Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virtumonde infection / http://url.adtrgt.com


  • This topic is locked This topic is locked
10 replies to this topic

#1 HB2112

HB2112

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:35 AM

Posted 01 December 2008 - 04:09 PM

Hi there

I have the aforementioned infection on my PC. Have run Spybot and Ad-aware and it has partly fixed the problem, but I still get pop-ups (new tabs really as I'm using Firefox) redirecting me to, usually, <hxxp://url.adtrgt.com>, though sometimes I get sites like poker sites and other ads.

I've just installed and run HiJackThis and here's the log. Seems like you guys are pretty good at fixing this sort of thing so hopefully you can help me out!

Thanks
HB

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:52:14, on 01/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\RegSrvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\drivers\STDSB.exe
C:\WINDOWS\system32\drivers\Icon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {9abe0fde-e026-40b3-983d-06da763a61a0} - C:\WINDOWS\system32\yipiwopa.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [STDSB] C:\WINDOWS\system32\drivers\STDSB.exe
O4 - HKLM\..\Run: [Icon] C:\WINDOWS\system32\drivers\Icon.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [hiruhizevo] Rundll32.exe "C:\WINDOWS\system32\tuzatazo.dll",s
O4 - HKLM\..\Run: [CPMbf462521] Rundll32.exe "c:\windows\system32\kumeweva.dll",a
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [hiruhizevo] Rundll32.exe "C:\WINDOWS\system32\tuzatazo.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\kuzolika.dll C:\WINDOWS\system32\koyagahu.dll C:\WINDOWS\system32\degipeme.dll C:\WINDOWS\system32\tuzatazo.dll c:\windows\system32\suhokamo.dll c:\windows\system32\kumeweva.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\kumeweva.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\kumeweva.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe

--
End of file - 7638 bytes

Edited by Orange Blossom, 11 February 2013 - 03:03 AM.
Deactivate link. ~ OB


BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:09:35 AM

Posted 02 December 2008 - 11:31 PM

Hello, my name is fenzodahl512 and welcome to BC.. Please do the following....


Please download SDFix by Andy Manchesta and save it to your desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please reboot into Safe Mode
  • In Safe Mode, right click the SDFix.zip folder and choose Extract All,
  • A new folder will be extracted to your %systemdrive%, typically C:\SDFix
  • Open the extracted folder and double click RunThis.bat to start the script.
  • Type Y to begin the script.
  • It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • Your system will take longer that normal to restart as the fixtool will be running and removing files.
  • When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
  • Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt along with any other requested logs at the end of these instructions.



NEXT


Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..

Note: DO NOT mouseclick combofix's window while its running. That may cause it to stall



Please post these logs in your next reply..

1. SDFix
2. ComboFix
3. A fresh HijackThis log

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:09:35 AM

Posted 08 December 2008 - 02:17 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#4 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:09:35 AM

Posted 10 December 2008 - 10:56 PM

re-open.. post the logs please..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#5 HB2112

HB2112
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:35 AM

Posted 15 December 2008 - 05:44 PM

Thanks a lot for your reply.

I ran through all the steps and here are the logs

SDFix


SDFix: Version 1.240
Run by Ada on 10/12/2008 at 21:34

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr0.dat - Contains Links to Malware Sites! - Deleted
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr1.dat - Contains Links to Malware Sites! - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-10 21:54:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"="C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe:*:Disabled:Veoh Client"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\\WINDOWS\\system32\\drivers\\Icon.exe"="C:\\WINDOWS\\system32\\drivers\\Icon.exe:*:Enabled:Icon"
"C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe:*:Enabled:SynTPEnh"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:firefox"
"C:\\Program Files\\McAfee.com\\Agent\\mcagent.exe"="C:\\Program Files\\McAfee.com\\Agent\\mcagent.exe:*:Enabled:mcagent"
"C:\\WINDOWS\\system32\\logonui.exe"="C:\\WINDOWS\\system32\\logonui.exe:*:Enabled:logonui"
"C:\\WINDOWS\\system32\\winlogon.exe"="C:\\WINDOWS\\system32\\winlogon.exe:*:Enabled:winlogon"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:rundll32"
"C:\\WINDOWS\\explorer.exe"="C:\\WINDOWS\\explorer.exe:*:Enabled:Explorer"
"C:\\Program Files\\McAfee\\VirusScan\\mcsysmon.exe"="C:\\Program Files\\McAfee\\VirusScan\\mcsysmon.exe:*:Enabled:mcsysmon"
"C:\\Program Files\\McAfee\\VirusScan\\mcvsmap.exe"="C:\\Program Files\\McAfee\\VirusScan\\mcvsmap.exe:*:Enabled:mcvsmap"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files :



Files with Hidden Attributes :

Wed 22 Oct 2008 949,072 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\advcheck.dll"
Mon 15 Sep 2008 1,562,960 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll"
Mon 7 Jul 2008 1,429,840 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 7 Jul 2008 4,891,472 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Tue 16 Sep 2008 1,833,296 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Wed 22 Oct 2008 962,896 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\Tools.dll"
Fri 5 Sep 2008 64,564 A.SH. --- "C:\WINDOWS\system32\bekehutu.dll.tmp"
Wed 3 Dec 2008 64,052 A.SH. --- "C:\WINDOWS\system32\bumimali.dll"
Thu 21 Aug 2008 62,464 A.SH. --- "C:\WINDOWS\system32\degipeme.dll"
Thu 4 Sep 2008 64,053 A.SH. --- "C:\WINDOWS\system32\dimiboyi.dll.tmp"
Wed 3 Sep 2008 64,052 A.SH. --- "C:\WINDOWS\system32\dokileso.dll.tmp"
Fri 21 Nov 2008 90,164 A.SH. --- "C:\WINDOWS\system32\fibidaku.dll"
Wed 10 Sep 2008 61,231 A.SH. --- "C:\WINDOWS\system32\gekuhiri.dll"
Wed 10 Dec 2008 61,231 A.SH. --- "C:\WINDOWS\system32\gepibura.dll"
Fri 28 Nov 2008 88,116 A.SH. --- "C:\WINDOWS\system32\gidahumu.dll"
Thu 27 Nov 2008 93,748 A.SH. --- "C:\WINDOWS\system32\gukehere.dll"
Sun 23 Nov 2008 90,164 A.SH. --- "C:\WINDOWS\system32\hejapive.dll"
Wed 26 Nov 2008 93,748 A.SH. --- "C:\WINDOWS\system32\jemitawa.dll"
Fri 5 Sep 2008 64,564 A.SH. --- "C:\WINDOWS\system32\jutepeso.dll.tmp"
Wed 3 Sep 2008 64,052 A.SH. --- "C:\WINDOWS\system32\kahaneni.dll.tmp"
Thu 21 Aug 2008 62,464 A.SH. --- "C:\WINDOWS\system32\koyagahu.dll.tmp"
Mon 1 Dec 2008 93,236 A.SH. --- "C:\WINDOWS\system32\kumeweva.dll"
Thu 21 Aug 2008 62,464 A.SH. --- "C:\WINDOWS\system32\kuzolika.dll.tmp"
Wed 10 Sep 2008 61,231 A.SH. --- "C:\WINDOWS\system32\mamapome.dll"
Thu 4 Sep 2008 64,053 A.SH. --- "C:\WINDOWS\system32\merojoka.dll.tmp"
Fri 5 Dec 2008 93,748 A.SH. --- "C:\WINDOWS\system32\mifolole.dll"
Sun 7 Dec 2008 94,349 A.SH. --- "C:\WINDOWS\system32\najeduni.dll"
Sat 29 Nov 2008 95,284 A.SH. --- "C:\WINDOWS\system32\nanulote.dll"
Tue 9 Dec 2008 93,334 A.SH. --- "C:\WINDOWS\system32\nomajuzu.dll"
Wed 10 Dec 2008 92,935 A.SH. --- "C:\WINDOWS\system32\nopihizu.dll"
Wed 3 Dec 2008 93,236 A.SH. --- "C:\WINDOWS\system32\nositinu.dll"
Mon 8 Dec 2008 64,161 A.SH. --- "C:\WINDOWS\system32\nudegoya.dll"
Tue 25 Nov 2008 93,236 A.SH. --- "C:\WINDOWS\system32\nupikufo.dll"
Thu 4 Sep 2008 64,053 A.SH. --- "C:\WINDOWS\system32\pasalope.dll"
Sun 30 Nov 2008 88,116 A.SH. --- "C:\WINDOWS\system32\ponahohe.dll"
Thu 4 Dec 2008 64,053 A.SH. --- "C:\WINDOWS\system32\ropofaye.dll"
Sat 22 Nov 2008 90,164 A.SH. --- "C:\WINDOWS\system32\sidejuwo.dll"
Tue 9 Dec 2008 93,826 A.SH. --- "C:\WINDOWS\system32\sizesare.dll"
Fri 5 Dec 2008 88,116 A.SH. --- "C:\WINDOWS\system32\tagetega.dll"
Fri 5 Dec 2008 64,564 A.SH. --- "C:\WINDOWS\system32\tanovivo.dll"
Fri 5 Sep 2008 64,564 A.SH. --- "C:\WINDOWS\system32\tehayela.dll.tmp"
Sun 7 Dec 2008 87,190 A.SH. --- "C:\WINDOWS\system32\tiyebuki.dll"
Wed 10 Sep 2008 61,231 A.SH. --- "C:\WINDOWS\system32\tuneyevi.dll"
Tue 9 Dec 2008 89,251 A.SH. --- "C:\WINDOWS\system32\vedofumu.dll"
Wed 10 Dec 2008 84,666 A.SH. --- "C:\WINDOWS\system32\vobozudu.dll"
Mon 24 Nov 2008 93,236 A.SH. --- "C:\WINDOWS\system32\wazuhope.dll"
Thu 27 Nov 2008 86,580 A.SH. --- "C:\WINDOWS\system32\wegagolu.dll"
Thu 21 Aug 2008 62,464 A.SH. --- "C:\WINDOWS\system32\wobezozu.dll"
Mon 8 Dec 2008 88,641 A.SH. --- "C:\WINDOWS\system32\wuwasomo.dll"
Wed 3 Sep 2008 64,052 A.SH. --- "C:\WINDOWS\system32\yadokibo.dll.tmp"
Thu 4 Dec 2008 94,773 A.SH. --- "C:\WINDOWS\system32\yejoheti.dll"
Thu 21 Aug 2008 62,464 A.SH. --- "C:\WINDOWS\system32\yipiwopa.dll.tmp"
Thu 27 Nov 2008 93,748 A.SH. --- "C:\WINDOWS\system32\yisiwusu.dll"
Fri 28 Nov 2008 95,284 A.SH. --- "C:\WINDOWS\system32\yozuyosa.dll"
Mon 8 Dec 2008 93,947 A.SH. --- "C:\WINDOWS\system32\zapujevu.dll"
Thu 4 Dec 2008 86,581 A.SH. --- "C:\WINDOWS\system32\zebibevo.dll"
Tue 28 Oct 2008 20,487 A.SHR --- "C:\Program Files\McAfee\MQC\MRU.bak"
Tue 28 Oct 2008 265 A.SHR --- "C:\Program Files\McAfee\MQC\qcconf.bak"
Wed 18 Apr 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Wed 10 Dec 2008 4,739,440 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\1741e6217a93d36aaaaa3cead0913a10\BIT2C.tmp"
Wed 10 Dec 2008 7,771,584 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\3048c71d7a395651db2df38cd046d015\BIT2B.tmp"
Wed 10 Dec 2008 7,588,752 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\40e9dcb66532a7d0904f24c869fdfd7e\BIT2E.tmp"
Wed 10 Dec 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\158e67e5edd92c78c30c06dd18cea563\download\BIT42.tmp"

Finished!


ComboFix

ComboFix 08-12-09.03 - Ada 2008-12-10 22:30:57.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.151 [GMT 0:00]
Se ejecuta desde: c:\documents and settings\Ada\Desktop\ComboFix.exe
* Creado un nuevo punto de restauración
* Resident AV is active


ADVERTENCIA - ESTE EQUIPO NO TIENE INSTALADA LA CONSOLA DE RECUPERACION!
.

(((((((((((((((((((((((((((((((((((( Otras eliminaciones )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrador\Favoritos\Download programs.url
c:\documents and settings\Administrador\Favoritos\Games.url
c:\documents and settings\Administrador\Favoritos\Translator.url
c:\documents and settings\Administrador\Favoritos\Videos.url
c:\documents and settings\Administrador\Men£ Inicio\Programas\Download programs.url
c:\documents and settings\Administrador\Men£ Inicio\Programas\Games.url
c:\documents and settings\Administrador\Men£ Inicio\Programas\Translator.url
c:\documents and settings\Administrador\Men£ Inicio\Programas\Videos.url
c:\windows\system32\bumimali.dll
c:\windows\system32\degipeme.dll
c:\windows\system32\fibidaku.dll
c:\windows\system32\gekuhiri.dll
c:\windows\system32\gepibura.dll
c:\windows\system32\gidahumu.dll
c:\windows\system32\gitoribo.dll
c:\windows\system32\gukehere.dll
c:\windows\system32\hejapive.dll
c:\windows\system32\hupezivu.dll
c:\windows\system32\jelukahu.dll
c:\windows\system32\jemitawa.dll
c:\windows\system32\kumeweva.dll
c:\windows\system32\mamapome.dll
c:\windows\system32\mifolole.dll
c:\windows\system32\najeduni.dll
c:\windows\system32\nanulote.dll
c:\windows\system32\niwebazi.dll
c:\windows\system32\nomajuzu.dll
c:\windows\system32\nopihizu.dll
c:\windows\system32\nositinu.dll
c:\windows\system32\nudegoya.dll
c:\windows\system32\nupikufo.dll
c:\windows\system32\pasalope.dll
c:\windows\system32\ponahohe.dll
c:\windows\system32\ropofaye.dll
c:\windows\system32\segukuro.dll
c:\windows\system32\sidejuwo.dll
c:\windows\system32\sijibale.dll
c:\windows\system32\sizesare.dll
c:\windows\system32\tagetega.dll
c:\windows\system32\tanovivo.dll
c:\windows\system32\tiyebuki.dll
c:\windows\system32\tuneyevi.dll
c:\windows\system32\vedofumu.dll
c:\windows\system32\viriteda.dll
c:\windows\system32\vobozudu.dll
c:\windows\system32\wazuhope.dll
c:\windows\system32\wegagolu.dll
c:\windows\system32\wobezozu.dll
c:\windows\system32\wuwasomo.dll
c:\windows\system32\yejoheti.dll
c:\windows\system32\yepagone.dll
c:\windows\system32\yisiwusu.dll
c:\windows\system32\yozuyosa.dll
c:\windows\system32\zapujevu.dll
c:\windows\system32\zebibevo.dll
c:\windows\system32\zihimubi.dll

.
(((((((((((((((((( Archivos creados desde 2008-11-10 - 2008-12-10 )))))))))))))))))))))))))))))))))
.

2008-12-10 21:44 . <DIR> c:\windows\LastGood.Tmp
2008-12-10 21:27 . 2008-12-10 21:27 <DIR> d-------- c:\windows\ERUNT
2008-12-10 21:19 . 2008-12-10 22:04 <DIR> d-------- C:\SDFix
2008-12-10 20:34 . 2008-12-10 20:34 120 ---hs---- c:\windows\system32\uduzobov.ini
2008-12-09 23:27 . 2008-12-09 23:27 120 ---hs---- c:\windows\system32\umufodev.ini
2008-12-09 11:28 . 2008-12-09 11:28 120 ---hs---- c:\windows\system32\oyubimag.ini
2008-12-08 22:49 . 2008-12-08 22:49 120 ---hs---- c:\windows\system32\omosawuw.ini
2008-12-07 15:29 . 2008-12-07 15:29 120 ---hs---- c:\windows\system32\ikubeyit.ini
2008-12-05 16:34 . 2008-12-05 16:34 120 ---hs---- c:\windows\system32\agetegat.ini
2008-12-04 12:35 . 2008-12-04 12:36 120 ---hs---- c:\windows\system32\ovebibez.ini
2008-12-03 10:43 . 2008-12-03 10:43 120 ---hs---- c:\windows\system32\elabijis.ini
2008-12-01 20:51 . 2008-12-01 20:51 <DIR> d-------- c:\program files\Trend Micro
2008-12-01 20:37 . 2008-12-01 20:37 120 ---hs---- c:\windows\system32\uvizepuh.ini
2008-11-30 23:27 . 2008-11-30 23:27 <DIR> d-------- c:\program files\Lavasoft
2008-11-30 23:27 . 2008-11-30 23:29 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft
2008-11-30 23:25 . 2008-11-30 23:25 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-11-30 15:26 . 2008-11-30 15:27 258 --a------ c:\windows\wininit.ini
2008-11-30 14:03 . 2008-11-30 14:12 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-11-30 14:03 . 2008-11-30 23:24 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-11-30 13:20 . 2008-11-30 13:20 1,270,354 ---hs---- c:\windows\system32\ehohanop.ini
2008-11-29 13:16 . 2008-11-30 13:17 1,270,354 ---hs---- c:\windows\system32\adetiriv.ini
2008-11-28 18:09 . 2008-11-28 18:09 1,270,354 ---hs---- c:\windows\system32\umuhadig.ini
2008-11-12 21:17 . 2008-10-24 11:10 453,632 -----c--- c:\windows\system32\dllcache\mrxsmb.sys

