users\Start Menu\Programs\WebMediaPlayer\Website.url

C:\Documents and Settings\usuario\Application Data\inst.exe

c:\Documents and Settings\usuario\Local Settings\Application Data\jnvqpwk.dat

c:\documents and settings\usuario\local settings\application data\jnvqpwk.exe

C:\Documents and Settings\usuario\Local Settings\Application Data\jnvqpwk_nav.dat

C:\Documents and Settings\usuario\Local Settings\Application Data\jnvqpwk_navps.dat

C:\Program Files\webmediaplayer

C:\Program Files\webmediaplayer\resources\languages_v2.xml

C:\Program Files\webmediaplayer\resources\webmedias

C:\Program Files\webmediaplayer\skins\classic.skn

C:\Program Files\webmediaplayer\sqlite3.dll

C:\Program Files\webmediaplayer\uninst.exe

C:\Program Files\webmediaplayer\WebMediaPlayer.exe

C:\WINDOWS\system32\dllcache\spoolsv.exe
 
I

IRH

Guest
NUEVO LOG
Código:
C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe

C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\explorer.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://trucoswindows.net/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R3 - URLSearchHook: Barra Yahoo! con bloqueador de ventanas emergentes - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll

R3 - URLSearchHook: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll

O2 - BHO: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll

O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll

O3 - Toolbar: Barra Yahoo! con bloqueador de ventanas emergentes - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE

O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe

O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe

O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1

O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe

O4 - HKLM\..\Run: [eLockMonitor] C:\Acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe

O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe

O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe

O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"

O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE

O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe

O4 - HKLM\..\Run: [Acer OrbiCam] C:\WINDOWS\AcerOrbiCam.exe

O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe

O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

O4 - HKLM\..\Run: [WheelMouse] Amoumain.exe

O4 - HKLM\..\Run: [hcenter] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

O4 - HKCU\..\Run: [DrvMon.exe] C:\WINDOWS\system32\DrvMon.exe

O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Herramienta de búsqueda de soportes de Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe

O4 - Global Startup: Acer Empowering Technology.lnk = ?

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1165853829531

O16 - DPF: {B785FA3C-1DE9-4D20-8396-613C486FE95E} (AeatCtl Class) - https://www5.aeat.es/es13/h/cactivex.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: eLock Service (eLockService) -   - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Servicio de registro de McAfee (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe

O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

--

REPORT COMBOFIX
Código:
ComboFix 08-04-26.5 - usuario 2008-04-27 18:43:01.1 - FAT32x86

Microsoft Windows XP Professional  5.1.2600.2.1252.34.1033.18.388 [GMT 2:00]

Running from: C:\Documents and Settings\usuario\Desktop\ComboFix.exe

* Created a new restore point

* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\All Users\Desktop\webmediaplayer.lnk

C:\Documents and Settings\All Users\Start Menu\Programs\WebMediaPlayer

C:\Documents and Settings\All Users\Start Menu\Programs\WebMediaPlayer\Confidencialidad.url

C:\Documents and Settings\All Users\Start Menu\Programs\WebMediaPlayer\Desinstalar.lnk

C:\Documents and Settings\All Users\Start Menu\Programs\WebMediaPlayer\Términos y condiciones.url

C:\Documents and Settings\All Users\Start Menu\Programs\WebMediaPlayer\WebMediaPlayer.lnk

C:\Documents and Settings\All Users\Start Menu\Programs\WebMediaPlayer\Website.url

C:\Documents and Settings\usuario\Application Data\inst.exe

c:\Documents and Settings\usuario\Local Settings\Application Data\jnvqpwk.dat

c:\documents and settings\usuario\local settings\application data\jnvqpwk.exe

C:\Documents and Settings\usuario\Local Settings\Application Data\jnvqpwk_nav.dat

C:\Documents and Settings\usuario\Local Settings\Application Data\jnvqpwk_navps.dat

C:\Program Files\webmediaplayer

C:\Program Files\webmediaplayer\resources\languages_v2.xml

C:\Program Files\webmediaplayer\resources\webmedias

C:\Program Files\webmediaplayer\skins\classic.skn

C:\Program Files\webmediaplayer\sqlite3.dll

C:\Program Files\webmediaplayer\uninst.exe

C:\Program Files\webmediaplayer\WebMediaPlayer.exe

C:\WINDOWS\system32\dllcache\spoolsv.exe

.

(((((((((((((((((((((((((   Files Created from 2008-03-27 to 2008-04-27  )))))))))))))))))))))))))))))))

.

2008-04-27 14:10 . 2008-04-27 14:10    1,160    --a------    C:\WINDOWS\mozver.dat

2008-04-27 12:41 . 2008-04-27 12:41    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Yahoo! Companion

2008-04-27 01:51 . 2008-04-27 01:51    <DIR>    d--------    C:\Program Files\SUPERAntiSpyware

2008-04-27 01:51 . 2008-04-27 01:51    <DIR>    d--------    C:\Documents and Settings\usuario\Application Data\SUPERAntiSpyware.com

2008-04-27 01:51 . 2008-04-27 01:51    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

2008-04-27 01:35 . 2008-04-27 01:35    <DIR>    d--------    C:\Program Files\CCleaner

2008-04-27 00:41 . 2008-04-27 00:41    <DIR>    d--------    C:\Program Files\Trend Micro

2008-04-26 18:31 . 1998-06-24 13:00    244,024    --a------    C:\WINDOWS\system32\MSFLXGRD.OCX

2008-04-26 18:31 . 2004-03-09 13:00    132,880    --a------    C:\WINDOWS\system32\MSINET.OCX

2008-04-26 09:04 . 2008-04-26 09:04    <DIR>    d--------    C:\Program Files\Spybot - Search & Destroy

2008-04-26 09:04 . 2008-04-26 09:04    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-04-26 08:46 . 2008-04-26 08:46    0    --a------    C:\WINDOWS\nsreg.dat

2008-04-19 00:05 . 2008-04-19 00:05    <DIR>    d--------    C:\Program Files\iPod

2008-04-17 21:30 . 2008-04-25 22:40    451    --a------    C:\WINDOWS\RENT2007.INI

2008-03-28 23:37 . 2008-03-28 23:37    90,112    --a------    C:\WINDOWS\system32\QuickTimeVR.qtx

2008-03-28 23:37 . 2008-03-28 23:37    57,344    --a------    C:\WINDOWS\system32\QuickTime.qts

2008-03-27 11:09 . 2008-03-27 11:09    468    --a------    C:\WINDOWS\ss_uninstall.bat

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-20 05:22    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Elaborate Bytes

2008-03-20 05:21    ---------    d-----w    C:\Program Files\Elaborate Bytes

2008-03-19 09:47    1,845,248    ----a-w    C:\WINDOWS\system32\win32k.sys

2008-03-19 09:47    1,845,248    ----a-w    C:\WINDOWS\system32\dllcache\win32k.sys

2008-03-15 13:02    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Sony Corporation

2008-03-07 18:14    753,664    --sha-w    C:\Program Files\ehthumbs.db

2008-03-01 16:36    3,591,680    ----a-w    C:\WINDOWS\system32\dllcache\mshtml.dll

2008-02-29 08:55    70,656    ----a-w    C:\WINDOWS\system32\dllcache\ie4uinit.exe

2008-02-29 08:55    625,664    ----a-w    C:\WINDOWS\system32\dllcache\iexplore.exe

2008-02-22 10:00    13,824    ------w    C:\WINDOWS\system32\dllcache\ieudinit.exe

2008-02-20 06:51    282,624    ----a-w    C:\WINDOWS\system32\gdi32.dll

2008-02-20 06:51    282,624    ----a-w    C:\WINDOWS\system32\dllcache\gdi32.dll

2008-02-20 05:32    45,568    ----a-w    C:\WINDOWS\system32\dnsrslvr.dll

2008-02-20 05:32    45,568    ----a-w    C:\WINDOWS\system32\dllcache\dnsrslvr.dll

2008-02-20 05:32    148,992    ----a-w    C:\WINDOWS\system32\dllcache\dnsapi.dll

2008-02-15 05:44    161,792    ----a-w    C:\WINDOWS\system32\dllcache\ieakui.dll

2008-01-29 10:02    107,368    ----a-w    C:\WINDOWS\system32\GEARAspi.dll

2007-11-02 22:03    47,360    ----a-w    C:\Documents and Settings\usuario\Application Data\pcouffin.sys

2006-12-16 18:30    87,608    ----a-w    C:\Documents and Settings\usuario\Application Data\ezpinst.exe

