Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Virus In my PC! [RESOLVED]


  • This topic is locked This topic is locked

#1
KINGS99

KINGS99

    Member

  • Member
  • PipPip
  • 14 posts
Hi, I downloaded a file, but when i runned a lot of files appear on my desk (EditorFKWP1.5, EditorFKWP2.0, filemanagerclient, etc. etc.) the task manager is disabled, i cant open!!! I found the thread: http://www.geekstogo...se-t195901.html

The wallpapers saids that I have spyware. etc etc....

So i followed the steps, I paste the result of the test... Help me please to solved this!!!!

Attached Files


  • 0

Advertisements


#2
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello KINGS99

Welcome to G2Go. :)
=====================
* Click here to download HJTsetup.exe
  • Save HJTsetup.exe to your desktop.
  • Doubleclick on the HJTsetup.exe icon on your desktop.
  • By default it will install to C:\Program Files\Trend Micro\Hijack This.
  • Click on I agree
  • Then Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

  • 0

#3
KINGS99

KINGS99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hi, here is whats the result saids...





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:13:06, on 30/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
c:\archivos de programa\archivos comunes\logishrd\lvmvfm\LVPrcSrv.exe
C:\Archivos de programa\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Archivos de programa\LogMeIn\x86\RaMaint.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\LogMeIn\x86\LogMeIn.exe
C:\Archivos de programa\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Archivos de programa\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Archivos de programa\LogMeIn\x86\LogMeInSystray.exe
C:\WINDOWS\system32\rswhjxw.exe
C:\Archivos de programa\Archivos comunes\Ulead Systems\AutoDetector\Monitor.exe
C:\Archivos de programa\Ulead Systems\Ulead Photo Express 6\CalCheck.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Archivos de programa\tmp1.exe
C:\Archivos de programa\tmp2.exe
C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe
C:\Archivos de programa\Internet Explorer\IEXPLORE.EXE
C:\Archivos de programa\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\OpenSTA\Server\DaemonCFG.exe
C:\ARCHIV~1\OpenSTA\Server\OmniOrb\OMNINA~1.EXE
C:\ARCHIV~1\OpenSTA\Server\archmgrdmn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Archivos de programa\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Archivos de programa\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Archivos de programa\Mozilla Firefox\firefox.exe
C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarerefer...=...6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Archivos de programa\Styler\TB\StylerTB.dll
O3 - Toolbar: wxdbpfvo - {CF99FDD9-209D-460E-AFAD-E780FFCA314D} - C:\WINDOWS\wxdbpfvo.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Archivos de programa\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Archivos de programa\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Serviece Agents] rswhjxw.exe
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Archivos de programa\Archivos comunes\Ulead Systems\AutoDetector\Monitor.exe
O4 - HKLM\..\Run: [Ulead Calendar Checker] C:\Archivos de programa\Ulead Systems\Ulead Photo Express 6\CalCheck.exe
O4 - HKLM\..\Run: [antiviirus] C:\Archivos de programa\antiviirus.exe
O4 - HKLM\..\Run: [085e197f] rundll32.exe "C:\WINDOWS\system32\lkhgrabi.dll",b
O4 - HKLM\..\RunServices: [Windows Serviece Agents] rswhjxw.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Archivos de programa\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LogitechSetup] F:\Setup\Setup.exe /start /restart /l:esp
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
O4 - HKCU\..\Run: [Windows Serviece Agents] rswhjxw.exe
O4 - HKCU\..\Run: [sdybakda] C:\WINDOWS\system32\zmvqhkde.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM\..\Policies\Explorer\Run: [Oi1UQ8BU9I] C:\Documents and Settings\All Users\Datos de programa\zqpulkfs\dkvujyra.exe
O4 - HKCU\..\Policies\Explorer\Run: [System Patcher] BTCPatcher.exe
O4 - HKCU\..\Policies\Explorer\Run: [NTSpool] NTSpool.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Servicio de red')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: OpenSTA NameServer.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1198516662031
O21 - SSODL: qadovnel - {6F47950E-2C9D-45E3-9986-6CD85A636A14} - C:\WINDOWS\qadovnel.dll
O21 - SSODL: bdkpfxqw - {49760F4C-E802-4076-9E47-D7AA0FCC181B} - C:\WINDOWS\bdkpfxqw.dll
O21 - SSODL: ServiceRam - {59af00b7-75fb-4af6-994f-3814c8bfa6f7} - C:\WINDOWS\Resources\ServiceRam.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Archivos de programa\Archivos comunes\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Archivos de programa\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Archivos de programa\Archivos comunes\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Archivos de programa\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Archivos de programa\Archivos comunes\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\ARCHIV~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Archivos de programa\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Archivos de programa\LogMeIn\x86\LogMeIn.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\archivos de programa\archivos comunes\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Archivos de programa\Archivos comunes\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Archivos de programa\Norton Ghost\Agent\VProSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 9864 bytes
  • 0

#4
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.
======================================
Download SDFix and save it to your Desktop.

Double click SDFix.exe and choose Install to extract it to its own folder on the Desktop. Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
  • Finally copy and paste the contents of the results file Report.txt back onto the forum
=========
Then ::
Download ComboFix from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
  • 0

#5
KINGS99

KINGS99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hi, the results of SDFIX and ComboFIX are attached....

The log of hijackthis is:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:01:25, on 30/04/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal



Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

c:\archivos de programa\archivos comunes\logishrd\lvmvfm\LVPrcSrv.exe

C:\Archivos de programa\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Archivos de programa\LogMeIn\x86\RaMaint.exe

C:\Archivos de programa\LogMeIn\x86\LogMeIn.exe

C:\Archivos de programa\Norton Ghost\Agent\VProSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Archivos de programa\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\WINDOWS\system32\CTHELPER.EXE

C:\Archivos de programa\LogMeIn\x86\LogMeInSystray.exe

C:\Archivos de programa\Archivos comunes\Ulead Systems\AutoDetector\Monitor.exe

C:\Archivos de programa\Ulead Systems\Ulead Photo Express 6\CalCheck.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Archivos de programa\Windows Live\Messenger\MsnMsgr.Exe

C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe

C:\Archivos de programa\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe

C:\Archivos de programa\OpenSTA\Server\DaemonCFG.exe

C:\ARCHIV~1\OpenSTA\Server\OmniOrb\OMNINA~1.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\ARCHIV~1\OpenSTA\Server\archmgrdmn.exe

C:\ARCHIV~1\OpenSTA\Server\cyrdmn.exe

C:\Archivos de programa\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\WINDOWS\explorer.exe

C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe

C:\ARCHIV~1\Symantec\LIVEUP~1\LUCOMS~1.EXE



R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Archivos de programa\Styler\TB\StylerTB.dll

O4 - HKLM\..\Run: [StartCCC] "C:\Archivos de programa\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"

O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE

O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Archivos de programa\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Archivos de programa\Archivos comunes\Ulead Systems\AutoDetector\Monitor.exe

O4 - HKLM\..\Run: [Ulead Calendar Checker] C:\Archivos de programa\Ulead Systems\Ulead Photo Express 6\CalCheck.exe

O4 - HKLM\..\Run: [085e197f] rundll32.exe "C:\WINDOWS\system32\lkhgrabi.dll",b

O4 - HKLM\..\Run: [Windows Serviece Agents] rswhjxw.exe

O4 - HKLM\..\Run: [antiviirus] C:\Archivos de programa\antiviirus.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Archivos de programa\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [LogitechSetup] F:\Setup\Setup.exe /start /restart /l:esp

O4 - HKCU\..\Run: [sdybakda] C:\WINDOWS\system32\zmvqhkde.exe

O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICIO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Servicio de red')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

O4 - Global Startup: OpenSTA NameServer.lnk = ?

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert to existing PDF - res://C:\Archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1198516662031

O23 - Service: Adobe LM Service - Adobe Systems - C:\Archivos de programa\Archivos comunes\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Archivos de programa\Ares\chatServer.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Archivos de programa\Archivos comunes\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Archivos de programa\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Archivos de programa\Archivos comunes\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\ARCHIV~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Archivos de programa\LogMeIn\x86\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Archivos de programa\LogMeIn\x86\LogMeIn.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\archivos de programa\archivos comunes\logishrd\lvmvfm\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Archivos de programa\Archivos comunes\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: Norton Ghost - Symantec Corporation - C:\Archivos de programa\Norton Ghost\Agent\VProSvc.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe



--

End of file - 9275 bytes


I wait for instructions. Thanks.

Attached Files


Edited by KINGS99, 01 May 2008 - 01:09 AM.

  • 0

#6
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please do not attach the logs it makes it very hard to read.
Can you post those 2 logs (Combofix and SDFix) as well even if you have to do it in multplie posts.
Thank you.
===================
We now suggest that you install the Windows Recovery Console. The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.

Go to Microsoft's website => http://support.microsoft.com/kb/310994
Select the download that's appropriate for your Operating System.


Posted Image


Download the file & save it as it's originally named, next to ComboFix.exe.



