|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
Thread Tools |
04-29-2007, 06:24 AM
|
#1 (permalink) |
|
Registered User
Join Date: Apr 2007
Posts: 16
OS: Windows XP Home Edition
|
Trojan Pws-lsp & Spam-xarvester On My Pc
Hi Folks!!!:
My Mcafee caught two trojans called "SPAM-XARVESTER" & "PWS-LSP". About SPAM-XARVESTER: It was removed and deleted by McAfee but everytime I reboot my PC it appears again and again. How can I delete it definitively?. I reboot my PC on Safe Mode but problems can not be resolved. About PWS-LSP: Macfee couldn't quarentined or removed and my internet connection is out off since that moment (I'm writing from my wife's PC). I used many pc scans online and ad-aware programmss before loss my internet connection but the I know VIRUS is still on computer because I can't use my internet connection. Is there any way I can get it off my system. I have windows XP-SP2 and please note that I cannot access the Internet on my home computer so any assistance I can get will be greatly appreciated. I can´t not actualize my Mcaffe because I lost my internet connection. Excuse for my horrible english!!. Thanks to all. FJ |
|
     |
|
04-30-2007, 07:13 AM
|
#2 (permalink) |
|
Registered User
Join Date: Apr 2007
Posts: 16
OS: Windows XP Home Edition
|
"spam Xarvester" & "pws-lsp" Trojans
Hi Folks:
My antivirus McAfee detected these 2 trojans: SPAM-XARVESTER: it was deleted but when I reboot my PC McAffe alerts me that this trojan was found and deleted it. This message appears everytime I connect my PC. How can I resiolve this problem??. PWS-LSP: McAfee found this trojan and deleted it yesterday on "kgc.dll" file but when I rebooted my Pc this morning a new message appears warm me that McAfee found this trojan again in other file: "dcexlmfnd.dll"...and it's impossible clean, quarentine o delete it. How can resolve this problem too. I Attach you my HiojackThis file: Logfile of HijackThis v1.99.1 Scan saved at 14:18:43, on 30/04/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe C:\Documents and Settings\Propietario\Mis documentos\Nuevo Maletín\HJT\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.es/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Archivos de programa\SiteAdvisor\6066\SiteAdv.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\archiv~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Archivos de programa\SiteAdvisor\6066\SiteAdv.dll O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Archivos de programa\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [VSOCheckTask] "C:\ARCHIV~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] C:\Archivos de programa\McAfee.com\VSO\mcvsshld.exe O4 - HKLM\..\Run: [OASClnt] C:\Archivos de programa\McAfee.com\VSO\oasclnt.exe O4 - HKLM\..\Run: [MCAgentExe] c:\ARCHIV~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\ARCHIV~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [MPFExe] C:\ARCHIV~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [_AntiSpyware] c:\archiv~1\mcafee\MCAFEE~1\masalert.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Archivos de programa\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [H2O] C:\Archivos de programa\SyncroSoft\Pos\H2O\cledx.exe O4 - HKLM\..\Run: [SiteAdvisor] C:\Archivos de programa\SiteAdvisor\6066\SiteAdv.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Inicio rápido de Adobe Reader.lnk = C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\reader_sl.exe O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MI699F~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\dcexlmfnd.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\dcexlmfnd.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\dcexlmfnd.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\dcexlmfnd.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\dcexlmfnd.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\dcexlmfnd.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\dcexlmfnd.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\dcexlmfnd.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\dcexlmfnd.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\dcexlmfnd.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\dcexlmfnd.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\dcexlmfnd.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\dcexlmfnd.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\dcexlmfnd.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\dcexlmfnd.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\dcexlmfnd.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\dcexlmfnd.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\dcexlmfnd.dll O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://www-secure.symantec.com/tech...a/LSSupCtl.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by19fd.bay19.hotmail.msn.com/...s/MsnPUpld.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://amiuptodate.mcafee.com/vsc/bi...datePortal.cab O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/v...fo/webscan.cab O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoinst.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {B785FA3C-1DE9-4D20-8396-613C486FE95E} (AeatCtl Class) - https://www1.aeat.es/imagenes/comun/cactivex.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...26/mcgdmgr.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - http://www.symantec.com/techsupp/act...a/SymAData.