.
(((((((((((((((((((((((((((((((((((((( Reporte Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-10 22:28 --------- d-----w c:\documents and settings\Ada\Application Data\OpenOffice.org2
2008-12-01 19:38 --------- d-----w c:\documents and settings\LocalService.NT AUTHORITY.000\Application Data\SACore
2008-11-19 19:54 --------- d-----w c:\documents and settings\Ada\Application Data\Apple Computer
2008-11-16 15:15 --------- d-----w c:\program files\DivX
2008-11-04 14:26 --------- d-----w c:\documents and settings\Ada\Application Data\DivX
2008-10-31 16:38 --------- d-----w c:\program files\McAfee
2008-10-28 22:44 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\McAfee
2008-10-27 19:02 --------- d-----w c:\documents and settings\Ada\Application Data\Move Networks
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 14:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 14:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 14:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 14:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 14:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 14:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 14:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 14:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-09-19 21:55 200,704 ----a-w c:\windows\system32\ssldivx.dll
2008-09-19 21:55 1,044,480 ----a-w c:\windows\system32\libdivx.dll
2008-09-15 11:57 1,846,016 ----a-w c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((((((( Cargando Puntos Reg ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vacías & entradas legítimas predeterminadas no son mostradas
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-08-28 3660848]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"STDSB"="c:\windows\system32\drivers\STDSB.exe" [2003-12-17 28672]
"Icon"="c:\windows\system32\drivers\Icon.exe" [2004-04-16 217088]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-02-10 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-02-10 118784]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2003-03-27 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2003-03-27 634880]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2007-11-30 1164576]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2008-07-11 641208]
"PRONoMgr.exe"="c:\program files\Intel\NCS\PROSet\PRONoMgr.exe" [2005-07-07 135168]
"SoundMan"="SOUNDMAN.EXE" [2003-03-27 c:\windows\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
2006-08-03 02:20 188482 c:\windows\system32\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 21:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-07-22 19:42 116040 c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a------ 2004-08-04 13:00 208952 c:\windows\ime\IMJP8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-07-30 09:47 289064 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 2007-03-23 12:20 227328 c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 09:50 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SLService"=2 (0x2)
"ServiceLayer"=3 (0x3)
"iPod Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\WINDOWS\\system32\\drivers\\Icon.exe"=
"c:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\McAfee.com\\Agent\\mcagent.exe"=
"c:\\Program Files\\McAfee\\VirusScan\\mcsysmon.exe"=
"c:\\Program Files\\McAfee\\VirusScan\\mcvsmap.exe"=

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\McAfee\SiteAdvisor\McSACore.exe" [2008-09-29 203280]
R2 MTC0003_STDSB;Scroll Bar Driver;c:\windows\system32\drivers\STDSB.sys [2008-08-25 11279]
S2 STDSB;STDSB;c:\windows\system32\DRIVERS\STDSB.sys [2008-08-25 11279]
.
Contenido de carpeta 'Tareas Programadas'

2008-12-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]

2008-08-25 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2008-07-09 18:10]

2008-08-25 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2008-07-09 18:10]
.
- - - - HUÉRFANOS ELIMINADOS - - - -

BHO-{9abe0fde-e026-40b3-983d-06da763a61a0} - c:\windows\system32\tuneyevi.dll
MSConfigStartUp-bc7516bd - c:\windows\system32\ponahohe.dll
MSConfigStartUp-CPMbf462521 - c:\windows\system32\suhokamo.dll
MSConfigStartUp-hiruhizevo - c:\windows\system32\tuzatazo.dll
MSConfigStartUp-PCMM2007RT - c:\program files\PC MightyMax 2007\pcmm2007.exe
MSConfigStartUp-ZCfgSvc - c:\windows\system32\ZCfgSvc.exe


.
------- Análisis Suplementario -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
FireFox -: Profile - c:\documents and settings\Ada\Application Data\Mozilla\Firefox\Profiles\e7uqkm1c.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-divx&p=
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-10 22:40:49
Windows 5.1.2600 Service Pack 2 NTFS

escaneando procesos ocultos ...

escaneando entradas ocultas de autostart ...

escaneando archivos ocultos ...

el escaneo se completo con exito
archivos ocultos: 0

**************************************************************************
.
--------------------- DLLs cargados bajo los procesos en ejecución ---------------------

- - - - - - - > 'winlogon.exe'(816)
c:\windows\system32\LgNotify.dll
.
------------------------ Otros procesos en ejecución ------------------------
.
c:\windows\system32\S24EvMon.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\program files\Common Files\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\program files\McAfee\MSK\msksrver.exe
c:\windows\system32\RegSrvc.exe
.
**************************************************************************
.
Tiempo completado: 2008-12-10 22:48:59 - Reiniciando la máquina
ComboFix-quarantined-files.txt 2008-12-10 22:48:53

Pre-Run: 4.156.628.992 bytes free
Post-Run: 8,339,845,120 bytes free

245 --- E O F --- 2008-11-12 22:05:12

HiJack This

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:59:01, on 10/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\WINDOWS\system32\drivers\STDSB.exe
C:\WINDOWS\system32\drivers\Icon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\igfxtray.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [STDSB] C:\WINDOWS\system32\drivers\STDSB.exe
O4 - HKLM\..\Run: [Icon] C:\WINDOWS\system32\drivers\Icon.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [hiruhizevo] Rundll32.exe "C:\WINDOWS\system32\mamapome.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe

--
End of file - 7206 bytes

Thanks again

#6 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:09:35 AM

Posted 15 December 2008 - 10:21 PM

1. Please open Notepad
  • Click Start, then Run
  • Type notepad.exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

File::
C:\WINDOWS\system32\bekehutu.dll.tmp
C:\WINDOWS\system32\dimiboyi.dll.tmp
C:\WINDOWS\system32\dokileso.dll.tmp
C:\WINDOWS\system32\jutepeso.dll.tmp
C:\WINDOWS\system32\kahaneni.dll.tmp
C:\WINDOWS\system32\koyagahu.dll.tmp
C:\WINDOWS\system32\kuzolika.dll.tmp
C:\WINDOWS\system32\merojoka.dll.tmp
C:\WINDOWS\system32\tehayela.dll.tmp
C:\WINDOWS\system32\yadokibo.dll.tmp
C:\WINDOWS\system32\yipiwopa.dll.tmp
c:\windows\system32\uduzobov.ini
c:\windows\system32\umufodev.ini
c:\windows\system32\oyubimag.ini
c:\windows\system32\omosawuw.ini
c:\windows\system32\ikubeyit.ini
c:\windows\system32\agetegat.ini
c:\windows\system32\ovebibez.ini
c:\windows\system32\elabijis.ini
c:\windows\system32\uvizepuh.ini
c:\windows\system32\ehohanop.ini
c:\windows\system32\adetiriv.ini
c:\windows\system32\umuhadig.ini
C:\WINDOWS\system32\mamapome.dll

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#7 HB2112

HB2112
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:35 AM

Posted 20 December 2008 - 04:55 PM

Thanks! running this now, will post logs in a minute

#8 HB2112

HB2112
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:35 AM

Posted 20 December 2008 - 05:33 PM

ComboFix

ComboFix 08-12-09.03 - Ada 2008-12-20 21:59:55.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.91 [GMT 0:00]
Se ejecuta desde: c:\documents and settings\Ada\Desktop\ComboFix.exe
Comando de interruptores utilizados :: c:\documents and settings\Ada\Desktop\Pa arreglar el fregao (no usar!)\CFScript.txt
* Creado un nuevo punto de restauración

ADVERTENCIA - ESTE EQUIPO NO TIENE INSTALADA LA CONSOLA DE RECUPERACION!
.
- MODO DE FUNCIONALIDAD REDUCIDA -

FILE ::
c:\windows\system32\adetiriv.ini
c:\windows\system32\agetegat.ini
c:\windows\system32\bekehutu.dll.tmp
c:\windows\system32\dimiboyi.dll.tmp
c:\windows\system32\dokileso.dll.tmp
c:\windows\system32\ehohanop.ini
c:\windows\system32\elabijis.ini
c:\windows\system32\ikubeyit.ini
c:\windows\system32\jutepeso.dll.tmp
c:\windows\system32\kahaneni.dll.tmp
c:\windows\system32\koyagahu.dll.tmp
c:\windows\system32\kuzolika.dll.tmp
c:\windows\system32\mamapome.dll
c:\windows\system32\merojoka.dll.tmp
c:\windows\system32\omosawuw.ini
c:\windows\system32\ovebibez.ini
c:\windows\system32\oyubimag.ini
c:\windows\system32\tehayela.dll.tmp
c:\windows\system32\uduzobov.ini
c:\windows\system32\umufodev.ini
c:\windows\system32\umuhadig.ini
c:\windows\system32\uvizepuh.ini
c:\windows\system32\yadokibo.dll.tmp
c:\windows\system32\yipiwopa.dll.tmp
.

(((((((((((((((((((((((((((((((((((( Otras eliminaciones )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\adetiriv.ini
c:\windows\system32\agetegat.ini
c:\windows\system32\bekehutu.dll.tmp
c:\windows\system32\dimiboyi.dll.tmp
c:\windows\system32\dokileso.dll.tmp
c:\windows\system32\ehohanop.ini
c:\windows\system32\elabijis.ini
c:\windows\system32\ikubeyit.ini
c:\windows\system32\jutepeso.dll.tmp
c:\windows\system32\kahaneni.dll.tmp
c:\windows\system32\koyagahu.dll.tmp
c:\windows\system32\kuzolika.dll.tmp
c:\windows\system32\merojoka.dll.tmp
c:\windows\system32\omosawuw.ini
c:\windows\system32\ovebibez.ini
c:\windows\system32\oyubimag.ini
c:\windows\system32\tehayela.dll.tmp
c:\windows\system32\uduzobov.ini
c:\windows\system32\umufodev.ini
c:\windows\system32\umuhadig.ini
c:\windows\system32\uvizepuh.ini
c:\windows\system32\yadokibo.dll.tmp
c:\windows\system32\yipiwopa.dll.tmp

.
(((((((((((((((((( Archivos creados desde 2008-11-20 - 2008-12-20 )))))))))))))))))))))))))))))))))
.

2008-12-10 21:27 . 2008-12-10 21:27 <DIR> d-------- c:\windows\ERUNT
2008-12-10 21:19 . 2008-12-10 22:04 <DIR> d-------- C:\SDFix
2008-12-01 20:51 . 2008-12-01 20:51 <DIR> d-------- c:\program files\Trend Micro
2008-11-30 23:27 . 2008-11-30 23:27 <DIR> d-------- c:\program files\Lavasoft
2008-11-30 23:27 . 2008-11-30 23:29 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft
2008-11-30 23:25 . 2008-11-30 23:25 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-11-30 15:26 . 2008-11-30 15:27 258 --a------ c:\windows\wininit.ini
2008-11-30 14:03 . 2008-11-30 14:12 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-11-30 14:03 . 2008-11-30 23:24 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy

.
(((((((((((((((((((((((((((((((((((((( Reporte Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-19 13:44 --------- d-----w c:\documents and settings\Ada\Application Data\OpenOffice.org2
2008-12-19 12:39 --------- d-----w c:\documents and settings\LocalService.NT AUTHORITY.000\Application Data\SACore
2008-12-19 12:30 --------- d-----w c:\program files\McAfee
2008-11-19 19:54 --------- d-----w c:\documents and settings\Ada\Application Data\Apple Computer
2008-11-16 15:15 --------- d-----w c:\program files\DivX
2008-11-04 14:26 --------- d-----w c:\documents and settings\Ada\Application Data\DivX
2008-10-28 22:44 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\McAfee
2008-10-27 19:02 --------- d-----w c:\documents and settings\Ada\Application Data\Move Networks
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
.

((((((((((((((((((((((((((((( snapshot@2008-12-10_22.48.10.52 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-08-20 05:38:45 1,023,488 ----a-w c:\windows\system32\browseui.dll
+ 2008-10-16 10:37:04 1,023,488 ----a-w c:\windows\system32\browseui.dll
- 2008-08-20 05:38:39 151,040 ----a-w c:\windows\system32\cdfview.dll
+ 2008-10-16 10:37:02 151,040 ----a-w c:\windows\system32\cdfview.dll
- 2008-12-10 20:40:39 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2008-12-20 21:11:46 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-12-10 20:40:39 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-12-20 21:11:46 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-08-20 05:38:40 1,054,208 ----a-w c:\windows\system32\danim.dll
+ 2008-10-16 10:37:02 1,054,208 ----a-w c:\windows\system32\danim.dll
- 2008-08-20 05:38:45 1,023,488 -c--a-w c:\windows\system32\dllcache\browseui.dll
+ 2008-10-16 10:37:04 1,023,488 -c--a-w c:\windows\system32\dllcache\browseui.dll
- 2008-08-20 05:38:39 151,040 -c--a-w c:\windows\system32\dllcache\cdfview.dll
+ 2008-10-16 10:37:02 151,040 -c--a-w c:\windows\system32\dllcache\cdfview.dll
- 2008-08-20 05:38:40 1,054,208 -c--a-w c:\windows\system32\dllcache\danim.dll
+ 2008-10-16 10:37:02 1,054,208 -c--a-w c:\windows\system32\dllcache\danim.dll
- 2008-08-20 05:38:40 357,888 -c--a-w c:\windows\system32\dllcache\dxtmsft.dll
+ 2008-10-16 10:37:02 357,888 -c--a-w c:\windows\system32\dllcache\dxtmsft.dll
- 2008-08-20 05:38:40 205,312 -c--a-w c:\windows\system32\dllcache\dxtrans.dll
+ 2008-10-16 10:37:02 205,312 -c--a-w c:\windows\system32\dllcache\dxtrans.dll
- 2008-08-20 05:38:40 55,808 -c--a-w c:\windows\system32\dllcache\extmgr.dll
+ 2008-10-16 10:37:02 55,808 -c--a-w c:\windows\system32\dllcache\extmgr.dll
- 2004-08-04 13:00:00 278,016 -c--a-w c:\windows\system32\dllcache\gdi32.dll
+ 2008-10-23 13:01:36 283,648 -c--a-w c:\windows\system32\dllcache\gdi32.dll
- 2008-08-19 09:30:39 18,432 -c--a-w c:\windows\system32\dllcache\iedw.exe
+ 2008-10-15 09:45:01 18,432 -c--a-w c:\windows\system32\dllcache\iedw.exe
- 2008-08-20 05:38:41 251,392 -c--a-w c:\windows\system32\dllcache\iepeers.dll
+ 2008-10-16 10:37:02 251,392 -c--a-w c:\windows\system32\dllcache\iepeers.dll
- 2008-08-20 05:38:41 96,256 -c--a-w c:\windows\system32\dllcache\inseng.dll
+ 2008-10-16 10:37:02 96,256 -c--a-w c:\windows\system32\dllcache\inseng.dll
- 2008-08-20 05:38:44 16,384 -c--a-w c:\windows\system32\dllcache\jsproxy.dll
+ 2008-10-16 10:37:03 16,384 -c--a-w c:\windows\system32\dllcache\jsproxy.dll
- 2004-08-04 13:00:00 103,936 -c--a-w c:\windows\system32\dllcache\logagent.exe
+ 2008-06-10 01:31:06 103,936 -c--a-w c:\windows\system32\dllcache\logagent.exe
- 2008-08-20 05:38:47 3,060,224 -c--a-w c:\windows\system32\dllcache\mshtml.dll
+ 2008-12-12 17:33:23 3,060,224 -c--a-w c:\windows\system32\dllcache\mshtml.dll
- 2008-08-20 05:38:43 449,024 -c--a-w c:\windows\system32\dllcache\mshtmled.dll
+ 2008-10-16 10:37:03 449,024 -c--a-w c:\windows\system32\dllcache\mshtmled.dll
- 2008-08-20 05:38:41 146,432 -c--a-w c:\windows\system32\dllcache\msrating.dll
+ 2008-10-16 10:37:02 146,432 -c--a-w c:\windows\system32\dllcache\msrating.dll
- 2008-08-20 05:38:41 532,480 -c--a-w c:\windows\system32\dllcache\mstime.dll
+ 2008-10-16 10:37:02 532,480 -c--a-w c:\windows\system32\dllcache\mstime.dll
- 2008-08-20 05:38:41 39,424 -c--a-w c:\windows\system32\dllcache\pngfilt.dll
+ 2008-10-16 10:37:02 39,424 -c--a-w c:\windows\system32\dllcache\pngfilt.dll
- 2008-08-20 05:38:42 1,494,528 -c--a-w c:\windows\system32\dllcache\shdocvw.dll
+ 2008-10-16 10:37:03 1,494,528 -c--a-w c:\windows\system32\dllcache\shdocvw.dll
- 2008-08-20 05:38:44 474,112 -c--a-w c:\windows\system32\dllcache\shlwapi.dll
+ 2008-10-16 10:37:03 474,112 -c--a-w c:\windows\system32\dllcache\shlwapi.dll
- 2004-08-04 13:00:00 246,302 -c--a-w c:\windows\system32\dllcache\strmdll.dll
+ 2008-10-03 10:15:47 247,326 -c--a-w c:\windows\system32\dllcache\strmdll.dll
- 2008-08-20 05:38:45 615,936 -c--a-w c:\windows\system32\dllcache\urlmon.dll
+ 2008-10-16 10:37:04 615,936 -c--a-w c:\windows\system32\dllcache\urlmon.dll
+ 2008-09-05 23:30:42 241,704 -c----w c:\windows\system32\dllcache\wgaLogon.dll
+ 2008-09-05 23:29:58 917,032 -c----w c:\windows\system32\dllcache\WgaTray.exe
- 2008-08-20 05:38:43 659,456 -c--a-w c:\windows\system32\dllcache\wininet.dll
+ 2008-10-16 10:37:03 659,456 -c--a-w c:\windows\system32\dllcache\wininet.dll
- 2004-08-04 13:00:00 1,050,624 -c--a-w c:\windows\system32\dllcache\wmnetmgr.dll
+ 2008-06-10 18:18:18 1,053,696 -c--a-w c:\windows\system32\dllcache\WMNetmgr.dll
- 2004-08-04 13:00:00 2,105,344 -c--a-w c:\windows\system32\dllcache\wmvcore.dll
+ 2008-11-07 18:32:20 2,109,440 -c--a-w c:\windows\system32\dllcache\WMVCore.dll
- 2008-07-18 21:10:20 36,552 -c--a-w c:\windows\system32\dllcache\wups.dll
+ 2008-10-16 14:08:58 34,328 -c--a-w c:\windows\system32\dllcache\wups.dll
- 2008-08-20 05:38:40 357,888 ----a-w c:\windows\system32\dxtmsft.dll
+ 2008-10-16 10:37:02 357,888 ----a-w c:\windows\system32\dxtmsft.dll
- 2008-08-20 05:38:40 205,312 ----a-w c:\windows\system32\dxtrans.dll
+ 2008-10-16 10:37:02 205,312 ----a-w c:\windows\system32\dxtrans.dll
- 2008-08-20 05:38:40 55,808 ----a-w c:\windows\system32\extmgr.dll
+ 2008-10-16 10:37:02 55,808 ----a-w c:\windows\system32\extmgr.dll
- 2004-08-04 13:00:00 278,016 ----a-w c:\windows\system32\gdi32.dll
+ 2008-10-23 13:01:36 283,648 ----a-w c:\windows\system32\gdi32.dll
- 2008-08-20 05:38:41 251,392 ----a-w c:\windows\system32\iepeers.dll
+ 2008-10-16 10:37:02 251,392 ----a-w c:\windows\system32\iepeers.dll
- 2008-08-20 05:38:41 96,256 ----a-w c:\windows\system32\inseng.dll
+ 2008-10-16 10:37:02 96,256 ----a-w c:\windows\system32\inseng.dll
- 2008-08-20 05:38:44 16,384 ----a-w c:\windows\system32\jsproxy.dll
+ 2008-10-16 10:37:03 16,384 ----a-w c:\windows\system32\jsproxy.dll
- 2008-03-20 17:06:36 1,480,232 ----a-w c:\windows\system32\LegitCheckControl.DLL
+ 2008-09-05 23:30:06 1,480,232 ----a-w c:\windows\system32\LegitCheckControl.dll
- 2004-08-04 13:00:00 103,936 ----a-w c:\windows\system32\logagent.exe
+ 2008-06-10 01:31:06 103,936 ----a-w c:\windows\system32\logagent.exe
+ 2008-12-09 15:24:38 17,593,280 ----a-w c:\windows\system32\MRT.exe
- 2008-08-20 05:38:47 3,060,224 ----a-w c:\windows\system32\mshtml.dll
+ 2008-12-12 17:33:23 3,060,224 ----a-w c:\windows\system32\mshtml.dll
- 2008-08-20 05:38:43 449,024 ----a-w c:\windows\system32\mshtmled.dll
+ 2008-10-16 10:37:03 449,024 ----a-w c:\windows\system32\mshtmled.dll
- 2008-08-20 05:38:41 146,432 ----a-w c:\windows\system32\msrating.dll
+ 2008-10-16 10:37:02 146,432 ----a-w c:\windows\system32\msrating.dll
- 2008-08-20 05:38:41 532,480 ----a-w c:\windows\system32\mstime.dll
+ 2008-10-16 10:37:02 532,480 ----a-w c:\windows\system32\mstime.dll
- 2008-08-20 05:38:41 39,424 ----a-w c:\windows\system32\pngfilt.dll
+ 2008-10-16 10:37:02 39,424 ----a-w c:\windows\system32\pngfilt.dll
- 2008-08-20 05:38:42 1,494,528 ----a-w c:\windows\system32\shdocvw.dll
+ 2008-10-16 10:37:03 1,494,528 ----a-w c:\windows\system32\shdocvw.dll
- 2008-08-20 05:38:44 474,112 ----a-w c:\windows\system32\shlwapi.dll
+ 2008-10-16 10:37:03 474,112 ----a-w c:\windows\system32\shlwapi.dll
- 2008-07-08 13:02:01 17,272 ------w c:\windows\system32\spmsg.dll
+ 2007-11-30 12:39:22 17,272 ------w c:\windows\system32\spmsg.dll
- 2004-08-04 13:00:00 246,302 ----a-w c:\windows\system32\strmdll.dll
+ 2008-10-03 10:15:47 247,326 ----a-w c:\windows\system32\strmdll.dll
- 2008-07-14 11:09:18 62,976 ------w c:\windows\system32\tzchange.exe
+ 2008-10-22 09:47:07 62,976 ------w c:\windows\system32\tzchange.exe
- 2008-08-20 05:38:45 615,936 ----a-w c:\windows\system32\urlmon.dll
+ 2008-10-16 10:37:04 615,936 ----a-w c:\windows\system32\urlmon.dll
+ 2008-09-05 23:30:42 241,704 ------w c:\windows\system32\WgaLogon.dll
+ 2008-09-05 23:29:58 917,032 ------w c:\windows\system32\WgaTray.exe
- 2008-08-20 05:38:43 659,456 ----a-w c:\windows\system32\wininet.dll
+ 2008-10-16 10:37:03 659,456 ----a-w c:\windows\system32\wininet.dll
- 2004-08-04 13:00:00 1,050,624 ----a-w c:\windows\system32\wmnetmgr.dll
+ 2008-06-10 18:18:18 1,053,696 ----a-w c:\windows\system32\WMNetmgr.dll
- 2004-08-04 13:00:00 2,105,344 ----a-w c:\windows\system32\wmvcore.dll
+ 2008-11-07 18:32:20 2,109,440 ----a-w c:\windows\system32\WMVCore.dll
- 2008-08-19 09:20:32 351,744 ----a-w c:\windows\system32\xpsp3res.dll
+ 2008-10-15 14:00:41 351,744 ----a-w c:\windows\system32\xpsp3res.dll
.
-- Restablecer a la fecha actual de Snapshot --
.
((((((((((((((((((((((((((((((((( Cargando Puntos Reg ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vacías & entradas legítimas predeterminadas no son mostradas
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-08-28 3660848]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"STDSB"="c:\windows\system32\drivers\STDSB.exe" [2003-12-17 28672]
"Icon"="c:\windows\system32\drivers\Icon.exe" [2004-04-16 217088]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-02-10 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-02-10 118784]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2003-03-27 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2003-03-27 634880]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2007-11-30 1164576]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2008-07-11 641208]
"PRONoMgr.exe"="c:\program files\Intel\NCS\PROSet\PRONoMgr.exe" [2005-07-07 135168]
"SoundMan"="SOUNDMAN.EXE" [2003-03-27 c:\windows\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
2006-08-03 02:20 188482 c:\windows\system32\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 21:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-07-22 19:42 116040 c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a------ 2004-08-04 13:00 208952 c:\windows\ime\IMJP8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-07-30 09:47 289064 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 2007-03-23 12:20 227328 c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 09:50 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SLService"=2 (0x2)
"ServiceLayer"=3 (0x3)
"iPod Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\WINDOWS\\system32\\drivers\\Icon.exe"=
"c:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\McAfee.com\\Agent\\mcagent.exe"=
"c:\\Program Files\\McAfee\\VirusScan\\mcsysmon.exe"=
"c:\\Program Files\\McAfee\\VirusScan\\mcvsmap.exe"=

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\McAfee\SiteAdvisor\McSACore.exe" [2008-09-29 206096]
R2 MTC0003_STDSB;Scroll Bar Driver;c:\windows\system32\drivers\STDSB.sys [2008-08-25 11279]
S2 STDSB;STDSB;c:\windows\system32\DRIVERS\STDSB.sys [2008-08-25 11279]
.
Contenido de carpeta 'Tareas Programadas'

2008-12-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]

2008-08-25 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2008-07-09 18:10]

2008-08-25 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2008-07-09 18:10]
.
- - - - HUÉRFANOS ELIMINADOS - - - -

HKLM-Run-hiruhizevo - c:\windows\system32\mamapome.dll


.
------- Análisis Suplementario -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
FireFox -: Profile - c:\documents and settings\Ada\Application Data\Mozilla\Firefox\Profiles\e7uqkm1c.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-divx&p=
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-20 22:23:12
Windows 5.1.2600 Service Pack 2 NTFS

escaneando procesos ocultos ...

escaneando entradas ocultas de autostart ...

escaneando archivos ocultos ...

el escaneo se completo con exito
archivos ocultos: 0

**************************************************************************
.
--------------------- DLLs cargados bajo los procesos en ejecución ---------------------

- - - - - - - > 'winlogon.exe'(812)
c:\windows\system32\LgNotify.dll
.
------------------------ Otros procesos en ejecución ------------------------
.
c:\windows\system32\S24EvMon.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\program files\Common Files\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\program files\McAfee\MSK\msksrver.exe
c:\windows\system32\RegSrvc.exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\windows\system32\WgaTray.exe
.
**************************************************************************
.
Tiempo completado: 2008-12-20 22:27:04 - Reiniciando la máquina
ComboFix-quarantined-files.txt 2008-12-20 22:26:56
ComboFix2.txt 2008-12-10 22:49:03

Pre-Run: 7.978.078.208 bytes free
Post-Run: 7,974,051,840 bytes free

328 --- E O F --- 2008-12-18 23:49:07

HiJack This

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:30:06, on 20/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\RegSrvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\drivers\STDSB.exe
C:\WINDOWS\system32\drivers\Icon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [STDSB] C:\WINDOWS\system32\drivers\STDSB.exe
O4 - HKLM\..\Run: [Icon] C:\WINDOWS\system32\drivers\Icon.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe

--
End of file - 7278 bytes

It might not be related, but I did get a "victim of counterfeiting" windows thingie when restarting a couple of days ago... but I seem to have gotten rid of the pop-ups now. Let me know if I need to take any further steps.

Thanks again!

#9 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:09:35 AM

Posted 20 December 2008 - 11:45 PM

Lets do this....


Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.



---------------------------------


Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

----------------------------------


Please run the MGA Diagnostic Tool and post back the report it shall produce:
  • Download MGADiag to your desktop.
  • Double-click on MGADiag.exe to launch the program
  • Click "Continue"
  • Ensure that the "Windows" tab is selected (it should be by default).
  • Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard.
  • Paste the MGA Diagnostic Report back here in your next reply.


Post these logs in your next reply..

1. Malwarebytes'
2. ESET Online Scanner
3. MGA Diagnostic Tool

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#10 HB2112

HB2112
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:35 AM

Posted 23 December 2008 - 06:05 PM

MALWARE BYTES

Malwarebytes' Anti-Malware 1.31
Database version: 1537
Windows 5.1.2600 Service Pack 2

23/12/2008 21:19:09
mbam-log-2008-12-23 (21-19-09).txt

Scan type: Full Scan (C:\|)
Objects scanned: 105769
Time elapsed: 1 hour(s), 34 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 67

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Qoobox\Quarantine\C\WINDOWS\system32\degipeme.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\fibidaku.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\gidahumu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\gitoribo.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\gukehere.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\hejapive.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\hupezivu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\jelukahu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\jemitawa.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\koyagahu.dll.tmp.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\kuzolika.dll.tmp.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\niwebazi.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\nupikufo.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\ponahohe.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\segukuro.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\sidejuwo.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\sijibale.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\tagetega.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\tiyebuki.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\vedofumu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\viriteda.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\vobozudu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\wazuhope.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\wegagolu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\wobezozu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\wuwasomo.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\yepagone.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\yipiwopa.dll.tmp.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\yisiwusu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\zebibevo.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\zihimubi.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CBA60C4D-89C0-41DE-B78B-1525AAC3E648}\RP41\A0009346.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CBA60C4D-89C0-41DE-B78B-1525AAC3E648}\RP42\A0009405.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CBA60C4D-89C0-41DE-B78B-1525AAC3E648}\RP42\A0009722.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CBA60C4D-89C0-41DE-B78B-1525AAC3E648}\RP42\A0009731.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CBA60C4D-89C0-41DE-B78B-1525AAC3E648}\RP44\A0009849.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CBA60C4D-89C0-41DE-B78B-1525AAC3E648}\RP44\A0009850.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CBA60C4D-89C0-41DE-B78B-1525AAC3E648}\RP46\A0009908.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CBA60C4D-89C0-41DE-B78B-1525AAC3E648}\RP47\A0010090.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CBA60C4D-89C0-41DE-B78B-1525AAC3E648}\RP48\A0010243.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CBA60C4D-89C0-41DE-B78B-1525AAC3E648}\RP48\A0010244.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CBA60C4D-89C0-41DE-B78B-1525AAC3E648}\RP48\A0010247.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CBA60C4D-89C0-41DE-B78B-1525AAC3E648}\RP48\A0010248.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CBA60C4D-89C0-41DE-B78B-1525AAC3E648}\RP48\A0010249.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CBA60C4D-89C0-41DE-B78B-1525AAC3E648}\RP48\A0010250.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CBA60C4D-89C0-41DE-B78B-1525AAC3E648}\RP48\A0010251.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CBA60C4D-89C0-41DE-B78B-1525AAC3E648}\RP48\A0010252.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CBA60C4D-89C0-41DE-B78B-1525AAC3E648}\RP48\A0010253.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CBA60C4D-89C0-41DE-B78B-1525AAC3E648}\RP48\A0010259.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CBA60C4D-89C0-41DE-B78B-1525AAC3E648}\RP48\A0010264.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CBA60C4D-89C0-41DE-B78B-1525AAC3E648}\RP48\A0010266.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CBA60C4D-89C0-41DE-B78B-1525AAC3E648}\RP48\A0010268.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CBA60C4D-89C0-41DE-B78B-1525AAC3E648}\RP48\A0010269.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CBA60C4D-89C0-41DE-B78B-1525AAC3E648}\RP48\A0010270.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CBA60C4D-89C0-41DE-B78B-1525AAC3E648}\RP48\A0010272.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CBA60C4D-89C0-41DE-B78B-1525AAC3E648}\RP48\A0010274.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CBA60C4D-89C0-41DE-B78B-1525AAC3E648}\RP48\A0010276.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CBA60C4D-89C0-41DE-B78B-1525AAC3E648}\RP48\A0010277.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CBA60C4D-89C0-41DE-B78B-1525AAC3E648}\RP48\A0010278.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CBA60C4D-89C0-41DE-B78B-1525AAC3E648}\RP48\A0010279.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CBA60C4D-89C0-41DE-B78B-1525AAC3E648}\RP48\A0010280.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CBA60C4D-89C0-41DE-B78B-1525AAC3E648}\RP48\A0010281.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CBA60C4D-89C0-41DE-B78B-1525AAC3E648}\RP48\A0010282.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CBA60C4D-89C0-41DE-B78B-1525AAC3E648}\RP48\A0010284.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CBA60C4D-89C0-41DE-B78B-1525AAC3E648}\RP48\A0010285.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CBA60C4D-89C0-41DE-B78B-1525AAC3E648}\RP48\A0010288.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CBA60C4D-89C0-41DE-B78B-1525AAC3E648}\RP48\A0010289.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

------

ESET

# version=4
# OnlineScanner.ocx=1.0.0.56
# OnlineScannerDLLA.dll=1, 0, 0, 51
# OnlineScannerDLLW.dll=1, 0, 0, 51
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3714 (20081223)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=a611daac86582444a6e27a19e6603dcf
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2008-12-23 10:58:06
# local_time=2008-12-23 10:58:06 (+0000, GMT Standard Time)
# country="Spain"
# osver=5.1.2600 NT Service Pack 2
# scanned=244058
# found=113
# scan_time=4905
C:\Archivos de programa\CyberLink\PowerDVD\AVSettings\Languages\cs.xml Win32/AutoRun.J virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Archivos de programa\CyberLink\PowerDVD\AVSettings\Languages\da.xml Win32/AutoRun.J virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Archivos de programa\CyberLink\PowerDVD\AVSettings\Languages\de.xml Win32/AutoRun.J virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Archivos de programa\CyberLink\PowerDVD\AVSettings\Languages\el.xml Win32/AutoRun.J virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Archivos de programa\CyberLink\PowerDVD\AVSettings\Languages\en.xml Win32/AutoRun.J virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Archivos de programa\CyberLink\PowerDVD\AVSettings\Languages\es.xml Win32/AutoRun.J virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Archivos de programa\CyberLink\PowerDVD\AVSettings\Languages\fi.xml Win32/AutoRun.J virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Archivos de programa\CyberLink\PowerDVD\AVSettings\Languages\fr-ca.xml Win32/AutoRun.J virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Archivos de programa\CyberLink\PowerDVD\AVSettings\Languages\fr.xml Win32/AutoRun.J virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Archivos de programa\CyberLink\PowerDVD\AVSettings\Languages\hu.xml Win32/AutoRun.J virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Archivos de programa\CyberLink\PowerDVD\AVSettings\Languages\it.xml Win32/AutoRun.J virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Archivos de programa\CyberLink\PowerDVD\AVSettings\Languages\ja.xml Win32/AutoRun.J virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Archivos de programa\CyberLink\PowerDVD\AVSettings\Languages\ko.xml Win32/AutoRun.J virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Archivos de programa\CyberLink\PowerDVD\AVSettings\Languages\nl.xml Win32/AutoRun.J virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Archivos de programa\CyberLink\PowerDVD\AVSettings\Languages\no.xml Win32/AutoRun.J virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Archivos de programa\CyberLink\PowerDVD\AVSettings\Languages\pl.xml Win32/AutoRun.J virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Archivos de programa\CyberLink\PowerDVD\AVSettings\Languages\pt-br.xml Win32/AutoRun.J virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Archivos de programa\CyberLink\PowerDVD\AVSettings\Languages\pt.xml Win32/AutoRun.J virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Archivos de programa\CyberLink\PowerDVD\AVSettings\Languages\ru.xml Win32/AutoRun.J virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Archivos de programa\CyberLink\PowerDVD\AVSettings\Languages\sk.xml Win32/AutoRun.J virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Archivos de programa\CyberLink\PowerDVD\AVSettings\Languages\sl.xml Win32/AutoRun.J virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Archivos de programa\CyberLink\PowerDVD\AVSettings\Languages\sv.xml Win32/AutoRun.J virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Archivos de programa\CyberLink\PowerDVD\AVSettings\Languages\th.xml Win32/AutoRun.J virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Archivos de programa\CyberLink\PowerDVD\AVSettings\Languages\tr.xml Win32/AutoRun.J virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Archivos de programa\CyberLink\PowerDVD\AVSettings\Languages\zh-cn.xml Win32/AutoRun.J virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Archivos de programa\CyberLink\PowerDVD\AVSettings\Languages\zh-tw.xml Win32/AutoRun.J virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Archivos de programa\Microsoft Office\OFFICE11\3082\CATOC.XML Win32/AutoRun.J virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Archivos de programa\Microsoft Office\OFFICE11\3082\MF_ACTOC.XML Win32/AutoRun.J virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Archivos de programa\Microsoft Office\OFFICE11\3082\MF_CATOC.XML Win32/AutoRun.J virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Archivos de programa\Microsoft Office\OFFICE11\3082\MF_PPTOC.XML Win32/AutoRun.J virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Archivos de programa\Microsoft Office\OFFICE11\3082\MF_WDTOC.XML Win32/AutoRun.J virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Archivos de programa\Microsoft Office\OFFICE11\3082\MF_XLTOC.XML Win32/AutoRun.J virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Archivos de programa\Microsoft Office\OFFICE11\3082\MSETOC.XML Win32/AutoRun.J virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Archivos de programa\Microsoft Office\OFFICE11\3082\VBETOC.XML Win32/AutoRun.J virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Archivos de programa\Microsoft Office\OFFICE11\3082\VBSETOC.XML Win32/AutoRun.J virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Archivos de programa\Microsoft Office\OFFICE11\3082\XLATOC.XML Win32/AutoRun.J virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Archivos de programa\Microsoft Office\OFFICE11\ADDINS\MSOSEC.XML Win32/AutoRun.J virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Archivos de programa\Winamp\Plugins\freeform\xml\guiobjects.xml Win32/AutoRun.J virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Archivos de programa\Winamp\Plugins\freeform\xml\about\about.xml Win32/AutoRun.J virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Archivos de programa\Winamp\Plugins\freeform\xml\checkbox\checkbox.xml Win32/AutoRun.J virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Archivos de programa\Winamp\Plugins\freeform\xml\combobox\combobox.xml Win32/AutoRun.J virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Archivos de programa\Winamp\Plugins\freeform\xml\dropdownlist\dropdownlist.xml Win32/AutoRun.J virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Archivos de programa\Winamp\Plugins\freeform\xml\historyeditbox\historyeditbox.xml Win32/AutoRun.J virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Archivos de programa\Winamp\Plugins\freeform\xml\menubutton\menubutton.xml Win32/AutoRun.J virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Archivos de programa\Winamp\Plugins\freeform\xml\msgbox\msgbox.xml Win32/AutoRun.J virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Archivos de programa\Winamp\Plugins\freeform\xml\pathpicker\pathpicker.xml Win32/AutoRun.J virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Archivos de programa\Winamp\Plugins\freeform\xml\popupmenu\popupmenu.xml Win32/AutoRun.J virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Archivos de programa\Winamp\Plugins\freeform\xml\statusbar\statusbar.xml Win32/AutoRun.J virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Archivos de programa\Winamp\Plugins\freeform\xml\tabsheet\tabsheet.xml Win32/AutoRun.J virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Archivos de programa\Winamp\Plugins\freeform\xml\titlebox\titlebox.xml Win32/AutoRun.J virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Archivos de programa\Winamp\Plugins\freeform\xml\tooltips\tooltips-elements.xml Win32/AutoRun.J virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Archivos de programa\Winamp\Plugins\freeform\xml\tooltips\tooltips.xml Win32/AutoRun.J virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Archivos de programa\Winamp\Plugins\freeform\xml\wasabi\wasabi.xml Win32/AutoRun.J virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Archivos de programa\Winamp\Plugins\freeform\xml\wasabi\xml\components.xml Win32/AutoRun.J virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Archivos de programa\Winamp\Plugins\freeform\xml\wasabi\xml\garbage-elements.xml Win32/AutoRun.J virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Archivos de programa\Winamp\Plugins\freeform\xml\wasabi\xml\old.system-colors.xml Win32/AutoRun.J virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Archivos de programa\Winamp\Plugins\freeform\xml\wasabi\xml\system-colors.xml Win32/AutoRun.J virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Archivos de programa\Winamp\Plugins\freeform\xml\wasabi\xml\system-element-aliases.xml Win32/AutoRun.J virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Archivos de programa\Winamp\Plugins\freeform\xml\wasabi\xml\system-elements.xml Win32/AutoRun.J virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Archivos de programa\Winamp\Plugins\freeform\xml\wasabi\xml\system-groups.xml Win32/AutoRun.J virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Archivos de programa\Winamp\Plugins\freeform\xml\wasabi\xml\groups\buttonbar.xml Win32/AutoRun.J virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Archivos de programa\Winamp\Plugins\freeform\xml\wasabi\xml\groups\objectframe.xml Win32/AutoRun.J virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Archivos de programa\Winamp\Plugins\freeform\xml\wasabi\xml\groups\panel.xml Win32/AutoRun.J virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Archivos de programa\Winamp\Plugins\freeform\xml\wasabi\xml\groups\window-embedded.xml Win32/AutoRun.J virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Archivos de programa\Winamp\Plugins\freeform\xml\wasabi\xml\groups\window.xml Win32/AutoRun.J virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Archivos de programa\Winamp\Plugins\freeform\xml\wasabi\xml\xui\xuiobjects.xml Win32/AutoRun.J virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Archivos de programa\Winamp\Plugins\freeform\xml\wasabi\xml\xui\button\button.xml Win32/AutoRun.J virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Archivos de programa\Winamp\Plugins\freeform\xml\wasabi\xml\xui\editbox\editbox.xml Win32/AutoRun.J virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Archivos de programa\Winamp\Plugins\freeform\xml\wasabi\xml\xui\slider\slider.xml Win32/AutoRun.J virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Archivos de programa\Winamp\Plugins\freeform\xml\wasabi\xml\xui\standardframe\standardframe-elements.xml Win32/AutoRun.J virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Archivos de programa\Winamp\Plugins\freeform\xml\wasabi\xml\xui\standardframe\standardframe.xml Win32/AutoRun.J virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Archivos de programa\Winamp\Plugins\freeform\xml\wasabi\xml\xui\text\text.xml Win32/AutoRun.J virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Archivos de programa\Winamp\Plugins\freeform\xml\wasabi\xml\xui\titlebar\titlebar.xml Win32/AutoRun.J virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Archivos de programa\Winamp\Skins\Winamp Modern\skin.xml Win32/AutoRun.J virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Archivos de programa\Winamp\Skins\Winamp Modern\about\about.xml Win32/AutoRun.J virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Archivos de programa\Winamp\Skins\Winamp Modern\standardframe\standardframe-elements.xml Win32/AutoRun.J virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Archivos de programa\Winamp\Skins\Winamp Modern\standardframe\standardframe.xml Win32/AutoRun.J virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Archivos de programa\Winamp\Skins\Winamp Modern\standardframe\window_menus.xml Win32/AutoRun.J virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Archivos de programa\Winamp\Skins\Winamp Modern\titlebar\titlebar.xml Win32/AutoRun.J virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Archivos de programa\Winamp\Skins\Winamp Modern\xml\ml-normal.xml Win32/AutoRun.J virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Archivos de programa\Winamp\Skins\Winamp Modern\xml\ml.xml Win32/AutoRun.J virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Archivos de programa\Winamp\Skins\Winamp Modern\xml\notifier-elements.xml Win32/AutoRun.J virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Archivos de programa\Winamp\Skins\Winamp Modern\xml\notifier-normal.xml Win32/AutoRun.J virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Archivos de programa\Winamp\Skins\Winamp Modern\xml\notifier.xml Win32/AutoRun.J virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Archivos de programa\Winamp\Skins\Winamp Modern\xml\player-elements-shade.xml Win32/AutoRun.J virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Archivos de programa\Winamp\Skins\Winamp Modern\xml\player-normal-group.xml Win32/AutoRun.J virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Archivos de programa\Winamp\Skins\Winamp Modern\xml\player-normal.xml Win32/AutoRun.J virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Archivos de programa\Winamp\Skins\Winamp Modern\xml\player-shade-group.xml Win32/AutoRun.J virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Archivos de programa\Winamp\Skins\Winamp Modern\xml\player-shade.xml Win32/AutoRun.J virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Archivos de programa\Winamp\Skins\Winamp Modern\xml\player.xml Win32/AutoRun.J virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Archivos de programa\Winamp\Skins\Winamp Modern\xml\pledit-normal.xml Win32/AutoRun.J virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Archivos de programa\Winamp\Skins\Winamp Modern\xml\pledit-shade-group.xml Win32/AutoRun.J virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Archivos de programa\Winamp\Skins\Winamp Modern\xml\pledit-shade.xml Win32/AutoRun.J virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Archivos de programa\Winamp\Skins\Winamp Modern\xml\pledit.xml Win32/AutoRun.J virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Archivos de programa\Winamp\Skins\Winamp Modern\xml\system-colors.xml Win32/AutoRun.J virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Archivos de programa\Winamp\Skins\Winamp Modern\xml\video-normal.xml Win32/AutoRun.J virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Archivos de programa\Winamp\Skins\Winamp Modern\xml\video.xml Win32/AutoRun.J virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Archivos de programa\Winamp\Skins\Winamp Modern\xml\vis-normal.xml Win32/AutoRun.J virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Archivos de programa\Winamp\Skins\Winamp Modern\xml\vis.xml Win32/AutoRun.J virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Archivos de programa\WinRAR\order.htm Win32/AutoRun.J virus (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde.zip Win32/Bagle.gen.zip worm (unable to clean - deleted) 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\WINDOWS\system32\bumimali.dll.vir Win32/Adware.Virtumonde application (unable to clean - deleted) 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\WINDOWS\system32\dokileso.dll.tmp.vir Win32/Adware.Virtumonde application (unable to clean - deleted) 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\WINDOWS\system32\gekuhiri.dll.vir Win32/Adware.Virtumonde application (unable to clean - deleted) 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\WINDOWS\system32\gepibura.dll.vir Win32/Adware.Virtumonde application (unable to clean - deleted) 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\WINDOWS\system32\kahaneni.dll.tmp.vir Win32/Adware.Virtumonde application (unable to clean - deleted) 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\WINDOWS\system32\kumeweva.dll.vir Win32/Adware.Virtumonde application (unable to clean - deleted) 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\WINDOWS\system32\mamapome.dll.vir Win32/Adware.Virtumonde application (unable to clean - deleted) 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\WINDOWS\system32\nanulote.dll.vir Win32/Adware.Virtumonde application (unable to clean - deleted) 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\WINDOWS\system32\nositinu.dll.vir Win32/Adware.Virtumonde application (unable to clean - deleted) 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\WINDOWS\system32\tuneyevi.dll.vir Win32/Adware.Virtumonde application (unable to clean - deleted) 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\WINDOWS\system32\yadokibo.dll.tmp.vir Win32/Adware.Virtumonde application (unable to clean - deleted) 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\WINDOWS\system32\yozuyosa.dll.vir Win32/Adware.Virtumonde application (unable to clean - deleted) 00000000000000000000000000000000

-------------------

MGA

Diagnostic Report (1.7.0110.1):
-----------------------------------------
WGA Data-->
Validation Status: Blocked VLK
Validation Code: 3
Online Validation Code: N/A
Cached Validation Code: N/A
Windows Product Key: *****-*****-6MPKT-FTM67-2FMWG
Windows Product Key Hash: 7NGC9t4TjuwGmWigU7V+FP7nBao=
Windows Product ID: 76487-646-9147304-23510
Windows Product ID Type: 1
Windows License Type: Volume
Windows OS version: 5.1.2600.2.00010100.2.0.pro
ID: {3A6F7038-4698-4A96-BAC7-71832EF661BD}(3)
Is Admin: Yes
TestCab: 0x0
WGA Version: Registered, 1.8.31.9
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-171-1
Resolution Status: N/A

WgaER Data-->
ThreatID(s): N/A
Version: N/A

WGA Notifications Data-->
Cached Result: 3
File Exists: Yes
Version: 1.8.31.9
WgaTray.exe Signed By: Microsoft
WgaLogon.dll Signed By: Microsoft

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
WGATray.exe Signed By: Microsoft
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-171-1_FA827CE6-153-8007007e_FA827CE6-180-8007007e

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{3A6F7038-4698-4A96-BAC7-71832EF661BD}</UGUID><Version>1.7.0110.1</Version><OS>5.1.2600.2.00010100.2.0.pro</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-2FMWG</PKey><PID>76487-646-9147304-23510</PID><PIDType>1</PIDType><SID>S-1-5-21-329068152-1935655697-854245398</SID><SYSTEM><Manufacturer>NEC Computers International</Manufacturer><Model>Packard Bell EasyNote</Model></SYSTEM><BIOS><Manufacturer>Insyde Software Corporation</Manufacturer><Version>R1.01 </Version><SMBIOSVersion major="2" minor="3"/><Date>20040724000000.000000+000</Date></BIOS><HWID>34073807018400DC</HWID><UserLCID>040A</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><BRT/></MachineData> <Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Licensing Data-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 1FFB0:NEC Corporation|1FFB0:Packard Bell B.V
Marker string from OEMBIOS.DAT: N/A, hr = 0x80004005

OEM Activation 2.0 Data-->
N/A

Thanks again!
H

#11 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:09:35 AM

Posted 23 December 2008 - 11:41 PM

Hello, I determined that you have pirated Windows XP.. I have to stop my support here as its against this board policies.. Please validate your Windows before we can continue with our support.. Kindly tell me that you have verified your Windows after you do so..


Regards
fenzodahl512

Edited by fenzodahl512, 23 December 2008 - 11:50 PM.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users