Posted Image


Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console. When prompted to scan for infected files chose no, when done a log named CF_RC.txt will open. Please post the contents of that log.


Please do not reboot your machine until we have reviewed the log.
  • 0

#7
KINGS99

KINGS99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Here is the log...

WindowsXP-KB310994-SP2-Pro-BootDisk-ESN.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
  • 0

#8
KINGS99

KINGS99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
I should add that I have installed Ubuntu in my PC, so I have Ubuntu and Windows XP, may be that information can help you. When I start the PC, the grub of Ubuntu let me choose Ubuntu or Windows.

Thanks

Edited by KINGS99, 01 May 2008 - 01:48 PM.

  • 0

#9
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please post these logs not attach them thanks
==============================
1. Please open Notepad
  • Click Start , then Run
  • type in notepad in the Run Box then hit ok.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\mzn1.exe 
C:\WINDOWS\system32\rswhjxw.exe 
Folder::
C:\Documents and Settings\All Users\Datos de programa\zqpulkfs


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

  • 0

#10
KINGS99

KINGS99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Here are the results:

ComboFix:

ComboFix 08-04-26.3 - Kings 2008-05-01 23:14:58.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.3082.18.1416 [GMT 1:00]
Se ejecuta desde: C:\Documents and Settings\Kings\Escritorio\REPARAR-VIRUS\ComboFix.exe
Command switches used :: C:\Documents and Settings\Kings\Escritorio\REPARAR-VIRUS\CFScript.txt
* Creado un nuevo punto de restauración

FILE ::
C:\mzn1.exe
C:\WINDOWS\system32\rswhjxw.exe
.

(((((((((((((((((((((((((((((((((((( Otras eliminaciones )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Datos de programa\zqpulkfs
C:\Documents and Settings\All Users\Datos de programa\zqpulkfs\dkvujyra.exe
C:\mzn1.exe
C:\WINDOWS\system32\rswhjxw.exe

.
(((((((((((((((((( Archivos creados desde 2008-04-01 - 2008-05-01 )))))))))))))))))))))))))))))))))
.

2008-05-01 13:16 . 2008-05-01 13:16 <DIR> d-------- C:\Archivos de programa\Panda Security
2008-04-30 20:00 . 2008-04-30 20:00 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Configuraciľn local
2008-04-30 20:00 . 2008-04-30 20:00 <DIR> d-------- C:\Documents and Settings\NetworkService\Configuraciľn local
2008-04-30 20:00 . 2008-04-30 20:00 <DIR> d-------- C:\Documents and Settings\LogMeInRemoteUser\Configuraciľn local
2008-04-30 20:00 . 2008-04-30 20:00 <DIR> d-------- C:\Documents and Settings\LocalService\Configuraciľn local
2008-04-30 20:00 . 2008-04-30 20:00 <DIR> d-------- C:\Documents and Settings\Kings\Configuraciľn local
2008-04-30 20:00 . 2008-04-30 20:00 <DIR> d-------- C:\Documents and Settings\Administrador\Configuraciľn local
2008-04-30 19:09 . 2008-04-30 19:10 <DIR> d-------- C:\WINDOWS\ERUNT
2008-04-30 19:08 . 2008-04-30 19:36 <DIR> d-------- C:\SDFix
2008-04-30 12:12 . 2008-04-30 12:12 <DIR> d-------- C:\Archivos de programa\Trend Micro
2008-04-30 12:07 . 2008-04-30 12:07 <DIR> d-------- C:\Documents and Settings\Kings\Datos de programa\TmpRecentIcons
2008-04-29 23:28 . 2008-05-01 10:29 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-29 23:28 . 2008-04-29 23:28 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-29 23:20 . 2008-04-30 12:08 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\Spybot - Search & Destroy
2008-04-29 23:20 . 2008-04-29 23:21 <DIR> d-------- C:\Archivos de programa\Spybot - Search & Destroy
2008-04-29 23:09 . 2008-04-29 23:09 <DIR> d-------- C:\Archivos de programa\Archivos comunes\Ulead Systems
2008-04-29 23:09 . 1998-12-08 18:53 212,480 --------- C:\WINDOWS\system32\PCDLIB32.DLL
2008-04-29 23:09 . 2005-08-04 18:54 40,960 --------- C:\WINDOWS\system32\Ulead Photo Express ScreenSaver.scr
2008-04-29 23:08 . 2008-04-29 23:08 <DIR> d-------- C:\Documents and Settings\Kings\Datos de programa\Ulead Systems
2008-04-29 23:08 . 2008-04-29 23:15 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\Ulead Systems
2008-04-29 23:08 . 2008-04-29 23:08 <DIR> d-------- C:\Archivos de programa\Ulead Systems
2008-04-29 18:53 . 2008-04-29 18:53 <DIR> d-------- C:\WINDOWS\system32\IOSUBSYS
2008-04-29 18:53 . 2008-04-29 19:01 <DIR> d-------- C:\Archivos de programa\Picasa2
2008-04-29 18:53 . 2008-04-29 18:53 <DIR> d-------- C:\Archivos de programa\Google
2008-04-28 16:47 . 2008-04-29 13:48 <DIR> d-------- C:\Archivos de programa\Guitar Pro 5
2008-04-24 18:55 . 2008-05-01 12:08 <DIR> d-------- C:\Archivos de programa\OpenSTA
2008-04-21 22:22 . 2008-04-21 22:22 1,188 --a------ C:\WINDOWS\mozver.dat
2008-04-21 22:18 . 2008-04-21 22:18 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-10 22:43 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2008-04-10 19:29 . 2008-04-10 19:29 <DIR> d--h----- C:\Documents and Settings\Administrador\Reciente
2008-04-10 19:29 . 2008-04-10 19:29 <DIR> d-------- C:\Documents and Settings\Administrador\Mis documentos
2008-04-10 19:29 . 2008-04-10 19:29 <DIR> dr------- C:\Documents and Settings\Administrador\Menú Inicio
2008-04-10 19:29 . 2008-04-10 19:29 <DIR> d--h----- C:\Documents and Settings\Administrador\Impresoras
2008-04-10 19:29 . 2008-04-10 19:29 <DIR> d-------- C:\Documents and Settings\Administrador\Favoritos
2008-04-10 19:29 . 2008-04-10 19:29 <DIR> d-------- C:\Documents and Settings\Administrador\Escritorio
2008-04-10 19:29 . 2008-04-10 19:29 <DIR> d--h----- C:\Documents and Settings\Administrador\Entorno de red
2008-04-10 19:25 . 2008-04-29 14:08 <DIR> d-------- C:\WINDOWS\system32\VIRepair
2008-04-10 19:25 . 2008-04-10 19:25 <DIR> d-------- C:\Documents and Settings\Kings\Datos de programa\Styler
2008-04-10 19:24 . 2008-04-10 19:24 <DIR> d-------- C:\WINDOWS\system32\VITrans
2008-04-10 19:12 . 2008-04-10 19:17 <DIR> d--h----- C:\Documents and Settings\Administrador\Plantillas
2008-04-10 19:12 . 2008-04-10 19:17 <DIR> dr-h----- C:\Documents and Settings\Administrador\Datos de programa
2008-04-10 19:12 . 2008-05-01 23:30 <DIR> d--h----- C:\Documents and Settings\Administrador\Configuración local
2008-04-10 19:12 . 2008-04-10 19:17 <DIR> d-------- C:\Documents and Settings\Administrador
2008-04-10 19:12 . 2008-05-01 14:32 1,024 --ah----- C:\Documents and Settings\Administrador\NTUSER.DAT.LOG
2008-04-10 19:04 . 2008-04-10 19:04 0 --a------ C:\WINDOWS\WB.ini
2008-04-10 18:35 . 2005-01-22 18:05 20,480 --a------ C:\WINDOWS\system32\wbload.dll
2008-04-10 17:46 . 2008-04-10 17:46 <DIR> d-------- C:\Archivos de programa\Stardock
2008-04-10 17:46 . 2007-07-11 15:06 42,672 --a------ C:\WINDOWS\system32\wbsys.dll
2008-04-10 17:03 . 2008-04-10 19:19 <DIR> d-------- C:\Archivos de programa\VisualTooltip
2008-04-10 17:03 . 2008-04-29 14:02 <DIR> d-------- C:\Archivos de programa\ViStart
2008-04-10 17:03 . 2008-04-10 19:27 <DIR> d-------- C:\Archivos de programa\Vista Sidebar
2008-04-10 17:03 . 2008-04-10 19:27 <DIR> d-------- C:\Archivos de programa\ViOrb
2008-04-10 17:03 . 2008-04-10 19:27 <DIR> d-------- C:\Archivos de programa\LClock
2008-04-10 17:03 . 2007-04-15 01:30 6,181,376 --a------ C:\WINDOWS\system32\vistaui.exe
2008-04-10 17:03 . 2007-11-30 05:56 329,029 --a------ C:\WINDOWS\system32\viwc.exe
2008-04-10 17:03 . 2004-09-20 01:27 172,032 --a------ C:\WINDOWS\system32\LClock.cpl
2008-04-10 17:03 . 2007-11-25 22:11 49,208 --a------ C:\WINDOWS\system32\vistartup.bmp
2008-04-10 16:59 . 2008-04-10 16:59 78,942 --a------ C:\WINDOWS\Icon_2.ico
2008-04-10 16:39 . 2008-04-10 16:39 <DIR> d-------- C:\Documents and Settings\Kings\Datos de programa\ViStart
2008-04-10 16:36 . 2008-04-10 19:23 <DIR> d-------- C:\Archivos de programa\WinFlip
2008-04-10 16:36 . 2008-04-10 19:23 <DIR> d-------- C:\Archivos de programa\TrueTransparency
2008-04-10 16:36 . 2008-04-10 19:27 <DIR> d-------- C:\Archivos de programa\Styler
2008-04-10 16:33 . 2008-04-10 16:33 78,942 --a------ C:\WINDOWS\Icon_1.ico
2008-04-10 16:32 . 2008-04-10 19:27 <DIR> d-------- C:\VTPFiles
2008-04-10 16:32 . 2006-12-03 17:15 111,104 --a------ C:\WINDOWS\system32\Uharc.exe
2008-04-10 16:32 . 2006-12-03 17:15 69,632 --a------ C:\WINDOWS\system32\moveex.exe
2008-04-10 16:32 . 2006-12-03 17:15 19,968 --a------ C:\WINDOWS\system32\reico.exe
2008-04-10 16:32 . 2006-12-03 17:14 8,636 --a------ C:\WINDOWS\system32\modifype.exe
2008-04-09 18:27 . 2008-04-09 18:27 <DIR> d-------- C:\Archivos de programa\Alcohol Soft
2008-04-09 18:17 . 2008-04-15 19:30 <DIR> d-------- C:\Documents and Settings\Kings\Datos de programa\uTorrent
2008-04-09 18:17 . 2008-04-09 18:17 <DIR> d-------- C:\Archivos de programa\uTorrent
2008-04-05 15:13 . 2001-10-19 14:40 1,683,792 --a------ C:\WINDOWS\system32\wmvcore2.dll
2008-04-05 15:13 . 2001-10-19 14:40 665,424 --a------ C:\WINDOWS\system32\wmv8dmoe.dll
2008-04-05 15:13 . 2001-10-19 14:39 572,752 --a------ C:\WINDOWS\system32\wmvdmoe.dll
2008-04-05 15:13 . 2001-10-19 14:40 438,608 --a------ C:\WINDOWS\system32\wmv8dmod.dll
2008-04-05 15:13 . 2001-10-19 02:05 285,184 --a------ C:\WINDOWS\system32\wmidx2.ocx
2008-04-05 15:13 . 2008-04-05 15:13 156,910 --a------ C:\WINDOWS\WMSysPr8.prx
2008-04-05 15:11 . 2008-04-05 15:15 <DIR> d-------- C:\Archivos de programa\coolpro2