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 20:00 15360]

"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 16:21 1449984]

"DrvMon.exe"="C:\WINDOWS\system32\DrvMon.exe" [2004-09-10 03:16 53248]

"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:56 64512]

"LaunchApp"="" []

"RTHDCPL"="RTHDCPL.EXE" [2006-08-16 11:23 16248320 C:\WINDOWS\RTHDCPL.exe]

"SkyTel"="SkyTel.EXE" [2006-08-16 11:21 2879488 C:\WINDOWS\SkyTel.exe]

"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2006-08-16 11:20 53248]

"ntiMUI"="C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2006-05-15 11:15 45056]

"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-07-31 21:02 346112]

"Acer ePresentation HPD"="C:\Acer\Empowering Technology\ePresentation\ePresentation.exe" [2006-07-28 10:40 208896]

"eLockMonitor"="C:\Acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe" [ ]

"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-10 20:00 208952]

"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 20:00 59392]

"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 20:00 455168]

"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 20:00 455168]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-10 20:00 110592 C:\WINDOWS\system32\bthprops.cpl]

"ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-08-30 09:57 442368]

"Boot"="C:\Acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 22:12 579584]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-08-15 20:34 766041]

"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 11:12 90112]

"LManager"="C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" [2006-09-07 19:52 479232]

"snp2std"="C:\WINDOWS\vsnp2std.exe" [2006-08-09 16:18 675840]

"Acer OrbiCam"="C:\WINDOWS\AcerOrbiCam.exe" [2006-10-16 17:36 434176]

"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 14:40 413696]

"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-09-22 08:00 94208]

"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2006-07-25 03:55 131072]

"Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 09:48 147514]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-06-15 12:36 229376]

"WheelMouse"="Amoumain.exe" []

"hcenter"="C:\Program Files\Support.com\bin\tgcmd.exe" [2006-08-13 00:37 1773568]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 20:00 15360]

"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-09-28 02:17 443968]

C:\Documents and Settings\usuario\Start Menu\Programs\Startup\

Herramienta de b£squeda de soportes de Picture Motion Browser.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-12-03 21:19:32 376832]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

Acer Empowering Technology.lnk - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2006-08-03 15:34:04 45056]

Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles

"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoViewOnDrive"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"=

"C:\\Program Files\\Messenger\\MSMSGS.EXE"=

"C:\\Program Files\\eMule\\emule.exe"=

"C:\\Program Files\\BitLord\\BitLord.exe"=

"C:\\Program Files\\Common Files\\NewTech Infosystems\\LiveUpdate\\LiveUpdate.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"C:\\Program Files\\MSN Messenger\\livecall.exe"=

"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=

"C:\\Program Files\\Support.com\\BIN\\TGCMD.EXE"=

"C:\\Program Files\\iTunes\\iTunes.exe"=

R3 psdfilter;psdfilter;C:\WINDOWS\system32\Drivers\psdfilter.sys [2006-04-07 20:17]

R3 psdvdisk;psdvdisk;C:\WINDOWS\system32\Drivers\psdvdisk.sys [2006-03-08 17:10]

R3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2006-08-11 17:52]

S3 Arfumftr;USB RF-Mouse filter driver;C:\WINDOWS\system32\DRIVERS\Arfumftr.sys [2004-08-25 17:17]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{34d51782-ac1d-11dc-a3cc-001636a12647}]

\Shell\AutoRun\command - F:\loader.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{656804a4-a16e-11dc-a3bc-001636a12647}]

\Shell\AutoRun\command - F:\PMB_P.exe

*Newly Created Service* - CATCHME

*Newly Created Service* - ENTDRV51

.

Contents of the 'Scheduled Tasks' folder

"2008-04-27 16:30:02 C:\WINDOWS\Tasks\Comprobar actualizaciones de Windows Live Toolbar.job"

- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE

"2008-04-21 12:18:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

.

**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-27 18:55:28

Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-04-27 18:55:56

ComboFix-quarantined-files.txt  2008-04-27 16:55:52

Pre-Run: 29,416,947,712 bytes free

Post-Run: 29,548,445,696 bytes free

180    --- E O F ---    2008-04-13 17:26:05
Este sí esta completo
 

Lestat

Ex- Mod
Miembro
En modo seguro

1.-Abrir el Notepad (Bloc de Notas)

* Ir a INICIO > EJECUTAR >

* Y ahí pones notepad.exe y ACEPTAR

2.-Ahora copia y pega estos archivos dentro del Notepad

KillAll::

File::

F:\loader.exe

F:\PMB_P.exe

Registry::

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{34d51782-ac1d-11dc-a3cc-001636a12647}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{656804a4-a16e-11dc-a3bc-001636a12647}]

3.- Graba este archivo con el nombre CFScript.txt y déjalo en tu escritorio.

4.-A continuación arrastrar y soltar el archivo CFScript.txt dentro del archivo ComboFix.exe como lo muestra la animación de abajo. Esto activara ComboFix nuevamente.

88953cfscriptcreatedbymna3-1.gif


Pega el nuevo report

Un Saludo
 
I

IRH

Guest
NUEVO REPRT
Código:
ComboFix 08-04-26.5 - usuario 2008-04-28  7:52:58.3 - FAT32x86

Microsoft Windows XP Professional  5.1.2600.2.1252.34.1033.18.322 [GMT 2:00]

Running from: C:\Documents and Settings\usuario\Desktop\ComboFix.exe

* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

(((((((((((((((((((((((((   Files Created from 2008-03-28 to 2008-04-28  )))))))))))))))))))))))))))))))

.

2008-04-27 14:10 . 2008-04-27 14:10    1,160    --a------    C:\WINDOWS\mozver.dat

2008-04-27 12:41 . 2008-04-27 12:41    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Yahoo! Companion

2008-04-27 01:51 . 2008-04-27 01:51    <DIR>    d--------    C:\Program Files\SUPERAntiSpyware

2008-04-27 01:51 . 2008-04-27 01:51    <DIR>    d--------    C:\Documents and Settings\usuario\Application Data\SUPERAntiSpyware.com

2008-04-27 01:51 . 2008-04-27 01:51    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

2008-04-27 01:35 . 2008-04-27 01:35    <DIR>    d--------    C:\Program Files\CCleaner

2008-04-27 00:41 . 2008-04-27 00:41    <DIR>    d--------    C:\Program Files\Trend Micro

2008-04-26 18:31 . 1998-06-24 13:00    244,024    --a------    C:\WINDOWS\system32\MSFLXGRD.OCX

2008-04-26 18:31 . 2004-03-09 13:00    132,880    --a------    C:\WINDOWS\system32\MSINET.OCX

2008-04-26 09:04 . 2008-04-26 09:04    <DIR>    d--------    C:\Program Files\Spybot - Search & Destroy

2008-04-26 09:04 . 2008-04-26 09:04    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-04-26 08:46 . 2008-04-26 08:46    0    --a------    C:\WINDOWS\nsreg.dat

2008-04-19 00:05 . 2008-04-19 00:05    <DIR>    d--------    C:\Program Files\iPod

2008-04-17 21:30 . 2008-04-27 22:15    451    --a------    C:\WINDOWS\RENT2007.INI

2008-03-28 23:37 . 2008-03-28 23:37    90,112    --a------    C:\WINDOWS\system32\QuickTimeVR.qtx

2008-03-28 23:37 . 2008-03-28 23:37    57,344    --a------    C:\WINDOWS\system32\QuickTime.qts

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-20 05:22    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Elaborate Bytes

2008-03-20 05:21    ---------    d-----w    C:\Program Files\Elaborate Bytes

2008-03-19 09:47    1,845,248    ----a-w    C:\WINDOWS\system32\win32k.sys

2008-03-19 09:47    1,845,248    ----a-w    C:\WINDOWS\system32\dllcache\win32k.sys

2008-03-15 13:02    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Sony Corporation

2008-03-07 18:14    753,664    --sha-w    C:\Program Files\ehthumbs.db

2008-03-01 16:36    3,591,680    ----a-w    C:\WINDOWS\system32\dllcache\mshtml.dll

2008-02-29 08:55    70,656    ----a-w    C:\WINDOWS\system32\dllcache\ie4uinit.exe

2008-02-29 08:55    625,664    ----a-w    C:\WINDOWS\system32\dllcache\iexplore.exe

2008-02-22 10:00    13,824    ------w    C:\WINDOWS\system32\dllcache\ieudinit.exe

2008-02-20 06:51    282,624    ----a-w    C:\WINDOWS\system32\gdi32.dll

2008-02-20 06:51    282,624    ----a-w    C:\WINDOWS\system32\dllcache\gdi32.dll

2008-02-20 05:32    45,568    ----a-w    C:\WINDOWS\system32\dnsrslvr.dll

2008-02-20 05:32    45,568    ----a-w    C:\WINDOWS\system32\dllcache\dnsrslvr.dll

2008-02-20 05:32    148,992    ----a-w    C:\WINDOWS\system32\dllcache\dnsapi.dll

2008-02-15 05:44    161,792    ----a-w    C:\WINDOWS\system32\dllcache\ieakui.dll

2008-01-29 10:02    107,368    ----a-w    C:\WINDOWS\system32\GEARAspi.dll

2007-11-02 22:03    47,360    ----a-w    C:\Documents and Settings\usuario\Application Data\pcouffin.sys

2006-12-16 18:30    87,608    ----a-w    C:\Documents and Settings\usuario\Application Data\ezpinst.exe

.

(((((((((((((((((((((((((((((   snapshot[arroba]2008-04-27_18.55.41,10   )))))))))))))))))))))))))))))))))))))))))

.

- 2008-04-27 16:12:36    2,048    --s-a-w    C:\WINDOWS\bootstat.dat

+ 2008-04-28 05:47:20    2,048    --s-a-w    C:\WINDOWS\bootstat.dat

+ 2008-04-28 05:48:40    16,384    ----a-w    C:\WINDOWS\Temp\Perflib_Perfdata_e00.dat

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 20:00 15360]

"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 16:21 1449984]

"DrvMon.exe"="C:\WINDOWS\system32\DrvMon.exe" [2004-09-10 03:16 53248]

"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:56 64512]

"LaunchApp"="" []

"RTHDCPL"="RTHDCPL.EXE" [2006-08-16 11:23 16248320 C:\WINDOWS\RTHDCPL.exe]

"SkyTel"="SkyTel.EXE" [2006-08-16 11:21 2879488 C:\WINDOWS\SkyTel.exe]

"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2006-08-16 11:20 53248]

"ntiMUI"="C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2006-05-15 11:15 45056]

"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-07-31 21:02 346112]

"Acer ePresentation HPD"="C:\Acer\Empowering Technology\ePresentation\ePresentation.exe" [2006-07-28 10:40 208896]

"eLockMonitor"="C:\Acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe" [ ]

"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-10 20:00 208952]

"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 20:00 59392]

"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 20:00 455168]

"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 20:00 455168]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-10 20:00 110592 C:\WINDOWS\system32\bthprops.cpl]

"ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-08-30 09:57 442368]

"Boot"="C:\Acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 22:12 579584]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-08-15 20:34 766041]

"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 11:12 90112]

"LManager"="C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" [2006-09-07 19:52 479232]

"snp2std"="C:\WINDOWS\vsnp2std.exe" [2006-08-09 16:18 675840]

"Acer OrbiCam"="C:\WINDOWS\AcerOrbiCam.exe" [2006-10-16 17:36 434176]

"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 14:40 413696]

"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-09-22 08:00 94208]

"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2006-07-25 03:55 131072]

"Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 09:48 147514]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-06-15 12:36 229376]

"WheelMouse"="Amoumain.exe" []

"hcenter"="C:\Program Files\Support.com\bin\tgcmd.exe" [2006-08-13 00:37 1773568]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 20:00 15360]

"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-09-28 02:17 443968]

C:\Documents and Settings\usuario\Start Menu\Programs\Startup\

Herramienta de b£squeda de soportes de Picture Motion Browser.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-12-03 21:19:32 376832]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

Acer Empowering Technology.lnk - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2006-08-03 15:34:04 45056]

Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles

"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoViewOnDrive"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"=

"C:\\Program Files\\Messenger\\MSMSGS.EXE"=

"C:\\Program Files\\eMule\\emule.exe"=

"C:\\Program Files\\BitLord\\BitLord.exe"=

"C:\\Program Files\\Common Files\\NewTech Infosystems\\LiveUpdate\\LiveUpdate.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"C:\\Program Files\\MSN Messenger\\livecall.exe"=

"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=

"C:\\Program Files\\Support.com\\BIN\\TGCMD.EXE"=

"C:\\Program Files\\iTunes\\iTunes.exe"=

R3 psdfilter;psdfilter;C:\WINDOWS\system32\Drivers\psdfilter.sys [2006-04-07 20:17]

R3 psdvdisk;psdvdisk;C:\WINDOWS\system32\Drivers\psdvdisk.sys [2006-03-08 17:10]

R3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2006-08-11 17:52]

S3 Arfumftr;USB RF-Mouse filter driver;C:\WINDOWS\system32\DRIVERS\Arfumftr.sys [2004-08-25 17:17]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{34d51782-ac1d-11dc-a3cc-001636a12647}]

\Shell\AutoRun\command - F:\loader.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{656804a4-a16e-11dc-a3bc-001636a12647}]

\Shell\AutoRun\command - F:\PMB_P.exe

*Newly Created Service* - ENTDRV51

.

Contents of the 'Scheduled Tasks' folder

"2008-04-28 06:30:04 C:\WINDOWS\Tasks\Comprobar actualizaciones de Windows Live Toolbar.job"

- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE

"2008-04-21 12:18:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

.

**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-28 08:30:20

Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-04-28  8:30:49

ComboFix-quarantined-files.txt  2008-04-28 06:30:46

ComboFix2.txt  2008-04-27 16:55:58

Pre-Run: 29,465,214,976 bytes free

Post-Run: 29,471,670,272 bytes free

161    --- E O F ---    2008-04-13 17:26:05
UN SALUDO
 

Lestat

Ex- Mod
Miembro
Y repite los pasos que te indique, no has borrado nada,con el combofix...

Ademas conecta en la unidad F: lo que tuvieras conectado, cuando hiciste el primer Scan con el programa, porque esta infectado

Un Saludo
 
I

IRH

Guest
te puedo asegurar que no tenía nada externo conectado en la unidad f

si os sirve de ayuda llevo como 30 min conectado a internet y no me ha saltado ninguna página, os copio el nuevo log a ver si estoy limpio de una vez.
Código:
[SPOILER][CODE]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:44, on 2008-04-28

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

C:\Acer\Empowering Technology\ePresentation\ePresentation.exe

C:\WINDOWS\system32\rundll32.exe

C:\Acer\Empowering Technology\ePower\ePower_DMC.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE

C:\WINDOWS\vsnp2std.exe

C:\WINDOWS\AcerOrbiCam.exe

C:\Acer\Empowering Technology\eRecovery\eRAgent.exe

C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE

C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE

C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe

C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

C:\Program Files\Mouse\Amoumain.exe

C:\Program Files\Support.com\bin\tgcmd.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe

C:\WINDOWS\system32\DrvMon.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe

C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe

C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe

C:\DOCUME~1\usuario\LOCALS~1\Temp\RtkBtMnt.exe

C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

C:\Program Files\Network Associates\VirusScan\Mcshield.exe

C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe

C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://trucoswindows.net/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R3 - URLSearchHook: Barra Yahoo! con bloqueador de ventanas emergentes - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll

R3 - URLSearchHook: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll

O2 - BHO: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll

O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll

O3 - Toolbar: Barra Yahoo! con bloqueador de ventanas emergentes - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE

O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe

O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe

O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1

O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe

O4 - HKLM\..\Run: [eLockMonitor] C:\Acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe

O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe

O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe

O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"

O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE

O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe

O4 - HKLM\..\Run: [Acer OrbiCam] C:\WINDOWS\AcerOrbiCam.exe

O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe

O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

O4 - HKLM\..\Run: [WheelMouse] Amoumain.exe

O4 - HKLM\..\Run: [hcenter] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

O4 - HKCU\..\Run: [DrvMon.exe] C:\WINDOWS\system32\DrvMon.exe

O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Herramienta de búsqueda de soportes de Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe

O4 - Global Startup: Acer Empowering Technology.lnk = ?

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1165853829531

O16 - DPF: {B785FA3C-1DE9-4D20-8396-613C486FE95E} (AeatCtl Class) - https://www5.aeat.es/es13/h/cactivex.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: eLock Service (eLockService) -   - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Servicio de registro de McAfee (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe

O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

--
[/CODE][/SPOILER]
Saludos
 
C

Caito

Guest
Para estar seguros ejecuta otra vez el Combofix y nos pegas el log de ese programa

Saludos

Caito
 
I

IRH

Guest
ahí va
Código:
ComboFix 08-04-26.5 - usuario 2008-04-29  0:39:40.5 - FAT32x86

Microsoft Windows XP Professional  5.1.2600.2.1252.34.1033.18.498 [GMT 2:00]

Running from: C:\Documents and Settings\usuario\Desktop\ComboFix.exe

* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

(((((((((((((((((((((((((   Files Created from 2008-03-28 to 2008-04-28  )))))))))))))))))))))))))))))))

.

