Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ComboFix, Hijackthis and SmitFraudFix Logs.


  • Please log in to reply
1 reply to this topic

#1 LestatLioncourt

LestatLioncourt

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:22 PM

Posted 07 November 2010 - 10:08 AM

Hi, my PC works very slow, so I did the analysis ComboFix, Hijackthis
and SmitFraudFix. Here then I leave the logs, thank you very much as
can recommend and help me. Thank you very much from now. Lestat.

Hijackthis


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:26:51, on 07/11/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Archivos de programa\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\ESET\ESET NOD32 Antivirus\egui.exe
C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://update.microsoft.com/windowsupdate/v6/default.aspx?ln=es
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=76.74.255.236:3128;ftp=76.74.255.236:3128;https=76.74.255.236:3128;
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Archivos de programa\KeyScrambler\KeyScramblerIE.dll
O4 - HKLM\..\Run: [egui] "C:\Archivos de programa\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Archivos de programa\Agnitum\Outpost Firewall Pro\feedback.exe" /dump:os_startup
O4 - HKLM\..\Run: [OutpostMonitor] "C:\ARCHIV~1\Agnitum\OUTPOS~1\op_mon.exe" /tray /noservice
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Archivos de programa\KeyScrambler\KeyScramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Archivos de programa\KeyScrambler\KeyScramblerIE.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - ESC Trusted IP range: http://192.168.2.1
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\ARCHIV~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARCHIV~1\ARCHIV~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Archivos de programa\Archivos comunes\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\ARCHIV~1\Agnitum\OUTPOS~1\acs.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Archivos de programa\Archivos comunes\AOL\ACS\AOLAcsd.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Archivos de programa\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Archivos de programa\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Servicio de actualización de Google (gupdate) (gupdate) - Google Inc. - C:\Archivos de programa\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IS360service - IObit - C:\Archivos de programa\IObit\IObit Security 360\IS360srv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Archivos de programa\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Archivos de programa\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Archivos de programa\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: NBService - Nero AG - C:\Archivos de programa\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Archivos de programa\Archivos comunes\Ahead\Lib\NMIndexingService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Archivos de programa\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Archivos de programa\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

--
End of file - 4940 bytes




Combofix



ComboFix 10-11-07.04 - Locke 07/11/2010 10:10:06.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.54.3082.18.1023.535 [GMT -3:00]
Running from: c:\documents and settings\Locke\Escritorio\Antivirus\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Outpost Firewall Pro *enabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\ches.txt
C:\chesx.txt
c:\windows\BDOSCAN8\plugins\emalware.239.bak2
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF


((((((((((((((((((((((((( Files Created from 2010-10-07 to 2010-11-07 )))))))))))))))))))))))))))))))
.