.
(((((((((((((((((((((((((((((((((((((( Reporte Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-30 23:00 --------- d-----w C:\Archivos de programa\LogMeIn
2008-04-30 11:08 --------- d---a-w C:\Documents and Settings\All Users\Datos de programa\TEMP
2008-04-29 22:08 --------- d--h--w C:\Archivos de programa\InstallShield Installation Information
2008-04-25 20:58 --------- d-----w C:\Archivos de programa\eMule
2008-04-19 07:12 --------- d-----w C:\Archivos de programa\ESET
2008-04-09 15:11 --------- d-----w C:\Archivos de programa\Archivos comunes\LogiShrd
2008-03-31 14:09 --------- d-----w C:\Documents and Settings\All Users\Datos de programa\{AC90994C-8970-4D38-B465-3DF6B6A1843C}
2008-03-31 14:08 --------- d-----w C:\Archivos de programa\Fluke Networks
2008-03-20 16:57 --------- d-----w C:\Archivos de programa\Microsoft CAPICOM 2.1.0.2
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 10:11 --------- d-----w C:\Archivos de programa\MSN Messenger
2008-03-19 10:10 --------- dcsh--w C:\Archivos de programa\Archivos comunes\WindowsLiveInstaller
2008-03-19 10:09 --------- d-----w C:\Documents and Settings\All Users\Datos de programa\WLInstaller
2008-03-19 10:09 --------- d-----w C:\Archivos de programa\Windows Live
2008-03-13 14:20 --------- d-----w C:\Documents and Settings\Kings\Datos de programa\DivX
2008-03-13 12:52 --------- d-----w C:\Archivos de programa\DivX
2008-03-11 12:28 --------- d-----w C:\Documents and Settings\Kings\Datos de programa\Autodesk
2008-03-09 11:46 --------- d-----w C:\Documents and Settings\Kings\Datos de programa\vlc
2008-03-09 11:45 --------- d-----w C:\Archivos de programa\VideoLAN
2008-03-07 13:08 --------- d-----w C:\Archivos de programa\AutoCAD 2008
2008-03-07 13:08 --------- d-----w C:\Archivos de programa\Archivos comunes\Autodesk Shared
2008-03-07 13:05 --------- d-----w C:\Documents and Settings\All Users\Datos de programa\Autodesk
2008-03-07 06:49 --------- d-----w C:\Archivos de programa\MSXML 4.0
2008-03-06 22:27 --------- d-----w C:\Documents and Settings\Kings\Datos de programa\Roxio
2008-03-05 17:19 --------- d-----w C:\Documents and Settings\Kings\Datos de programa\Hewlett-Packard
2008-03-05 17:14 --------- d-----w C:\Archivos de programa\Archivos comunes\Hewlett-Packard
2008-03-05 17:12 --------- d-----w C:\Archivos de programa\Hewlett-Packard
2008-03-05 16:52 --------- d-----w C:\Archivos de programa\Archivos comunes\Logitech
2008-03-05 16:50 --------- d-----w C:\Documents and Settings\All Users\Datos de programa\Logitech
2008-03-05 16:50 --------- d-----w C:\Archivos de programa\Logitech
2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-21 02:05 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-02-21 02:05 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-02-21 02:05 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-02-21 02:05 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-02-21 02:04 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-02-21 02:04 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-02-21 02:04 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-02-21 02:04 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-02-21 02:04 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-02-21 02:04 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-02-21 02:04 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-02-21 02:04 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-02-21 02:04 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-02-21 02:04 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-02-21 02:04 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-02-21 02:04 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-02-21 02:03 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-02-21 02:03 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
.

------- Sigcheck -------

2005-03-02 19:13 2059264 03550e4b6c37d2d31a029e95cca0354b C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
2007-02-28 17:08 2061824 fda9504c4993043ef75ad2f59cd6daba C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
2004-08-20 13:00 2017792 90aa698b03fafee217268ab443d7b4a9 C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe
2005-03-02 19:08 2017792 efe0662d7f3d16c5058a00a328d79c6e C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
2007-02-28 17:02 2060032 bab5c0349afa60ef6855857f43bee58a C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
2007-02-28 17:02 2030080 0c503ef73c636cfa22ff1e3126b6507a C:\WINDOWS\system32\ntkrnlpa.exe
2007-02-28 17:02 2060032 bab5c0349afa60ef6855857f43bee58a C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2007-02-28 17:02 2018304 7e05fef374b82deb70391d2ba7ddb13c C:\WINDOWS\system32\VITrans\ntkrnlpa.exe

2005-03-02 19:13 2181888 39c0091fd92038a4671c7d8791bd996e C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2007-02-28 17:08 2184576 61bdb2667827d484604c9a09248d6223 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
2004-08-20 13:00 2150912 dec879be42071616f07f73b4cf0c367b C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe
2005-03-02 19:07 2138112 d5917ea3e42a67953213805f8e50ccd7 C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
2007-02-28 17:02 2182784 9a8eea232fca85781187884162707f4c C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
2007-02-28 17:02 2150400 1b8ad5e007786d76f4f2013fbffb6f47 C:\WINDOWS\system32\ntoskrnl.exe
2007-02-28 17:02 2182784 9a8eea232fca85781187884162707f4c C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2007-02-28 17:02 2138624 04750707c3bbe1965eb7d75b8c99732f C:\WINDOWS\system32\VITrans\ntoskrnl.exe

2007-06-13 14:22 1426432 1b811c99d3372e6a8072c12001258b97 C:\WINDOWS\explorer.exe
2007-06-13 14:10 1035776 dbb6b75cc6cb2cf8ec0bafca08aed6be C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-20 13:00 1034752 89c8dd146ceaf482d82822766437d93f C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2007-06-13 14:22 1035776 f8ddb22b6efc5e630d65e241074c2404 C:\WINDOWS\system32\dllcache\explorer.exe
2007-06-13 14:22 1035776 f8ddb22b6efc5e630d65e241074c2404 C:\WINDOWS\system32\VITrans\explorer.exe
.
((((((((((((((((((((((((((((( [email protected]_20.00.18.17 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-30 18:56:17 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-01 22:09:19 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-03-25 17:13:04 124,208 ----a-w C:\WINDOWS\Downloaded Program Files\as2stubie.dll
+ 2007-07-18 12:49:56 12,592 ----a-w C:\WINDOWS\Downloaded Program Files\libcomm.dll
- 2008-04-30 18:56:24 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_628.dat
+ 2008-05-01 22:09:25 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_628.dat
.
((((((((((((((((((((((((((((((((( Cargando Puntos Reg ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* entradas vacías & entradas legítimas predeterminadas no son mostradas

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 13:00 15360]
"MsnMsgr"="C:\Archivos de programa\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"LogitechSetup"="F:\Setup\Setup.exe" [ ]
"sdybakda"="C:\WINDOWS\system32\zmvqhkde.exe" [ ]
"SpybotSD TeaTimer"="C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"Windows Serviece Agents"="rswhjxw.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Archivos de programa\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 17:56 24576 C:\WINDOWS\system32\CTHELPER.EXE]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]
"LogMeIn GUI"="C:\Archivos de programa\LogMeIn\x86\LogMeInSystray.exe" [2007-08-03 15:09 63048]
"QuickTime Task"="C:\Archivos de programa\QuickTime\qttask.exe" [2007-12-11 10:56 286720]
"Ulead AutoDetector"="C:\Archivos de programa\Archivos comunes\Ulead Systems\AutoDetector\Monitor.exe" [2005-07-28 08:32 94208]
"Ulead Calendar Checker"="C:\Archivos de programa\Ulead Systems\Ulead Photo Express 6\CalCheck.exe" [2005-08-22 09:10 69632]
"085e197f"="C:\WINDOWS\system32\lkhgrabi.dll" [ ]
"@"="" []
"antiviirus"="C:\Archivos de programa\antiviirus.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"Windows Serviece Agents"="rswhjxw.exe" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-20 13:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 2007-11-15 18:46 87352 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\ARCHIV~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll 2007-02-07 17:31 226992 C:\ARCHIV~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^hp psc 1000 series.lnk]
path=C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\hp psc 1000 series.lnk
backup=C:\WINDOWS\pss\hp psc 1000 series.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^hpoddt01.exe.lnk]
path=C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\hpoddt01.exe.lnk
backup=C:\WINDOWS\pss\hpoddt01.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
--a------ 2004-12-14 02:12 483328 C:\Archivos de programa\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jet Detection]
--a------ 2001-11-29 01:00 28672 C:\Archivos de programa\Creative\SBLive\PROGRAM\ADGJDet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
--a------ 2006-12-22 12:27 497176 C:\Archivos de programa\Archivos comunes\LogiShrd\LComMgr\Communications_Helper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
--a------ 2006-12-22 12:28 756248 C:\Archivos de programa\Logitech\QuickCam10\QuickCam10.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 12.0]
--a------ 2007-01-23 19:35 2020968 C:\Archivos de programa\Norton Ghost\Agent\VProTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-12-11 10:56 286720 C:\Archivos de programa\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioAudioCentral]
--a------ 2003-01-09 09:21 253952 C:\Archivos de programa\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
--a------ 2003-01-13 10:19 757760 C:\Archivos de programa\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]
--a------ 2003-01-13 14:05 69632 C:\Archivos de programa\Archivos comunes\Roxio Shared\System\EngUtil.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Archivos de programa\\eMule\\emule.exe"=
"C:\\Archivos de programa\\Ares\\Ares.exe"=
"C:\\Archivos de programa\\The All-Seeing Eye\\eye.exe"=
"C:\\Archivos de programa\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Archivos de programa\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Archivos de programa\\uTorrent\\uTorrent.exe"=


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1168646e-fa39-11dc-90ad-0019d13b6d50}]
\Shell\AutoRun\command - H:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sys32.exe
\Shell\open\command - H:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sys32.exe

*Newly Created Service* - CATCHME

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28ABC5C0-4FCB-11CF-AAX5-81CX1C635612}]
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sys32.exe
.
Contenido de carpeta 'Tareas Programadas'
"2008-04-26 12:29:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Archivos de programa\Apple Software Update\SoftwareUpdate.exe
"2008-04-07 17:20:03 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1204737541.job"
- C:\Archivos de programa\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-01 23:36:55
Windows 5.1.2600 Service Pack 2 NTFS

escaneando procesos ocultos ...

escaneando entradas ocultas de autostart ...

escaneando archivos ocultos ...

el escaneo se completo con exito
archivos ocultos: 0

**************************************************************************
.
Tiempo completado: 2008-05-02 0:08:44
ComboFix-quarantined-files.txt 2008-05-01 23:07:06
ComboFix2.txt 2008-04-30 19:00:37

10 dirs 15,363,194,880 bytes libres
13 dirs 15,360,794,624 bytes libres

279 --- E O F --- 2008-04-08 14:12:39






hijackthis:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:26:46, on 02/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
c:\archivos de programa\archivos comunes\logishrd\lvmvfm\LVPrcSrv.exe
C:\Archivos de programa\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Archivos de programa\LogMeIn\x86\RaMaint.exe
C:\Archivos de programa\LogMeIn\x86\LogMeIn.exe
C:\Archivos de programa\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Archivos de programa\LogMeIn\x86\LogMeInSystray.exe
C:\Archivos de programa\Archivos comunes\Ulead Systems\AutoDetector\Monitor.exe
C:\Archivos de programa\Ulead Systems\Ulead Photo Express 6\CalCheck.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Windows Live\Messenger\MsnMsgr.Exe
C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe
C:\Archivos de programa\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Archivos de programa\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Archivos de programa\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Archivos de programa\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Archivos de programa\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Archivos de programa\Archivos comunes\Ulead Systems\AutoDetector\Monitor.exe
O4 - HKLM\..\Run: [Ulead Calendar Checker] C:\Archivos de programa\Ulead Systems\Ulead Photo Express 6\CalCheck.exe
O4 - HKLM\..\Run: [085e197f] rundll32.exe "C:\WINDOWS\system32\lkhgrabi.dll",b
O4 - HKLM\..\Run: [Windows Serviece Agents] rswhjxw.exe
O4 - HKLM\..\Run: [antiviirus] C:\Archivos de programa\antiviirus.exe
O4 - HKLM\..\RunServices: [Windows Serviece Agents] rswhjxw.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Archivos de programa\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LogitechSetup] F:\Setup\Setup.exe /start /restart /l:esp
O4 - HKCU\..\Run: [sdybakda] C:\WINDOWS\system32\zmvqhkde.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Windows Serviece Agents] rswhjxw.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Servicio de red')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1198516662031
O23 - Service: Adobe LM Service - Adobe Systems - C:\Archivos de programa\Archivos comunes\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Archivos de programa\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Archivos de programa\Archivos comunes\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Archivos de programa\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Archivos de programa\Archivos comunes\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\ARCHIV~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Archivos de programa\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Archivos de programa\LogMeIn\x86\LogMeIn.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\archivos de programa\archivos comunes\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Archivos de programa\Archivos comunes\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Archivos de programa\Norton Ghost\Agent\VProSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 9263 bytes
  • 0

Advertisements


#11
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
  • 0

#12
KINGS99

KINGS99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Here are the results...

Malwarebytes' Anti-Malware 1.11
Versión de la Base de Datos: 709

Tipo de examen : Examen Rápido
Objetos examinados: 36556
Tiempo transcurrido: 8 minute(s), 39 second(s)

Procesos en Memoria Infectados: 0
Módulos en Memoria Infectados: 0
Claves del Registro Infectadas: 7
Valores del Registro Infectados: 5
Elementos de Datos del Registro Infectados: 0
Carpetas Infectadas: 0
Ficheros Infectados: 37

Procesos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Módulos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Claves del Registro Infectadas:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{28abc5c0-4fcb-11cf-aax5-81cx1c635612} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{c0b21b29-1dc8-4904-b87b-5943f576a39c} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ed5c544d-1c59-4641-af0b-8d42d518e17e} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{59453922-3233-4465-9ed7-b8390e32b6da} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{1d367724-2d6f-4874-9cd5-e487d5503fe7} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.

Valores del Registro Infectados:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\antiviirus (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\Windows Serviece Agents (Worm.Rbot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Windows Serviece Agents (Worm.Rbot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Windows Serviece Agents (Worm.Rbot) -> Quarantined and deleted successfully.

Elementos de Datos del Registro Infectados:
(No se han detectado elementos maliciosos)

Carpetas Infectadas:
(No se han detectado elementos maliciosos)

Ficheros Infectados:
C:\WINDOWS\system32\akttzn.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\anticipator.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\awtoolb.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dpcproxy.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hoproxy.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hxiwlgpm.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hxiwlgpm.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\medup012.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msgp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msnbho.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mtr2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mwin32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\netode.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\newsd32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ps1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\psof1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\psoft1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\regc64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\regm64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Rundl1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sncntr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssurf022.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssvchost.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sysreq.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\taack.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\taack.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\temp#01.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\thun.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\thun32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\VBIEWER.OCX (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vbsys2.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vcatchpi.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winlogonpc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\WINWGPX.EXE (Trojan.Agent) -> Quarantined and deleted successfully.






When delete the trojans, Spybot detected changes in register, for antiviirus, Trogan.Agent; etc. like 4 changes; but all were stoped.
  • 0

#13
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please download ATF Cleaner by Atribune.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
================================================
Please do an online scan with Kaspersky WebScanner
(This scanner is for use with internet explorer only)
Click on "Accept"

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as button:
  • Save the file in txt format to your desktop.
  • Post that information in your next post.

  • 0

#14
KINGS99

KINGS99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Here are the resulta...

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, May 03, 2008 1:04:38 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 3/05/2008
Kaspersky Anti-Virus database records: 737436
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan Statistics:
Total number of scanned objects: 64457
Number of viruses found: 10
Number of infected objects: 136
Number of suspicious objects: 0
Duration of the scan process: 01:43:11

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Datos de programa\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\Symantec\LiveUpdate\2008-05-03_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\Kings\Configuración local\Archivos temporales de Internet\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Kings\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Kings\Configuración local\Datos de programa\Ares\My Shared Folder\3D Studio Max 9 Keygen.rar/BTCPatcher.exe Infected: Trojan.Win32.Agent.ire skipped
C:\Documents and Settings\Kings\Configuración local\Datos de programa\Ares\My Shared Folder\3D Studio Max 9 Keygen.rar CAB: infected - 1 skipped
C:\Documents and Settings\Kings\Configuración local\Datos de programa\Ares\My Shared Folder\Adobe Acrobat Professional 8.1 Keygen.rar/BTCPatcher.exe Infected: Trojan.Win32.Agent.ire skipped
C:\Documents and Settings\Kings\Configuración local\Datos de programa\Ares\My Shared Folder\Adobe Acrobat Professional 8.1 Keygen.rar CAB: infected - 1 skipped
C:\Documents and Settings\Kings\Configuración local\Datos de programa\Ares\My Shared Folder\Adobe Creative Suite 3 Keygen.rar/BTCPatcher.exe Infected: Trojan.Win32.Agent.ire skipped
C:\Documents and Settings\Kings\Configuración local\Datos de programa\Ares\My Shared Folder\Adobe Creative Suite 3 Keygen.rar CAB: infected - 1 skipped
C:\Documents and Settings\Kings\Configuración local\Datos de programa\Ares\My Shared Folder\Adobe Photoshop CS3 Crack.rar/BTCPatcher.exe Infected: Trojan.Win32.Agent.ire skipped
C:\Documents and Settings\Kings\Configuración local\Datos de programa\Ares\My Shared Folder\Adobe Photoshop CS3 Crack.rar CAB: infected - 1 skipped
C:\Documents and Settings\Kings\Configuración local\Datos de programa\Ares\My Shared Folder\Adobe Photoshop Elements v6.0 Keygen.rar/BTCPatcher.exe Infected: Trojan.Win32.Agent.ire skipped
C:\Documents and Settings\Kings\Configuración local\Datos de programa\Ares\My Shared Folder\Adobe Photoshop Elements v6.0 Keygen.rar CAB: infected - 1 skipped
C:\Documents and Settings\Kings\Configuración local\Datos de programa\Ares\My Shared Folder\Adobe Photoshop Lightroom 1.3 Keygen.rar/BTCPatcher.exe Infected: Trojan.Win32.Agent.ire skipped
C:\Documents and Settings\Kings\Configuración local\Datos de programa\Ares\My Shared Folder\Adobe Photoshop Lightroom 1.3 Keygen.rar CAB: infected - 1 skipped
C:\Documents and Settings\Kings\Configuración local\Datos de programa\Ares\My Shared Folder\Adobe Premiere Pro CS3 Keygen.rar/BTCPatcher.exe Infected: Trojan.Win32.Agent.ire skipped
C:\Documents and Settings\Kings\Configuración local\Datos de programa\Ares\My Shared Folder\Adobe Premiere Pro CS3 Keygen.rar CAB: infected - 1 skipped
C:\Documents and Settings\Kings\Configuración local\Datos de programa\Ares\My Shared Folder\Alcohol 120 v.1.9.6 Keygen.rar/BTCPatcher.exe Infected: Trojan.Win32.Agent.ire skipped
C:\Documents and Settings\Kings\Configuración local\Datos de programa\Ares\My Shared Folder\Alcohol 120 v.1.9.6 Keygen.rar CAB: infected - 1 skipped
C:\Documents and Settings\Kings\Configuración local\Datos de programa\Ares\My Shared Folder\AnyDVD & AnyDVD HD 6.3 Crack.rar/BTCPatcher.exe Infected: Trojan.Win32.Agent.ire skipped
C:\Documents and Settings\Kings\Configuración local\Datos de programa\Ares\My Shared Folder\AnyDVD & AnyDVD HD 6.3 Crack.rar CAB: infected - 1 skipped
C:\Documents and Settings\Kings\Configuración local\Datos de programa\Ares\My Shared Folder\Autodesk 3DS MAX 2008 Crack.rar/BTCPatcher.exe Infected: Trojan.Win32.Agent.ire skipped
C:\Documents and Settings\Kings\Configuración local\Datos de programa\Ares\My Shared Folder\Autodesk 3DS MAX 2008 Crack.rar CAB: infected - 1 skipped
C:\Documents and Settings\Kings\Configuración local\Datos de programa\Ares\My Shared Folder\Autodesk AutoCAD 2008 Crack.rar/BTCPatcher.exe Infected: Trojan.Win32.Agent.ire skipped
C:\Documents and Settings\Kings\Configuración local\Datos de programa\Ares\My Shared Folder\Autodesk AutoCAD 2008 Crack.rar CAB: infected - 1 skipped
C:\Documents and Settings\Kings\Configuración local\Datos de programa\Ares\My Shared Folder\Autodesk Inventor Suite 2008 Keygen.rar/BTCPatcher.exe Infected: Trojan.Win32.Agent.ire skipped
C:\Documents and Settings\Kings\Configuración local\Datos de programa\Ares\My Shared Folder\Autodesk Inventor Suite 2008 Keygen.rar CAB: infected - 1 skipped
C:\Documents and Settings\Kings\Configuración local\Datos de programa\Ares\My Shared Folder\Black XP 5.0 DVD Keygen.rar/BTCPatcher.exe Infected: Trojan.Win32.Agent.ire skipped
C:\Documents and Settings\Kings\Configuración local\Datos de programa\Ares\My Shared Folder\Black XP 5.0 DVD Keygen.rar CAB: infected - 1 skipped
C:\Documents and Settings\Kings\Configuración local\Datos de programa\Ares\My Shared Folder\ConvertXtoDVD 2.2.3.2 Keygen.rar/BTCPatcher.exe Infected: Trojan.Win32.Agent.ire skipped
C:\Documents and Settings\Kings\Configuración local\Datos de programa\Ares\My Shared Folder\ConvertXtoDVD 2.2.3.2 Keygen.rar CAB: infected - 1 skipped
C:\Documents and Settings\Kings\Configuración local\Datos de programa\Ares\My Shared Folder\CyberLink PowerDVD 7.3.3516 Keygen.rar/BTCPatcher.exe Infected: Trojan.Win32.Agent.ire skipped
C:\Documents and Settings\Kings\Configuración local\Datos de programa\Ares\My Shared Folder\CyberLink PowerDVD 7.3.3516 Keygen.rar CAB: infected - 1 skipped
C:\Documents and Settings\Kings\Configuración local\Datos de programa\Ares\My Shared Folder\DivX Bundle 6.8 Professional + Keygen.rar/BTCPatcher.exe Infected: Trojan.Win32.Agent.ire skipped
C:\Documents and Settings\Kings\Configuración local\Datos de programa\Ares\My Shared Folder\DivX Bundle 6.8 Professional + Keygen.rar CAB: infected - 1 skipped
C:\Documents and Settings\Kings\Configuración local\Datos de programa\Ares\My Shared Folder\DVDFab Platinum 4.0.1.2 Keygen.rar/BTCPatcher.exe Infected: Trojan.Win32.Agent.ire skipped
C:\Documents and Settings\Kings\Configuración local\Datos de programa\Ares\My Shared Folder\DVDFab Platinum 4.0.1.2 Keygen.rar CAB: infected - 1 skipped
C:\Documents and Settings\Kings\Configuración local\Datos de programa\Ares\My Shared Folder\FL Studio 7 Crack.rar/BTCPatcher.exe Infected: Trojan.Win32.Agent.ire skipped
C:\Documents and Settings\Kings\Configuración local\Datos de programa\Ares\My Shared Folder\FL Studio 7 Crack.rar CAB: infected - 1 skipped
C:\Documents and Settings\Kings\Configuración local\Datos de programa\Ares\My Shared Folder\Guitar Pro v5.2 Keygen.rar/BTCPatcher.exe Infected: Trojan.Win32.Agent.ire skipped
C:\Documents and Settings\Kings\Configuración local\Datos de programa\Ares\My Shared Folder\Guitar Pro v5.2 Keygen.rar CAB: infected - 1 skipped
C:\Documents and Settings\Kings\Configuración local\Datos de programa\Ares\My Shared Folder\Intervideo WinDVD Platinum 8.0 Keygen.rar/BTCPatcher.exe Infected: Trojan.Win32.Agent.ire skipped
C:\Documents and Settings\Kings\Configuración local\Datos de programa\Ares\My Shared Folder\Intervideo WinDVD Platinum 8.0 Keygen.rar CAB: infected - 1 skipped
C:\Documents and Settings\Kings\Configuración local\Datos de programa\Ares\My Shared Folder\Kaspersky Antivirus Working Keygen.rar/BTCPatcher.exe Infected: Trojan.Win32.Agent.ire skipped
C:\Documents and Settings\Kings\Configuración local\Datos de programa\Ares\My Shared Folder\Kaspersky Antivirus Working Keygen.rar CAB: infected - 1 skipped
C:\Documents and Settings\Kings\Configuración local\Datos de programa\Ares\My Shared Folder\Macromedia DreamWeaver CS3 Keygen.rar/BTCPatcher.exe Infected: Trojan.Win32.Agent.ire skipped
C:\Documents and Settings\Kings\Configuración local\Datos de programa\Ares\My Shared Folder\Macromedia DreamWeaver CS3 Keygen.rar CAB: infected - 1 skipped
C:\Documents and Settings\Kings\Configuración local\Datos de programa\Ares\My Shared Folder\Magic ISO 5.4 Keygen.rar/BTCPatcher.exe Infected: Trojan.Win32.Agent.ire skipped
C:\Documents and Settings\Kings\Configuración local\Datos de programa\Ares\My Shared Folder\Magic ISO 5.4 Keygen.rar CAB: infected - 1 skipped
C:\Documents and Settings\Kings\Configuración local\Datos de programa\Ares\My Shared Folder\Magic Video Converter 8.0.2.18 Keygen.rar/BTCPatcher.exe Infected: Trojan.Win32.Agent.ire skipped
C:\Documents and Settings\Kings\Configuración local\Datos de programa\Ares\My Shared Folder\Magic Video Converter 8.0.2.18 Keygen.rar CAB: infected - 1 skipped
C:\Documents and Settings\Kings\Configuración local\Datos de programa\Ares\My Shared Folder\Matlab 2007 Crack.rar/BTCPatcher.exe Infected: Trojan.Win32.Agent.ire skipped
C:\Documents and Settings\Kings\Configuración local\Datos de programa\Ares\My Shared Folder\Matlab 2007 Crack.rar CAB: infected - 1 skipped
C:\Documents and Settings\Kings\Configuración local\Datos de programa\Ares\My Shared Folder\Microsoft Office 2007 Keygen.rar/BTCPatcher.exe Infected: Trojan.Win32.Agent.ire skipped
C:\Documents and Settings\Kings\Configuración local\Datos de programa\Ares\My Shared Folder\Microsoft Office 2007 Keygen.rar CAB: infected - 1 skipped
C:\Documents and Settings\Kings\Configuración local\Datos de programa\Ares\My Shared Folder\Nero 8 Ultra Edition 8.1.1.4 Keygen.rar/BTCPatcher.exe Infected: Trojan.Win32.Agent.ire skipped
C:\Documents and Settings\Kings\Configuración local\Datos de programa\Ares\My Shared Folder\Nero 8 Ultra Edition 8.1.1.4 Keygen.rar CAB: infected - 1 skipped
C:\Documents and Settings\Kings\Configuración local\Datos de programa\Ares\My Shared Folder\NOD32 3.xx Universal Fix Patch.rar/BTCPatcher.exe Infected: Trojan.Win32.Agent.ire skipped
C:\Documents and Settings\Kings\Configuración local\Datos de programa\Ares\My Shared Folder\NOD32 3.xx Universal Fix Patch.rar CAB: infected - 1 skipped
C:\Documents and Settings\Kings\Configuración local\Datos de programa\Ares\My Shared Folder\Norton 360 Working Keygen.rar/BTCPatcher.exe Infected: Trojan.Win32.Agent.ire skipped
C:\Documents and Settings\Kings\Configuración local\Datos de programa\Ares\My Shared Folder\Norton 360 Working Keygen.rar CAB: infected - 1 skipped
C:\Documents and Settings\Kings\Configuración local\Datos de programa\Ares\My Shared Folder\Norton Ghost 12 Keygen.rar/BTCPatcher.exe Infected: Trojan.Win32.Agent.ire skipped
C:\Documents and Settings\Kings\Configuración local\Datos de programa\Ares\My Shared Folder\Norton Ghost 12 Keygen.rar CAB: infected - 1 skipped
C:\Documents and Settings\Kings\Configuración local\Datos de programa\Ares\My Shared Folder\Pinnacle Studio Plus v11 Keygen.rar/BTCPatcher.exe Infected: Trojan.Win32.Agent.ire skipped
C:\Documents and Settings\Kings\Configuración local\Datos de programa\Ares\My Shared Folder\Pinnacle Studio Plus v11 Keygen.rar CAB: infected - 1 skipped
C:\Documents and Settings\Kings\Configuración local\Datos de programa\Ares\My Shared Folder\Power ISO 3.8 Keygen.rar/BTCPatcher.exe Infected: Trojan.Win32.Agent.ire skipped
C:\Documents and Settings\Kings\Configuración local\Datos de programa\Ares\My Shared Folder\Power ISO 3.8 Keygen.rar CAB: infected - 1 skipped
C:\Documents and Settings\Kings\Configuración local\Datos de programa\Ares\My Shared Folder\RapidGet.rar/BTCPatcher.exe Infected: Trojan.Win32.Agent.ire skipped
C:\Documents and Settings\Kings\Configuración local\Datos de programa\Ares\My Shared Folder\RapidGet.rar CAB: infected - 1 skipped
C:\Documents and Settings\Kings\Configuración local\Datos de programa\Ares\My Shared Folder\Rapidshare Premium Donloader.rar/BTCPatcher.exe Infected: Trojan.Win32.Agent.ire skipped
C:\Documents and Settings\Kings\Configuración local\Datos de programa\Ares\My Shared Folder\Rapidshare Premium Donloader.rar CAB: infected - 1 skipped
C:\Documents and Settings\Kings\Configuración local\Datos de programa\Ares\My Shared Folder\Roxio Easy Media Creator 10 Keygen.rar/BTCPatcher.exe Infected: Trojan.Win32.Agent.ire skipped
C:\Documents and Settings\Kings\Configuración local\Datos de programa\Ares\My Shared Folder\Roxio Easy Media Creator 10 Keygen.rar CAB: infected - 1 skipped
C:\Documents and Settings\Kings\Configuración local\Datos de programa\Ares\My Shared Folder\Winamp Pro v5.5 Keygen.rar/BTCPatcher.exe Infected: Trojan.Win32.Agent.ire skipped
C:\Documents and Settings\Kings\Configuración local\Datos de programa\Ares\My Shared Folder\Winamp Pro v5.5 Keygen.rar CAB: infected - 1 skipped
C:\Documents and Settings\Kings\Configuración local\Datos de programa\Ares\My Shared Folder\WinAVI Video Converter 8.0 Keygen.rar/BTCPatcher.exe Infected: Trojan.Win32.Agent.ire skipped
C:\Documents and Settings\Kings\Configuración local\Datos de programa\Ares\My Shared Folder\WinAVI Video Converter 8.0 Keygen.rar CAB: infected - 1 skipped
C:\Documents and Settings\Kings\Configuración local\Datos de programa\Ares\My Shared Folder\Windows Vista x86 Ultimate Genuine Keygen.rar/BTCPatcher.exe Infected: Trojan.Win32.Agent.ire skipped
C:\Documents and Settings\Kings\Configuración local\Datos de programa\Ares\My Shared Folder\Windows Vista x86 Ultimate Genuine Keygen.rar CAB: infected - 1 skipped
C:\Documents and Settings\Kings\Configuración local\Datos de programa\Ares\My Shared Folder\Windows XP Professional Genuine Keygen.rar/BTCPatcher.exe Infected: Trojan.Win32.Agent.ire skipped
C:\Documents and Settings\Kings\Configuración local\Datos de programa\Ares\My Shared Folder\Windows XP Professional Genuine Keygen.rar CAB: infected - 1 skipped
C:\Documents and Settings\Kings\Configuración local\Datos de programa\Ares\My Shared Folder\WinRar 3.71 Crack.rar/BTCPatcher.exe Infected: Trojan.Win32.Agent.ire skipped
C:\Documents and Settings\Kings\Configuración local\Datos de programa\Ares\My Shared Folder\WinRar 3.71 Crack.rar CAB: infected - 1 skipped
C:\Documents and Settings\Kings\Configuración local\Datos de programa\Ares\My Shared Folder\YouTube Downloader.rar/BTCPatcher.exe Infected: Trojan.Win32.Agent.ire skipped
C:\Documents and Settings\Kings\Configuración local\Datos de programa\Ares\My Shared Folder\YouTube Downloader.rar CAB: infected - 1 skipped
C:\Documents and Settings\Kings\Configuración local\Datos de programa\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Kings\Configuración local\Datos de programa\Microsoft\Messenger\[email protected]\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped
C:\Documents and Settings\Kings\Configuración local\Datos de programa\Microsoft\Messenger\[email protected]\SharingMetadata\pending.dat Object is locked skipped
C:\Documents and Settings\Kings\Configuración local\Datos de programa\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_808_5E2D_85E_19D0\dfsr.db Object is locked skipped
C:\Documents and Settings\Kings\Configuración local\Datos de programa\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_808_5E2D_85E_19D0\fsr.log Object is locked skipped
C:\Documents and Settings\Kings\Configuración local\Datos de programa\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_808_5E2D_85E_19D0\fsrtmp.log Object is locked skipped
C:\Documents and Settings\Kings\Configuración local\Datos de programa\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_808_5E2D_85E_19D0\tmp.edb Object is locked skipped
C:\Documents and Settings\Kings\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Kings\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Kings\Configuración local\Datos de programa\Microsoft\Windows Live Contacts\[email protected]\real\members.stg Object is locked skipped
C:\Documents and Settings\Kings\Configuración local\Datos de programa\Microsoft\Windows Live Contacts\[email protected]\shadow\members.stg Object is locked skipped
C:\Documents and Settings\Kings\Configuración local\Historial\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Kings\Configuración local\Historial\History.IE5\MSHist012008050320080504\index.dat Object is locked skipped
C:\Documents and Settings\Kings\Configuración local\Temp\Perflib_Perfdata_644.dat Object is locked skipped
C:\Documents and Settings\Kings\Configuración local\Temp\~DF4E1A.tmp Object is locked skipped
C:\Documents and Settings\Kings\Configuración local\Temp\~DF4F01.tmp Object is locked skipped
C:\Documents and Settings\Kings\Configuración local\Temp\~DFCA9A.tmp Object is locked skipped
C:\Documents and Settings\Kings\Configuración local\Temp\~DFCDF4.tmp Object is locked skipped
C:\Documents and Settings\Kings\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Kings\Mis documentos\Mis historiales de conversación\mayo 2008\[email protected] Object is locked skipped
C:\Documents and Settings\Kings\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Kings\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Historial\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\QooBox\Quarantine\C\Documents and Settings\All Users\Datos de programa\zqpulkfs\dkvujyra.exe.vir Infected: Trojan.Win32.Obfuscated.gx skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\fccbCvvs.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.qta skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\hubtiion.dll.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\mlJbaXrS.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.qta skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\rqRIYQjJ.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.qta skipped
C:\QooBox\Quarantine\catchme2008-04-30_195313.89.zip/hgGxYRll.dll Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\catchme2008-04-30_195313.89.zip ZIP: infected - 1 skipped
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sys32.exe Infected: Worm.Win32.AutoRun.dmh skipped
C:\SDFix\backups\backups.zip/backups/bdkpfxqw.dll Infected: Trojan.Win32.Vapsup.epn skipped
C:\SDFix\backups\backups.zip/backups/def.htm Infected: not-virus:Hoax.HTML.Secureinvites.c skipped
C:\SDFix\backups\backups.zip/backups/gndarmblxbt.dll Infected: Trojan.Win32.Vapsup.epn skipped
C:\SDFix\backups\backups.zip/backups/qadovnel.dll Infected: Trojan.Win32.Vapsup.epn skipped
C:\SDFix\backups\backups.zip/backups/ServiceRam.dll Infected: Trojan.Win32.Agent.jvv skipped
C:\SDFix\backups\backups.zip/backups/spwoqbmv.exe Infected: Trojan.Win32.Vapsup.epn skipped
C:\SDFix\backups\backups.zip/backups/wxdbpfvo.dll Infected: Trojan.Win32.Vapsup.epn skipped
C:\SDFix\backups\backups.zip/backups/xbaqktfv.exe Infected: Trojan.Win32.Vapsup.epn skipped
C:\SDFix\backups\backups.zip ZIP: infected - 8 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{F4319DD3-FB67-4921-9745-28D55AF0B44A}\RP79\A0013388.exe Infected: Trojan.Win32.Vapsup.epn skipped
C:\System Volume Information\_restore{F4319DD3-FB67-4921-9745-28D55AF0B44A}\RP79\A0013389.dll Infected: Trojan.Win32.Vapsup.epn skipped
C:\System Volume Information\_restore{F4319DD3-FB67-4921-9745-28D55AF0B44A}\RP79\A0013390.dll Infected: Trojan.Win32.Vapsup.epn skipped
C:\System Volume Information\_restore{F4319DD3-FB67-4921-9745-28D55AF0B44A}\RP79\A0013391.exe Infected: Trojan.Win32.Vapsup.epn skipped
C:\System Volume Information\_restore{F4319DD3-FB67-4921-9745-28D55AF0B44A}\RP79\A0013392.dll Infected: Trojan.Win32.Vapsup.epn skipped
C:\System Volume Information\_restore{F4319DD3-FB67-4921-9745-28D55AF0B44A}\RP79\A0013393.dll Infected: Trojan.Win32.Vapsup.epn skipped
C:\System Volume Information\_restore{F4319DD3-FB67-4921-9745-28D55AF0B44A}\RP79\A0013465.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{F4319DD3-FB67-4921-9745-28D55AF0B44A}\RP79\A0013466.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{F4319DD3-FB67-4921-9745-28D55AF0B44A}\RP79\A0013469.exe/crack.exe Infected: Trojan-Downloader.Win32.Zlob.lvc skipped
C:\System Volume Information\_restore{F4319DD3-FB67-4921-9745-28D55AF0B44A}\RP79\A0013469.exe ZIP: infected - 1 skipped
C:\System Volume Information\_restore{F4319DD3-FB67-4921-9745-28D55AF0B44A}\RP80\A0013965.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{F4319DD3-FB67-4921-9745-28D55AF0B44A}\RP80\A0013970.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{F4319DD3-FB67-4921-9745-28D55AF0B44A}\RP80\A0013976.dll Infected: Trojan.Win32.Agent.jvv skipped
C:\System Volume Information\_restore{F4319DD3-FB67-4921-9745-28D55AF0B44A}\RP80\A0013981.dll Infected: Trojan.Win32.Vapsup.epn skipped
C:\System Volume Information\_restore{F4319DD3-FB67-4921-9745-28D55AF0B44A}\RP80\A0013983.dll Infected: Trojan.Win32.Vapsup.epn skipped
C:\System Volume Information\_restore{F4319DD3-FB67-4921-9745-28D55AF0B44A}\RP80\A0013985.dll Infected: Trojan.Win32.Vapsup.epn skipped
C:\System Volume Information\_restore{F4319DD3-FB67-4921-9745-28D55AF0B44A}\RP80\A0013986.exe Infected: Trojan.Win32.Vapsup.epn skipped
C:\System Volume Information\_restore{F4319DD3-FB67-4921-9745-28D55AF0B44A}\RP80\A0013991.dll Infected: Trojan.Win32.Vapsup.epn skipped
C:\System Volume Information\_restore{F4319DD3-FB67-4921-9745-28D55AF0B44A}\RP80\A0013992.exe Infected: Trojan.Win32.Vapsup.epn skipped
C:\System Volume Information\_restore{F4319DD3-FB67-4921-9745-28D55AF0B44A}\RP80\A0014000.dll Infected: Trojan.Win32.Vapsup.epn skipped
C:\System Volume Information\_restore{F4319DD3-FB67-4921-9745-28D55AF0B44A}\RP80\A0014003.dll Infected: Trojan.Win32.Vapsup.epn skipped
C:\System Volume Information\_restore{F4319DD3-FB67-4921-9745-28D55AF0B44A}\RP80\A0014008.dll Infected: Trojan.Win32.Vapsup.epn skipped
C:\System Volume Information\_restore{F4319DD3-FB67-4921-9745-28D55AF0B44A}\RP80\A0014011.dll Infected: Trojan.Win32.Agent.jvv skipped
C:\System Volume Information\_restore{F4319DD3-FB67-4921-9745-28D55AF0B44A}\RP80\A0014012.exe Infected: Trojan.Win32.Vapsup.epn skipped
C:\System Volume Information\_restore{F4319DD3-FB67-4921-9745-28D55AF0B44A}\RP80\A0014018.dll Infected: Trojan.Win32.Vapsup.epn skipped
C:\System Volume Information\_restore{F4319DD3-FB67-4921-9745-28D55AF0B44A}\RP80\A0014019.exe Infected: Trojan.Win32.Vapsup.epn skipped
C:\System Volume Information\_restore{F4319DD3-FB67-4921-9745-28D55AF0B44A}\RP81\A0014115.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qta skipped
C:\System Volume Information\_restore{F4319DD3-FB67-4921-9745-28D55AF0B44A}\RP81\A0014116.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{F4319DD3-FB67-4921-9745-28D55AF0B44A}\RP81\A0014117.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qta skipped
C:\System Volume Information\_restore{F4319DD3-FB67-4921-9745-28D55AF0B44A}\RP81\A0014118.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qta skipped
C:\System Volume Information\_restore{F4319DD3-FB67-4921-9745-28D55AF0B44A}\RP81\A0014147.exe/crack.exe Infected: Trojan-Downloader.Win32.Zlob.lvc skipped
C:\System Volume Information\_restore{F4319DD3-FB67-4921-9745-28D55AF0B44A}\RP81\A0014147.exe ZIP: infected - 1 skipped
C:\System Volume Information\_restore{F4319DD3-FB67-4921-9745-28D55AF0B44A}\RP84\A0014395.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{F4319DD3-FB67-4921-9745-28D55AF0B44A}\RP84\A0014407.exe Infected: Worm.Win32.AutoRun.dmh skipped
C:\System Volume Information\_restore{F4319DD3-FB67-4921-9745-28D55AF0B44A}\RP84\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{B9DE156C-FD35-4420-9AFE-2195526489E7}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_21c.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\DOWN\guitar rig 3 crack updated-fixed 02-2008.rar/setup.exe Infected: P2P-Worm.Win32.Kapucen.b skipped
D:\DOWN\guitar rig 3 crack updated-fixed 02-2008.rar RAR: infected - 1 skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{F4319DD3-FB67-4921-9745-28D55AF0B44A}\RP91\A0017795.exe Infected: P2P-Worm.Win32.Kapucen.b skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.
  • 0

#15
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
You have a lot of cracked software downloaded via Ares it is not wise to use cracked software as it is illegal and as you can see it can infect your computer.
==========================================
While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent HijackThis from fixing certain things.
Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.
  • Open Spybot Search & Destroy.
  • In the Mode menu click "Advanced mode" if not already selected.
  • Choose "Yes" at the Warning prompt.
  • Expand the "Tools" menu.
  • Click "Resident".
  • Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
  • In the File menu click "Exit" to exit Spybot Search & Destroy.
================
Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    D:\DOWN\guitar rig 3 crack updated-fixed 02-2008.rar	
    C:\Documents and Settings\Kings\Configuración local\Datos de programa\Ares\My Shared Folder\YouTube Downloader.rar
    C:\Documents and Settings\Kings\Configuración local\Datos de programa\Ares\My Shared Folder\WinRar 3.71 Crack.rar   
    C:\Documents and Settings\Kings\Configuración local\Datos de programa\Ares\My Shared Folder\Windows XP Professional Genuine Keygen.rar
    C:\Documents and Settings\Kings\Configuración local\Datos de programa\Ares\My Shared Folder\Windows Vista x86 Ultimate Genuine Keygen.rar   
    C:\Documents and Settings\Kings\Configuración local\Datos de programa\Ares\My Shared Folder\WinAVI Video Converter 8.0 Keygen.rar
    C:\Documents and Settings\Kings\Configuración local\Datos de programa\Ares\My Shared Folder\Winamp Pro v5.5 Keygen.rar
    C:\Documents and Settings\Kings\Configuración local\Datos de programa\Ares\My Shared Folder\Roxio Easy Media Creator 10 Keygen.rar
    C:\Documents and Settings\Kings\Configuración local\Datos de programa\Ares\My Shared Folder\Rapidshare Premium Donloader.rar
    C:\Documents and Settings\Kings\Configuración local\Datos de programa\Ares\My Shared Folder\RapidGet.rar
    C:\Documents and Settings\Kings\Configuración local\Datos de programa\Ares\My Shared Folder\Power ISO 3.8 Keygen.rar
    C:\Documents and Settings\Kings\Configuración local\Datos de programa\Ares\My Shared Folder\Pinnacle Studio Plus v11 Keygen.rar
    C:\Documents and Settings\Kings\Configuración local\Datos de programa\Ares\My Shared Folder\Norton Ghost 12 Keygen.rar  
    C:\Documents and Settings\Kings\Configuración local\Datos de programa\Ares\My Shared Folder\Norton 360 Working Keygen.rar 
    C:\Documents and Settings\Kings\Configuración local\Datos de programa\Ares\My Shared Folder\NOD32 3.xx Universal Fix Patch.rar
    C:\Documents and Settings\Kings\Configuración local\Datos de programa\Ares\My Shared Folder\Nero 8 Ultra Edition 8.1.1.4 Keygen.rar
    C:\Documents and Settings\Kings\Configuración local\Datos de programa\Ares\My Shared Folder\Microsoft Office 2007 Keygen.rar
    C:\Documents and Settings\Kings\Configuración local\Datos de programa\Ares\My Shared Folder\Matlab 2007 Crack.rar
    C:\Documents and Settings\Kings\Configuración local\Datos de programa\Ares\My Shared Folder\Magic Video Converter 8.0.2.18 Keygen.rar
    C:\Documents and Settings\Kings\Configuración local\Datos de programa\Ares\My Shared Folder\Magic ISO 5.4 Keygen.rar	
    C:\Documents and Settings\Kings\Configuración local\Datos de programa\Ares\My Shared Folder\Macromedia DreamWeaver CS3 Keygen.rar
    C:\Documents and Settings\Kings\Configuración local\Datos de programa\Ares\My Shared Folder\Kaspersky Antivirus Working Keygen.rar
    C:\Documents and Settings\Kings\Configuración local\Datos de programa\Ares\My Shared Folder\Intervideo WinDVD Platinum 8.0 Keygen.rar
    C:\Documents and Settings\Kings\Configuración local\Datos de programa\Ares\My Shared Folder\Guitar Pro v5.2 Keygen.rar
    C:\Documents and Settings\Kings\Configuración local\Datos de programa\Ares\My Shared Folder\FL Studio 7 Crack.rar 
    C:\Documents and Settings\Kings\Configuración local\Datos de programa\Ares\My Shared Folder\DVDFab Platinum 4.0.1.2 Keygen.rar
    C:\Documents and Settings\Kings\Configuración local\Datos de programa\Ares\My Shared Folder\DivX Bundle 6.8 Professional + Keygen.rar
    C:\Documents and Settings\Kings\Configuración local\Datos de programa\Ares\My Shared Folder\CyberLink PowerDVD 7.3.3516 Keygen.rar
    C:\Documents and Settings\Kings\Configuración local\Datos de programa\Ares\My Shared Folder\ConvertXtoDVD 2.2.3.2 Keygen.rar 
    C:\Documents and Settings\Kings\Configuración local\Datos de programa\Ares\My Shared Folder\Black XP 5.0 DVD Keygen.rar
    C:\Documents and Settings\Kings\Configuración local\Datos de programa\Ares\My Shared Folder\Autodesk Inventor Suite 2008 Keygen.rar
    C:\Documents and Settings\Kings\Configuración local\Datos de programa\Ares\My Shared Folder\Autodesk AutoCAD 2008 Crack.rar
    C:\Documents and Settings\Kings\Configuración local\Datos de programa\Ares\My Shared Folder\Autodesk 3DS MAX 2008 Crack.rar
    C:\Documents and Settings\Kings\Configuración local\Datos de programa\Ares\My Shared Folder\AnyDVD & AnyDVD HD 6.3 Crack.rar
    C:\Documents and Settings\Kings\Configuración local\Datos de programa\Ares\My Shared Folder\Alcohol 120 v.1.9.6 Keygen.rar
    C:\Documents and Settings\Kings\Configuración local\Datos de programa\Ares\My Shared Folder\Adobe Premiere Pro CS3 Keygen.rar
    C:\Documents and Settings\Kings\Configuración local\Datos de programa\Ares\My Shared Folder\Adobe Photoshop Lightroom 1.3 Keygen.rar
    C:\Documents and Settings\Kings\Configuración local\Datos de programa\Ares\My Shared Folder\Adobe Photoshop Elements v6.0 Keygen.rar 
    C:\Documents and Settings\Kings\Configuración local\Datos de programa\Ares\My Shared Folder\Adobe Photoshop CS3 Crack.rar
    C:\Documents and Settings\Kings\Configuración local\Datos de programa\Ares\My Shared Folder\Adobe Creative Suite 3 Keygen.rar
    C:\Documents and Settings\Kings\Configuración local\Datos de programa\Ares\My Shared Folder\Adobe Acrobat Professional 8.1 Keygen.rar
    C:\Documents and Settings\Kings\Configuración local\Datos de programa\Ares\My Shared Folder\3D Studio Max 9 Keygen.rar 
    C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sys32.exe 
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\sdybakda
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Windows Serviece Agents
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\antiviirus
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\085e197f
    C:\Archivos de programa\antiviirus.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\\Windows Serviece Agents
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1168646e-fa39-11dc-90ad-0019d13b6d50}
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • OTMoveit2 will create a log of moved files in the C:\_OTMoveIt\MovedFiles folder. The log's name will appear as the date and time it was created, with the format mmddyyyy_hhmmss.log. Open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
======================
Also post back with a new hijackthis log and let me know how it is running?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP