Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

pretty nasty infection [RESOLVED]


  • This topic is locked This topic is locked

#1
smeke

smeke

    Member

  • Member
  • PipPip
  • 27 posts
Hello,

I think my laptop has a pretty bad virus on it... i've performes system scans several times and nothing appeared, and a chkdsk /r once (because my laptop wouldnt even boot). This afternoon my comp. went into the infamous BSOD-mode and it said something like kernel_stack_inpage. After reading some posts in the internet i figured it was a virus, and now i recur to you to. I post my HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:41:19, on 22/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
C:\Archivos de programa\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Archivos de programa\Synaptics\SynTP\SynTPLpr.exe
C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe
C:\Archivos de programa\LG Software\Battery Miser 2005\batterymiser.exe
C:\Archivos de programa\LG Software\On Screen Display\Hotkey.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\rundll32.exe
C:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
C:\Archivos de programa\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Windows Live\Messenger\MsnMsgr.Exe
C:\Archivos de programa\Messenger\msmsgs.exe
C:\Archivos de programa\Archivos comunes\Ahead\lib\NMBgMonitor.exe
C:\Archivos de programa\3M\PSNotes2\Psn2.exe
C:\ARCHIV~1\3M\PSNotes2\PSNGive.exe
C:\Archivos de programa\iPod\bin\iPodService.exe
C:\ARCHIV~1\3M\PSNotes2\PsnMSIME.exe
C:\Archivos de programa\Internet Explorer\IEXPLORE.EXE
C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Archivos de programa\lg_swupdate\tmcheck.exe
c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Archivos de programa\Windows Live\Messenger\usnsvc.exe
C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [LG Intelligent Update] "C:\Archivos de programa\lg_swupdate\autoupdate.exe" Gilautouc
O4 - HKLM\..\Run: [ATIPTA] "C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SynTPLpr] "C:\Archivos de programa\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [batterymiser] "C:\Archivos de programa\LG Software\Battery Miser 2005\batterymiser.exe"
O4 - HKLM\..\Run: [KeybdUtility] "C:\Archivos de programa\LG Software\On Screen Display\Hotkey.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVP] "C:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Archivos de programa\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Archivos de programa\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ares] "C:\Archivos de programa\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [\\BALAS\EPSON Stylus C79 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBGL.EXE" /FU "C:\DOCUME~1\Jaime\CONFIG~1\Temp\E_S6.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Detectando automáticamente EPSON Stylus C79 Series en HECTORPARRA] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBGL.EXE /FU "C:\WINDOWS\TEMP\E_S2BD.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [MSMSGS] "C:\Archivos de programa\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Archivos de programa\Archivos comunes\Ahead\lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Servicio de red')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Archivos de programa\Yahoo!\Widgets\YahooWidgetEngine.exe
O4 - Global Startup: Post-it® Software Notes.lnk = C:\Archivos de programa\3M\PSNotes2\Psn2.exe
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Archivos de programa\MP3 Player Utilities 4.00\AMVConverter\grab.html
O8 - Extra context menu item: Add to Anti-Banner - C:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\ie_banner_deny.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Archivos de programa\MP3 Player Utilities 4.00\MediaManager\grab.html
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\SCIEPlgn.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {239A6565-49B5-47A4-B70D-4ADD73E1FCA2} (WriteFiles.WriteFile) - file:///C:/Archivos%20de%20programa/Ceneval%20Esfinge/MisGuias/EX2Comun/WriteFileDLL.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.liv...es/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - http://upload.facebo...toUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx...owserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1183581934421
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-2ec516627...ad/MsnPUpld.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebo...Uploader4_5.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zon...er.cab56986.cab
O20 - AppInit_DLLs: C:\ARCHIV~1\KASPER~1\KASPER~1.0FO\adialhk.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Archivos de programa\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Archivos de programa\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Archivos de programa\Archivos comunes\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Archivos de programa\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Archivos de programa\Archivos comunes\Macromedia Shared\Service\Macromedia Licensing.exe
  • 0

Advertisements


#2
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
It might not be a virus. See here for other things to keep an eye out for.

We can run a deeper scan to see if anything suspicious pops up...

1. Download combofix at http://www.techsuppo...Bs/ComboFix.exe or http://download.blee...Bs/ComboFix.exe
2. Double-click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply.