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{32A997A7-3D6C-4FD1-B199-21207B14BDA8}: NameServer = 195.235.113.3,195.235.96.90 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARCHIV~1\MSNMES~1\msgrapp.dll" (file missing) O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Archivos de programa\SiteAdvisor\6066\SiteAdv.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Archivos de programa\Archivos comunes\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: McAfee AntiSpyware Service - McAfee, Inc. - c:\archiv~1\mcafee\mcafee antispyware\massrv.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\archivos de programa\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\ARCHIV~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\ARCHIV~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\ARCHIV~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\ARCHIV~1\McAfee.com\PERSON~1\MpfService.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Programador de LiveUpdate automático - Unknown owner - C:\Archivos de programa\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing) O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Archivos de programa\SiteAdvisor\6066\SAService.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Archivos de programa\Archivos comunes\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing) Thank you very much. FJ |
|
|
|
|
05-01-2007, 06:53 PM
|
#3 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 26,752
OS: 2000 Pro; XP Pro; XP Home
|
Re: Trojan Pws-lsp & Spam-xarvester On My Pc
Do not mouseclick combofix's window whilst it's running. That may cause it to stall ---------------------------------------------------------------------------------------------
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you.  Please do not ask for help via Private Message. |
|
|
|
|
05-02-2007, 10:22 AM
|
#4 (permalink) |
|
Registered User
Join Date: Apr 2007
Posts: 16
OS: Windows XP Home Edition
|
Re: Trojan Pws-lsp & Spam-xarvester On My Pc
Hello again and here they are my ComboFix & HijackThis Logs:
COMBOFIX LOG: ============ "Propietario" - 07-05-02 18:03:54 Service Pack 2 [SAFE MODE] ComboFix 07-04-19.1V - Running from: C:\Documents and Settings\Propietario\Escritorio\ ((((((((((((((((((((((((((((((( Files Created from 2007-04-02 to 2007-05-02 )))))))))))))))))))))))))))))))))) 2007-05-02 13:27 <DIR> d-------- C:\DOCUME~1\NETWOR~1\Escritorio 2007-05-02 13:27 <DIR> d-------- C:\DOCUME~1\NETWOR~1\DATOSD~1\SiteAdvisor 2007-05-01 15:19 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys 2007-05-01 00:37 <DIR> d-------- C:\csscod 2007-04-30 18:03 <DIR> d-------- C:\DOCUME~1\PROPIE~1\.housecall6.6 2007-04-30 13:54 1,310,720 --ah----- C:\DOCUME~1\ADMINI~2\NTUSER.DAT 2007-04-30 13:54 <DIR> dr-h----- C:\DOCUME~1\ADMINI~2\Datos de programa 2007-04-30 13:54 <DIR> dr------- C:\DOCUME~1\ADMINI~2\Mis documentos 2007-04-30 13:54 <DIR> dr------- C:\DOCUME~1\ADMINI~2\Men£ Inicio 2007-04-30 13:54 <DIR> dr------- C:\DOCUME~1\ADMINI~2\Favoritos 2007-04-30 13:54 <DIR> d--h----- C:\DOCUME~1\ADMINI~2\Plantillas 2007-04-30 13:54 <DIR> d--h----- C:\DOCUME~1\ADMINI~2\Impresoras 2007-04-30 13:54 <DIR> d--h----- C:\DOCUME~1\ADMINI~2\Entorno de red 2007-04-30 13:54 <DIR> d--h----- C:\DOCUME~1\ADMINI~2\Configuraci¢n local 2007-04-30 13:54 <DIR> d-------- C:\DOCUME~1\ADMINI~2\WINDOWS 2007-04-30 13:54 <DIR> d-------- C:\DOCUME~1\ADMINI~2\Escritorio 2007-04-30 13:54 <DIR> d-------- C:\DOCUME~1\ADMINI~2\DATOSD~1\VERITAS 2007-04-30 13:54 <DIR> d-------- C:\DOCUME~1\ADMINI~2\DATOSD~1\Symantec 2007-04-30 13:54 <DIR> d-------- C:\DOCUME~1\ADMINI~2\DATOSD~1\InterTrust 2007-04-30 13:54 <DIR> d-------- C:\DOCUME~1\ADMINI~2\DATOSD~1\Adobe 2007-04-23 16:47 <DIR> d-------- C:\WINDOWS\BDOSCAN8 2007-04-23 15:42 2,566,736 --a------ C:\Archivos de programa\spywareblastersetup351.exe 2007-04-23 15:42 <DIR> d-------- C:\Archivos de programa\SpywareBlaster 2007-04-20 23:30 <DIR> d-------- C:\DOCUME~1\LOCALS~1\Escritorio 2007-04-20 23:30 <DIR> d-------- C:\DOCUME~1\LOCALS~1\DATOSD~1\SiteAdvisor 2007-04-20 23:30 <DIR> d-------- C:\Archivos de programa\SiteAdvisor 2007-04-20 23:28 1,418,608 --a------ C:\Archivos de programa\saSetup-SiteAdvisor McAfee.exe 2007-04-20 23:28 <DIR> d-------- C:\DOCUME~1\PROPIE~1\DATOSD~1\SiteAdvisor 2007-04-20 23:28 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATOSD~1\SiteAdvisor 2007-04-20 18:48 <DIR> d-------- C:\WINDOWS\system32\Panda Software 2007-04-15 01:13 114,464 --a------ C:\WINDOWS\system32\drivers\naiavf5x.sys 2007-04-08 21:15 <DIR> d-------- C:\Archivos de programa\Native Instruments 2007-04-08 21:15 <DIR> d-------- C:\Archivos de programa\Archivos comunes\Digidesign (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-05-01 01:23 -------- d-------- C:\Archivos de programa\total video converter 2007-04-25 03:22 -------- d-------- C:\Archivos de programa\quicktime 2007-04-25 01:24 -------- d-------- C:\Archivos de programa\soulseek 2007-04-19 15:15 -------- d-------- C:\Archivos de programa\foobar2000 2007-04-17 09:13 -------- d-------- C:\Archivos de programa\ccleaner 2007-04-16 12:30 -------- d-------- C:\Archivos de programa\emule 2007-04-10 12:46 -------- d-------- C:\Archivos de programa\monkey's audio 2007-03-30 14:40 -------- d-------- C:\Archivos de programa\cleaner 5 ez 2007-03-30 10:04 -------- d-------- C:\Archivos de programa\sopcast 2007-03-26 16:48 71610 --a------ C:\WINDOWS\system32\perfc00a.dat 2007-03-26 16:48 446582 --a------ C:\WINDOWS\system32\perfh00a.dat 2007-03-24 02:58 -------- d-------- C:\Archivos de programa\Archivos comunes\native instruments 2007-03-23 19:24 -------- d-------- C:\Archivos de programa\syncrosoft 2007-03-23 18:56 -------- d-------- C:\Archivos de programa\rddrv001 2007-03-17 15:45 293376 --a------ C:\WINDOWS\system32\winsrv.dll 2007-03-09 22:01 -------- d-------- C:\Archivos de programa\msxml 4.0 2007-03-08 18:08 -------- d--h----- C:\Archivos de programa\installshield installation information 2007-03-08 18:08 -------- d-------- C:\Archivos de programa\surpac 2007-03-08 17:36 578560 --a------ C:\WINDOWS\system32\user32.dll 2007-03-08 17:36 40960 --a------ C:\WINDOWS\system32\mf3216.dll 2007-03-08 17:36 281600 --a------ C:\WINDOWS\system32\gdi32.dll 2007-03-08 17:32 1843712 --a------ C:\WINDOWS\system32\win32k.sys 2007-02-17 02:31 907673 --a------ C:\Archivos de programa\newcdext.exe 2007-02-05 22:18 185344 --a------ C:\WINDOWS\system32\upnphost.dll 2007-02-02 11:57 232839 --a------ C:\Archivos de programa\svrecorder.zip (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {02478D38-C3F9-4efb-9B51-7695ECA05670} C:\Archivos de programa\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll {089FD14D-132B-48FC-8861-0048AE113215} C:\Archivos de programa\SiteAdvisor\6066\SiteAdv.dll {53707962-6F74-2D53-2644-206D7942484F} C:\ARCHIV~1\SPYBOT~1\SDHelper.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "KBD"="C:\\HP\\KBD\\KBD.EXE" "IgfxTray"="C:\\WINDOWS\\System32\\igfxtray.exe" "hpsysdrv"="c:\\windows\\system\\hpsysdrv.exe" "HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb07.exe" "TkBellExe"="\"C:\\Archivos de programa\\Archivos comunes\\Real\\Update_OB\\realsched.exe\" -osboot" "QuickTime Task"="\"C:\\Archivos de programa\\QuickTime\\qttask.exe\" -atboottime" "AdaptecDirectCD"="\"C:\\Archivos de programa\\Roxio\\Easy CD Creator 5\\DirectCD\\DirectCD.exe\"" "VSOCheckTask"="\"C:\\ARCHIV~1\\McAfee.com\\VSO\\mcmnhdlr.exe\" /checktask" "VirusScan Online"="C:\\Archivos de programa\\McAfee.com\\VSO\\mcvsshld.exe" "OASClnt"="C:\\Archivos de programa\\McAfee.com\\VSO\\oasclnt.exe" "MCAgentExe"="c:\\ARCHIV~1\\mcafee.com\\agent\\mcagent.exe" "MCUpdateExe"="c:\\ARCHIV~1\\mcafee.com\\agent\\mcupdate.exe" "MPFExe"="C:\\ARCHIV~1\\McAfee.com\\PERSON~1\\MpfTray.exe" "_AntiSpyware"="c:\\archiv~1\\mcafee\\MCAFEE~1\\masalert.exe" "Adobe Photo Downloader"="\"C:\\Archivos de programa\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\"" "H2O"="C:\\Archivos de programa\\SyncroSoft\\Pos\\H2O\\cledx.exe" "SiteAdvisor"="C:\\Archivos de programa\\SiteAdvisor\\6066\\SiteAdv.exe" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "Suite"="regedit -s c:\\windows\\temp\\adj_hp.reg" [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] Source REG_SZ http://www.fcbarcelona.es/imagenes/h...mpnouthumb.jpg HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^Adobe Reader Speed Launch.lnk] "path"="C:\\Documents and Settings\\All Users\\Menú Inicio\\Programas\\Inicio\\Adobe Reader Speed Launch.lnk" "backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup" "location"="Common Startup" "command"="C:\\ARCHIV~1\\Adobe\\ACROBA~3.0\\Reader\\READER~1.EXE " "item"="Adobe Reader Speed Launch" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^InterVideo WinCinema Manager.lnk] "path"="C:\\Documents and Settings\\All Users\\Menú Inicio\\Programas\\Inicio\\InterVideo WinCinema Manager.lnk" "backup"="C:\\WINDOWS\\pss\\InterVideo WinCinema Manager.lnkCommon Startup" "location"="Common Startup" "command"="C:\\ARCHIV~1\\INTERV~1\\Common\\Bin\\WINCIN~1.EXE " "item"="InterVideo WinCinema Manager" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^Microsoft Office.lnk] "path"="C:\\Documents and Settings\\All Users\\Menú Inicio\\Programas\\Inicio\\Microsoft Office.lnk" "backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup" "location"="Common Startup" "command"="C:\\ARCHIV~1\\MI696F~1\\Office\\OSA9.EXE -b -l" "item"="Microsoft Office" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^RAMASST.lnk] "path"="C:\\Documents and Settings\\All Users\\Menú Inicio\\Programas\\Inicio\\RAMASST.lnk" "backup"="C:\\WINDOWS\\pss\\RAMASST.lnkCommon Startup" "location"="Common Startup" "command"="C:\\WINDOWS\\system32\\RAMASST.exe " "item"="RAMASST" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="DirectCD" "hkey"="HKLM" "command"="C:\\Archivos de programa\\Roxio\\Easy CD Creator 5\\DirectCD\\DirectCD.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="apdproxy" "hkey"="HKLM" "command"="\"C:\\Archivos de programa\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="tfswctrl" "hkey"="HKLM" "command"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="hkcmd" "hkey"="HKLM" "command"="C:\\WINDOWS\\System32\\hkcmd.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="RUNDLL32" "hkey"="HKLM" "command"="RUNDLL32.EXE NvQTwk,NvCplDaemon initialize" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="nwiz" "hkey"="HKLM" "command"="nwiz.exe /install" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrnSys Executable] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="PrnSys" "hkey"="HKLM" "command"="C:\\Program Files\\Hewlett-Packard\\hp print screen utility\\PrnSys.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ps2" "hkey"="HKLM" "command"="C:\\WINDOWS\\system32\\ps2.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="qttask" "hkey"="HKLM" "command"="\"C:\\Archivos de programa\\QuickTime\\qttask.exe\" -atboottime" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="RECGUARD" "hkey"="HKLM" "command"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="" "hkey"="HKLM" "command"="" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecuUFD] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="" "hkey"="HKLM" "command"="c:\\docume~1\\propie~1\\config~1\\temp\\secuufd.exe sys_auto_run C:\\DOCUME~1\\PROPIE~1\\CONFIG~1\\Temp\\" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="hpgs2wnd" "hkey"="HKLM" "command"="C:\\Archivos de programa\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnd.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="realsched" "hkey"="HKLM" "command"="\"C:\\Archivos de programa\\Archivos comunes\\Real\\Update_OB\\realsched.exe\" -osboot" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="winampa" "hkey"="HKLM" "command"="C:\\Archivos de programa\\Winamp\\winampa.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0 Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\McAfee AntiSpyware.job ******************************************************************** catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 http://www.gmer.net scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ******************************************************************** Completion time: 07-05-02 18  02C:\ComboFix-quarantined-files.txt ... 07-05-02 18:06 C:\ComboFix2.txt ... 07-04-19 01:26 =========== HIJACKTHIS Log now: Logfile of HijackThis v1.99.1 Scan saved at 18:10:06, on 02/05/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\Propietario\Mis documentos\Nuevo Maletín\HJT\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.es/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Archivos de programa\SiteAdvisor\6066\SiteAdv.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\archiv~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Archivos de programa\SiteAdvisor\6066\SiteAdv.dll O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Archivos de programa\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [VSOCheckTask] "C:\ARCHIV~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] C:\Archivos de programa\McAfee.com\VSO\mcvsshld.exe O4 - HKLM\..\Run: [OASClnt] C:\Archivos de programa\McAfee.com\VSO\oasclnt.exe O4 - HKLM\..\Run: [MCAgentExe] c:\ARCHIV~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] c:\ARCHIV~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [MPFExe] C:\ARCHIV~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [_AntiSpyware] c:\archiv~1\mcafee\MCAFEE~1\masalert.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Archivos de programa\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [H2O] C:\Archivos de programa\SyncroSoft\Pos\H2O\cledx.exe O4 - HKLM\..\Run: [SiteAdvisor] C:\Archivos de programa\SiteAdvisor\6066\SiteAdv.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Inicio rápido de Adobe Reader.lnk = C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\reader_sl.exe O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MI699F~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://www-secure.symantec.com/tech...a/LSSupCtl.cab O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europ...vex/hcImpl.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by19fd.bay19.hotmail.msn.com/...s/MsnPUpld.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://amiuptodate.mcafee.com/vsc/bi...datePortal.cab O16 - DPF: {6CCE3920-3183-4B3D-808A-B12EB769DE12} (CSS Web Installer Class) - http://www.commandondemand.com/eval/cod/cabs/cssweb.cab O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/v...fo/webscan.cab O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoinst.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {B785FA3C-1DE9-4D20-8396-613C486FE95E} (AeatCtl Class) - https://www1.aeat.es/imagenes/comun/cactivex.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...26/mcgdmgr.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - http://www.symantec.com/techsupp/act...a/SymAData.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{32A997A7-3D6C-4FD1-B199-21207B14BDA8}: NameServer = 195.235.113.3,195.235.96.90 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARCHIV~1\MSNMES~1\msgrapp.dll" (file missing) O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Archivos de programa\SiteAdvisor\6066\SiteAdv.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Archivos de programa\Archivos comunes\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: McAfee AntiSpyware Service - McAfee, Inc. - c:\archiv~1\mcafee\mcafee antispyware\massrv.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\archivos de programa\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\ARCHIV~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\ARCHIV~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\ARCHIV~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\ARCHIV~1\McAfee.com\PERSON~1\MpfService.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Programador de LiveUpdate automático - Unknown owner - C:\Archivos de programa\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing) O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Archivos de programa\SiteAdvisor\6066\SAService.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Archivos de programa\Archivos comunes\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing) I can not connect to internet. I'm writing from my wife's PC. Thanks for your reply and interest. FJ |
|
|
|
|
05-02-2007, 10:38 AM
|
#5 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 26,752
OS: 2000 Pro; XP Pro; XP Home
|
Re: Trojan Pws-lsp & Spam-xarvester On My Pc
It appears as though you ran ComboFix twice.