2010-11-07 11:18 . 2010-11-07 11:18 -------- d-----w- c:\documents and settings\LocalService\Configuración local\Datos de programa\Google
2010-11-07 10:09 . 2010-11-07 10:14 3012 ----a-w- C:\drmHeader.bin
2010-11-07 07:44 . 2010-11-07 07:45 -------- d-----w- c:\archivos de programa\Combined Community Codec Pack
2010-11-07 07:42 . 2010-11-07 07:44 -------- d-----w- c:\archivos de programa\K-Lite Codec Pack
2010-11-07 05:44 . 2010-11-07 05:44 -------- d-----w- c:\documents and settings\Administrador\Datos de programa\Estsoft
2010-11-07 04:26 . 2010-11-07 06:07 -------- d-----w- c:\archivos de programa\DelPSGuard
2010-11-06 02:08 . 2005-07-31 10:07 172032 ----a-w- c:\windows\system32\OSSMTP.dll
2010-11-05 16:50 . 2008-04-14 10:48 40448 ----a-w- c:\windows\system32\ctfmon.exe.backup
2010-11-04 15:56 . 2010-11-04 15:56 -------- d-----w- c:\documents and settings\NetworkService\Configuración local\Datos de programa\Temp
2010-11-04 15:43 . 2010-11-04 15:43 -------- d-----w- c:\documents and settings\NetworkService\Configuración local\Datos de programa\Google
2010-11-04 11:32 . 2010-11-04 11:32 -------- d-----w- c:\documents and settings\Locke\Application Data\Malwarebytes
2010-11-04 10:44 . 2010-11-05 15:03 -------- d-----w- c:\archivos de programa\GridinSoft Trojan Killer
2010-11-04 10:27 . 2010-11-04 10:27 -------- d-----w- c:\archivos de programa\BinarySense
2010-11-04 10:22 . 2010-11-04 11:18 -------- d-----w- c:\archivos de programa\Motherboard Monitor 5
2010-11-04 10:19 . 2010-11-04 10:19 -------- d-----w- c:\documents and settings\Locke\Application Data\SuperMSNBackup
2010-11-04 06:27 . 2010-11-04 06:27 -------- d-----w- c:\archivos de programa\Mx One Antivirus
2010-11-04 05:45 . 2010-11-04 05:45 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Panda Security
2010-11-04 05:44 . 2010-11-04 05:55 -------- d-----w- c:\archivos de programa\Panda USB Vaccine
2010-11-04 05:36 . 2010-11-07 09:11 -------- d---a-w- c:\documents and settings\All Users\Datos de programa\TEMP
2010-11-04 04:57 . 2010-11-04 05:02 -------- d-----w- c:\documents and settings\Locke\Application Data\GlarySoft
2010-11-04 04:20 . 2010-11-04 04:20 -------- d-----w- c:\documents and settings\Locke\Application Data\SUPERAntiSpyware.com
2010-11-04 04:20 . 2010-11-04 14:55 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Spybot - Search & Destroy
2010-11-04 04:20 . 2010-11-04 11:39 -------- d-----w- c:\archivos de programa\Spybot - Search & Destroy
2010-11-04 04:20 . 2010-11-04 04:20 -------- d-----w- c:\archivos de programa\SUPERAntiSpyware
2010-11-04 04:17 . 2010-11-07 06:37 -------- d-----w- c:\archivos de programa\Argente - Registry Cleaner
2010-11-04 04:16 . 2010-04-29 18:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-04 04:16 . 2010-11-04 04:16 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Malwarebytes
2010-11-04 04:16 . 2010-11-04 04:16 -------- d-----w- c:\archivos de programa\Malwarebytes' Anti-Malware
2010-11-04 04:16 . 2010-04-29 18:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-04 04:13 . 2010-11-04 04:14 -------- d-----w- c:\archivos de programa\Glary Utilities
2010-11-02 08:40 . 2010-11-04 04:11 -------- d-----w- c:\archivos de programa\SpywareBlaster
2010-11-02 08:35 . 2010-11-02 08:35 -------- d-----w- c:\archivos de programa\KeyScrambler
2010-11-02 08:35 . 2010-02-11 15:03 114952 ----a-w- c:\windows\system32\drivers\keyscrambler.sys
2010-11-02 08:31 . 2010-11-02 08:31 -------- d-----w- c:\documents and settings\Locke\Application Data\QuickScan
2010-11-02 05:43 . 2010-11-02 05:45 -------- d-----w- c:\documents and settings\Locke\Application Data\Ventrilo
2010-11-02 05:30 . 2010-11-02 05:30 -------- d-----w- c:\archivos de programa\Ventrilo
2010-11-02 05:13 . 2010-11-02 05:13 -------- d-sh--w- c:\documents and settings\Administrador\PrivacIE
2010-11-02 05:13 . 2010-11-02 05:13 -------- d-----w- c:\documents and settings\Administrador\Datos de programa\BSplayer PRO
2010-11-01 01:35 . 2010-11-06 04:07 -------- d-----w- c:\documents and settings\Locke\Application Data\TeamViewer
2010-10-25 01:48 . 2010-10-25 01:49 -------- d-----w- c:\archivos de programa\Fast Explorer
2010-10-25 00:50 . 2010-10-25 00:51 -------- d-----w- c:\documents and settings\Locke\Application Data\griffith
2010-10-24 04:24 . 2010-10-24 04:28 -------- d-----w- c:\documents and settings\Locke\Application Data\ElevatedDiagnostics
2010-10-24 04:14 . 2010-10-24 04:14 -------- d-----w- c:\archivos de programa\Autoplay Repair
2010-10-21 21:24 . 2010-10-21 21:24 -------- d-----w- c:\documents and settings\Locke\Application Data\Thinstall
2010-10-21 20:53 . 2010-11-02 05:19 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Norton
2010-10-21 20:53 . 2010-10-21 20:53 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Symantec
2010-10-21 08:46 . 2010-10-22 03:21 -------- d-----w- c:\documents and settings\All Users\Datos de programa\ESTsoft
2010-10-21 01:56 . 2010-10-21 01:56 -------- d-----w- c:\documents and settings\Locke\Application Data\MassTube
2010-10-19 10:28 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-07 09:20 . 2010-11-07 09:20 9711305 ----a-w- C:\ComboFix.zip
2010-11-05 16:50 . 2002-09-09 17:51 24064 ----a-w- c:\windows\system32\ctfmon.exe
2010-10-11 13:35 . 2009-07-24 22:38 710576 ----a-w- c:\windows\system32\drivers\SandBox.sys
2010-09-27 18:40 . 2009-07-24 22:38 267624 ----a-w- c:\windows\system32\drivers\afwcore.sys
2010-09-18 15:23 . 2001-08-24 16:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2001-08-24 16:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2001-08-24 16:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2001-08-24 16:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:50 . 2002-09-09 17:51 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:50 . 2002-09-09 17:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-10 05:50 . 2002-09-09 17:50 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-02 07:23 . 2010-09-02 07:23 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-02 07:23 . 2010-05-02 02:43 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-01 11:51 . 2001-08-24 16:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-09-01 07:57 . 2002-09-09 17:45 1852928 ----a-w- c:\windows\system32\win32k.sys
2010-09-01 07:52 . 2010-09-01 07:52 230736 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2010-08-27 08:03 . 2001-08-24 16:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:53 . 2001-08-24 16:00 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2001-08-24 16:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 13:13 . 2008-05-05 10:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12 . 2002-09-09 17:50 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2001-08-24 16:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:44 . 2002-09-09 17:51 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-08-16 00:00 . 2010-08-16 00:00 7808 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
.