2008-04-28 21:37 . 2008-04-28 21:37    <DIR>    d--------    C:\QUARANTINE

2008-04-27 14:10 . 2008-04-27 14:10    1,160    --a------    C:\WINDOWS\mozver.dat

2008-04-27 12:41 . 2008-04-27 12:41    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Yahoo! Companion

2008-04-27 01:51 . 2008-04-27 01:51    <DIR>    d--------    C:\Program Files\SUPERAntiSpyware

2008-04-27 01:51 . 2008-04-27 01:51    <DIR>    d--------    C:\Documents and Settings\usuario\Application Data\SUPERAntiSpyware.com

2008-04-27 01:51 . 2008-04-27 01:51    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

2008-04-27 01:35 . 2008-04-27 01:35    <DIR>    d--------    C:\Program Files\CCleaner

2008-04-27 00:41 . 2008-04-27 00:41    <DIR>    d--------    C:\Program Files\Trend Micro

2008-04-26 18:31 . 1998-06-24 13:00    244,024    --a------    C:\WINDOWS\system32\MSFLXGRD.OCX

2008-04-26 18:31 . 2004-03-09 13:00    132,880    --a------    C:\WINDOWS\system32\MSINET.OCX

2008-04-26 09:04 . 2008-04-26 09:04    <DIR>    d--------    C:\Program Files\Spybot - Search & Destroy

2008-04-26 09:04 . 2008-04-26 09:04    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-04-26 08:46 . 2008-04-26 08:46    0    --a------    C:\WINDOWS\nsreg.dat

2008-04-19 00:05 . 2008-04-19 00:05    <DIR>    d--------    C:\Program Files\iPod

2008-04-17 21:30 . 2008-04-27 22:15    451    --a------    C:\WINDOWS\RENT2007.INI

2008-03-28 23:37 . 2008-03-28 23:37    90,112    --a------    C:\WINDOWS\system32\QuickTimeVR.qtx

2008-03-28 23:37 . 2008-03-28 23:37    57,344    --a------    C:\WINDOWS\system32\QuickTime.qts

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-20 05:22    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Elaborate Bytes

2008-03-20 05:21    ---------    d-----w    C:\Program Files\Elaborate Bytes

2008-03-19 09:47    1,845,248    ----a-w    C:\WINDOWS\system32\win32k.sys

2008-03-19 09:47    1,845,248    ----a-w    C:\WINDOWS\system32\dllcache\win32k.sys

2008-03-15 13:02    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Sony Corporation

2008-03-07 18:14    753,664    --sha-w    C:\Program Files\ehthumbs.db

2008-03-01 16:36    3,591,680    ----a-w    C:\WINDOWS\system32\dllcache\mshtml.dll

2008-02-29 08:55    70,656    ----a-w    C:\WINDOWS\system32\dllcache\ie4uinit.exe

2008-02-29 08:55    625,664    ----a-w    C:\WINDOWS\system32\dllcache\iexplore.exe

2008-02-22 10:00    13,824    ------w    C:\WINDOWS\system32\dllcache\ieudinit.exe

2008-02-20 06:51    282,624    ----a-w    C:\WINDOWS\system32\gdi32.dll

2008-02-20 06:51    282,624    ----a-w    C:\WINDOWS\system32\dllcache\gdi32.dll

2008-02-20 05:32    45,568    ----a-w    C:\WINDOWS\system32\dnsrslvr.dll

2008-02-20 05:32    45,568    ----a-w    C:\WINDOWS\system32\dllcache\dnsrslvr.dll

2008-02-20 05:32    148,992    ----a-w    C:\WINDOWS\system32\dllcache\dnsapi.dll

2008-02-15 05:44    161,792    ----a-w    C:\WINDOWS\system32\dllcache\ieakui.dll

2008-01-29 10:02    107,368    ----a-w    C:\WINDOWS\system32\GEARAspi.dll

2007-11-02 22:03    47,360    ----a-w    C:\Documents and Settings\usuario\Application Data\pcouffin.sys

2006-12-16 18:30    87,608    ----a-w    C:\Documents and Settings\usuario\Application Data\ezpinst.exe

.

(((((((((((((((((((((((((((((   snapshot[arroba]2008-04-27_18.55.41,10   )))))))))))))))))))))))))))))))))))))))))

.

- 2006-12-11 09:23:40    997,992    ----a-w    C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Access\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Access.dll

+ 2008-04-28 21:19:32    1,000,848    ----a-w    C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Access\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Access.dll

- 2006-12-11 09:23:42    1,100,392    ----a-w    C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Excel\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Excel.dll

+ 2008-04-28 21:18:36    1,103,248    ----a-w    C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Excel\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Excel.dll

- 2006-12-11 09:23:42    141,928    ----a-w    C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Graph\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Graph.dll

+ 2008-04-28 21:18:40    144,784    ----a-w    C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Graph\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Graph.dll

- 2006-12-11 09:29:40    88,776    ----a-w    C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.InfoPath.Xml\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.Xml.dll

+ 2008-04-28 21:19:38    91,488    ----a-w    C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.InfoPath.Xml\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.Xml.dll

- 2006-12-11 11:05:16    101,064    ----a-w    C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.InfoPath\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.dll

+ 2008-04-28 21:19:36    103,776    ----a-w    C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.InfoPath\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.dll

- 2006-12-11 09:23:44    408,176    ----a-w    C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Outlook\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Outlook.dll

+ 2008-04-28 21:19:18    411,024    ----a-w    C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Outlook\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Outlook.dll

- 2006-12-11 09:23:44    35,448    ----a-w    C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.OutlookViewCtl\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.OutlookViewCtl.dll

+ 2008-04-28 21:19:16    38,304    ----a-w    C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.OutlookViewCtl\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.OutlookViewCtl.dll

- 2006-12-11 09:23:42    461,416    ----a-w    C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Owc11\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Owc11.dll

+ 2008-04-28 21:19:20    464,272    ----a-w    C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Owc11\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Owc11.dll

- 2006-12-11 09:23:44    223,856    ----a-w    C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.PowerPoint\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll

+ 2008-04-28 21:19:42    226,712    ----a-w    C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.PowerPoint\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll

- 2006-12-11 09:23:44    211,568    ----a-w    C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Publisher\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Publisher.dll

+ 2008-04-28 21:19:42    214,424    ----a-w    C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Publisher\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Publisher.dll

- 2006-12-11 09:23:42    20,080    ----a-w    C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.SmartTag\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.SmartTag.dll

+ 2008-04-28 21:19:12    22,928    ----a-w    C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.SmartTag\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.SmartTag.dll

- 2006-12-11 09:23:44    662,120    ----a-w    C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Word\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll

+ 2008-04-28 21:19:28    664,968    ----a-w    C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Word\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll

- 2006-12-11 09:23:42    371,296    ----a-w    C:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop.Forms\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.Forms.dll

+ 2008-04-28 21:18:38    374,152    ----a-w    C:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop.Forms\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.Forms.dll

- 2006-12-11 09:23:44    64,088    ----a-w    C:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll

+ 2008-04-28 21:19:28    66,936    ----a-w    C:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll

- 2006-12-11 09:23:44    223,800    ----a-w    C:\WINDOWS\assembly\GAC\office\11.0.0.0__71e9bce111e9429c\OFFICE.DLL

+ 2008-04-28 21:19:14    226,656    ----a-w    C:\WINDOWS\assembly\GAC\office\11.0.0.0__71e9bce111e9429c\OFFICE.DLL

- 2008-04-27 16:12:36    2,048    --s-a-w    C:\WINDOWS\bootstat.dat

+ 2008-04-28 20:30:20    2,048    --s-a-w    C:\WINDOWS\bootstat.dat

+ 2006-12-11 09:23:40    997,992    ----a-r    C:\WINDOWS\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.5614\ACCESS.DLL

+ 2003-07-15 04:57:34    38,968    ----a-r    C:\WINDOWS\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.5614\AUTHZAX.DLL

+ 2003-07-15 04:53:06    94,768    ----a-r    C:\WINDOWS\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.5614\AW.DLL

+ 2003-07-14 20:53:22    46,144    ----a-r    C:\WINDOWS\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.5614\BLNMGRPS.DLL

+ 2003-07-15 04:56:54    14,904    ----a-r    C:\WINDOWS\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.5614\DSITF.DLL

+ 2003-07-15 04:57:14    98,360    ----a-r    C:\WINDOWS\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.5614\DSSM.EXE

+ 2006-12-11 09:23:42    1,100,392    ----a-r    C:\WINDOWS\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.5614\EXCELPIA.DLL

+ 2003-07-15 04:41:44    13,368    ----a-r    C:\WINDOWS\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.5614\FINDER.EXE

+ 2002-10-07 15:49:36    192,573    ----a-r    C:\WINDOWS\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.5614\FORM.DLL

+ 2006-12-11 09:23:42    371,296    ----a-r    C:\WINDOWS\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.5614\FORMSPIA.DLL

+ 2003-07-15 04:40:12    179,768    ----a-r    C:\WINDOWS\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.5614\FPERSON.DLL

+ 2006-12-11 09:23:42    141,928    ----a-r    C:\WINDOWS\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.5614\GRAPHPIA.DLL

+ 2003-07-15 04:45:14    58,944    ----a-r    C:\WINDOWS\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.5614\INLAUNCH.DLL

+ 2003-06-18 23:31:10    252,928    ----a-r    C:\WINDOWS\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.5614\MDIINK.DLL

+ 2003-07-15 04:57:14    124,480    ----a-r    C:\WINDOWS\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.5614\MSB1CORE.DLL

+ 2003-07-15 05:12:22    47,872    ----a-r    C:\WINDOWS\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.5614\MSB1XTOR.DLL

+ 2003-07-15 04:56:14    40,504    ----a-r    C:\WINDOWS\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.5614\MSE7.EXE

+ 2003-07-15 04:51:44    87,104    ----a-r    C:\WINDOWS\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.5614\MSENCODE.DLL

+ 2003-07-15 04:52:52    17,464    ----a-r    C:\WINDOWS\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.5614\MSMH.DLL

+ 2003-07-14 20:57:16    120,888    ----a-r    C:\WINDOWS\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.5614\MSOAUTH.DLL

+ 2003-07-15 04:52:52    27,704    ----a-r    C:\WINDOWS\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.5614\MSODCW.DLL

+ 2003-07-15 04:52:56    55,360    ----a-r    C:\WINDOWS\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.5614\MSOHTMED.EXE

+ 2003-07-15 04:56:16    54,328    ----a-r    C:\WINDOWS\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.5614\MSOMSE.DLL

+ 2003-07-11 08:15:48    1,292,872    ----a-r    C:\WINDOWS\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.5614\MSONSEXT.DLL

+ 2003-07-15 09:18:52    376,888    ----a-r    C:\WINDOWS\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.5614\MSORUN.DLL

+ 2003-07-14 20:52:54    28,224    ----a-r    C:\WINDOWS\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.5614\MSOSTYLE.DLL

+ 2003-07-15 04:52:52    35,896    ----a-r    C:\WINDOWS\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.5614\MSOSV.DLL

+ 2003-07-15 04:53:00    55,872    ----a-r    C:\WINDOWS\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.5614\MSOSVABW.DLL

+ 2003-07-15 04:53:20    39,488    ----a-r    C:\WINDOWS\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.5614\MSOSVFBR.DLL

+ 2003-07-15 04:46:16    42,040    ----a-r    C:\WINDOWS\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.5614\MSOXEV.DLL

+ 2003-07-15 04:45:12    55,360    ----a-r    C:\WINDOWS\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.5614\MSOXMLED.EXE

+ 2003-07-15 04:45:12    39,488    ----a-r    C:\WINDOWS\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.5614\MSOXMLMF.DLL

+ 2003-06-18 23:31:54    788,480    ----a-r    C:\WINDOWS\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.5614\MSPFILT.DLL

+ 2003-06-18 23:31:50    16,384    ----a-r    C:\WINDOWS\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.5614\MSPGIMME.DLL

+ 2003-06-19 22:05:52    128,104    ----a-r    C:\WINDOWS\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.5614\MSPSCAN.EXE

+ 2003-06-19 22:05:50    364,648    ----a-r    C:\WINDOWS\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.5614\MSPVIEW.EXE

+ 2003-07-15 05:02:42    637,496    ----a-r    C:\WINDOWS\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.5614\MSQRY32.EXE

+ 2003-07-15 04:52:58    41,528    ----a-r    C:\WINDOWS\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.5614\MSSH.DLL

+ 2006-12-11 09:23:42    20,080    ----a-r    C:\WINDOWS\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.5614\MSTAGPIA.DLL

+ 2003-07-15 05:00:54    145,984    ----a-r    C:\WINDOWS\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.5614\MSWEBCAP.DLL

+ 2003-07-15 04:57:10    56,888    ----a-r    C:\WINDOWS\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.5614\NAME.DLL

+ 2003-07-15 04:56:52    13,888    ----a-r    C:\WINDOWS\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.5614\NPOFFICE.DLL

+ 2003-06-18 23:31:58    6,144    ----a-r    C:\WINDOWS\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.5614\OCRPS.DLL

+ 2006-12-11 09:23:44    223,800    ----a-r    C:\WINDOWS\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.5614\OFFICE.DLL

+ 2003-07-15 09:14:26    242,240    ----a-r    C:\WINDOWS\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.5614\OISGRAPH.DLL

+ 2006-12-11 09:23:44    35,448    ----a-r    C:\WINDOWS\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.5614\OLCTLPIA.DLL

+ 2003-07-15 05:05:24    1,054,264    ----a-r    C:\WINDOWS\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.5614\OMFC.DLL

+ 2003-07-15 05:05:24    1,054,264    ----a-r    C:\WINDOWS\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.5614\OMFC.DLL_0002

+ 2003-07-15 04:44:34    102,968    ----a-r    C:\WINDOWS\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.5614\OUTLCTL.DLL

+ 2006-12-11 09:23:44    408,176    ----a-r    C:\WINDOWS\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.5614\OUTLPIA.DLL

+ 2003-07-15 04:43:16    49,208    ----a-r    C:\WINDOWS\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.5614\OUTLWAB.DLL

+ 2006-12-11 09:23:42    461,416    ----a-r    C:\WINDOWS\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.5614\OWC11PIA.DLL

+ 2003-07-15 09:18:44    93,752    ----a-r    C:\WINDOWS\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.5614\PP7X32.DLL

+ 2006-12-11 09:23:44    223,856    ----a-r    C:\WINDOWS\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.5614\PPTPIA.DLL

+ 2002-10-07 16:11:00    167,997    ----a-r    C:\WINDOWS\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.5614\PSOM.DLL

+ 2006-12-11 09:23:44    211,568    ----a-r    C:\WINDOWS\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.5614\PUBPIA.DLL

+ 2003-07-15 04:40:16    51,256    ----a-r    C:\WINDOWS\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.5614\PUBTRAP.DLL

+ 2003-05-09 03:54:00    77,824    ----a-r    C:\WINDOWS\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.5614\REFEDIT.DLL

+ 2003-07-15 04:57:08    40,512    ----a-r    C:\WINDOWS\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.5614\REFIEBAR.DLL

+ 2002-10-07 15:49:42    81,984    ----a-r    C:\WINDOWS\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.5614\REVERSE.DLL

+ 2003-07-21 17:46:38    390,712    ----a-r    C:\WINDOWS\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.5614\RTFHTML.DLL

+ 2003-07-15 04:57:18    349,248    ----a-r    C:\WINDOWS\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.5614\SELFCERT.EXE

+ 2003-07-15 04:44:16    66,616    ----a-r    C:\WINDOWS\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.5614\SENDTO.DLL

+ 2003-07-14 20:57:08    58,944    ----a-r    C:\WINDOWS\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.5614\SEQCHK10.DLL

+ 2003-07-15 04:53:14    11,848    ----a-r    C:\WINDOWS\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.5614\SMARTTAGINSTALL.EXE

+ 2002-10-07 15:53:04    106,561    ----a-r    C:\WINDOWS\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.5614\THOCRAPI.DLL

+ 2002-10-07 15:50:44    241,729    ----a-r    C:\WINDOWS\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.5614\TWCUTCHR.DLL

+ 2002-10-07 15:51:04    180,289    ----a-r    C:\WINDOWS\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.5614\TWCUTLIN.DLL

+ 2002-10-07 15:51:14    147,520    ----a-r    C:\WINDOWS\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.5614\TWLAY32.DLL

+ 2002-10-07 15:51:20    102,467    ----a-r    C:\WINDOWS\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.5614\TWORIENT.DLL

