| Re: Virus (ADVERTENCIA: Si su PC esta infectada podria funcionar erraticamente...)
penultima parte:
- 2004-08-19 18:43:18 112,128 ----a-w C:\WINDOWS\system32\wuauclt.exe
+ 2007-07-31 00:19:16 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
- 2004-08-19 18:42:34 1,134,592 ----a-w C:\WINDOWS\system32\wuaueng.dll
+ 2007-07-31 00:19:42 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
- 2004-08-19 18:42:34 113,664 ----a-w C:\WINDOWS\system32\wucltui.dll
+ 2007-07-31 00:19:32 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
- 2004-08-19 18:42:34 120,320 ----a-w C:\WINDOWS\system32\wuweb.dll
+ 2007-07-31 00:19:46 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
- 2006-07-14 15:51:51 121,856 ------w C:\WINDOWS\system32\xmllite.dll
+ 2008-01-11 16:35:38 121,856 ----a-w C:\WINDOWS\system32\xmllite.dll
- 2008-05-14 04:36:20 40,960 ----a-w C:\WINDOWS\TEMP\rtdrvmon.exe
+ 2008-05-16 03:50:47 40,960 ----a-w C:\WINDOWS\TEMP\rtdrvmon.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Cargando Puntos Reg ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* entradas vac¡as & entradas leg¡timas predeterminadas no son mostradas
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0552348d-aee0-4229-9366-a0cae17d3980}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{857AC198-7E89-4BFD-B6F7-9527E2D81494}]
C:\WINDOWS\system32\ssqnOGYR.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9541F397-883F-4606-92B0-C4F43BC46C7D}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BBC72CD2-EC5A-4D48-B068-6B1CEFCE52F9}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C78C1F1E-F95B-4E86-B45A-BA2233F6D1D9}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CCC33C6D-D31F-417F-B056-34F587669910}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d1c3dcad-506a-41e6-b887-e431a8d52078}]
2008-05-15 21:59 133120 --a------ C:\WINDOWS\system32\dndxyunq.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DB1DD182-5C6F-4120-8942-9EA5803B91D2}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD040D78-6700-4161-850C-BC607C3D83F8}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 13:42 15360]
"msnmsgr"="C:\Archivos de programa\Windows Live\Messenger\msnmsgr.exe" [2008-05-13 00:36 3739672]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\RunOnce]
"CTStartup"="C:\Archivos de programa\Creative\Splash Screen\CTEaxSpl.exe" [2002-09-13 01:04 49152]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"CTStartup"="C:\Archivos de programa\Creative\Splash Screen\CTEaxSpl.exe" [2002-09-13 01:04 49152]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce]
"WIAWizardMenu"="C:\WINDOWS\system32\sti_ci.dl l" [2004-08-19 13:42 137728]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 13:42 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
"nltide_3"="advpack.dll" [2008-03-03 19:51 126464 C:\WINDOWS\system32\advpack.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer]
"NoDesktopCleanupWizard"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Archivos de programa\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.YV12"= yv12vfw.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^Inicio rápido de Adobe Acrobat.lnk]
path=C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\Inicio rápido de Adobe Acrobat.lnk
backup=C:\WINDOWS\pss\Inicio rápido de Adobe Acrobat.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^Remote Controller.lnk]
path=C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\Remote Controller.lnk
backup=C:\WINDOWS\pss\Remote Controller.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^TVSCHL.lnk]
path=C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\TVSCHL.lnk
backup=C:\WINDOWS\pss\TVSCHL.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\a0b249e6]
C:\WINDOWS\system32\fhafydpd.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
--a------ 2006-10-22 23:24 620152 C:\Archivos de programa\Adobe\Acrobat 8.0\232,876,707,840  |