------- Sigcheck -------

[7] 2008-04-14 . 213C80D912880BBF04453D09FFCCB28C . 510976 . . [5.1.2600.5512] . . c:\windows\Resources\ISSO\Backup\winlogon.exe
[-] 2008-04-14 . 3F5B7DD84DB17717502FB9F9954C17A7 . 550400 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 . 3F5B7DD84DB17717502FB9F9954C17A7 . 550400 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2002-09-09 . 830395CBAEE46CB02A0777EA25D2C75D . 519680 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\winlogon.exe

[7] 2008-04-14 . DA8898129E0075C7DE4DEE457514A73C . 579584 . . [5.1.2600.5512] . . c:\windows\Resources\ISSO\Backup\user32.dll
[-] 2008-04-14 . 000B8A96FFBD468B5C6C67D56C260DED . 525312 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 . 000B8A96FFBD468B5C6C67D56C260DED . 525312 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2008-04-14 . 000B8A96FFBD468B5C6C67D56C260DED . 525312 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\user32.dll
[-] 2002-09-09 . 1B1A3353911321ADC0D42E8F236B0B31 . 561152 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\user32.dll

[-] 2008-04-14 . 059DD4EE4D79AE02A747DDB38F68E3DB . 1475072 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[7] 2008-04-14 . 7522F548A84ABAD8FA516DE5AB3931EF . 1036288 . . [6.00.2900.5512] . . c:\windows\Resources\ISSO\Backup\explorer.exe
[-] 2008-04-14 . 059DD4EE4D79AE02A747DDB38F68E3DB . 1475072 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2008-04-14 . 059DD4EE4D79AE02A747DDB38F68E3DB . 1475072 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\explorer.exe
[-] 2002-09-09 . 64764B2B0B0314932AA8EC10C30EB2AE . 1006592 . . [6.00.2800.1106] . . c:\windows\$NtServicePackUninstall$\explorer.exe

[-] 2010-11-05 16:50 . C3A2915C71AE6F225EB906C25CCD29B5 . 24064 . . [1.0.0.5] . . c:\windows\system32\dllcache\ctfmon.exe
[-] 2010-11-05 16:50 . C3A2915C71AE6F225EB906C25CCD29B5 . 24064 . . [1.0.0.5] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2010-11-05 16:50 . C3A2915C71AE6F225EB906C25CCD29B5 . 24064 . . [1.0.0.5] . . c:\windows\system32\ctfmon.exe
[7] 2008-04-14 . DAAE1CB1B1875B760496E7D3336DA1AD . 15360 . . [5.1.2600.5512] . . c:\windows\Resources\ISSO\Backup\ctfmon.exe
[-] 2002-09-09 . 36AEF092F333CFF6B8D10EFF3CC3AEE5 . 13312 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Outpost]
@="{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}"
[HKEY_CLASSES_ROOT\CLSID\{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}]
2010-10-21 19:23 283736 ----a-w- c:\archivos de programa\Agnitum\Outpost Firewall Pro\op_shell.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\archivos de programa\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]
"OutpostFeedBack"="c:\archivos de programa\Agnitum\Outpost Firewall Pro\feedback.exe" [2010-10-21 491272]
"OutpostMonitor"="c:\archiv~1\Agnitum\OUTPOS~1\op_mon.exe" [2010-10-21 2841448]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2010-11-05 24064]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\archivos de programa\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\documents and settings\All Users\Datos de programa\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\archivos de programa\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OutpostFeedBack]
2010-10-21 19:22 491272 ----a-w- c:\archivos de programa\Agnitum\Outpost Firewall Pro\feedback.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OutpostMonitor]
2010-10-21 19:56 2841448 ----a-w- c:\archiv~1\Agnitum\OUTPOS~1\op_mon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"qbxbuyauk"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [21/06/2010 07:23 28552]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [01/02/2009 05:56 721904]
R0 SscRdBus;Virtual bus device (SuperSpeed LLC);c:\windows\system32\drivers\SscRdBus.sys [16/11/2007 14:56 50944]
R0 SscRdCls;RAM Disk (SuperSpeed LLC);c:\windows\system32\drivers\SscRdCls.sys [16/11/2007 14:58 37504]
R0 tdrpman140;Acronis Try&Decide and Restore Points filter (build 140);c:\windows\system32\drivers\tdrpm140.sys [06/02/2009 00:10 971168]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14/05/2009 15:47 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [18/08/2008 13:27 94360]
R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [24/07/2009 19:38 710576]
R1 SASDIFSV;SASDIFSV;c:\archivos de programa\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 15:25 12872]
R1 SASKUTIL;SASKUTIL;c:\archivos de programa\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 15:41 67656]
R2 acssrv;Agnitum Client Security Service;c:\archiv~1\Agnitum\OUTPOS~1\acs.exe [24/07/2009 19:36 2035000]
R2 ekrn;ESET Service;c:\archivos de programa\ESET\ESET NOD32 Antivirus\ekrn.exe [14/05/2009 15:47 731840]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [24/07/2009 19:36 34280]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [24/07/2009 19:38 267624]
R3 cwrwdm;SoundFusion™ WDM Driver;c:\windows\system32\drivers\cwrwdm.sys [01/02/2009 05:27 48640]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [02/11/2010 05:35 114952]
S1 SuperMounter;SuperMounter; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384]
S2 gupdate;Servicio de actualización de Google (gupdate);c:\archivos de programa\Google\Update\GoogleUpdate.exe [01/05/2010 23:46 135664]
S3 ASWFilt;ASWFilt;c:\windows\system32\Filt\ASWFilt.dll [24/07/2009 19:38 72232]
S3 IS360service;IS360service;c:\archivos de programa\IObit\IObit Security 360\is360srv.exe [23/06/2010 17:52 312152]
S3 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\archivos de programa\McAfee\SiteAdvisor\McSACore.exe [05/02/2009 16:29 93320]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\archivos de programa\McAfee Security Scan\2.0.181\McCHSvc.exe [15/01/2010 09:49 227232]
S3 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\archivos de programa\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [07/05/2010 11:56 1051976]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\archivos de programa\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14/10/2009 07:24 10064]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [24/08/2001 13:00 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
qbxbuyauk

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
2008-04-02 13:59 1274880 ----a-w- c:\archivos de programa\Windows Sidebar\sidebar.exe
.
Contents of the 'Scheduled Tasks' folder

2010-11-04 c:\windows\Tasks\GlaryInitialize.job
- c:\archivos de programa\Glary Utilities\initialize.exe [2010-11-04 00:55]

2010-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cb7e6d9042ecd2.job
- c:\archivos de programa\Google\Update\GoogleUpdate.exe [2010-05-02 02:46]

2010-10-26 c:\windows\Tasks\User_Feed_Synchronization-{B1DB8320-0F84-4B4B-8CAA-ACEB66079E34}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 07:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=76.74.255.236:3128;ftp=76.74.255.236:3128;https=76.74.255.236:3128;
FF - ProfilePath - c:\documents and settings\Locke\Application Data\Mozilla\Firefox\Profiles\8hlx0kxs.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2630495&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - WC2010 Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://news.google.com.ar/nwshp?hl=es&tab=wn
FF - component: c:\archivos de programa\ArcSoft\Media Converter for Philips\Internet Video Downloader\Plugin_FireFox\components\nsURLRecordEx.dll
FF - component: c:\archivos de programa\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\documents and settings\Locke\Application Data\Mozilla\Firefox\Profiles\8hlx0kxs.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\Locke\Application Data\Mozilla\Firefox\Profiles\8hlx0kxs.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\archivos de programa\BYOND\bin\npbyond.dll
FF - plugin: c:\archivos de programa\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\archivos de programa\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\archivos de programa\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\archivos de programa\Mozilla Firefox\plugins\npbyond.dll
FF - plugin: c:\archivos de programa\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\archivos de programa\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\archivos de programa\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\archivos de programa\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\archivos de programa\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\documents and settings\Locke\Application Data\Mozilla\Firefox\Profiles\8hlx0kxs.default\extensions\ietab@ip.cn\plugins\npCoralIETab.dll
FF - plugin: c:\documents and settings\Locke\Application Data\Mozilla\Firefox\Profiles\8hlx0kxs.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\documents and settings\Locke\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Locke\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 1000000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 1000000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 1000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-07 10:18
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2052111302-492894223-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{95629FBE-0AAC-8979-CF80-6C8732F262A9}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"abgpgjgkemnafoaiimmcgfhakdabaiholf"=hex:69,61,6c,63,62,67,6e,62,70,6b,70,64,
68,6d,68,6c,6e,61,00,00
"majphjbpgjfkjkiddkjlblhmmg"=hex:6f,61,67,6a,6b,67,6a,61,68,6c,6c,6e,6a,6e,6c,
63,68,68,65,69,6d,67,67,68,64,66,6b,61,6e,6c,00,00

[HKEY_USERS\S-1-5-21-2052111302-492894223-682003330-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:29,2e,52,9b,18,d2,88,52,21,87,7e,c3,19,d9,2b,c2,a1,4e,12,83,f0,a6,c0,
f5,5b,39,2e,ea,ee,59,7a,b3,2d,87,c6,a7,db,9d,8b,5f,3c,c9,bd,70,74,ad,19,6c,\
"??"=hex:4a,d8,92,a4,58,71,b9,91,aa,71,1d,82,c7,8f,a2,99

[HKEY_USERS\S-1-5-21-2052111302-492894223-682003330-1003\Software\SecuROM\License information*]
"datasecu"=hex:1d,ed,06,1c,9c,70,14,e4,94,34,7d,c1,30,47,80,60,8b,bf,5d,35,da,
d6,36,80,20,c3,36,bf,f3,ed,cd,8e,e4,8d,78,54,19,6b,8d,56,95,b0,47,c5,a4,7b,\
"rkeysecu"=hex:85,4d,e0,54,9e,3c,a4,93,7b,19,f2,38,25,96,45,1d

[HKEY_LOCAL_MACHINE\software\Classes\.ra3replay]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG12.00.00.01PROFESSIONAL"="C0F6ACC733C2C9C1E8EA4FA219590F1C0781C4E4FDE9DD863E03B1B0C8CF64B0588AC8CA8BB6F32C01614DA16776E5464E6454EBB583D1E199F56E528E6B0FF0A38A882794650BF3933CB1359CEFEC0CBA709F1595000C1E3092111D4D3C320738D2F7D6834F2FD9F986F68E43C741388B06AA6A1D80472FCA274C931C24442D824497F5A039348365D20B057BC233795604731AFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808FEBC9E127BECC74CA6171C11EC38DE3DA6A0AC4980AC79331895546A8D1E3B05DC326BE5CC88D43FF22ACFF139DD286636BDBBD70FA46EF55CF52E6A79E46896923C081B5ECE6E00708E8699F1F34DE2B938858A9E876DDD6AA51644453CD60D1DBE61A7BD2478A33658D9FDB2AD46976832C86C4925A6560381187798CB2C9611177E15F780A5AFCD0771CE8E767603636968F543F8C7F8F9AAF2E26FC0820698E61ECA6DE29B50585A251F6BBDAF4B5F627A0498817281BA839A4E984DE85173922E1952CCF65286DA036882F33BB7A4E2CAD628C3BA514134B662B9A3DF1171C2553230C1C62922514B82621154338FF6D614A348AA6D9FABA22C487E5F04FBE5EB2CE3CE0D6C04CB752FEA8FAB4E0F6D514193183D7FF9966D9C9099CF0C8A2D7C801E7F41D61E9CAA92536EE3BCA8D921CC5145E5528B6BDB0AB3B48F2F2D8C490FE3E5CEC7715B4731A6301756749260870CE109589F61E22EA595709685BEC61A8C17944196DF5D79BF5BCF181F355E24C686FDA798743225AB853912C9BE1D48462D65EA38C9B33852F98EA0681D1CBCD74F93F56B652572E3CF2311445028229147888E967AC123649BC7B3A36F51CCEAD98B23A0B8D1F83D46DD2AD3F6F997C305B89C831936504E53E2BABA1468B37D4C182FD735FE03FB3C8819E9FBD67A050C2527E78E72BABEB6BCBF2935003863CB643DBFE7A73EB60B3B398D6C3681D18771653D0A8C43B7DFA37400C16A8143060D989EA07CBC5B8F018E581AC448FAA333B014FD4D2C8E70DCAAE26EAD1C97A9A3AD4EF3DF72272A54BD781A634AA514760A8F1FB19D6C07A05C893084F7AE6A2C8C3BB9E9BA2F3FAA1031C427ECCA0CB914E5E8ECA251CD9A25C1C2DEE92D009FEA660EE650DB396875D738D774B646F0946418622A0CEBEAC26AA65D2A07A66BA067D055D6E60268FE57D5F10D0A0182F668B0AD88C414A59BF71ED755891EF0AB64286853E28BF7E1AD4126C3BA7DC9CB66F69B75F3F5D2B673AF58EC52A805AC9CF8092D314B59F76CE3590C900195C2E476AD0A68C86E40F7281DD2530FF0E8DFF151350BB9C140BB6C253A28D428B4007C98C742C8E787B79598D0D59C70C79582911A7B51DCDB54CAD20BF247391CE59B461278B12301F4C9F194"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1308)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\archivos de programa\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\cscui.dll
c:\windows\system32\COMRes.dll

- - - - - - - > 'lsass.exe'(1472)
c:\windows\system32\setupapi.dll

- - - - - - - > 'explorer.exe'(1836)
c:\windows\system32\SHDOCVW.dll
c:\windows\system32\WININET.dll
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\archivos de programa\Agnitum\Outpost Firewall Pro\op_shell.dll
c:\windows\system32\LINKINFO.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\msi.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\stobject.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\PortableDeviceApi.dll
c:\archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\PDFShell.ESP
c:\archivos de programa\Unlocker\UnlockerCOM.dll
c:\archivos de programa\LopeSoft\FileMenu Tools\FileMenuTools.dll
c:\archivos de programa\ESET\ESET NOD32 Antivirus\shellExt.dll
c:\archivos de programa\ESTsoft\ALZip\AZCTM.dll
c:\archivos de programa\ESTsoft\ALZip\ctm_en-US.dll
c:\archivos de programa\TuneUp Utilities 2010\SDShelEx-win32.dll
c:\archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\system32\OpenExpert.dll
c:\archivos de programa\Mp3tag\Mp3tagShell32.dll
c:\windows\system32\CmdLineExt.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\Audiodev.dll
c:\windows\system32\WMVCore.DLL
c:\windows\system32\WMASF.DLL
c:\archivos de programa\SUPERAntiSpyware\SASSEH.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\NOTEPAD.EXE
.
**************************************************************************
.
Completion time: 2010-11-07 10:45:51 - machine was rebooted
ComboFix-quarantined-files.txt 2010-11-07 13:45

Pre-Run: 31.906.095.104 bytes libres
Post-Run: 31.804.637.184 bytes libres

- - End Of File - - 90AF897DAC924D2422056FA928542CC6




SmitFraudFix




SmitFraudFix v2.423

Scan done at 9:25:27,50, 07/11/2010
Run from C:\Documents and Settings\Locke\Escritorio\SmitfraudFix
OS: Microsoft Windows XP [Versión 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Archivos de programa\ESET\ESET NOD32 Antivirus\egui.exe
C:\Archivos de programa\McAfee\SiteAdvisor\McSACore.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Locke\Escritorio\SmitfraudFix\Policies.exe
C:\Documents and Settings\Locke\Escritorio\SmitfraudFix\Policies.exe
C:\Documents and Settings\Locke\Escritorio\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Locke


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Locke\CONFIG~1\Temp


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Locke\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Locke\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Archivos de programa


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Mi página de inicio actual"


»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, following keys are not inevitably infected!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, following keys are not inevitably infected!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"RequireSignedAppInit_DLLs"=dword:00000001


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

»»»»»»»»»»»»»»»»»»»»»»»» RK

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""




»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: 802.11g PCI Wireless Adapter - Minipuerto del administrador de paquetes
DNS Server Search Order: 192.168.2.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{7A7C1CB3-88BF-4958-8F26-401984CD9C12}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{7A7C1CB3-88BF-4958-8F26-401984CD9C12}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{7A7C1CB3-88BF-4958-8F26-401984CD9C12}: NameServer=8.8.8.8,8.8.8.4
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End


Thank you again, and await your response. Lestat.

BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:12:22 PM

Posted 14 November 2010 - 09:20 AM

Hello LestatLioncourt

Welcome to BleepingComputer :)
==========================
  • Download OTL to your desktop.
  • Double click on OTL to run it.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
====================
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users