Note:
Do not click on combofix's window while it's running. That may cause it to stall.
  • 0

#3
smeke

smeke

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Thanks for answering so quickly. I also noticed that my laptop is running quite slower than usual, and when i disconnect the charger it also slows down. It basically slows down with everything. Here is the combofix log

ComboFix 08-04-22.5 - Jaime 2008-04-23 12:35:36.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.3082.18.254 [GMT -5:00]
Se ejecuta desde: C:\Documents and Settings\Jaime\Escritorio\ComboFix.exe
* Creado un nuevo punto de restauración
* Resident AV is active


ADVERTENCIA - ESTE EQUIPO NO TIENE INSTALADA LA CONSOLA DE RECUPERACION!
.

(((((((((((((((((((((((((((((((((((( Otras eliminaciones )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\Downloaded Program Files\setup.inf

.
(((((((((((((((((( Archivos creados desde 2008-03-23 - 2008-04-23 )))))))))))))))))))))))))))))))))
.

2008-04-08 20:50 . 2008-04-08 20:50 <DIR> d-------- C:\Archivos de programa\iPod
2008-04-03 01:49 . 2008-04-21 20:48 <DIR> d-------- C:\Archivos de programa\Mozilla Firefox 3 Beta 5
2008-04-01 18:28 . 2008-04-01 18:31 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-03-31 01:19 . 2008-04-09 09:30 <DIR> d-------- C:\Archivos de programa\HammerHead
2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-03-27 14:48 . 2008-03-27 14:48 <DIR> d-------- C:\Archivos de programa\TryMedia
2008-03-23 15:29 . 2008-04-22 17:46 8,075 --a------ C:\WINDOWS\lg_up.ini

.
(((((((((((((((((((((((((((((((((((((( Reporte Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-23 17:53 10,350,624 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-23 17:52 414,240 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-04-22 22:46 --------- d-----w C:\Archivos de programa\lg_swupdate
2008-04-22 22:43 --------- d-----w C:\Documents and Settings\All Users\Datos de programa\Kaspersky Lab
2008-04-22 05:22 39,164 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-04-22 05:22 136,268 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-17 14:11 96,645 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-04-17 14:11 87,941 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-04-09 03:25 --------- d-----w C:\Documents and Settings\All Users\Datos de programa\Microsoft Help
2008-04-09 01:50 --------- d-----w C:\Archivos de programa\iTunes
2008-04-09 01:47 --------- d-----w C:\Archivos de programa\QuickTime
2008-04-02 03:16 --------- d-----w C:\Archivos de programa\Windows Live Safety Center
2008-03-29 06:46 --------- d-----w C:\Archivos de programa\Messenger Plus! Live
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-14 16:25 --------- d-----w C:\Documents and Settings\All Users\Datos de programa\Office Genuine Advantage
2008-03-13 17:24 --------- d-----w C:\Documents and Settings\Jaime\Datos de programa\Apple Computer
2008-03-12 03:15 --------- d-----w C:\Archivos de programa\SpywareBlaster
2008-03-07 04:02 --------- d-----w C:\Archivos de programa\Total Video Converter
2008-03-06 04:59 --------- d-----w C:\Archivos de programa\CCleaner
2008-03-06 04:47 --------- d--h--w C:\Archivos de programa\InstallShield Installation Information
2008-03-05 23:02 --------- d-----w C:\Archivos de programa\Emsa DLL Register Tool
2008-03-05 05:08 --------- d-----w C:\Archivos de programa\Free YouTube Download
2008-03-05 05:08 --------- d-----w C:\Archivos de programa\Archivos comunes\DVDVideoSoft
2008-03-03 23:23 --------- d-----w C:\Archivos de programa\Panda Security
2008-03-01 16:48 --------- dcsh--w C:\Archivos de programa\Archivos comunes\WindowsLiveInstaller
2008-03-01 16:47 --------- d-----w C:\Documents and Settings\All Users\Datos de programa\WLInstaller
2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-26 16:46 --------- d-----w C:\Documents and Settings\Jaime\Datos de programa\Alien Skin
2008-02-25 22:28 --------- d-----w C:\Documents and Settings\Jaime\Datos de programa\Ahead
2008-02-25 20:44 --------- d-----w C:\Archivos de programa\Kaspersky Lab
2008-02-25 20:43 --------- d-----w C:\Documents and Settings\Jaime\Datos de programa\AVG7
2008-02-25 20:43 --------- d-----w C:\Documents and Settings\Invitado\Datos de programa\AVG7
2008-02-25 20:43 --------- d-----w C:\Documents and Settings\All Users\Datos de programa\avg7
2008-02-25 20:18 --------- d-----w C:\Archivos de programa\Archivos comunes\Ahead
2008-02-25 20:14 --------- d-----w C:\Archivos de programa\Nero
2008-02-24 00:44 --------- d-----w C:\Documents and Settings\Invitado\Datos de programa\Talkback
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-01-30 15:12 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2008-01-29 17:02 107,368 ----a-w C:\WINDOWS\system32\GEARAspi.dll
.

((((((((((((((((((((((((((((((((( Cargando Puntos Reg ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* entradas vacías & entradas legítimas predeterminadas no son mostradas

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 07:00 15360]
"MsnMsgr"="C:\Archivos de programa\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"ares"="C:\Archivos de programa\Ares\Ares.exe" [2007-07-16 16:54 961536]
"\\BALAS\EPSON Stylus C79 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBGL.exe" [2006-10-19 04:01 143360]
"Detectando automáticamente EPSON Stylus C79 Series en HECTORPARRA"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBGL.exe" [2006-10-19 04:01 143360]
"MSMSGS"="C:\Archivos de programa\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Archivos de programa\Archivos comunes\Ahead\lib\NMBgMonitor.exe" [2005-11-24 16:38 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LG Intelligent Update"="C:\Archivos de programa\lg_swupdate\autoupdate.exe" [2005-08-23 20:23 106496]
"ATIPTA"="C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-07 22:05 344064]
"SynTPLpr"="C:\Archivos de programa\Synaptics\SynTP\SynTPLpr.exe" [2005-02-14 03:59 98396]
"SynTPEnh"="C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe" [2005-02-14 03:58 667740]
"batterymiser"="C:\Archivos de programa\LG Software\Battery Miser 2005\batterymiser.exe" [2006-06-01 18:54 335872]
"KeybdUtility"="C:\Archivos de programa\LG Software\On Screen Display\Hotkey.exe" [2005-07-26 10:18 81920]
"AGRSMMSG"="AGRSMMSG.exe" [2004-11-09 03:19 88358 C:\WINDOWS\AGRSMMSG.exe]
"Adobe Reader Speed Launcher"="C:\Archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-20 07:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"AVP"="C:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe" [2007-10-05 17:18 230664]
"QuickTime Task"="C:\Archivos de programa\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Archivos de programa\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-20 07:00 15360]

C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\
Post-it® Software Notes.lnk - C:\Archivos de programa\3M\PSNotes2\Psn2.exe [2002-01-21 09:00:24 630784]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= C:\ARCHIV~1\DVDREG~1.9\DVDShell.dll [2004-10-10 01:18 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_Dlls"=C:\ARCHIV~1\KASPER~1\KASPER~1.0FO\adialhk.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Jaime^Menú Inicio^Programas^Inicio^WordWeb.lnk]
path=C:\Documents and Settings\Jaime\Menú Inicio\Programas\Inicio\WordWeb.lnk
backup=C:\WINDOWS\pss\WordWeb.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 C:\Archivos de programa\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsgCenterExe]
C:\Archivos de programa\Archivos comunes\Real\Update_OB\RealOneMessageCenter.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Archivos de programa\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 C:\Archivos de programa\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Archivos de programa\\Ares\\Ares.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\Archivos de programa\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Archivos de programa\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Archivos de programa\\iTunes\\iTunes.exe"=

R1 Ndisipo;NDIS Protocol Driver for IPO3;C:\WINDOWS\system32\DRIVERS\ndisipo.sys [2005-07-20 10:26]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-05-30 19:49]
R3 lgsnd_filter;lgsnd_filter;C:\WINDOWS\system32\drivers\lgsnd_filter.sys [2005-08-24 10:37]
S3 kbeepm;kbeepm;C:\DOCUME~1\Jaime\CONFIG~1\Temp\kbeepm.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{03ac3506-8633-11dc-9277-00e09113cc1b}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(&0)\command - Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0d9384e8-606a-11dc-923b-00e09113cc1b}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0d9384e9-606a-11dc-923b-00e09113cc1b}]
\Shell\auto\command - Knight.exe open
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open
\Shell\explore\command - Knight.exe open
\Shell\find\command - Knight.exe open
\Shell\install\command - Knight.exe open
\Shell\open\command - Knight.exe open

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2737f226-759f-11dc-9258-00e09113cc1b}]
\Shell\AutoRun\command - E:\ntde1ect.com
\Shell\explore\Command - E:\ntde1ect.com
\Shell\open\Command - E:\ntde1ect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2a535a5c-d8b2-11dc-a197-00e09113cc1b}]
\Shell\AutoRun\command - x.com
\Shell\explore\Command - x.com
\Shell\open\Command - x.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3ad01875-7022-11dc-9250-000df0207db9}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3c37d1f5-a28a-11dc-a15f-00e09113cc1b}]
\Shell\AutoRun\command - ntdelect.com
\Shell\explore\Command - utdetect.com
\Shell\open\Command - utdetect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{45d25200-7358-11dc-9255-00e09113cc1b}]
\Shell\auto\command - Knight.exe open
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open
\Shell\explore\command - Knight.exe open
\Shell\find\command - Knight.exe open
\Shell\install\command - Knight.exe open
\Shell\open\command - Knight.exe open

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7405fd3e-e289-11dc-a1a0-00e09113cc1b}]
\Shell\AutoRun\command - E:\oufddh.exe
\Shell\explore\Command - E:\oufddh.exe
\Shell\open\Command - E:\oufddh.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8bda8c58-0632-11dd-9f92-00e09113cc1b}]
\Shell\Auto\command - adp.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL adp.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a1941436-870a-11dc-927e-00e09113cc1b}]
\Shell\AutoRun\command - ntde1ect.com
\Shell\explore\Command - ntde1ect.com
\Shell\open\Command - ntde1ect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a1941437-870a-11dc-927e-00e09113cc1b}]
\Shell\AutoRun\command - ntde1ect.com
\Shell\explore\Command - ntde1ect.com
\Shell\open\Command - ntde1ect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a83e6a6d-990b-11dc-a14b-00e09113cc1b}]
\Shell\auto\command - E:\Knight.exe open
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open
\Shell\explore\command - E:\Knight.exe open
\Shell\find\command - E:\Knight.exe open
\Shell\install\command - E:\Knight.exe open
\Shell\open\command - E:\Knight.exe open

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ac66ea17-92c8-11dc-a144-00e09113cc1b}]
\Shell\AutoRun\command - E:\m1t8ta.com
\Shell\explore\Command - E:\m1t8ta.com
\Shell\open\Command - E:\m1t8ta.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c1724752-5704-11dc-9230-00e09113cc1b}]
\Shell\Auto\command - bittorrent.exe e
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5655ac0-864f-11dc-9278-00e09113cc1b}]
\Shell\AutoRun\command - E:\ntde1ect.com
\Shell\explore\Command - E:\ntde1ect.com
\Shell\open\Command - E:\ntde1ect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d9b28771-a8c2-11dc-a167-00e09113cc1b}]
\Shell\AutoRun\command - F:\ntde1ect.com
\Shell\explore\Command - F:\ntde1ect.com
\Shell\open\Command - F:\ntde1ect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e25ca7e7-e168-11dc-a19f-00e09113cc1b}]
\Shell\AutoRun\command - ntdelect.com
\Shell\explore\Command - utdetect.com
\Shell\open\Command - utdetect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ec016d64-8190-11dc-9271-00e09113cc1b}]
\Shell\AutoRun\command - E:\ntde1ect.com
\Shell\explore\Command - E:\ntde1ect.com
\Shell\open\Command - E:\ntde1ect.com

.
Contenido de carpeta 'Tareas Programadas'
"2008-02-28 00:50:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Archivos de programa\Apple Software Update\SoftwareUpdate.exe
"2007-07-17 01:03:15 C:\WINDOWS\Tasks\Critical Battery Alarm Program.job"
"2007-07-17 01:03:15 C:\WINDOWS\Tasks\Low Battery Alarm Program.job"
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-23 12:52:20
Windows 5.1.2600 Service Pack 2 NTFS

escaneando procesos ocultos ...

escaneando entradas ocultas de autostart ...

escaneando archivos ocultos ...

el escaneo se completo con exito
archivos ocultos: 53

**************************************************************************

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"\\\\BALAS\\EPSON Stylus C79 Series"="\"C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIBGL.EXE\" /FU \"C:\\DOCUME~1\\Jaime\\CONFIG~1\\Temp\\E_S6.tmp\" /EF \"HKCU\""
.
Tiempo completado: 2008-04-23 12:58:01
ComboFix-quarantined-files.txt 2008-04-23 17:57:03

8 dirs 17,985,294,336 bytes libres
13 dirs 18,180,714,496 bytes libres

232 --- E O F --- 2008-04-09 03:25:38
  • 0

#4
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Are you having any problems opening your USB thumb/flash drives on this computer? Download the Flash Disinfector at http://www.techsuppo...Disinfector.exe and save it to your desktop. Double-click on it to run it and follow the on-screen instructions.