+ 2002-10-07 15:50:04    118,847    ----a-r    C:\WINDOWS\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.5614\TWRECE.DLL

+ 2002-10-07 15:49:56    81,983    ----a-r    C:\WINDOWS\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.5614\TWRECS.DLL

+ 2002-10-07 15:51:44    221,252    ----a-r    C:\WINDOWS\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.5614\TWSTRUCT.DLL

+ 2003-07-15 04:57:40    59,960    ----a-r    C:\WINDOWS\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.5614\UNBIND.EXE

+ 2006-12-11 09:23:44    64,088    ----a-r    C:\WINDOWS\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.5614\VBIDEPIA.DLL

+ 2006-12-11 09:23:44    662,120    ----a-r    C:\WINDOWS\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.5614\WORDPIA.DLL

+ 2002-10-07 16:03:34    1,794,113    ----a-r    C:\WINDOWS\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.5614\XIMAGE3B.DLL

+ 2003-04-30 17:52:32    1,581,120    ----a-r    C:\WINDOWS\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.5614\XPAGE3C.DLL

+ 2003-01-17 20:03:34    59,466    ----a-r    C:\WINDOWS\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.5614\XSCAN32.DAT

+ 2001-06-05 14:13:22    289,926    ----a-r    C:\WINDOWS\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.8173\ENGDIC.DAT

+ 2001-06-05 14:13:22    34,168    ----a-r    C:\WINDOWS\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.8173\ENGIDX.DAT

+ 2001-06-05 14:13:24    18,844    ----a-r    C:\WINDOWS\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.8173\JFONT.DAT

+ 2001-06-05 14:13:26    65,536    ----a-r    C:\WINDOWS\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.8173\LOOKUP.DAT

+ 2005-02-03 23:59:20    346,840    ----a-r    C:\WINDOWS\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.8173\METCONV.DLL

+ 2005-05-04 06:06:28    465,640    ----a-r    C:\WINDOWS\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.8173\MSDMENG.DLL

+ 2005-05-04 06:06:30    1,411,816    ----a-r    C:\WINDOWS\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.8173\MSDMINE.DLL

+ 2005-05-04 06:06:24    199,408    ----a-r    C:\WINDOWS\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.8173\MSMDUN80.DLL

+ 2001-10-23 06:13:42    53,260    ----a-r    C:\WINDOWS\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.8173\OCRHC.DAT

+ 2001-06-05 14:13:26    40,972    ----a-r    C:\WINDOWS\Installer\$PatchCache$\Managed\A0C0110900063D11C8EF10054038389C\11.0.8173\OCRVC.DAT

- 2008-04-09 14:15:50    593,920    ----a-r    C:\WINDOWS\Installer\{90110C0A-6000-11D3-8CFE-0150048383C9}\accicons.exe

+ 2008-04-28 21:19:54    593,920    ----a-r    C:\WINDOWS\Installer\{90110C0A-6000-11D3-8CFE-0150048383C9}\accicons.exe

- 2008-04-09 14:15:50    12,288    ----a-r    C:\WINDOWS\Installer\{90110C0A-6000-11D3-8CFE-0150048383C9}\cagicon.exe

+ 2008-04-28 21:19:54    12,288    ----a-r    C:\WINDOWS\Installer\{90110C0A-6000-11D3-8CFE-0150048383C9}\cagicon.exe

- 2008-04-09 14:15:50    86,016    ----a-r    C:\WINDOWS\Installer\{90110C0A-6000-11D3-8CFE-0150048383C9}\inficon.exe

+ 2008-04-28 21:19:54    86,016    ----a-r    C:\WINDOWS\Installer\{90110C0A-6000-11D3-8CFE-0150048383C9}\inficon.exe

- 2008-04-09 14:15:50    135,168    ----a-r    C:\WINDOWS\Installer\{90110C0A-6000-11D3-8CFE-0150048383C9}\misc.exe

+ 2008-04-28 21:19:54    135,168    ----a-r    C:\WINDOWS\Installer\{90110C0A-6000-11D3-8CFE-0150048383C9}\misc.exe

- 2008-04-09 14:15:50    11,264    ----a-r    C:\WINDOWS\Installer\{90110C0A-6000-11D3-8CFE-0150048383C9}\mspicons.exe

+ 2008-04-28 21:19:54    11,264    ----a-r    C:\WINDOWS\Installer\{90110C0A-6000-11D3-8CFE-0150048383C9}\mspicons.exe

- 2008-04-09 14:15:50    27,136    ----a-r    C:\WINDOWS\Installer\{90110C0A-6000-11D3-8CFE-0150048383C9}\oisicon.exe

+ 2008-04-28 21:19:54    27,136    ----a-r    C:\WINDOWS\Installer\{90110C0A-6000-11D3-8CFE-0150048383C9}\oisicon.exe

- 2008-04-09 14:15:50    4,096    ----a-r    C:\WINDOWS\Installer\{90110C0A-6000-11D3-8CFE-0150048383C9}\opwicon.exe

+ 2008-04-28 21:19:54    4,096    ----a-r    C:\WINDOWS\Installer\{90110C0A-6000-11D3-8CFE-0150048383C9}\opwicon.exe

- 2008-04-09 14:15:50    794,624    ----a-r    C:\WINDOWS\Installer\{90110C0A-6000-11D3-8CFE-0150048383C9}\outicon.exe

+ 2008-04-28 21:19:54    794,624    ----a-r    C:\WINDOWS\Installer\{90110C0A-6000-11D3-8CFE-0150048383C9}\outicon.exe

- 2008-04-09 14:15:50    249,856    ----a-r    C:\WINDOWS\Installer\{90110C0A-6000-11D3-8CFE-0150048383C9}\pptico.exe

+ 2008-04-28 21:19:54    249,856    ----a-r    C:\WINDOWS\Installer\{90110C0A-6000-11D3-8CFE-0150048383C9}\pptico.exe

- 2008-04-09 14:15:50    61,440    ----a-r    C:\WINDOWS\Installer\{90110C0A-6000-11D3-8CFE-0150048383C9}\pubs.exe

+ 2008-04-28 21:19:54    61,440    ----a-r    C:\WINDOWS\Installer\{90110C0A-6000-11D3-8CFE-0150048383C9}\pubs.exe

- 2008-04-09 14:15:50    23,040    ----a-r    C:\WINDOWS\Installer\{90110C0A-6000-11D3-8CFE-0150048383C9}\unbndico.exe

+ 2008-04-28 21:19:54    23,040    ----a-r    C:\WINDOWS\Installer\{90110C0A-6000-11D3-8CFE-0150048383C9}\unbndico.exe

- 2008-04-09 14:15:50    286,720    ----a-r    C:\WINDOWS\Installer\{90110C0A-6000-11D3-8CFE-0150048383C9}\wordicon.exe

+ 2008-04-28 21:19:54    286,720    ----a-r    C:\WINDOWS\Installer\{90110C0A-6000-11D3-8CFE-0150048383C9}\wordicon.exe

- 2008-04-09 14:15:50    409,600    ----a-r    C:\WINDOWS\Installer\{90110C0A-6000-11D3-8CFE-0150048383C9}\xlicons.exe

+ 2008-04-28 21:19:54    409,600    ----a-r    C:\WINDOWS\Installer\{90110C0A-6000-11D3-8CFE-0150048383C9}\xlicons.exe

- 2005-03-17 20:39:56    1,146,320    ----a-w    C:\WINDOWS\system32\FM20.DLL

+ 2007-06-06 08:53:34    1,195,888    ----a-w    C:\WINDOWS\system32\FM20.DLL

+ 2007-03-22 17:17:04    35,440    ----a-w    C:\WINDOWS\system32\FM20ENU.DLL

- 2003-08-08 13:45:28    41,616    ----a-w    C:\WINDOWS\system32\FM20ESN.DLL

+ 2007-04-05 08:26:12    47,328    ----a-w    C:\WINDOWS\system32\FM20ESN.DLL

- 2004-03-22 13:17:04    765,680    ----a-w    C:\WINDOWS\system32\spool\drivers\w32x86\3\mdigraph.dll

+ 2007-04-09 11:24:04    758,664    ----a-w    C:\WINDOWS\system32\spool\drivers\w32x86\3\mdigraph.dll

- 2004-03-22 13:17:10    42,224    ----a-w    C:\WINDOWS\system32\spool\drivers\w32x86\3\mdiui.dll

+ 2007-04-09 11:23:58    46,472    ----a-w    C:\WINDOWS\system32\spool\drivers\w32x86\3\mdiui.dll

- 2004-03-22 13:17:04    765,680    ----a-w    C:\WINDOWS\system32\spool\drivers\w32x86\mdigraph.dll

+ 2007-04-09 11:24:04    758,664    ----a-w    C:\WINDOWS\system32\spool\drivers\w32x86\mdigraph.dll

- 2004-03-22 13:17:10    42,224    ----a-w    C:\WINDOWS\system32\spool\drivers\w32x86\mdiui.dll

+ 2007-04-09 11:23:58    46,472    ----a-w    C:\WINDOWS\system32\spool\drivers\w32x86\mdiui.dll

+ 2008-04-28 20:31:20    16,384    ----a-w    C:\WINDOWS\Temp\Perflib_Perfdata_e94.dat

.

