PARTE 4 Y ÚLTIMA... Y SRY POR LA TARDANZA...
------
+ 2004-04-15 19:43:00 1,907,200 ----a-w C:\WINNT\system32\spool\drivers\w32x86\3\HPZUI041. DLL
- 2007-07-23 00:39:27 279,552 ----a-w C:\WINNT\system32\swreg.exe
+ 2000-08-31 14:00:00 156,160 ----a-w C:\WINNT\system32\swreg.exe
- 2006-11-29 23:21:29 370,688 ----a-w C:\WINNT\system32\swsc.exe
+ 2000-08-31 14:00:00 136,704 ----a-w C:\WINNT\system32\swsc.exe
- 2006-12-01 11:20:32 212,480 ----a-w C:\WINNT\system32\swxcacls.exe
+ 2000-08-31 14:00:00 212,480 ----a-w C:\WINNT\system32\swxcacls.exe
+ 2004-12-07 17:11:34 258,352 ----a-w C:\WINNT\system32\unicows.dll
+ 2001-03-23 22:17:12 7,168 ----a-w C:\WINNT\system32\updcrl.exe
- 2005-04-27 17:33:48 84,240 ----a-w C:\WINNT\system32\URL.DLL
+ 2002-08-29 13:14:40 106,496 ----a-w C:\WINNT\system32\url.dll
- 2005-10-24 20:33:56 423,696 ----a-w C:\WINNT\system32\URLMON.DLL
+ 2002-08-29 13:14:40 482,816 ----a-w C:\WINNT\system32\urlmon.dll
- 2005-01-12 19:39:46 438,330 ----a-w C:\WINNT\system32\vbscript.dll
+ 2002-02-26 21:58:06 462,906 ----a-w C:\WINNT\system32\vbscript.dll
- 2006-11-27 08:34:46 49,152 ----a-w C:\WINNT\system32\VFind.exe
+ 2000-08-31 14:00:00 49,152 ----a-w C:\WINNT\system32\VFind.exe
- 2003-06-19 19:05:04 257,808 ----a-w C:\WINNT\system32\webcheck.dll
+ 2002-08-29 13:14:40 258,048 ----a-w C:\WINNT\system32\webcheck.dll
- 2005-10-24 20:33:46 451,344 ----a-w C:\WINNT\system32\WININET.DLL
+ 2002-08-29 13:14:40 585,728 ----a-w C:\WINNT\system32\wininet.dll
- 2002-07-24 12:00:00 90,162 ----a-w C:\WINNT\system32\wscript.exe
+ 2001-06-26 23:53:50 118,834 ----a-w C:\WINNT\system32\wscript.exe
+ 2001-06-26 23:59:32 28,721 ----a-w C:\WINNT\system32\wshcon.dll
- 2002-07-24 12:00:00 45,105 ----a-w C:\WINNT\system32\wshext.dll
+ 2001-06-26 23:56:36 65,585 ----a-w C:\WINNT\system32\wshext.dll
+ 2008-01-11 23:32:43 490,608 ----a-w C:\WINNT\Windows Update Setup Files\ie6setup.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"SybaseCentral43"="D:\Program Files\Sybase9\Shared\Sybase Central 4.3\win32\scjview.exe" [09/28/06 02:44p 102400]
"DBISQL9"="D:\Program Files\Sybase9\SQL Anywhere 9\win32\dbisqlg.exe" [12/08/06 07:09p 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [01/02/08 10:28a 949376]
"!AVG Anti-Spyware"="D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\_avgas.exe" [01/14/08 11:18a 6731312]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"disablecad"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer]
"ShowSuperHidden"= 1 (0x1)
"NoFileAssociate"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= D:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/06 01:55p 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
D:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/07 01:41p 294912 D:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"vsmon"=2 (0x2)
"MSSEARCH"=2 (0x2)

R0 DfsDriver;DfsDriver;C:\WINNT\system32\drivers\Dfs. sys [06/19/03 01:05p]
R0 mraid2k;mraid2k;C:\WINNT\system32\drivers\mraid2k. sys [07/22/04 04:11a]
R2 ASANYs_serv_v8;Adaptive Server Anywhere - serv_v8;D:\Program Files\Sybase9\SQL Anywhere 9\win32\dbsrv9.exe [12/08/06 07:07p]
R2 Dfs;Distributed File System;C:\WINNT\system32\Dfssvc.exe [06/19/03 01:05p]
R2 NntpSvc;Network News Transport Protocol (NNTP);C:\WINNT\System32\inetsrv\inetinfo.exe [06/19/03 01:05p]
R2 SMTPSVC;Simple Mail Transport Protocol (SMTP);C:\WINNT\System32\inetsrv\inetinfo.exe [06/19/03 01:05p]
R2 TermServLicensing;Terminal Services Licensing;C:\WINNT\System32\lserver.exe [06/19/03 01:05p]
R3 openhci;Microsoft USB Open Host Controller Driver;C:\WINNT\system32\DRIVERS\openhci.sys [06/19/03 01:05p]
R3 spud;Special Purpose Utility Driver;C:\WINNT\system32\drivers\spud.sys [07/24/02 06:00a]
S3 NtFrs;File Replication;C:\WINNT\system32\ntfrs.exe [06/19/03 01:05p]
S3 TDASYNC;TDASYNC;C:\WINNT\system32\drivers\TDASYNC. sys [06/19/03 01:05p]
S3 TDIPX;TDIPX;C:\WINNT\system32\drivers\TDIPX.sys [06/19/03 01:05p]
S3 TDNETB;TDNETB;C:\WINNT\system32\drivers\TDNETB.sys [06/19/03 01:05p]
S3 TDSPX;TDSPX;C:\WINNT\system32\drivers\TDSPX.sys [06/19/03 01:05p]
S3 TrkSvr;Distributed Link Tracking Server;C:\WINNT\system32\services.exe [04/08/05 05:51a]
S4 ASANYs_EK_ADM00;Adaptive Server Anywhere - EK_ADM00;D:\Program Files\Sybase\SQL Anywhere 7\win32\dbsrv7.exe [07/31/01 11:24p]
S4 IsmServ;Intersite Messaging;C:\WINNT\System32\ismserv.exe [06/19/03 01:05p]
S4 kdc;Kerberos Key Distribution Center;C:\WINNT\System32\lsass.exe [12/19/04 04:30p]
S4 MSSEARCH;Microsoft Search;"C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe" [12/04/02 10:52a]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
tapisrv REG_MULTI_SZ Tapisrv

.
Contents of the 'Scheduled Tasks' folder
"2008-01-16 08:00:58 C:\WINNT\Tasks\respaldo_ek- Server.job"
- D:\respaldos ek\respaldo_ek- Server.bat
.
************************************************** ************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-17 16:19:07
Windows 5.0.2195 Service Pack 4 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINNT\system32\lsass.exe [5.00.2195.7011]
-> C:\Program Files\Eset\pr_imon.dll
.
Completion time: 01/17/2008 16:21:29
ComboFix-quarantined-files.txt 2008-01-17 22:20:48
ComboFix2.txt 2007-12-05 21:43:35