Sorry I don't understand you...:-(...
I don't find C:\ComboFix2.txt.
I post you all my ComboFix txt:
==========================
========================== FIRST TXT>>>>>>>>>>
==========================
Code:
04-01-15 08:01 53299 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\pthreadVC.dll.vir
04-05-14 12:30 61440 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\wanpacket.dll.vir
04-05-14 12:30 81920 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\packet.dll.vir
04-05-14 12:37 32896 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\npf.sys.vir
04-05-14 14:02 225280 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\wpcap.dll.vir
06-06-29 14:10 1656 --a------ C:\Qoobox\Quarantine\C\INSTALL.LOG.vir
06-09-22 04:03 813 --a------ C:\Qoobox\Quarantine\C\DOCUME~1\PROPIE~1\ESCRIT~1\Internet Explorer.lnk.vir
07-04-19 01:24 1326 --a------ C:\Qoobox\Quarantine\Registry_backups\LEGACY_NM.reg.cf
07-04-19 01:24 1334 --a------ C:\Qoobox\Quarantine\Registry_backups\LEGACY_NPF.reg.cf
07-04-19 01:24 2426 --a------ C:\Qoobox\Quarantine\Registry_backups\services_NPF.reg.cf
07-04-19 01:24 8830 --a------ C:\Qoobox\Quarantine\Registry_backups\services_nm.reg.cf
Listado de rutas de carpetas para el volumen HP_PAVILION
El n£mero de serie del volumen es 38DB-C9FD
C:\QOOBOX
\---Quarantine
+---C
| | INSTALL.LOG.vir
| |
| +---DOCUME~1
| | \---PROPIE~1
| | \---ESCRIT~1
| | Internet Explorer.lnk.vir
| |
| \---WINDOWS
| \---system32
| | packet.dll.vir
| | pthreadVC.dll.vir
| | wanpacket.dll.vir
| | wpcap.dll.vir
| |
| \---drivers
| npf.sys.vir
|
\---Registry_backups
LEGACY_NM.reg.cf
LEGACY_NPF.reg.cf
services_nm.reg.cf
services_NPF.reg.cf
======================================
====================================== SECOND TXT>>>>>>
======================================
"Propietario" - 07-05-02 19:11:45 Service Pack 2 [SAFE MODE]
ComboFix 07-04-19.1V - Running from: C:\Documents and Settings\Propietario\Escritorio\
((((((((((((((((((((((((((((((( Files Created from 2007-04-02 to 2007-05-02 ))))))))))))))))))))))))))))))))))
2007-05-02 13:27 <DIR> d-------- C:\DOCUME~1\NETWOR~1\Escritorio
2007-05-02 13:27 <DIR> d-------- C:\DOCUME~1\NETWOR~1\DATOSD~1\SiteAdvisor
2007-05-01 15:19 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-05-01 00:37 <DIR> d-------- C:\csscod
2007-04-30 18:03 <DIR> d-------- C:\DOCUME~1\PROPIE~1\.housecall6.6
2007-04-30 13:54 1,310,720 --ah----- C:\DOCUME~1\ADMINI~2\NTUSER.DAT
2007-04-30 13:54 <DIR> dr-h----- C:\DOCUME~1\ADMINI~2\Datos de programa
2007-04-30 13:54 <DIR> dr------- C:\DOCUME~1\ADMINI~2\Mis documentos
2007-04-30 13:54 <DIR> dr------- C:\DOCUME~1\ADMINI~2\Men£ Inicio
2007-04-30 13:54 <DIR> dr------- C:\DOCUME~1\ADMINI~2\Favoritos
2007-04-30 13:54 <DIR> d--h----- C:\DOCUME~1\ADMINI~2\Plantillas
2007-04-30 13:54 <DIR> d--h----- C:\DOCUME~1\ADMINI~2\Impresoras
2007-04-30 13:54 <DIR> d--h----- C:\DOCUME~1\ADMINI~2\Entorno de red
2007-04-30 13:54 <DIR> d--h----- C:\DOCUME~1\ADMINI~2\Configuraci¢n local
2007-04-30 13:54 <DIR> d-------- C:\DOCUME~1\ADMINI~2\WINDOWS
2007-04-30 13:54 <DIR> d-------- C:\DOCUME~1\ADMINI~2\Escritorio
2007-04-30 13:54 <DIR> d-------- C:\DOCUME~1\ADMINI~2\DATOSD~1\VERITAS
2007-04-30 13:54 <DIR> d-------- C:\DOCUME~1\ADMINI~2\DATOSD~1\Symantec
2007-04-30 13:54 <DIR> d-------- C:\DOCUME~1\ADMINI~2\DATOSD~1\InterTrust
2007-04-30 13:54 <DIR> d-------- C:\DOCUME~1\ADMINI~2\DATOSD~1\Adobe
2007-04-23 16:47 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-04-23 15:42 2,566,736 --a------ C:\Archivos de programa\spywareblastersetup351.exe
2007-04-23 15:42 <DIR> d-------- C:\Archivos de programa\SpywareBlaster
2007-04-20 23:30 <DIR> d-------- C:\DOCUME~1\LOCALS~1\Escritorio
2007-04-20 23:30 <DIR> d-------- C:\DOCUME~1\LOCALS~1\DATOSD~1\SiteAdvisor
2007-04-20 23:30 <DIR> d-------- C:\Archivos de programa\SiteAdvisor
2007-04-20 23:28 1,418,608 --a------ C:\Archivos de programa\saSetup-SiteAdvisor McAfee.exe
2007-04-20 23:28 <DIR> d-------- C:\DOCUME~1\PROPIE~1\DATOSD~1\SiteAdvisor
2007-04-20 23:28 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATOSD~1\SiteAdvisor
2007-04-20 18:48 <DIR> d-------- C:\WINDOWS\system32\Panda Software
2007-04-15 01:13 114,464 --a------ C:\WINDOWS\system32\drivers\naiavf5x.sys
2007-04-08 21:15 <DIR> d-------- C:\Archivos de programa\Native Instruments
2007-04-08 21:15 <DIR> d-------- C:\Archivos de programa\Archivos comunes\Digidesign
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-05-01 01:23 -------- d-------- C:\Archivos de programa\total video converter
2007-04-25 03:22 -------- d-------- C:\Archivos de programa\quicktime
2007-04-25 01:24 -------- d-------- C:\Archivos de programa\soulseek
2007-04-19 15:15 -------- d-------- C:\Archivos de programa\foobar2000
2007-04-17 09:13 -------- d-------- C:\Archivos de programa\ccleaner
2007-04-16 12:30 -------- d-------- C:\Archivos de programa\emule
2007-04-10 12:46 -------- d-------- C:\Archivos de programa\monkey's audio
2007-03-30 14:40 -------- d-------- C:\Archivos de programa\cleaner 5 ez
2007-03-30 10:04 -------- d-------- C:\Archivos de programa\sopcast
2007-03-26 16:48 71610 --a------ C:\WINDOWS\system32\perfc00a.dat
2007-03-26 16:48 446582 --a------ C:\WINDOWS\system32\perfh00a.dat
2007-03-24 02:58 -------- d-------- C:\Archivos de programa\Archivos comunes\native instruments
2007-03-23 19:24 -------- d-------- C:\Archivos de programa\syncrosoft
2007-03-23 18:56 -------- d-------- C:\Archivos de programa\rddrv001
2007-03-17 15:45 293376 --a------ C:\WINDOWS\system32\winsrv.dll
2007-03-09 22:01 -------- d-------- C:\Archivos de programa\msxml 4.0
2007-03-08 18:08 -------- d--h----- C:\Archivos de programa\installshield installation information
2007-03-08 18:08 -------- d-------- C:\Archivos de programa\surpac
2007-03-08 17:36 578560 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 17:36 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 17:36 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 17:32 1843712 --a------ C:\WINDOWS\system32\win32k.sys
2007-02-17 02:31 907673 --a------ C:\Archivos de programa\newcdext.exe
2007-02-05 22:18 185344 --a------ C:\WINDOWS\system32\upnphost.dll
2007-02-02 11:57 232839 --a------ C:\Archivos de programa\svrecorder.zip
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4efb-9B51-7695ECA05670} C:\Archivos de programa\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
{089FD14D-132B-48FC-8861-0048AE113215} C:\Archivos de programa\SiteAdvisor\6066\SiteAdv.dll
{53707962-6F74-2D53-2644-206D7942484F} C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"KBD"="C:\\HP\\KBD\\KBD.EXE"
"IgfxTray"="C:\\WINDOWS\\System32\\igfxtray.exe"
"hpsysdrv"="c:\\windows\\system\\hpsysdrv.exe"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb07.exe"
"TkBellExe"="\"C:\\Archivos de programa\\Archivos comunes\\Real\\Update_OB\\realsched.exe\" -osboot"
"QuickTime Task"="\"C:\\Archivos de programa\\QuickTime\\qttask.exe\" -atboottime"
"AdaptecDirectCD"="\"C:\\Archivos de programa\\Roxio\\Easy CD Creator 5\\DirectCD\\DirectCD.exe\""
"VSOCheckTask"="\"C:\\ARCHIV~1\\McAfee.com\\VSO\\mcmnhdlr.exe\" /checktask"
"VirusScan Online"="C:\\Archivos de programa\\McAfee.com\\VSO\\mcvsshld.exe"
"OASClnt"="C:\\Archivos de programa\\McAfee.com\\VSO\\oasclnt.exe"
"MCAgentExe"="c:\\ARCHIV~1\\mcafee.com\\agent\\mcagent.exe"
"MCUpdateExe"="c:\\ARCHIV~1\\mcafee.com\\agent\\mcupdate.exe"
"MPFExe"="C:\\ARCHIV~1\\McAfee.com\\PERSON~1\\MpfTray.exe"
"_AntiSpyware"="c:\\archiv~1\\mcafee\\MCAFEE~1\\masalert.exe"
"Adobe Photo Downloader"="\"C:\\Archivos de programa\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"H2O"="C:\\Archivos de programa\\SyncroSoft\\Pos\\H2O\\cledx.exe"
"SiteAdvisor"="C:\\Archivos de programa\\SiteAdvisor\\6066\\SiteAdv.exe"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"Suite"="regedit -s c:\\windows\\temp\\adj_hp.reg"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source REG_SZ
http://www.fcbarcelona.es/imagenes/h...mpnouthumb.jpg
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\Menú Inicio\\Programas\\Inicio\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\ARCHIV~1\\Adobe\\ACROBA~3.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^InterVideo WinCinema Manager.lnk]
"path"="C:\\Documents and Settings\\All Users\\Menú Inicio\\Programas\\Inicio\\InterVideo WinCinema Manager.lnk"
"backup"="C:\\WINDOWS\\pss\\InterVideo WinCinema Manager.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\ARCHIV~1\\INTERV~1\\Common\\Bin\\WINCIN~1.EXE "
"item"="InterVideo WinCinema Manager"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^Microsoft Office.lnk]
"path"="C:\\Documents and Settings\\All Users\\Menú Inicio\\Programas\\Inicio\\Microsoft Office.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\ARCHIV~1\\MI696F~1\\Office\\OSA9.EXE -b -l"
"item"="Microsoft Office"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^RAMASST.lnk]
"path"="C:\\Documents and Settings\\All Users\\Menú Inicio\\Programas\\Inicio\\RAMASST.lnk"
"backup"="C:\\WINDOWS\\pss\\RAMASST.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\WINDOWS\\system32\\RAMASST.exe "
"item"="RAMASST"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DirectCD"
"hkey"="HKLM"
"command"="C:\\Archivos de programa\\Roxio\\Easy CD Creator 5\\DirectCD\\DirectCD.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="apdproxy"
"hkey"="HKLM"
"command"="\"C:\\Archivos de programa\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="tfswctrl"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hkcmd"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\hkcmd.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RUNDLL32"
"hkey"="HKLM"
"command"="RUNDLL32.EXE NvQTwk,NvCplDaemon initialize"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nwiz"
"hkey"="HKLM"
"command"="nwiz.exe /install"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrnSys Executable]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PrnSys"
"hkey"="HKLM"
"command"="C:\\Program Files\\Hewlett-Packard\\hp print screen utility\\PrnSys.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ps2"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\ps2.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Archivos de programa\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RECGUARD"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecuUFD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"="c:\\docume~1\\propie~1\\config~1\\temp\\secuufd.exe sys_auto_run C:\\DOCUME~1\\PROPIE~1\\CONFIG~1\\Temp\\"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hpgs2wnd"
"hkey"="HKLM"
"command"="C:\\Archivos de programa\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnd.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Archivos de programa\\Archivos comunes\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="winampa"
"hkey"="HKLM"
"command"="C:\\Archivos de programa\\Winamp\\winampa.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\McAfee AntiSpyware.job
********************************************************************
catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
********************************************************************
Completion time: 07-05-02 19:13:11
C:\ComboFix-quarantined-files.txt ... 07-05-02 19:13
C:\ComboFix2.txt ... 07-05-02 18:06
C:\ComboFix3.txt ... 07-04-19 01:26
============================
============================ THIRTH TXT>>>>>>>>>>>>
=============================
"Propietario" - 07-05-02 18:03:54 Service Pack 2 [SAFE MODE]
ComboFix 07-04-19.1V - Running from: C:\Documents and Settings\Propietario\Escritorio\
((((((((((((((((((((((((((((((( Files Created from 2007-04-02 to 2007-05-02 ))))))))))))))))))))))))))))))))))
2007-05-02 13:27 <DIR> d-------- C:\DOCUME~1\NETWOR~1\Escritorio
2007-05-02 13:27 <DIR> d-------- C:\DOCUME~1\NETWOR~1\DATOSD~1\SiteAdvisor
2007-05-01 15:19 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-05-01 00:37 <DIR> d-------- C:\csscod
2007-04-30 18:03 <DIR> d-------- C:\DOCUME~1\PROPIE~1\.housecall6.6
2007-04-30 13:54 1,310,720 --ah----- C:\DOCUME~1\ADMINI~2\NTUSER.DAT
2007-04-30 13:54 <DIR> dr-h----- C:\DOCUME~1\ADMINI~2\Datos de programa
2007-04-30 13:54 <DIR> dr------- C:\DOCUME~1\ADMINI~2\Mis documentos
2007-04-30 13:54 <DIR> dr------- C:\DOCUME~1\ADMINI~2\Men£ Inicio
2007-04-30 13:54 <DIR> dr------- C:\DOCUME~1\ADMINI~2\Favoritos
2007-04-30 13:54 <DIR> d--h----- C:\DOCUME~1\ADMINI~2\Plantillas
2007-04-30 13:54 <DIR> d--h----- C:\DOCUME~1\ADMINI~2\Impresoras
2007-04-30 13:54 <DIR> d--h----- C:\DOCUME~1\ADMINI~2\Entorno de red
2007-04-30 13:54 <DIR> d--h----- C:\DOCUME~1\ADMINI~2\Configuraci¢n local
2007-04-30 13:54 <DIR> d-------- C:\DOCUME~1\ADMINI~2\WINDOWS
2007-04-30 13:54 <DIR> d-------- C:\DOCUME~1\ADMINI~2\Escritorio
2007-04-30 13:54 <DIR> d-------- C:\DOCUME~1\ADMINI~2\DATOSD~1\VERITAS
2007-04-30 13:54 <DIR> d-------- C:\DOCUME~1\ADMINI~2\DATOSD~1\Symantec
2007-04-30 13:54 <DIR> d-------- C:\DOCUME~1\ADMINI~2\DATOSD~1\InterTrust
2007-04-30 13:54 <DIR> d-------- C:\DOCUME~1\ADMINI~2\DATOSD~1\Adobe
2007-04-23 16:47 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-04-23 15:42 2,566,736 --a------ C:\Archivos de programa\spywareblastersetup351.exe
2007-04-23 15:42 <DIR> d-------- C:\Archivos de programa\SpywareBlaster
2007-04-20 23:30 <DIR> d-------- C:\DOCUME~1\LOCALS~1\Escritorio
2007-04-20 23:30 <DIR> d-------- C:\DOCUME~1\LOCALS~1\DATOSD~1\SiteAdvisor
2007-04-20 23:30 <DIR> d-------- C:\Archivos de programa\SiteAdvisor
2007-04-20 23:28 1,418,608 --a------ C:\Archivos de programa\saSetup-SiteAdvisor McAfee.exe
2007-04-20 23:28 <DIR> d-------- C:\DOCUME~1\PROPIE~1\DATOSD~1\SiteAdvisor
2007-04-20 23:28 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATOSD~1\SiteAdvisor
2007-04-20 18:48 <DIR> d-------- C:\WINDOWS\system32\Panda Software
2007-04-15 01:13 114,464 --a------ C:\WINDOWS\system32\drivers\naiavf5x.sys
2007-04-08 21:15 <DIR> d-------- C:\Archivos de programa\Native Instruments
2007-04-08 21:15 <DIR> d-------- C:\Archivos de programa\Archivos comunes\Digidesign
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-05-01 01:23 -------- d-------- C:\Archivos de programa\total video converter
2007-04-25 03:22 -------- d-------- C:\Archivos de programa\quicktime
2007-04-25 01:24 -------- d-------- C:\Archivos de programa\soulseek
2007-04-19 15:15 -------- d-------- C:\Archivos de programa\foobar2000
2007-04-17 09:13 -------- d-------- C:\Archivos de programa\ccleaner
2007-04-16 12:30 -------- d-------- C:\Archivos de programa\emule
2007-04-10 12:46 -------- d-------- C:\Archivos de programa\monkey's audio
2007-03-30 14:40 -------- d-------- C:\Archivos de programa\cleaner 5 ez
2007-03-30 10:04 -------- d-------- C:\Archivos de programa\sopcast
2007-03-26 16:48 71610 --a------ C:\WINDOWS\system32\perfc00a.dat
2007-03-26 16:48 446582 --a------ C:\WINDOWS\system32\perfh00a.dat
2007-03-24 02:58 -------- d-------- C:\Archivos de programa\Archivos comunes\native instruments
2007-03-23 19:24 -------- d-------- C:\Archivos de programa\syncrosoft
2007-03-23 18:56 -------- d-------- C:\Archivos de programa\rddrv001
2007-03-17 15:45 293376 --a------ C:\WINDOWS\system32\winsrv.dll
2007-03-09 22:01 -------- d-------- C:\Archivos de programa\msxml 4.0
2007-03-08 18:08 -------- d--h----- C:\Archivos de programa\installshield installation information
2007-03-08 18:08 -------- d-------- C:\Archivos de programa\surpac
2007-03-08 17:36 578560 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 17:36 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 17:36 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 17:32 1843712 --a------ C:\WINDOWS\system32\win32k.sys
2007-02-17 02:31 907673 --a------ C:\Archivos de programa\newcdext.exe
2007-02-05 22:18 185344 --a------ C:\WINDOWS\system32\upnphost.dll
2007-02-02 11:57 232839 --a------ C:\Archivos de programa\svrecorder.zip
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4efb-9B51-7695ECA05670} C:\Archivos de programa\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
{089FD14D-132B-48FC-8861-0048AE113215} C:\Archivos de programa\SiteAdvisor\6066\SiteAdv.dll
{53707962-6F74-2D53-2644-206D7942484F} C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"KBD"="C:\\HP\\KBD\\KBD.EXE"
"IgfxTray"="C:\\WINDOWS\\System32\\igfxtray.exe"
"hpsysdrv"="c:\\windows\\system\\hpsysdrv.exe"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb07.exe"
"TkBellExe"="\"C:\\Archivos de programa\\Archivos comunes\\Real\\Update_OB\\realsched.exe\" -osboot"
"QuickTime Task"="\"C:\\Archivos de programa\\QuickTime\\qttask.exe\" -atboottime"
"AdaptecDirectCD"="\"C:\\Archivos de programa\\Roxio\\Easy CD Creator 5\\DirectCD\\DirectCD.exe\""
"VSOCheckTask"="\"C:\\ARCHIV~1\\McAfee.com\\VSO\\mcmnhdlr.exe\" /checktask"
"VirusScan Online"="C:\\Archivos de programa\\McAfee.com\\VSO\\mcvsshld.exe"
"OASClnt"="C:\\Archivos de programa\\McAfee.com\\VSO\\oasclnt.exe"
"MCAgentExe"="c:\\ARCHIV~1\\mcafee.com\\agent\\mcagent.exe"
"MCUpdateExe"="c:\\ARCHIV~1\\mcafee.com\\agent\\mcupdate.exe"
"MPFExe"="C:\\ARCHIV~1\\McAfee.com\\PERSON~1\\MpfTray.exe"
"_AntiSpyware"="c:\\archiv~1\\mcafee\\MCAFEE~1\\masalert.exe"
"Adobe Photo Downloader"="\"C:\\Archivos de programa\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"H2O"="C:\\Archivos de programa\\SyncroSoft\\Pos\\H2O\\cledx.exe"
"SiteAdvisor"="C:\\Archivos de programa\\SiteAdvisor\\6066\\SiteAdv.exe"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"Suite"="regedit -s c:\\windows\\temp\\adj_hp.reg"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source REG_SZ
http://www.fcbarcelona.es/imagenes/h...mpnouthumb.jpg
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\Menú Inicio\\Programas\\Inicio\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\ARCHIV~1\\Adobe\\ACROBA~3.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^InterVideo WinCinema Manager.lnk]
"path"="C:\\Documents and Settings\\All Users\\Menú Inicio\\Programas\\Inicio\\InterVideo WinCinema Manager.lnk"
"backup"="C:\\WINDOWS\\pss\\InterVideo WinCinema Manager.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\ARCHIV~1\\INTERV~1\\Common\\Bin\\WINCIN~1.EXE "
"item"="InterVideo WinCinema Manager"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^Microsoft Office.lnk]
"path"="C:\\Documents and Settings\\All Users\\Menú Inicio\\Programas\\Inicio\\Microsoft Office.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\ARCHIV~1\\MI696F~1\\Office\\OSA9.EXE -b -l"
"item"="Microsoft Office"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^RAMASST.lnk]
"path"="C:\\Documents and Settings\\All Users\\Menú Inicio\\Programas\\Inicio\\RAMASST.lnk"
"backup"="C:\\WINDOWS\\pss\\RAMASST.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\WINDOWS\\system32\\RAMASST.exe "
"item"="RAMASST"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DirectCD"
"hkey"="HKLM"
"command"="C:\\Archivos de programa\\Roxio\\Easy CD Creator 5\\DirectCD\\DirectCD.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="apdproxy"
"hkey"="HKLM"
"command"="\"C:\\Archivos de programa\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="tfswctrl"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hkcmd"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\hkcmd.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RUNDLL32"
"hkey"="HKLM"
"command"="RUNDLL32.EXE NvQTwk,NvCplDaemon initialize"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nwiz"
"hkey"="HKLM"
"command"="nwiz.exe /install"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrnSys Executable]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PrnSys"
"hkey"="HKLM"
"command"="C:\\Program Files\\Hewlett-Packard\\hp print screen utility\\PrnSys.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ps2"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\ps2.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Archivos de programa\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RECGUARD"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecuUFD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"="c:\\docume~1\\propie~1\\config~1\\temp\\secuufd.exe sys_auto_run C:\\DOCUME~1\\PROPIE~1\\CONFIG~1\\Temp\\"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hpgs2wnd"
"hkey"="HKLM"
"command"="C:\\Archivos de programa\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnd.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Archivos de programa\\Archivos comunes\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="winampa"
"hkey"="HKLM"
"command"="C:\\Archivos de programa\\Winamp\\winampa.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\McAfee AntiSpyware.job
********************************************************************
catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
********************************************************************
Completion time: 07-05-02 18
02
C:\ComboFix-quarantined-files.txt ... 07-05-02 18:06
C:\ComboFix2.txt ... 07-04-19 01:26
======================================
======================================
======================================
Thanks and excuse my horrible english
FJ (Let me know is all it's ok now)