Tech Support Forum - View Single Post

aloholoh · 07-29-2006, 09:23 AM

ok new reports - the mljjh file was not there after the Vundofix - the hkey_local...DP112 file was not there either, but I continued on with the instructions.

logs below

mitFraudFix v2.76

Scan done at 15:50:16.39, Sat 29/07/2006
Run from C:\Documents and Settings\user\Escritorio\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Versi¢n 5.1.2600] - Windows_NT
Fix ran in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{7916f057-223f-4612-ac84-e882cbe043d4}"="bals"

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

Saturday, July 29, 2006 5:08:09 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 29/07/2006
Kaspersky Anti-Virus database records: 210696
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
C:\
D:\
E:\
G:\
H:\
I:\
J:\
Scan Statistics
Total number of scanned objects 46877
Number of viruses found 3
Number of infected objects 3 / 0
Number of suspicious objects 5
Duration of the scan process 00:56:31

Infected Object Name Virus Name Last Action
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{083539B9-2C3F-48AC-AAEE-BD894686FD54}.bin Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\Microsoft\Windows Defender\Support\WDLog-04152006-183921.log Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Historial\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\user\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\user\Configuración local\Temp\~my2.tmp Object is locked skipped
C:\Documents and Settings\user\Configuración local\Temp\sqlite_04HWn3wy6iMMnFd Object is locked skipped
C:\Documents and Settings\user\Configuración local\Temp\~DFB817.tmp Object is locked skipped
C:\Documents and Settings\user\Configuración local\Temp\sqlite_KrkmofsJKOiNbQP Object is locked skipped
C:\Documents and Settings\user\Configuración local\Temp\sqlite_KDwKwcetBdv4VKE Object is locked skipped
C:\Documents and Settings\user\Configuración local\Temp\sqlite_6xvsNoWb0ae7Ycy Object is locked skipped
C:\Documents and Settings\user\Configuración local\Temp\Perflib_Perfdata_788.dat Object is locked skipped
C:\Documents and Settings\user\Configuración local\Historial\History.IE5\MSHist012006072920060730\index.dat Object is locked skipped
C:\Documents and Settings\user\Configuración local\Historial\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\user\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\user\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\user\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\user\Configuración local\Datos de programa\Identities\{423B6B9D-E224-4B6A-B6AF-CD3EB3C82066}\Microsoft\Outlook Express\Elementos eliminados.dbx/[From ][Date Thu, 29 Dec 2005 09:51:41 +0100]/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\user\Configuración local\Datos de programa\Identities\{423B6B9D-E224-4B6A-B6AF-CD3EB3C82066}\Microsoft\Outlook Express\Elementos eliminados.dbx/[From publicitat@ebredigital.com][Date Thu, 29 Dec 2005 11:00:34 +0100]/UNNAMED/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\user\Configuración local\Datos de programa\Identities\{423B6B9D-E224-4B6A-B6AF-CD3EB3C82066}\Microsoft\Outlook Express\Elementos eliminados.dbx/[From publicitat@ebredigital.com][Date Thu, 29 Dec 2005 11:00:34 +0100]/UNNAMED/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\user\Configuración local\Datos de programa\Identities\{423B6B9D-E224-4B6A-B6AF-CD3EB3C82066}\Microsoft\Outlook Express\Elementos eliminados.dbx/[From publicitat@ebredigital.com][Date Thu, 29 Dec 2005 11:00:34 +0100]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\user\Configuración local\Datos de programa\Identities\{423B6B9D-E224-4B6A-B6AF-CD3EB3C82066}\Microsoft\Outlook Express\Elementos eliminados.dbx Mail MS Outlook 5: suspicious - 4 skipped
C:\Documents and Settings\user\Escritorio\Antivirus\OiUninstaller.exe/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\Documents and Settings\user\Escritorio\Antivirus\OiUninstaller.exe NSIS: infected - 1 skipped
C:\Documents and Settings\user\Datos de programa\Skype\nathanfoote\index2.dat Object is locked skipped
C:\Documents and Settings\user\Datos de programa\Skype\nathanfoote\contactgroup256.dbb Object is locked skipped
C:\Documents and Settings\user\Datos de programa\Skype\nathanfoote\user1024.dbb Object is locked skipped
C:\Documents and Settings\user\Datos de programa\Skype\nathanfoote\chat256.dbb Object is locked skipped
C:\Documents and Settings\user\Datos de programa\Skype\nathanfoote\chatmsg256.dbb Object is locked skipped
C:\Documents and Settings\user\Datos de programa\Skype\nathanfoote\chat512.dbb Object is locked skipped
C:\Documents and Settings\user\Datos de programa\Skype\nathanfoote\transfer256.dbb Object is locked skipped
C:\Documents and Settings\user\Datos de programa\Skype\nathanfoote\voicemail256.dbb Object is locked skipped
C:\Documents and Settings\user\Datos de programa\Skype\nathanfoote\user256.dbb Object is locked skipped
C:\Documents and Settings\user\Datos de programa\Skype\nathanfoote\call256.dbb Object is locked skipped
C:\Documents and Settings\user\Datos de programa\Skype\nathanfoote\profile4096.dbb Object is locked skipped
C:\Documents and Settings\user\Datos de programa\Skype\nathanfoote\user16384.dbb Object is locked skipped
C:\Documents and Settings\user\Datos de programa\Skype\nathanfoote\chatmsg512.dbb Object is locked skipped
C:\Documents and Settings\user\Datos de programa\Skype\nathanfoote\chatmsg4096.dbb Object is locked skipped
C:\Documents and Settings\user\Datos de programa\Mozilla\Firefox\Profiles\r1zq06qg.default\history.dat Object is locked skipped
C:\Documents and Settings\user\Datos de programa\Mozilla\Firefox\Profiles\r1zq06qg.default\cert8.db Object is locked skipped
C:\Documents and Settings\user\Datos de programa\Mozilla\Firefox\Profiles\r1zq06qg.default\key3.db Object is locked skipped
C:\Documents and Settings\user\Datos de programa\Mozilla\Firefox\Profiles\r1zq06qg.default\parent.lock Object is locked skipped
C:\Documents and Settings\user\UserData\index.dat Object is locked skipped
C:\Documents and Settings\user\ntuser.dat Object is locked skipped
C:\Documents and Settings\user\Cookies\index.dat Object is locked skipped
C:\Archivos de programa\Alibaba\TradeManager\users\system\Config.db Object is locked skipped
C:\Archivos de programa\Alibaba\TradeManager\users\enaliintexportiberia\CacheDB.db Object is locked skipped
C:\Archivos de programa\Alibaba\TradeManager\users\enaliintexportiberia\msglog.db Object is locked skipped
C:\Archivos de programa\Alibaba\TradeManager\users\enaliintexportiberia\Config.db Object is locked skipped
C:\VundoFix Backups\mljjh.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.cq skipped
Scan process completed.

Start Time= Sat 29/07/2006 17:10:03.51
Running from: C:\Documents and Settings\user\Escritorio