Please post C:\ComboFix2.txt
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Please do not ask for help via Private Message. |
|
|
|
|
05-02-2007, 11:30 AM
|
#6 (permalink) |
|
Registered User
Join Date: Apr 2007
Posts: 16
OS: Windows XP Home Edition
|
Re: Trojan Pws-lsp & Spam-xarvester On My Pc
Sorry I don't understand you...:-(... I don't find C:\ComboFix2.txt. I post you all my ComboFix txt: ========================== ========================== FIRST TXT>>>>>>>>>> ========================== Code:
04-01-15 08:01 53299 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\pthreadVC.dll.vir
04-05-14 12:30 61440 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\wanpacket.dll.vir
04-05-14 12:30 81920 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\packet.dll.vir
04-05-14 12:37 32896 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\npf.sys.vir
04-05-14 14:02 225280 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\wpcap.dll.vir
06-06-29 14:10 1656 --a------ C:\Qoobox\Quarantine\C\INSTALL.LOG.vir
06-09-22 04:03 813 --a------ C:\Qoobox\Quarantine\C\DOCUME~1\PROPIE~1\ESCRIT~1\Internet Explorer.lnk.vir
07-04-19 01:24 1326 --a------ C:\Qoobox\Quarantine\Registry_backups\LEGACY_NM.reg.cf
07-04-19 01:24 1334 --a------ C:\Qoobox\Quarantine\Registry_backups\LEGACY_NPF.reg.cf
07-04-19 01:24 2426 --a------ C:\Qoobox\Quarantine\Registry_backups\services_NPF.reg.cf
07-04-19 01:24 8830 --a------ C:\Qoobox\Quarantine\Registry_backups\services_nm.reg.cf
Listado de rutas de carpetas para el volumen HP_PAVILION
El n£mero de serie del volumen es 38DB-C9FD
C:\QOOBOX
\---Quarantine
+---C
| | INSTALL.LOG.vir
| |
| +---DOCUME~1
| | \---PROPIE~1
| | \---ESCRIT~1
| | Internet Explorer.lnk.vir
| |
| \---WINDOWS
| \---system32
| | packet.dll.vir
| | pthreadVC.dll.vir
| | wanpacket.dll.vir
| | wpcap.dll.vir
| |
| \---drivers
| npf.sys.vir
|
\---Registry_backups
LEGACY_NM.reg.cf
LEGACY_NPF.reg.cf
services_nm.reg.cf
services_NPF.reg.cf
====================================== SECOND TXT>>>>>> ====================================== "Propietario" - 07-05-02 19:11:45 Service Pack 2 [SAFE MODE] ComboFix 07-04-19.1V - Running from: C:\Documents and Settings\Propietario\Escritorio\ ((((((((((((((((((((((((((((((( Files Created from 2007-04-02 to 2007-05-02 )))))))))))))))))))))))))))))))))) 2007-05-02 13:27 <DIR> d-------- C:\DOCUME~1\NETWOR~1\Escritorio 2007-05-02 13:27 <DIR> d-------- C:\DOCUME~1\NETWOR~1\DATOSD~1\SiteAdvisor 2007-05-01 15:19 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys 2007-05-01 00:37 <DIR> d-------- C:\csscod 2007-04-30 18:03 <DIR> d-------- C:\DOCUME~1\PROPIE~1\.housecall6.6 2007-04-30 13:54 1,310,720 --ah----- C:\DOCUME~1\ADMINI~2\NTUSER.DAT 2007-04-30 13:54 <DIR> dr-h----- C:\DOCUME~1\ADMINI~2\Datos de programa 2007-04-30 13:54 <DIR> dr------- C:\DOCUME~1\ADMINI~2\Mis documentos 2007-04-30 13:54 <DIR> dr------- C:\DOCUME~1\ADMINI~2\Men£ Inicio 2007-04-30 13:54 <DIR> dr------- C:\DOCUME~1\ADMINI~2\Favoritos 2007-04-30 13:54 <DIR> d--h----- C:\DOCUME~1\ADMINI~2\Plantillas 2007-04-30 13:54 <DIR> d--h----- C:\DOCUME~1\ADMINI~2\Impresoras 2007-04-30 13:54 <DIR> d--h----- C:\DOCUME~1\ADMINI~2\Entorno de red 2007-04-30 13:54 <DIR> d--h----- C:\DOCUME~1\ADMINI~2\Configuraci¢n local 2007-04-30 13:54 <DIR> d-------- C:\DOCUME~1\ADMINI~2\WINDOWS 2007-04-30 13:54 <DIR> d-------- C:\DOCUME~1\ADMINI~2\Escritorio 2007-04-30 13:54 <DIR> d-------- C:\DOCUME~1\ADMINI~2\DATOSD~1\VERITAS 2007-04-30 13:54 <DIR> d-------- C:\DOCUME~1\ADMINI~2\DATOSD~1\Symantec 2007-04-30 13:54 <DIR> d-------- C:\DOCUME~1\ADMINI~2\DATOSD~1\InterTrust 2007-04-30 13:54 <DIR> d-------- C:\DOCUME~1\ADMINI~2\DATOSD~1\Adobe 2007-04-23 16:47 <DIR> d-------- C:\WINDOWS\BDOSCAN8 2007-04-23 15:42 2,566,736 --a------ C:\Archivos de programa\spywareblastersetup351.exe 2007-04-23 15:42 <DIR> d-------- C:\Archivos de programa\SpywareBlaster 2007-04-20 23:30 <DIR> d-------- C:\DOCUME~1\LOCALS~1\Escritorio 2007-04-20 23:30 <DIR> d-------- C:\DOCUME~1\LOCALS~1\DATOSD~1\SiteAdvisor 2007-04-20 23:30 <DIR> d-------- C:\Archivos de programa\SiteAdvisor 2007-04-20 23:28 1,418,608 --a------ C:\Archivos de programa\saSetup-SiteAdvisor McAfee.exe 2007-04-20 23:28 <DIR> d-------- C:\DOCUME~1\PROPIE~1\DATOSD~1\SiteAdvisor 2007-04-20 23:28 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATOSD~1\SiteAdvisor 2007-04-20 18:48 <DIR> d-------- C:\WINDOWS\system32\Panda Software 2007-04-15 01:13 114,464 --a------ C:\WINDOWS\system32\drivers\naiavf5x.sys 2007-04-08 21:15 <DIR> d-------- C:\Archivos de programa\Native Instruments 2007-04-08 21:15 <DIR> d-------- C:\Archivos de programa\Archivos comunes\Digidesign (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-05-01 01:23 -------- d-------- C:\Archivos de programa\total video converter 2007-04-25 03:22 -------- d-------- C:\Archivos de programa\quicktime 2007-04-25 01:24 -------- d-------- C:\Archivos de programa\soulseek 2007-04-19 15:15 -------- d-------- C:\Archivos de programa\foobar2000 2007-04-17 09:13 -------- d-------- C:\Archivos de programa\ccleaner 2007-04-16 12:30 -------- d-------- C:\Archivos de programa\emule 2007-04-10 12:46 -------- d-------- C:\Archivos de programa\monkey's audio 2007-03-30 14:40 -------- d-------- C:\Archivos de programa\cleaner 5 ez 2007-03-30 10:04 -------- d-------- C:\Archivos de programa\sopcast 2007-03-26 16:48 71610 --a------ C:\WINDOWS\system32\perfc00a.dat 2007-03-26 16:48 446582 --a------ C:\WINDOWS\system32\perfh00a.dat 2007-03-24 02:58 -------- d-------- C:\Archivos de programa\Archivos comunes\native instruments 2007-03-23 19:24 -------- d-------- C:\Archivos de programa\syncrosoft 2007-03-23 18:56 -------- d-------- C:\Archivos de programa\rddrv001 2007-03-17 15:45 293376 --a------ C:\WINDOWS\system32\winsrv.dll 2007-03-09 22:01 -------- d-------- C:\Archivos de programa\msxml 4.0 2007-03-08 18:08 -------- d--h----- C:\Archivos de programa\installshield installation information 2007-03-08 18:08 -------- d-------- C:\Archivos de programa\surpac 2007-03-08 17:36 578560 --a------ C:\WINDOWS\system32\user32.dll 2007-03-08 17:36 40960 --a------ C:\WINDOWS\system32\mf3216.dll 2007-03-08 17:36 281600 --a------ C:\WINDOWS\system32\gdi32.dll 2007-03-08 17:32 1843712 --a------ C:\WINDOWS\system32\win32k.sys 2007-02-17 02:31 907673 --a------ C:\Archivos de programa\newcdext.exe 2007-02-05 22:18 185344 --a------ C:\WINDOWS\system32\upnphost.dll 2007-02-02 11:57 232839 --a------ C:\Archivos de programa\svrecorder.zip (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {02478D38-C3F9-4efb-9B51-7695ECA05670} C:\Archivos de programa\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll {089FD14D-132B-48FC-8861-0048AE113215} C:\Archivos de programa\SiteAdvisor\6066\SiteAdv.dll {53707962-6F74-2D53-2644-206D7942484F} C:\ARCHIV~1\SPYBOT~1\SDHelper.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "KBD"="C:\\HP\\KBD\\KBD.EXE" "IgfxTray"="C:\\WINDOWS\\System32\\igfxtray.exe" "hpsysdrv"="c:\\windows\\system\\hpsysdrv.exe" "HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb07.exe" "TkBellExe"="\"C:\\Archivos de programa\\Archivos comunes\\Real\\Update_OB\\realsched.exe\" -osboot" "QuickTime Task"="\"C:\\Archivos de programa\\QuickTime\\qttask.exe\" -atboottime" "AdaptecDirectCD"="\"C:\\Archivos de programa\\Roxio\\Easy CD Creator 5\\DirectCD\\DirectCD.exe\"" "VSOCheckTask"="\"C:\\ARCHIV~1\\McAfee.com\\VSO\\mcmnhdlr.exe\" /checktask" "VirusScan Online"="C:\\Archivos de programa\\McAfee.com\\VSO\\mcvsshld.exe" "OASClnt"="C:\\Archivos de programa\\McAfee.com\\VSO\\oasclnt.exe" "MCAgentExe"="c:\\ARCHIV~1\\mcafee.com\\agent\\mcagent.exe" "MCUpdateExe"="c:\\ARCHIV~1\\mcafee.com\\agent\\mcupdate.exe" "MPFExe"="C:\\ARCHIV~1\\McAfee.com\\PERSON~1\\MpfTray.exe" "_AntiSpyware"="c:\\archiv~1\\mcafee\\MCAFEE~1\\masalert.exe" "Adobe Photo Downloader"="\"C:\\Archivos de programa\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\"" "H2O"="C:\\Archivos de programa\\SyncroSoft\\Pos\\H2O\\cledx.exe" "SiteAdvisor"="C:\\Archivos de programa\\SiteAdvisor\\6066\\SiteAdv.exe" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "Suite"="regedit -s c:\\windows\\temp\\adj_hp.reg" [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] Source REG_SZ http://www.fcbarcelona.es/imagenes/h...mpnouthumb.jpg HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^Adobe Reader Speed Launch.lnk] "path"="C:\\Documents and Settings\\All Users\\Menú Inicio\\Programas\\Inicio\\Adobe Reader Speed Launch.lnk" "backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup" "location"="Common Startup" "command"="C:\\ARCHIV~1\\Adobe\\ACROBA~3.0\\Reader\\READER~1.EXE " "item"="Adobe Reader Speed Launch" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^InterVideo WinCinema Manager.lnk] "path"="C:\\Documents and Settings\\All Users\\Menú Inicio\\Programas\\Inicio\\InterVideo WinCinema Manager.lnk" "backup"="C:\\WINDOWS\\pss\\InterVideo WinCinema Manager.lnkCommon Startup" "location"="Common Startup" "command"="C:\\ARCHIV~1\\INTERV~1\\Common\\Bin\\WINCIN~1.EXE " "item"="InterVideo WinCinema Manager" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^Microsoft Office.lnk] "path"="C:\\Documents and Settings\\All Users\\Menú Inicio\\Programas\\Inicio\\Microsoft Office.lnk" "backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup" "location"="Common Startup" "command"="C:\\ARCHIV~1\\MI696F~1\\Office\\OSA9.EXE -b -l" "item"="Microsoft Office" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^RAMASST.lnk] "path"="C:\\Documents and Settings\\All Users\\Menú Inicio\\Programas\\Inicio\\RAMASST.lnk" "backup"="C:\\WINDOWS\\pss\\RAMASST.lnkCommon Startup" "location"="Common Startup" "command"="C:\\WINDOWS\\system32\\RAMASST.exe " "item"="RAMASST" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="DirectCD" "hkey"="HKLM" "command"="C:\\Archivos de programa\\Roxio\\Easy CD Creator 5\\DirectCD\\DirectCD.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="apdproxy" "hkey"="HKLM" "command"="\"C:\\Archivos de programa\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="tfswctrl" "hkey"="HKLM" "command"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="hkcmd" "hkey"="HKLM" "command"="C:\\WINDOWS\\System32\\hkcmd.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="RUNDLL32" "hkey"="HKLM" "command"="RUNDLL32.EXE NvQTwk,NvCplDaemon initialize" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="nwiz" "hkey"="HKLM" "command"="nwiz.exe /install" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrnSys Executable] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="PrnSys" "hkey"="HKLM" "command"="C:\\Program Files\\Hewlett-Packard\\hp print screen utility\\PrnSys.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ps2" "hkey"="HKLM" "command"="C:\\WINDOWS\\system32\\ps2.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="qttask" "hkey"="HKLM" "command"="\"C:\\Archivos de programa\\QuickTime\\qttask.exe\" -atboottime" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="RECGUARD" "hkey"="HKLM" "command"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="" "hkey"="HKLM" "command"="" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecuUFD] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="" "hkey"="HKLM" "command"="c:\\docume~1\\propie~1\\config~1\\temp\\secuufd.exe sys_auto_run C:\\DOCUME~1\\PROPIE~1\\CONFIG~1\\Temp\\" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="hpgs2wnd" "hkey"="HKLM" "command"="C:\\Archivos de programa\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnd.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="realsched" "hkey"="HKLM" "command"="\"C:\\Archivos de programa\\Archivos comunes\\Real\\Update_OB\\realsched.exe\" -osboot" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="winampa" "hkey"="HKLM" "command"="C:\\Archivos de programa\\Winamp\\winampa.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0 Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\McAfee AntiSpyware.job ******************************************************************** catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 http://www.gmer.net scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ******************************************************************** Completion time: 07-05-02 19:13:11 C:\ComboFix-quarantined-files.txt ... 07-05-02 19:13 C:\ComboFix2.txt ... 07-05-02 18:06 C:\ComboFix3.txt ... 07-04-19 01:26 ============================ ============================ THIRTH TXT>>>>>>>>>>>> ============================= "Propietario" - 07-05-02 18:03:54 Service Pack 2 [SAFE MODE] ComboFix 07-04-19.1V - Running from: C:\Documents and Settings\Propietario\Escritorio\ ((((((((((((((((((((((((((((((( Files Created from 2007-04-02 to 2007-05-02 )))))))))))))))))))))))))))))))))) 2007-05-02 13:27 <DIR> d-------- C:\DOCUME~1\NETWOR~1\Escritorio 2007-05-02 13:27 <DIR> d-------- C:\DOCUME~1\NETWOR~1\DATOSD~1\SiteAdvisor 2007-05-01 15:19 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys 2007-05-01 00:37 <DIR> d-------- C:\csscod 2007-04-30 18:03 <DIR> d-------- C:\DOCUME~1\PROPIE~1\.housecall6.6 2007-04-30 13:54 1,310,720 --ah----- C:\DOCUME~1\ADMINI~2\NTUSER.DAT 2007-04-30 13:54 <DIR> dr-h----- C:\DOCUME~1\ADMINI~2\Datos de programa 2007-04-30 13:54 <DIR> dr------- C:\DOCUME~1\ADMINI~2\Mis documentos 2007-04-30 13:54 <DIR> dr------- C:\DOCUME~1\ADMINI~2\Men£ Inicio 2007-04-30 13:54 <DIR> dr------- C:\DOCUME~1\ADMINI~2\Favoritos 2007-04-30 13:54 <DIR> d--h----- C:\DOCUME~1\ADMINI~2\Plantillas 2007-04-30 13:54 <DIR> d--h----- C:\DOCUME~1\ADMINI~2\Impresoras 2007-04-30 13:54 <DIR> d--h----- C:\DOCUME~1\ADMINI~2\Entorno de red 2007-04-30 13:54 <DIR> d--h----- C:\DOCUME~1\ADMINI~2\Configuraci¢n local 2007-04-30 13:54 <DIR> d-------- C:\DOCUME~1\ADMINI~2\WINDOWS 2007-04-30 13:54 <DIR> d-------- C:\DOCUME~1\ADMINI~2\Escritorio 2007-04-30 13:54 <DIR> d-------- C:\DOCUME~1\ADMINI~2\DATOSD~1\VERITAS 2007-04-30 13:54 <DIR> d-------- C:\DOCUME~1\ADMINI~2\DATOSD~1\Symantec 2007-04-30 13:54 <DIR> d-------- C:\DOCUME~1\ADMINI~2\DATOSD~1\InterTrust 2007-04-30 13:54 <DIR> d-------- C:\DOCUME~1\ADMINI~2\DATOSD~1\Adobe 2007-04-23 16:47 <DIR> d-------- C:\WINDOWS\BDOSCAN8 2007-04-23 15:42 2,566,736 --a------ C:\Archivos de programa\spywareblastersetup351.exe 2007-04-23 15:42 <DIR> d-------- C:\Archivos de programa\SpywareBlaster 2007-04-20 23:30 <DIR> d-------- C:\DOCUME~1\LOCALS~1\Escritorio 2007-04-20 23:30 <DIR> d-------- C:\DOCUME~1\LOCALS~1\DATOSD~1\SiteAdvisor 2007-04-20 23:30 <DIR> d-------- C:\Archivos de programa\SiteAdvisor 2007-04-20 23:28 1,418,608 --a------ C:\Archivos de programa\saSetup-SiteAdvisor McAfee.exe 2007-04-20 23:28 <DIR> d-------- C:\DOCUME~1\PROPIE~1\DATOSD~1\SiteAdvisor 2007-04-20 23:28 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATOSD~1\SiteAdvisor 2007-04-20 18:48 <DIR> d-------- C:\WINDOWS\system32\Panda Software 2007-04-15 01:13 114,464 --a------ C:\WINDOWS\system32\drivers\naiavf5x.sys 2007-04-08 21:15 <DIR> d-------- C:\Archivos de programa\Native Instruments 2007-04-08 21:15 <DIR> d-------- C:\Archivos de programa\Archivos comunes\Digidesign (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-05-01 01:23 -------- d-------- C:\Archivos de programa\total video converter 2007-04-25 03:22 -------- d-------- C:\Archivos de programa\quicktime 2007-04-25 01:24 -------- d-------- C:\Archivos de programa\soulseek 2007-04-19 15:15 -------- d-------- C:\Archivos de programa\foobar2000 2007-04-17 09:13 -------- d-------- C:\Archivos de programa\ccleaner 2007-04-16 12:30 -------- d-------- C:\Archivos de programa\emule 2007-04-10 12:46 -------- d-------- C:\Archivos de programa\monkey's audio 2007-03-30 14:40 -------- d-------- C:\Archivos de programa\cleaner 5 ez 2007-03-30 10:04 -------- d-------- C:\Archivos de programa\sopcast 2007-03-26 16:48 71610 --a------ C:\WINDOWS\system32\perfc00a.dat 2007-03-26 16:48 446582 --a------ C:\WINDOWS\system32\perfh00a.dat 2007-03-24 02:58 -------- d-------- C:\Archivos de programa\Archivos comunes\native instruments 2007-03-23 19:24 -------- d-------- C:\Archivos de programa\syncrosoft 2007-03-23 18:56 -------- d-------- C:\Archivos de programa\rddrv001 2007-03-17 15:45 293376 --a------ C:\WINDOWS\system32\winsrv.dll 2007-03-09 22:01 -------- d-------- C:\Archivos de programa\msxml 4.0 2007-03-08 18:08 -------- d--h----- C:\Archivos de programa\installshield installation information 2007-03-08 18:08 -------- d-------- C:\Archivos de programa\surpac 2007-03-08 17:36 578560 --a------ C:\WINDOWS\system32\user32.dll 2007-03-08 17:36 40960 --a------ C:\WINDOWS\system32\mf3216.dll 2007-03-08 17:36 281600 --a------ C:\WINDOWS\system32\gdi32.dll 2007-03-08 17:32 1843712 --a------ C:\WINDOWS\system32\win32k.sys 2007-02-17 02:31 907673 --a------ C:\Archivos de programa\newcdext.exe 2007-02-05 22:18 185344 --a------ C:\WINDOWS\system32\upnphost.dll 2007-02-02 11:57 232839 --a------ C:\Archivos de programa\svrecorder.zip (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {02478D38-C3F9-4efb-9B51-7695ECA05670} C:\Archivos de programa\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll {089FD14D-132B-48FC-8861-0048AE113215} C:\Archivos de programa\SiteAdvisor\6066\SiteAdv.dll {53707962-6F74-2D53-2644-206D7942484F} C:\ARCHIV~1\SPYBOT~1\SDHelper.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "KBD"="C:\\HP\\KBD\\KBD.EXE" "IgfxTray"="C:\\WINDOWS\\System32\\igfxtray.exe" "hpsysdrv"="c:\\windows\\system\\hpsysdrv.exe" "HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb07.exe" "TkBellExe"="\"C:\\Archivos de programa\\Archivos comunes\\Real\\Update_OB\\realsched.exe\" -osboot" "QuickTime Task"="\"C:\\Archivos de programa\\QuickTime\\qttask.exe\" -atboottime" "AdaptecDirectCD"="\"C:\\Archivos de programa\\Roxio\\Easy CD Creator 5\\DirectCD\\DirectCD.exe\"" "VSOCheckTask"="\"C:\\ARCHIV~1\\McAfee.com\\VSO\\mcmnhdlr.exe\" /checktask" "VirusScan Online"="C:\\Archivos de programa\\McAfee.com\\VSO\\mcvsshld.exe" "OASClnt"="C:\\Archivos de programa\\McAfee.com\\VSO\\oasclnt.exe" "MCAgentExe"="c:\\ARCHIV~1\\mcafee.com\\agent\\mcagent.exe" "MCUpdateExe"="c:\\ARCHIV~1\\mcafee.com\\agent\\mcupdate.exe" "MPFExe"="C:\\ARCHIV~1\\McAfee.com\\PERSON~1\\MpfTray.exe" "_AntiSpyware"="c:\\archiv~1\\mcafee\\MCAFEE~1\\masalert.exe" "Adobe Photo Downloader"="\"C:\\Archivos de programa\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\"" "H2O"="C:\\Archivos de programa\\SyncroSoft\\Pos\\H2O\\cledx.exe" "SiteAdvisor"="C:\\Archivos de programa\\SiteAdvisor\\6066\\SiteAdv.exe" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "Suite"="regedit -s c:\\windows\\temp\\adj_hp.reg" [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] Source REG_SZ http://www.fcbarcelona.es/imagenes/h...mpnouthumb.jpg HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^Adobe Reader Speed Launch.lnk] "path"="C:\\Documents and Settings\\All Users\\Menú Inicio\\Programas\\Inicio\\Adobe Reader Speed Launch.lnk" "backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup" "location"="Common Startup" "command"="C:\\ARCHIV~1\\Adobe\\ACROBA~3.0\\Reader\\READER~1.EXE " "item"="Adobe Reader Speed Launch" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^InterVideo WinCinema Manager.lnk] "path"="C:\\Documents and Settings\\All Users\\Menú Inicio\\Programas\\Inicio\\InterVideo WinCinema Manager.lnk" "backup"="C:\\WINDOWS\\pss\\InterVideo WinCinema Manager.lnkCommon Startup" "location"="Common Startup" "command"="C:\\ARCHIV~1\\INTERV~1\\Common\\Bin\\WINCIN~1.EXE " "item"="InterVideo WinCinema Manager" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^Microsoft Office.lnk] "path"="C:\\Documents and Settings\\All Users\\Menú Inicio\\Programas\\Inicio\\Microsoft Office.lnk" " |