Open up your Notepad editor (Start->Run, type in notepad and click OK). Copy and paste the text into the quotebox below:

Driver::
kbeepm

Save this as CFScript.txt in the same location as the ComboFix.exe tool.
Drag the CFScript.txt into ComboFix.exe
Follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply.

Note: Do not click on combofix's window while it's running. That may cause it to stall.
  • 0

#5
smeke

smeke

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Hello

Everytime i insert a usb/flash drive/ipod etc the autorun menu never appears, but i think that is because of a previous virus i removed. Occasionally when i connect something my computer freezes or becomes really really slow, and when i plug my ipod in the same thing happens, and it takes itunes forever to sync it. here is my next log

ComboFix 08-04-22.5 - Jaime 2008-04-24 11:27:46.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.3082.18.432 [GMT -5:00]
Se ejecuta desde: C:\Documents and Settings\Jaime\Escritorio\ComboFix.exe
Command switches used :: C:\Documents and Settings\Jaime\Escritorio\CFScript.txt
* Creado un nuevo punto de restauración
* Resident AV is active


ADVERTENCIA - ESTE EQUIPO NO TIENE INSTALADA LA CONSOLA DE RECUPERACION!
.

(((((((((((((((((((((((((((((((((((( Otras eliminaciones )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_KBEEPM
-------\Service_kbeepm


(((((((((((((((((( Archivos creados desde 2008-03-24 - 2008-04-24 )))))))))))))))))))))))))))))))))
.

2008-04-24 08:22 . 2008-04-24 08:22 8,075 --a------ C:\WINDOWS\lg_up.ini
2008-04-08 20:50 . 2008-04-08 20:50 <DIR> d-------- C:\Archivos de programa\iPod
2008-04-03 01:49 . 2008-04-21 20:48 <DIR> d-------- C:\Archivos de programa\Mozilla Firefox 3 Beta 5
2008-04-01 18:28 . 2008-04-01 18:31 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-03-31 01:19 . 2008-04-09 09:30 <DIR> d-------- C:\Archivos de programa\HammerHead
2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-03-27 14:48 . 2008-03-27 14:48 <DIR> d-------- C:\Archivos de programa\TryMedia

.
(((((((((((((((((((((((((((((((((((((( Reporte Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-24 16:45 10,744,864 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-24 16:45 --------- d-----w C:\Archivos de programa\lg_swupdate
2008-04-24 16:44 422,176 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-04-24 16:44 --------- d-----w C:\Documents and Settings\All Users\Datos de programa\Kaspersky Lab
2008-04-24 16:40 40,484 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-04-24 16:40 144,188 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-17 14:11 96,645 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-04-17 14:11 87,941 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-04-09 03:25 --------- d-----w C:\Documents and Settings\All Users\Datos de programa\Microsoft Help
2008-04-09 01:50 --------- d-----w C:\Archivos de programa\iTunes
2008-04-09 01:47 --------- d-----w C:\Archivos de programa\QuickTime
2008-04-02 03:16 --------- d-----w C:\Archivos de programa\Windows Live Safety Center
2008-03-29 06:46 --------- d-----w C:\Archivos de programa\Messenger Plus! Live
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-14 16:25 --------- d-----w C:\Documents and Settings\All Users\Datos de programa\Office Genuine Advantage
2008-03-13 17:24 --------- d-----w C:\Documents and Settings\Jaime\Datos de programa\Apple Computer
2008-03-12 03:15 --------- d-----w C:\Archivos de programa\SpywareBlaster
2008-03-07 04:02 --------- d-----w C:\Archivos de programa\Total Video Converter
2008-03-06 04:59 --------- d-----w C:\Archivos de programa\CCleaner
2008-03-06 04:47 --------- d--h--w C:\Archivos de programa\InstallShield Installation Information
2008-03-05 23:02 --------- d-----w C:\Archivos de programa\Emsa DLL Register Tool
2008-03-05 05:08 --------- d-----w C:\Archivos de programa\Free YouTube Download
2008-03-05 05:08 --------- d-----w C:\Archivos de programa\Archivos comunes\DVDVideoSoft
2008-03-03 23:23 --------- d-----w C:\Archivos de programa\Panda Security
2008-03-01 16:48 --------- dcsh--w C:\Archivos de programa\Archivos comunes\WindowsLiveInstaller
2008-03-01 16:47 --------- d-----w C:\Documents and Settings\All Users\Datos de programa\WLInstaller
2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-26 16:46 --------- d-----w C:\Documents and Settings\Jaime\Datos de programa\Alien Skin
2008-02-25 22:28 --------- d-----w C:\Documents and Settings\Jaime\Datos de programa\Ahead
2008-02-25 20:44 --------- d-----w C:\Archivos de programa\Kaspersky Lab
2008-02-25 20:43 --------- d-----w C:\Documents and Settings\Jaime\Datos de programa\AVG7
2008-02-25 20:43 --------- d-----w C:\Documents and Settings\Invitado\Datos de programa\AVG7
2008-02-25 20:43 --------- d-----w C:\Documents and Settings\All Users\Datos de programa\avg7
2008-02-25 20:18 --------- d-----w C:\Archivos de programa\Archivos comunes\Ahead
2008-02-25 20:14 --------- d-----w C:\Archivos de programa\Nero
2008-02-24 00:44 --------- d-----w C:\Documents and Settings\Invitado\Datos de programa\Talkback
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-01-30 15:12 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2008-01-29 17:02 107,368 ----a-w C:\WINDOWS\system32\GEARAspi.dll
.

((((((((((((((((((((((((((((( [email protected]_12.56.05,45 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-22 22:42:53 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-24 16:41:42 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2005-10-21 01:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
- 2008-04-22 22:47:36 71,584 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-04-24 13:24:40 71,584 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-04-22 22:47:36 91,174 ----a-w C:\WINDOWS\system32\perfc00A.dat
+ 2008-04-24 13:24:40 91,174 ----a-w C:\WINDOWS\system32\perfc00A.dat
- 2008-04-22 22:47:36 441,518 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-04-24 13:24:40 441,518 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-04-22 22:47:36 505,432 ----a-w C:\WINDOWS\system32\perfh00A.dat
+ 2008-04-24 13:24:40 505,432 ----a-w C:\WINDOWS\system32\perfh00A.dat
+ 2008-04-24 16:43:32 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_750.dat
.
((((((((((((((((((((((((((((((((( Cargando Puntos Reg ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* entradas vacías & entradas legítimas predeterminadas no son mostradas

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 07:00 15360]
"MsnMsgr"="C:\Archivos de programa\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"ares"="C:\Archivos de programa\Ares\Ares.exe" [2007-07-16 16:54 961536]
"\\BALAS\EPSON Stylus C79 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBGL.exe" [2006-10-19 04:01 143360]
"Detectando automáticamente EPSON Stylus C79 Series en HECTORPARRA"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBGL.exe" [2006-10-19 04:01 143360]
"MSMSGS"="C:\Archivos de programa\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Archivos de programa\Archivos comunes\Ahead\lib\NMBgMonitor.exe" [2005-11-24 16:38 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LG Intelligent Update"="C:\Archivos de programa\lg_swupdate\autoupdate.exe" [2005-08-23 20:23 106496]
"ATIPTA"="C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-07 22:05 344064]
"SynTPLpr"="C:\Archivos de programa\Synaptics\SynTP\SynTPLpr.exe" [2005-02-14 03:59 98396]
"SynTPEnh"="C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe" [2005-02-14 03:58 667740]
"batterymiser"="C:\Archivos de programa\LG Software\Battery Miser 2005\batterymiser.exe" [2006-06-01 18:54 335872]
"KeybdUtility"="C:\Archivos de programa\LG Software\On Screen Display\Hotkey.exe" [2005-07-26 10:18 81920]
"AGRSMMSG"="AGRSMMSG.exe" [2004-11-09 03:19 88358 C:\WINDOWS\AGRSMMSG.exe]
"Adobe Reader Speed Launcher"="C:\Archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-20 07:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"AVP"="C:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe" [2007-10-05 17:18 230664]
"QuickTime Task"="C:\Archivos de programa\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Archivos de programa\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-20 07:00 15360]

C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\
Post-it® Software Notes.lnk - C:\Archivos de programa\3M\PSNotes2\Psn2.exe [2002-01-21 09:00:24 630784]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= C:\ARCHIV~1\DVDREG~1.9\DVDShell.dll [2004-10-10 01:18 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_Dlls"=C:\ARCHIV~1\KASPER~1\KASPER~1.0FO\adialhk.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Jaime^Menú Inicio^Programas^Inicio^WordWeb.lnk]
path=C:\Documents and Settings\Jaime\Menú Inicio\Programas\Inicio\WordWeb.lnk
backup=C:\WINDOWS\pss\WordWeb.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 C:\Archivos de programa\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsgCenterExe]
C:\Archivos de programa\Archivos comunes\Real\Update_OB\RealOneMessageCenter.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Archivos de programa\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 C:\Archivos de programa\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Archivos de programa\\Ares\\Ares.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\Archivos de programa\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Archivos de programa\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Archivos de programa\\iTunes\\iTunes.exe"=

R1 Ndisipo;NDIS Protocol Driver for IPO3;C:\WINDOWS\system32\DRIVERS\ndisipo.sys [2005-07-20 10:26]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-05-30 19:49]
R3 lgsnd_filter;lgsnd_filter;C:\WINDOWS\system32\drivers\lgsnd_filter.sys [2005-08-24 10:37]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{03ac3506-8633-11dc-9277-00e09113cc1b}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(&0)\command - Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0d9384e8-606a-11dc-923b-00e09113cc1b}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0d9384e9-606a-11dc-923b-00e09113cc1b}]
\Shell\auto\command - Knight.exe open
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open
\Shell\explore\command - Knight.exe open
\Shell\find\command - Knight.exe open
\Shell\install\command - Knight.exe open
\Shell\open\command - Knight.exe open

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2737f226-759f-11dc-9258-00e09113cc1b}]
\Shell\AutoRun\command - E:\ntde1ect.com
\Shell\explore\Command - E:\ntde1ect.com
\Shell\open\Command - E:\ntde1ect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2a535a5c-d8b2-11dc-a197-00e09113cc1b}]
\Shell\AutoRun\command - x.com
\Shell\explore\Command - x.com
\Shell\open\Command - x.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3ad01875-7022-11dc-9250-000df0207db9}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3c37d1f5-a28a-11dc-a15f-00e09113cc1b}]
\Shell\AutoRun\command - ntdelect.com
\Shell\explore\Command - utdetect.com
\Shell\open\Command - utdetect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{45d25200-7358-11dc-9255-00e09113cc1b}]
\Shell\auto\command - Knight.exe open
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open
\Shell\explore\command - Knight.exe open
\Shell\find\command - Knight.exe open
\Shell\install\command - Knight.exe open
\Shell\open\command - Knight.exe open

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7405fd3e-e289-11dc-a1a0-00e09113cc1b}]
\Shell\AutoRun\command - E:\oufddh.exe
\Shell\explore\Command - E:\oufddh.exe
\Shell\open\Command - E:\oufddh.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8bda8c58-0632-11dd-9f92-00e09113cc1b}]
\Shell\Auto\command - adp.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL adp.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a1941436-870a-11dc-927e-00e09113cc1b}]
\Shell\AutoRun\command - ntde1ect.com
\Shell\explore\Command - ntde1ect.com
\Shell\open\Command - ntde1ect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a1941437-870a-11dc-927e-00e09113cc1b}]
\Shell\AutoRun\command - ntde1ect.com
\Shell\explore\Command - ntde1ect.com
\Shell\open\Command - ntde1ect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a83e6a6d-990b-11dc-a14b-00e09113cc1b}]
\Shell\auto\command - E:\Knight.exe open
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open
\Shell\explore\command - E:\Knight.exe open
\Shell\find\command - E:\Knight.exe open
\Shell\install\command - E:\Knight.exe open
\Shell\open\command - E:\Knight.exe open