QuickScan did not find any signs of infected files

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-07-29 15:22:58 77312 ( A.... ) "C:\WINDOWS\system32\VundoFix.exe"
2006-07-29 14:59:36 ( .D... ) "C:\Archivos de programa\CleanUp!"
2006-07-26 17:46:28 ( .D... ) "C:\Archivos de programa\ewido anti-spyware 4.0"
2006-07-23 12:47:26 ( .D... ) "C:\Documents and Settings\user\Datos de programa\Lavasoft"
2006-07-23 12:47:16 ( .D... ) "C:\Archivos de programa\Lavasoft"
2006-07-23 11:45:14 ( .D... ) "C:\Archivos de programa\Trend Micro"
2006-07-20 10:32:40 ( .D... ) "C:\Documents and Settings\user\Datos de programa\Opera"
2006-07-07 19:50:00 ( .D... ) "C:\Archivos de programa\Archivos comunes\Adobe Systems Shared"
2006-07-06 15:11:24 ( .D... ) "C:\Archivos de programa\Alibaba"
2006-07-04 16:01:46 ( .D... ) "C:\Archivos de programa\Sophos"
2006-07-02 17:37:50 ( .D... ) "C:\Archivos de programa\Spybot - Search & Destroy"
2006-07-02 15:58:54 ( .D... ) "C:\Documents and Settings\user\Datos de programa\Help"
2006-07-02 15:02:32 ( .D... ) "C:\Documents and Settings\user\Datos de programa\AVG7"
2006-07-02 15:02:18 ( .D... ) "C:\Archivos de programa\Grisoft"
2006-07-01 19:16:58 ( .D... ) "C:\Archivos de programa\Archivos comunes\Macromedia Shared"
2006-07-01 19:16:48 ( .D... ) "C:\Archivos de programa\Archivos comunes\Macromedia"
2006-07-01 19:16:24 ( .D... ) "C:\Archivos de programa\Macromedia"
2006-07-01 19:12:24 ( .D... ) "C:\Archivos de programa\WinAce"
2006-06-30 17:47:24 ( .D... ) "C:\Documents and Settings\user\Datos de programa\BitTorrent"
2006-06-22 09:36:28 ( .D... ) "C:\Archivos de programa\LeechFTP"
2006-06-19 16:20:42 702768 ( A.... ) "C:\WINDOWS\system32\WgaLogon.dll"
2006-06-16 14:34:44 48936 ( A.... ) "C:\WINDOWS\system32\sirenacm.dll"
2006-06-14 09:32:56 ( .D... ) "C:\Archivos de programa\Ipswitch"
2006-05-31 17:37:08 25132 ( A.... ) "C:\Documents and Settings\user\Datos de programa\Microsoft Excel.ADR"
2006-05-31 17:11:38 22424 ( A.... ) "C:\Documents and Settings\user\Datos de programa\Microsoft Access.ADR"
2006-05-29 17:29:58 ( .D... ) "C:\Archivos de programa\OfficeUpdate11"
2006-05-19 15:18:52 148480 ( A.... ) "C:\WINDOWS\system32\dnsapi.dll"
2006-05-19 15:18:52 111616 ( A.... ) "C:\WINDOWS\system32\dhcpcsvc.dll"
2006-05-19 15:18:52 95232 ( A.... ) "C:\WINDOWS\system32\iphlpapi.dll"

(((((((((((((((((((((((((((((((((((((( Files Created - Last 30days )))))))))))))))))))))))))))))))))))))))))))

2006-07-29 15:58 1,072,156,672 C:\hiberfil.sys
2006-07-29 15:50 53,248 C:\WINDOWS\system32\Process.exe
2006-07-29 15:50 42,496 C:\WINDOWS\system32\swreg.exe
2006-07-29 15:50 40,960 C:\WINDOWS\system32\swsc.exe
2006-07-29 15:50 288,417 C:\WINDOWS\system32\SrchSTS.exe
2006-07-29 15:22 77,312 C:\WINDOWS\system32\VundoFix.exe
2006-07-26 18:54 73,728 C:\WINDOWS\system32\asuninst.exe
2006-07-26 18:54 11,776 C:\WINDOWS\system32\ZPORT4AS.dll
2006-07-25 13:19 <DIR> C:\WINDOWS\McAfee.com
2006-07-23 11:36 218,112 C:\HijackThis.exe
2006-07-01 19:16 974,848 C:\WINDOWS\system32\mfc70.dll
2006-07-01 19:16 487,424 C:\WINDOWS\system32\msvcp70.dll
2006-07-01 19:16 344,064 C:\WINDOWS\system32\msvcr70.dll
2006-06-22 09:36 18,944 C:\WINDOWS\eraser.exe
2006-06-16 14:34 48,936 C:\WINDOWS\system32\sirenacm.dll
2006-06-14 09:32 50,688 C:\WINDOWS\system32\wbhelp2.dll
2006-06-14 09:32 1,060,864 C:\WINDOWS\system32\MFC71.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown
Logfile of HijackThis v1.99.1
Scan saved at 5:10:54 p.m., on 29/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Archivos de programa\ScanSoft\PaperPort\pptd40nt.exe
C:\Archivos de programa\Brother\ControlCenter2\brctrcen.exe
C:\Archivos de programa\Java\jre1.5.0_06\bin\jusched.exe
C:\Archivos de programa\iTunes\iTunesHelper.exe
C:\Archivos de programa\QuickTime\qttask.exe
C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe
C:\Archivos de programa\Windows Defender\MSASCui.exe
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgcc.exe
C:\ARCHIV~1\ALIBABA\TRADEM~1\TradeManager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Messenger\msmsgs.exe
C:\Archivos de programa\Skype\Phone\Skype.exe
C:\Archivos de programa\Trend Micro\Tmas\Tmas.exe
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Archivos de programa\ewido anti-spyware 4.0\guard.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\Source Engine\OSE.EXE
C:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:4001
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Archivos de programa\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Archivos de programa\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\es\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Archivos de programa\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\es\msntb.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Archivos de programa\Archivos comunes\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Archivos de programa\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Archivos de programa\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Archivos de programa\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Archivos de programa\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Windows Defender] "C:\Archivos de programa\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AVG7_CC] C:\ARCHIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TradeManager] C:\ARCHIV~1\ALIBABA\TRADEM~1\TradeManager -hideframe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Archivos de programa\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Archivos de programa\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Adobe Gamma.lnk = C:\Archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Inicio rápido de Adobe Reader.lnk = C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Archivos de programa\Trend Micro\Tmas\Tmas.exe
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.beep.es
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1153655572187
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...10/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{10B8D5D0-9C3D-42D8-BB71-3CD929CD4304}: NameServer = 212.145.4.97,212.145.4.98
O17 - HKLM\System\CS1\Services\Tcpip\..\{10B8D5D0-9C3D-42D8-BB71-3CD929CD4304}: NameServer = 212.145.4.97,212.145.4.98
O17 - HKLM\System\CS2\Services\Tcpip\..\{10B8D5D0-9C3D-42D8-BB71-3CD929CD4304}: NameServer = 212.145.4.97,212.145.4.98
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARCHIV~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARCHIV~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winbue32 - winbue32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Archivos de programa\Archivos comunes\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Archivos de programa\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Archivos de programa\Archivos comunes\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Archivos de programa\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Archivos de programa\Archivos comunes\Macromedia Shared\Service\Macromedia Licensing.exe

is this a bit of a nasty one?

07-29-2006, 09:23 AM	#16 (permalink)
aloholoh Registered User Join Date: Jul 2006 Posts: 20 OS: XP	New Logs ok new reports - the mljjh file was not there after the Vundofix - the hkey_local...DP112 file was not there either, but I continued on with the instructions. logs below mitFraudFix v2.76 Scan done at 15:50:16.39, Sat 29/07/2006 Run from C:\Documents and Settings\user\Escritorio\SmitfraudFix\SmitfraudFix OS: Microsoft Windows XP [Versi¢n 5.1.2600] - Windows_NT Fix ran in safe mode »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{7916f057-223f-4612-ac84-e882cbe043d4}"="bals" »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End Saturday, July 29, 2006 5:08:09 PM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.83.0 Kaspersky Anti-Virus database last update: 29/07/2006 Kaspersky Anti-Virus database records: 210696 Scan Settings Scan using the following antivirus database extended Scan Archives true Scan Mail Bases true Scan Target My Computer C:\ D:\ E:\ G:\ H:\ I:\ J:\ Scan Statistics Total number of scanned objects 46877 Number of viruses found 3 Number of infected objects 3 / 0 Number of suspicious objects 5 Duration of the scan process 00:56:31 Infected Object Name Virus Name Last Action C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\DEFAULT Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped C:\WINDOWS\system32\config\SYSTEM Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\SoftwareDistribution\EventCache\{083539B9-2C3F-48AC-AAEE-BD894686FD54}.bin Object is locked skipped C:\Documents and Settings\All Users\Datos de programa\Microsoft\Windows Defender\Support\WDLog-04152006-183921.log Object is locked skipped C:\Documents and Settings\All Users\Datos de programa\avg7\Log\emc.log Object is locked skipped C:\Documents and Settings\All Users\Datos de programa\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped C:\Documents and Settings\All Users\Datos de programa\Grisoft\Avg7Data\avg7log.log Object is locked skipped C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\Configuración local\Historial\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\user\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\user\Configuración local\Temp\~my2.tmp Object is locked skipped C:\Documents and Settings\user\Configuración local\Temp\sqlite_04HWn3wy6iMMnFd Object is locked skipped C:\Documents and Settings\user\Configuración local\Temp\~DFB817.tmp Object is locked skipped C:\Documents and Settings\user\Configuración local\Temp\sqlite_KrkmofsJKOiNbQP Object is locked skipped C:\Documents and Settings\user\Configuración local\Temp\sqlite_KDwKwcetBdv4VKE Object is locked skipped C:\Documents and Settings\user\Configuración local\Temp\sqlite_6xvsNoWb0ae7Ycy Object is locked skipped C:\Documents and Settings\user\Configuración local\Temp\Perflib_Perfdata_788.dat Object is locked skipped C:\Documents and Settings\user\Configuración local\Historial\History.IE5\MSHist012006072920060730\index.dat Object is locked skipped C:\Documents and Settings\user\Configuración local\Historial\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\user\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\user\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\user\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\user\Configuración local\Datos de programa\Identities\{423B6B9D-E224-4B6A-B6AF-CD3EB3C82066}\Microsoft\Outlook Express\Elementos eliminados.dbx/[From ][Date Thu, 29 Dec 2005 09:51:41 +0100]/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped C:\Documents and Settings\user\Configuración local\Datos de programa\Identities\{423B6B9D-E224-4B6A-B6AF-CD3EB3C82066}\Microsoft\Outlook Express\Elementos eliminados.dbx/[From publicitat@ebredigital.com][Date Thu, 29 Dec 2005 11:00:34 +0100]/UNNAMED/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped C:\Documents and Settings\user\Configuración local\Datos de programa\Identities\{423B6B9D-E224-4B6A-B6AF-CD3EB3C82066}\Microsoft\Outlook Express\Elementos eliminados.dbx/[From publicitat@ebredigital.com][Date Thu, 29 Dec 2005 11:00:34 +0100]/UNNAMED/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped C:\Documents and Settings\user\Configuración local\Datos de programa\Identities\{423B6B9D-E224-4B6A-B6AF-CD3EB3C82066}\Microsoft\Outlook Express\Elementos eliminados.dbx/[From publicitat@ebredigital.com][Date Thu, 29 Dec 2005 11:00:34 +0100]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped C:\Documents and Settings\user\Configuración local\Datos de programa\Identities\{423B6B9D-E224-4B6A-B6AF-CD3EB3C82066}\Microsoft\Outlook Express\Elementos eliminados.dbx Mail MS Outlook 5: suspicious - 4 skipped C:\Documents and Settings\user\Escritorio\Antivirus\OiUninstaller.exe/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped C:\Documents and Settings\user\Escritorio\Antivirus\OiUninstaller.exe NSIS: infected - 1 skipped C:\Documents and Settings\user\Datos de programa\Skype\nathanfoote\index2.dat Object is locked skipped C:\Documents and Settings\user\Datos de programa\Skype\nathanfoote\contactgroup256.dbb Object is locked skipped C:\Documents and Settings\user\Datos de programa\Skype\nathanfoote\user1024.dbb Object is locked skipped C:\Documents and Settings\user\Datos de programa\Skype\nathanfoote\chat256.dbb Object is locked skipped C:\Documents and Settings\user\Datos de programa\Skype\nathanfoote\chatmsg256.dbb Object is locked skipped C:\Documents and Settings\user\Datos de programa\Skype\nathanfoote\chat512.dbb Object is locked skipped C:\Documents and Settings\user\Datos de programa\Skype\nathanfoote\transfer256.dbb Object is locked skipped C:\Documents and Settings\user\Datos de programa\Skype\nathanfoote\voicemail256.dbb Object is locked skipped C:\Documents and Settings\user\Datos de programa\Skype\nathanfoote\user256.dbb Object is locked skipped C:\Documents and Settings\user\Datos de programa\Skype\nathanfoote\call256.dbb Object is locked skipped C:\Documents and Settings\user\Datos de programa\Skype\nathanfoote\profile4096.dbb Object is locked skipped C:\Documents and Settings\user\Datos de programa\Skype\nathanfoote\user16384.dbb Object is locked skipped C:\Documents and Settings\user\Datos de programa\Skype\nathanfoote\chatmsg512.dbb Object is locked skipped C:\Documents and Settings\user\Datos de programa\Skype\nathanfoote\chatmsg4096.dbb Object is locked skipped C:\Documents and Settings\user\Datos de programa\Mozilla\Firefox\Profiles\r1zq06qg.default\history.dat Object is locked skipped C:\Documents and Settings\user\Datos de programa\Mozilla\Firefox\Profiles\r1zq06qg.default\cert8.db Object is locked skipped C:\Documents and Settings\user\Datos de programa\Mozilla\Firefox\Profiles\r1zq06qg.default\key3.db Object is locked skipped C:\Documents and Settings\user\Datos de programa\Mozilla\Firefox\Profiles\r1zq06qg.default\parent.lock Object is locked skipped C:\Documents and Settings\user\UserData\index.dat Object is locked skipped C:\Documents and Settings\user\ntuser.dat Object is locked skipped C:\Documents and Settings\user\Cookies\index.dat Object is locked skipped C:\Archivos de programa\Alibaba\TradeManager\users\system\Config.db Object is locked skipped C:\Archivos de programa\Alibaba\TradeManager\users\enaliintexportiberia\CacheDB.db Object is locked skipped C:\Archivos de programa\Alibaba\TradeManager\users\enaliintexportiberia\msglog.db Object is locked skipped C:\Archivos de programa\Alibaba\TradeManager\users\enaliintexportiberia\Config.db Object is locked skipped C:\VundoFix Backups\mljjh.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.cq skipped Scan process completed. Start Time= Sat 29/07/2006 17:10:03.51 Running from: C:\Documents and Settings\user\Escritorio QuickScan did not find any signs of infected files (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-07-29 15:22:58 77312 ( A.... ) "C:\WINDOWS\system32\VundoFix.exe" 2006-07-29 14:59:36 ( .D... ) "C:\Archivos de programa\CleanUp!" 2006-07-26 17:46:28 ( .D... ) "C:\Archivos de programa\ewido anti-spyware 4.0" 2006-07-23 12:47:26 ( .D... ) "C:\Documents and Settings\user\Datos de programa\Lavasoft" 2006-07-23 12:47:16 ( .D... ) "C:\Archivos de programa\Lavasoft" 2006-07-23 11:45:14 ( .D... ) "C:\Archivos de programa\Trend Micro" 2006-07-20 10:32:40 ( .D... ) "C:\Documents and Settings\user\Datos de programa\Opera" 2006-07-07 19:50:00 ( .D... ) "C:\Archivos de programa\Archivos comunes\Adobe Systems Shared" 2006-07-06 15:11:24 ( .D... ) "C:\Archivos de programa\Alibaba" 2006-07-04 16:01:46 ( .D... ) "C:\Archivos de programa\Sophos" 2006-07-02 17:37:50 ( .D... ) "C:\Archivos de programa\Spybot - Search & Destroy" 2006-07-02 15:58:54 ( .D... ) "C:\Documents and Settings\user\Datos de programa\Help" 2006-07-02 15:02:32 ( .D... ) "C:\Documents and Settings\user\Datos de programa\AVG7" 2006-07-02 15:02:18 ( .D... ) "C:\Archivos de programa\Grisoft" 2006-07-01 19:16:58 ( .D... ) "C:\Archivos de programa\Archivos comunes\Macromedia Shared" 2006-07-01 19:16:48 ( .D... ) "C:\Archivos de programa\Archivos comunes\Macromedia" 2006-07-01 19:16:24 ( .D... ) "C:\Archivos de programa\Macromedia" 2006-07-01 19:12:24 ( .D... ) "C:\Archivos de programa\WinAce" 2006-06-30 17:47:24 ( .D... ) "C:\Documents and Settings\user\Datos de programa\BitTorrent" 2006-06-22 09:36:28 ( .D... ) "C:\Archivos de programa\LeechFTP" 2006-06-19 16:20:42 702768 ( A.... ) "C:\WINDOWS\system32\WgaLogon.dll" 2006-06-16 14:34:44 48936 ( A.... ) "C:\WINDOWS\system32\sirenacm.dll" 2006-06-14 09:32:56 ( .D... ) "C:\Archivos de programa\Ipswitch" 2006-05-31 17:37:08 25132 ( A.... ) "C:\Documents and Settings\user\Datos de programa\Microsoft Excel.ADR" 2006-05-31 17:11:38 22424 ( A.... ) "C:\Documents and Settings\user\Datos de programa\Microsoft Access.ADR" 2006-05-29 17:29:58 ( .D... ) "C:\Archivos de programa\OfficeUpdate11" 2006-05-19 15:18:52 148480 ( A.... ) "C:\WINDOWS\system32\dnsapi.dll" 2006-05-19 15:18:52 111616 ( A.... ) "C:\WINDOWS\system32\dhcpcsvc.dll" 2006-05-19 15:18:52 95232 ( A.... ) "C:\WINDOWS\system32\iphlpapi.dll" (((((((((((((((((((((((((((((((((((((( Files Created - Last 30days ))))))))))))))))))))))))))))))))))))))))))) 2006-07-29 15:58 1,072,156,672 C:\hiberfil.sys 2006-07-29 15:50 53,248 C:\WINDOWS\system32\Process.exe 2006-07-29 15:50 42,496 C:\WINDOWS\system32\swreg.exe 2006-07-29 15:50 40,960 C:\WINDOWS\system32\swsc.exe 2006-07-29 15:50 288,417 C:\WINDOWS\system32\SrchSTS.exe 2006-07-29 15:22 77,312 C:\WINDOWS\system32\VundoFix.exe 2006-07-26 18:54 73,728 C:\WINDOWS\system32\asuninst.exe 2006-07-26 18:54 11,776 C:\WINDOWS\system32\ZPORT4AS.dll 2006-07-25 13:19 <DIR> C:\WINDOWS\McAfee.com 2006-07-23 11:36 218,112 C:\HijackThis.exe 2006-07-01 19:16 974,848 C:\WINDOWS\system32\mfc70.dll 2006-07-01 19:16 487,424 C:\WINDOWS\system32\msvcp70.dll 2006-07-01 19:16 344,064 C:\WINDOWS\system32\msvcr70.dll 2006-06-22 09:36 18,944 C:\WINDOWS\eraser.exe 2006-06-16 14:34 48,936 C:\WINDOWS\system32\sirenacm.dll 2006-06-14 09:32 50,688 C:\WINDOWS\system32\wbhelp2.dll 2006-06-14 09:32 1,060,864 C:\WINDOWS\system32\MFC71.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries are not shown Logfile of HijackThis v1.99.1 Scan saved at 5:10:54 p.m., on 29/07/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Archivos de programa\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\SYSTEM32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\SOUNDMAN.EXE C:\Archivos de programa\ScanSoft\PaperPort\pptd40nt.exe C:\Archivos de programa\Brother\ControlCenter2\brctrcen.exe C:\Archivos de programa\Java\jre1.5.0_06\bin\jusched.exe C:\Archivos de programa\iTunes\iTunesHelper.exe C:\Archivos de programa\QuickTime\qttask.exe C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe C:\Archivos de programa\Windows Defender\MSASCui.exe C:\ARCHIV~1\Grisoft\AVGFRE~1\avgcc.exe C:\ARCHIV~1\ALIBABA\TRADEM~1\TradeManager.exe C:\WINDOWS\system32\ctfmon.exe C:\Archivos de programa\Messenger\msmsgs.exe C:\Archivos de programa\Skype\Phone\Skype.exe C:\Archivos de programa\Trend Micro\Tmas\Tmas.exe C:\ARCHIV~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\ARCHIV~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\ARCHIV~1\Grisoft\AVGFRE~1\avgemc.exe C:\Archivos de programa\ewido anti-spyware 4.0\guard.exe C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\Archivos de programa\iPod\bin\iPodService.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\wscntfy.exe C:\Archivos de programa\Archivos comunes\Microsoft Shared\Source Engine\OSE.EXE C:\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:4001 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Archivos de programa\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Archivos de programa\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\es\msntb.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Archivos de programa\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\es\msntb.dll O4 - HKLM\..\Run: [RemoteControl] "C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Archivos de programa\Archivos comunes\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] C:\Archivos de programa\ScanSoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [IndexSearch] C:\Archivos de programa\ScanSoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [ControlCenter2.0] C:\Archivos de programa\Brother\ControlCenter2\brctrcen.exe /autorun O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Archivos de programa\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Windows Defender] "C:\Archivos de programa\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [AVG7_CC] C:\ARCHIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [TradeManager] C:\ARCHIV~1\ALIBABA\TRADEM~1\TradeManager -hideframe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Archivos de programa\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Skype] "C:\Archivos de programa\Skype\Phone\Skype.exe" /nosplash /minimized O4 - Startup: Adobe Gamma.lnk = C:\Archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Inicio rápido de Adobe Reader.lnk = C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Archivos de programa\Trend Micro\Tmas\Tmas.exe O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.beep.es O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1153655572187 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...10/mcfscan.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{10B8D5D0-9C3D-42D8-BB71-3CD929CD4304}: NameServer = 212.145.4.97,212.145.4.98 O17 - HKLM\System\CS1\Services\Tcpip\..\{10B8D5D0-9C3D-42D8-BB71-3CD929CD4304}: NameServer = 212.145.4.97,212.145.4.98 O17 - HKLM\System\CS2\Services\Tcpip\..\{10B8D5D0-9C3D-42D8-BB71-3CD929CD4304}: NameServer = 212.145.4.97,212.145.4.98 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARCHIV~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARCHIV~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: winbue32 - winbue32.dll (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Archivos de programa\Archivos comunes\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Archivos de programa\ewido anti-spyware 4.0\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Archivos de programa\Archivos comunes\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Archivos de programa\iPod\bin\iPodService.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Archivos de programa\Archivos comunes\Macromedia Shared\Service\Macromedia Licensing.exe is this a bit of a nasty one?