-- Snapshot reset to current date --

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 20:00 15360]

"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 16:21 1449984]

"DrvMon.exe"="C:\WINDOWS\system32\DrvMon.exe" [2004-09-10 03:16 53248]

"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:56 64512]

"LaunchApp"="" []

"RTHDCPL"="RTHDCPL.EXE" [2006-08-16 11:23 16248320 C:\WINDOWS\RTHDCPL.exe]

"SkyTel"="SkyTel.EXE" [2006-08-16 11:21 2879488 C:\WINDOWS\SkyTel.exe]

"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2006-08-16 11:20 53248]

"ntiMUI"="C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2006-05-15 11:15 45056]

"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-07-31 21:02 346112]

"Acer ePresentation HPD"="C:\Acer\Empowering Technology\ePresentation\ePresentation.exe" [2006-07-28 10:40 208896]

"eLockMonitor"="C:\Acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe" [ ]

"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-10 20:00 208952]

"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 20:00 59392]

"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 20:00 455168]

"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 20:00 455168]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-10 20:00 110592 C:\WINDOWS\system32\bthprops.cpl]

"ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-08-30 09:57 442368]

"Boot"="C:\Acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 22:12 579584]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-08-15 20:34 766041]

"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 11:12 90112]

"LManager"="C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" [2006-09-07 19:52 479232]

"snp2std"="C:\WINDOWS\vsnp2std.exe" [2006-08-09 16:18 675840]

"Acer OrbiCam"="C:\WINDOWS\AcerOrbiCam.exe" [2006-10-16 17:36 434176]

"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 14:40 413696]

"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-09-22 08:00 94208]

"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2006-07-25 03:55 131072]

"Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 09:48 147514]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-06-15 12:36 229376]

"WheelMouse"="Amoumain.exe" []

"hcenter"="C:\Program Files\Support.com\bin\tgcmd.exe" [2006-08-13 00:37 1773568]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 20:00 15360]

"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-09-28 02:17 443968]

C:\Documents and Settings\usuario\Start Menu\Programs\Startup\

Herramienta de b£squeda de soportes de Picture Motion Browser.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-12-03 21:19:32 376832]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

Acer Empowering Technology.lnk - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2006-08-03 15:34:04 45056]

Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles

"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoViewOnDrive"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"=

"C:\\Program Files\\Messenger\\MSMSGS.EXE"=

"C:\\Program Files\\eMule\\emule.exe"=

"C:\\Program Files\\BitLord\\BitLord.exe"=

"C:\\Program Files\\Common Files\\NewTech Infosystems\\LiveUpdate\\LiveUpdate.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"C:\\Program Files\\MSN Messenger\\livecall.exe"=

"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=

"C:\\Program Files\\Support.com\\BIN\\TGCMD.EXE"=

"C:\\Program Files\\iTunes\\iTunes.exe"=

R3 psdfilter;psdfilter;C:\WINDOWS\system32\Drivers\psdfilter.sys [2006-04-07 20:17]

R3 psdvdisk;psdvdisk;C:\WINDOWS\system32\Drivers\psdvdisk.sys [2006-03-08 17:10]

R3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2006-08-11 17:52]

S3 Arfumftr;USB RF-Mouse filter driver;C:\WINDOWS\system32\DRIVERS\Arfumftr.sys [2004-08-25 17:17]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{34d51782-ac1d-11dc-a3cc-001636a12647}]

\Shell\AutoRun\command - F:\loader.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{656804a4-a16e-11dc-a3bc-001636a12647}]

\Shell\AutoRun\command - F:\PMB_P.exe

*Newly Created Service* - CATCHME

.

Contents of the 'Scheduled Tasks' folder

"2008-04-28 22:30:02 C:\WINDOWS\Tasks\Comprobar actualizaciones de Windows Live Toolbar.job"

- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE

"2008-04-28 12:18:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

.

**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-29 00:41:42

Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-04-29  0:42:10

ComboFix-quarantined-files.txt  2008-04-28 22:42:06

ComboFix4.txt  2008-04-27 16:55:58

ComboFix3.txt  2008-04-28 06:30:52

ComboFix2.txt  2008-04-28 20:08:24

Pre-Run: 29,820,420,096 bytes free

Post-Run: 29,826,744,320 bytes free

322    --- E O F ---    2008-04-13 17:26:05
Saludos
 
C

Caito

Guest
Haz otra vez esto:

En modo seguro

1.-Abrir el Notepad (Bloc de Notas)

* Ir a INICIO > EJECUTAR >

* Y ahí pones notepad.exe y ACEPTAR

2.-Ahora copia y pega estos archivos dentro del Notepad

Código:
KillAll::

File::

F:\loader.exe

F:\PMB_P.exe

Registry::

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{34d51782-ac1d-11dc-a3cc-001636a12647}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{656804a4-a16e-11dc-a3bc-001636a12647}]
3.- Graba este archivo con el nombre CFScript.txt y déjalo en tu escritorio.

4.-A continuación arrastrar y soltar el archivo CFScript.txt dentro del archivo ComboFix.exe como lo muestra la animación de abajo. Esto activara ComboFix nuevamente.

Pega el nuevo report

Saludos Caito
 
I

IRH

Guest
te comento, al hacer lo que me dices se me queda la pantalla de autoscan con el siguiente texto:
Scaning for infected files...
This typically doesn´t take more than 10 minutes
However, scan times for badly infected machines may easily double
y así se queda horas sin hacer más.
¿Que hago?
Saludos
 

Lestat

Ex- Mod
Miembro
Descarga RegASSASSIN, haces doble click sobre el y le das estas rutas:

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{656804a4-a16e-11dc-a3bc-001636a12647}

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{34d51782-ac1d-11dc-a3cc-001636a12647}


Reinicias y sacas otro report del combo fix

Un Saludo
 
I

IRH

Guest
Código:
ComboFix 08-04-26.5 - usuario 2008-04-30 21:04:17.7 - FAT32x86

Microsoft Windows XP Professional  5.1.2600.2.1252.34.1033.18.303 [GMT 2:00]

Running from: C:\Documents and Settings\usuario\Desktop\ComboFix.exe

* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

(((((((((((((((((((((((((   Files Created from 2008-03-28 to 2008-04-30  )))))))))))))))))))))))))))))))

.

2008-04-28 21:37 . 2008-04-28 21:37    <DIR>    d--------    C:\QUARANTINE

2008-04-27 14:10 . 2008-04-27 14:10    1,160    --a------    C:\WINDOWS\mozver.dat

2008-04-27 12:41 . 2008-04-27 12:41    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Yahoo! Companion

2008-04-27 01:51 . 2008-04-27 01:51    <DIR>    d--------    C:\Program Files\SUPERAntiSpyware

2008-04-27 01:51 . 2008-04-27 01:51    <DIR>    d--------    C:\Documents and Settings\usuario\Application Data\SUPERAntiSpyware.com

2008-04-27 01:51 . 2008-04-27 01:51    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

2008-04-27 01:35 . 2008-04-27 01:35    <DIR>    d--------    C:\Program Files\CCleaner

2008-04-27 00:41 . 2008-04-27 00:41    <DIR>    d--------    C:\Program Files\Trend Micro

2008-04-26 18:31 . 1998-06-24 13:00    244,024    --a------    C:\WINDOWS\system32\MSFLXGRD.OCX

2008-04-26 18:31 . 2004-03-09 13:00    132,880    --a------    C:\WINDOWS\system32\MSINET.OCX

2008-04-26 09:04 . 2008-04-26 09:04    <DIR>    d--------    C:\Program Files\Spybot - Search & Destroy

2008-04-26 09:04 . 2008-04-26 09:04    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-04-26 08:46 . 2008-04-26 08:46    0    --a------    C:\WINDOWS\nsreg.dat

2008-04-19 00:05 . 2008-04-19 00:05    <DIR>    d--------    C:\Program Files\iPod

2008-04-17 21:30 . 2008-04-27 22:15    451    --a------    C:\WINDOWS\RENT2007.INI

2008-03-28 23:37 . 2008-03-28 23:37    90,112    --a------    C:\WINDOWS\system32\QuickTimeVR.qtx

2008-03-28 23:37 . 2008-03-28 23:37    57,344    --a------    C:\WINDOWS\system32\QuickTime.qts

2008-03-27 11:09 . 2008-03-27 11:09    468    --a------    C:\WINDOWS\ss_uninstall.bat

2008-03-24 07:45 . 2008-03-24 07:45    <DIR>    d--------    C:\Documents and Settings\usuario\WINDOWS

2008-03-20 07:22 . 2008-03-20 07:22    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Elaborate Bytes

2008-03-20 07:22 . 2008-03-24 14:48    85    ---hs----    C:\Documents and Settings\All Users\Application Data\.zreglib

2008-03-20 07:22 . 2008-03-20 07:22    48    ---hs----    C:\WINDOWS\S2FE876DF.tmp

2008-03-20 07:21 . 2008-03-20 07:21    <DIR>    d--------    C:\Program Files\Elaborate Bytes

2008-03-15 15:02 . 2008-03-15 15:02    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Sony Corporation

2008-03-07 20:13 . 2008-04-05 09:48    1,004,032    --ahs----    C:\ehthumbs.db

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-19 09:47    1,845,248    ----a-w    C:\WINDOWS\system32\win32k.sys

2008-03-19 09:47    1,845,248    ----a-w    C:\WINDOWS\system32\dllcache\win32k.sys

2008-03-07 18:14    753,664    --sha-w    C:\Program Files\ehthumbs.db

2008-03-01 16:36    3,591,680    ----a-w    C:\WINDOWS\system32\dllcache\mshtml.dll

2008-02-29 08:55    70,656    ----a-w    C:\WINDOWS\system32\dllcache\ie4uinit.exe

2008-02-29 08:55    625,664    ----a-w    C:\WINDOWS\system32\dllcache\iexplore.exe

2008-02-22 10:00    13,824    ------w    C:\WINDOWS\system32\dllcache\ieudinit.exe

2008-02-20 06:51    282,624    ----a-w    C:\WINDOWS\system32\gdi32.dll

2008-02-20 06:51    282,624    ----a-w    C:\WINDOWS\system32\dllcache\gdi32.dll

2008-02-20 05:32    45,568    ----a-w    C:\WINDOWS\system32\dnsrslvr.dll

2008-02-20 05:32    45,568    ----a-w    C:\WINDOWS\system32\dllcache\dnsrslvr.dll

2008-02-20 05:32    148,992    ----a-w    C:\WINDOWS\system32\dllcache\dnsapi.dll

2008-02-15 05:44    161,792    ----a-w    C:\WINDOWS\system32\dllcache\ieakui.dll

2008-01-29 10:02    107,368    ----a-w    C:\WINDOWS\system32\GEARAspi.dll

2007-11-02 22:03    47,360    ----a-w    C:\Documents and Settings\usuario\Application Data\pcouffin.sys

2006-12-16 18:30    87,608    ----a-w    C:\Documents and Settings\usuario\Application Data\ezpinst.exe

.

(((((((((((((((((((((((((((((   snapshot_2008-04-29_ 0.41.55.26   )))))))))))))))))))))))))))))))))))))))))

.

- 2008-04-28 20:30:20    2,048    --s-a-w    C:\WINDOWS\bootstat.dat

+ 2008-04-30 19:01:16    2,048    --s-a-w    C:\WINDOWS\bootstat.dat

- 2008-04-09 14:24:22    324,320    ----a-w    C:\WINDOWS\system32\FNTCACHE.DAT

+ 2008-04-29 12:33:14    324,320    ----a-w    C:\WINDOWS\system32\FNTCACHE.DAT

+ 2008-04-30 19:02:46    16,384    ----a-w    C:\WINDOWS\Temp\Perflib_Perfdata_994.dat

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 20:00 15360]

"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 16:21 1449984]

"DrvMon.exe"="C:\WINDOWS\system32\DrvMon.exe" [2004-09-10 03:16 53248]

"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:56 64512]

"LaunchApp"="" []

"RTHDCPL"="RTHDCPL.EXE" [2006-08-16 11:23 16248320 C:\WINDOWS\RTHDCPL.exe]

"SkyTel"="SkyTel.EXE" [2006-08-16 11:21 2879488 C:\WINDOWS\SkyTel.exe]

"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2006-08-16 11:20 53248]

"ntiMUI"="C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2006-05-15 11:15 45056]

"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-07-31 21:02 346112]

"Acer ePresentation HPD"="C:\Acer\Empowering Technology\ePresentation\ePresentation.exe" [2006-07-28 10:40 208896]

"eLockMonitor"="C:\Acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe" [ ]

"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-10 20:00 208952]

"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 20:00 59392]

"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 20:00 455168]

"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 20:00 455168]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-10 20:00 110592 C:\WINDOWS\system32\bthprops.cpl]

"ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-08-30 09:57 442368]

"Boot"="C:\Acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 22:12 579584]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-08-15 20:34 766041]

"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 11:12 90112]

"LManager"="C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" [2006-09-07 19:52 479232]

"snp2std"="C:\WINDOWS\vsnp2std.exe" [2006-08-09 16:18 675840]

"Acer OrbiCam"="C:\WINDOWS\AcerOrbiCam.exe" [2006-10-16 17:36 434176]

"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 14:40 413696]

"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-09-22 08:00 94208]

"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2006-07-25 03:55 131072]

"Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 09:48 147514]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-06-15 12:36 229376]

"WheelMouse"="Amoumain.exe" []

"hcenter"="C:\Program Files\Support.com\bin\tgcmd.exe" [2006-08-13 00:37 1773568]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 20:00 15360]

"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-09-28 02:17 443968]

C:\Documents and Settings\usuario\Start Menu\Programs\Startup\

Herramienta de b£squeda de soportes de Picture Motion Browser.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-12-03 21:19:32 376832]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

Acer Empowering Technology.lnk - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2006-08-03 15:34:04 45056]

Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles

"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoViewOnDrive"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"=

"C:\\Program Files\\Messenger\\MSMSGS.EXE"=

"C:\\Program Files\\eMule\\emule.exe"=

"C:\\Program Files\\BitLord\\BitLord.exe"=

"C:\\Program Files\\Common Files\\NewTech Infosystems\\LiveUpdate\\LiveUpdate.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"C:\\Program Files\\MSN Messenger\\livecall.exe"=

"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=

"C:\\Program Files\\Support.com\\BIN\\TGCMD.EXE"=

"C:\\Program Files\\iTunes\\iTunes.exe"=

R3 psdfilter;psdfilter;C:\WINDOWS\system32\Drivers\psdfilter.sys [2006-04-07 20:17]

R3 psdvdisk;psdvdisk;C:\WINDOWS\system32\Drivers\psdvdisk.sys [2006-03-08 17:10]

R3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2006-08-11 17:52]

S3 Arfumftr;USB RF-Mouse filter driver;C:\WINDOWS\system32\DRIVERS\Arfumftr.sys [2004-08-25 17:17]

*Newly Created Service* - CATCHME

.

Contents of the 'Scheduled Tasks' folder

"2008-04-30 18:30:02 C:\WINDOWS\Tasks\Comprobar actualizaciones de Windows Live Toolbar.job"

- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE

"2008-04-28 12:18:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

.

**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-30 21:06:29

Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-04-30 21:06:59

ComboFix-quarantined-files.txt  2008-04-30 19:06:56

ComboFix5.txt  2008-04-28 06:30:52

ComboFix4.txt  2008-04-28 20:08:24

ComboFix3.txt  2008-04-28 22:42:12

ComboFix2.txt  2008-04-29 22:10:34

Pre-Run: 28,379,316,224 bytes free

Post-Run: 28,365,783,040 bytes free

166    --- E O F ---    2008-04-30 01:01:09
COMO ESTÁ AHORA?
 

Lestat

Ex- Mod
Miembro
Limpio, vamos no veo nada raro ¿Y tu pc?

Un Saludo

Ademas, Desfragmenta el disco, libera espacio en la unidad, limpia temporales y el registro de Windows con el CCleaner y Tune Up 2007, ademas saca aplicaciones del inicio del mismo.
 
Estado
Cerrado para nuevas respuestas.
Arriba Pie