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ac66ea17-92c8-11dc-a144-00e09113cc1b}]
\Shell\AutoRun\command - E:\m1t8ta.com
\Shell\explore\Command - E:\m1t8ta.com
\Shell\open\Command - E:\m1t8ta.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c1724752-5704-11dc-9230-00e09113cc1b}]
\Shell\Auto\command - bittorrent.exe e
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5655ac0-864f-11dc-9278-00e09113cc1b}]
\Shell\AutoRun\command - E:\ntde1ect.com
\Shell\explore\Command - E:\ntde1ect.com
\Shell\open\Command - E:\ntde1ect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d9b28771-a8c2-11dc-a167-00e09113cc1b}]
\Shell\AutoRun\command - F:\ntde1ect.com
\Shell\explore\Command - F:\ntde1ect.com
\Shell\open\Command - F:\ntde1ect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e25ca7e7-e168-11dc-a19f-00e09113cc1b}]
\Shell\AutoRun\command - ntdelect.com
\Shell\explore\Command - utdetect.com
\Shell\open\Command - utdetect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ec016d64-8190-11dc-9271-00e09113cc1b}]
\Shell\AutoRun\command - E:\ntde1ect.com
\Shell\explore\Command - E:\ntde1ect.com
\Shell\open\Command - E:\ntde1ect.com

.
Contenido de carpeta 'Tareas Programadas'
"2008-02-28 00:50:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Archivos de programa\Apple Software Update\SoftwareUpdate.exe
"2007-07-17 01:03:15 C:\WINDOWS\Tasks\Critical Battery Alarm Program.job"
"2007-07-17 01:03:15 C:\WINDOWS\Tasks\Low Battery Alarm Program.job"
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-24 11:43:06
Windows 5.1.2600 Service Pack 2 NTFS

escaneando procesos ocultos ...

escaneando entradas ocultas de autostart ...

escaneando archivos ocultos ...

el escaneo se completo con exito
archivos ocultos: 53

**************************************************************************

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"\\\\BALAS\\EPSON Stylus C79 Series"="\"C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIBGL.EXE\" /FU \"C:\\DOCUME~1\\Jaime\\CONFIG~1\\Temp\\E_S6.tmp\" /EF \"HKCU\""

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\UserIO]
"ImagePath"="\??\C:\Archivos de programa\lg_swupdate\UserIO.sys"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Archivos de programa\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\rundll32.exe
C:\Archivos de programa\iPod\bin\iPodService.exe
C:\ARCHIV~1\3M\PSNotes2\PSNGive.exe
C:\Archivos de programa\3M\PSNotes2\PsnMSIME.exe
C:\Archivos de programa\lg_swupdate\tmcheck.exe
.
**************************************************************************
.
Tiempo completado: 2008-04-24 11:52:28 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-24 16:52:19
ComboFix2.txt 2008-04-23 17:58:03

8 dirs 20,719,919,104 bytes libres
14 dirs 20,687,937,536 bytes libres

267 --- E O F --- 2008-04-09 03:25:38
  • 0

#6
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Is your E: drive also a USB drive? If you have another flash drive, make sure it's plugged in and use the Flash Disinfector on it also.

Download Malwarebytes ' Anti-Malware at http://www.besttechi.../mbam-setup.exe or http://www.majorgeek...ware_d5756.html Double-click on mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Full Scan, then click Scan.
* The scan may take some time to finish, so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to restart (see Extra Note below).
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy & paste the entire report into your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


What problems are still remaining (if any)?
  • 0

#7
smeke

smeke

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Malwarebytes' Anti-Malware 1.11
Database version: 679

Scan type: Full Scan (C:\|)
Objects scanned: 136563
Time elapsed: 1 hour(s), 15 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system\SYSRegC.dll (Trojan.Agent) -> Quarantined and deleted successfully.
  • 0

#8
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Did you try running the disinfector for all your USB devices yet? If not, do so now and verify that they are ok.

Let's try disabling some startup programs to see if it helps with the speed issue. Run a scan in HijackThis. Check each of the following if they still exist and hit 'Fix Checked' after you checked the last one:

O4 - HKLM\..\Run: [LG Intelligent Update] "C:\Archivos de programa\lg_swupdate\autoupdate.exe" Gilautouc
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Archivos de programa\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ares] "C:\Archivos de programa\Ares\Ares.exe" -h
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Archivos de programa\Yahoo!\Widgets\YahooWidgetEngine.exe
O4 - Global Startup: Post-it® Software Notes.lnk = C:\Archivos de programa\3M\PSNotes2\Psn2.exe


Restart the computer.

Your log is clean.

To help prevent future spyware infections, read the Anti-Spyware Tutorial and use the tools provided.

Are there any problems now? If none, go to Start->Run, copy/paste in combofix /u and hit OK to remove it. You should be set to go.
  • 0

#9
smeke

smeke

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
thank you very much for your help
  • 0

#10
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP