Hola que tal los molesto con esto que les voy a decir hace rato me metia a internet con el "firefox" al abrirlo me marcaba error y le daba aceptar y cerraba la ventana no podia meterme a internet.Entonces me meti al Kaspersky online scanner para ver cual era el problema y esto fue el resultado:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, October 07, 2007 12:53:23 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.1
Kaspersky Anti-Virus database last update: 7/10/2007
Kaspersky Anti-Virus database records: 428521
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\

Scan Statistics:
Total number of scanned objects: 26170
Number of viruses found: 1
Number of infected objects: 2
Number of suspicious objects: 0
Duration of the scan process: 01:01:05

Infected Object Name / Virus Name / Last Action
C:\Archivos de programa\Eset\cache\CACHE.NDB Object is locked skipped
C:\Archivos de programa\Eset\logs\virlog.dat Object is locked skipped
C:\Archivos de programa\Eset\logs\warnlog.dat Object is locked skipped
C:\Archivos de programa\PC Tools AntiVirus\PCTAVService.txt Object is locked skipped
C:\Archivos de programa\PC Tools AntiVirus\~ulo Object is locked skipped
C:\Documents and Settings\Administrador\Mis documentos\666 DeViL 666\14oDD.tmp.jpg Object is locked skipped
C:\Documents and Settings\Administrador\Mis documentos\666 DeViL 666\adobe_photoshop_8_cs_full_+_serial_spanish_cas tellano.exe Object is locked skipped
C:\Documents and Settings\Administrador\Mis documentos\666 DeViL 666\BLACK WA.jpg Object is locked skipped
C:\Documents and Settings\Administrador\Mis documentos\666 DeViL 666\black warrior.jpg Object is locked skipped
C:\Documents and Settings\Administrador\Mis documentos\666 DeViL 666\BLACK.jpg Object is locked skipped
C:\Documents and Settings\Administrador\Mis documentos\666 DeViL 666\borrachoui3.jpg Object is locked skipped
C:\Documents and Settings\Administrador\Mis documentos\666 DeViL 666\Brothers Pool.doc Object is locked skipped
C:\Documents and Settings\Administrador\Mis documentos\666 DeViL 666\c.doc Object is locked skipped
C:\Documents and Settings\Administrador\Mis documentos\666 DeViL 666\corazon.txt Object is locked skipped
C:\Documents and Settings\Administrador\Mis documentos\666 DeViL 666\fubu.bmp Object is locked skipped
C:\Documents and Settings\Administrador\Mis documentos\666 DeViL 666\hacer cuenta gmail.txt Object is locked skipped
C:\Documents and Settings\Administrador\Mis documentos\666 DeViL 666\HTD.jpg Object is locked skipped
C:\Documents and Settings\Administrador\Mis documentos\666 DeViL 666\IMG_0660.JPG Object is locked skipped
C:\Documents and Settings\Administrador\Mis documentos\666 DeViL 666\Indice.doc Object is locked skipped
C:\Documents and Settings\Administrador\Mis documentos\666 DeViL 666\letras del link..txt Object is locked skipped
C:\Documents and Settings\Administrador\Mis documentos\666 DeViL 666\link de black warrior htd.txt Object is locked skipped
C:\Documents and Settings\Administrador\Mis documentos\666 DeViL 666\link de imagen.txt Object is locked skipped
C:\Documents and Settings\Administrador\Mis documentos\666 DeViL 666\link de l4s letras del link.txt Object is locked skipped
C:\Documents and Settings\Administrador\Mis documentos\666 DeViL 666\link de las letras de l..txt Object is locked skipped
C:\Documents and Settings\Administrador\Mis documentos\666 DeViL 666\link.jpg Object is locked skipped
C:\Documents and Settings\Administrador\Mis documentos\666 DeViL 666\masters.txt Object is locked skipped
C:\Documents and Settings\Administrador\Mis documentos\666 DeViL 666\MeSenGeR.txt Object is locked skipped
C:\Documents and Settings\Administrador\Mis documentos\666 DeViL 666\mis cuentas de black warrior.txt Object is locked skipped
C:\Documents and Settings\Administrador\Mis documentos\666 DeViL 666\MsgPlusLive-423.exe Object is locked skipped
C:\Documents and Settings\Administrador\Mis documentos\666 DeViL 666\msn.doc Object is locked skipped
C:\Documents and Settings\Administrador\Mis documentos\666 DeViL 666\pag..txt Object is locked skipped
C:\Documents and Settings\Administrador\Mis documentos\666 DeViL 666\PAJAS.jpg Object is locked skipped
C:\Documents and Settings\Administrador\Mis documentos\666 DeViL 666\PILLO.jpg Object is locked skipped
C:\Documents and Settings\Administrador\Mis documentos\666 DeViL 666\rares.txt Object is locked skipped
C:\Documents and Settings\Administrador\Mis documentos\666 DeViL 666\rugal death.gif Object is locked skipped
C:\Documents and Settings\Administrador\Mis documentos\666 DeViL 666\Script-Messenger Plus-NameEditor(mess[1].es).zip Object is locked skipped
C:\Documents and Settings\Administrador\Mis documentos\666 DeViL 666\Sin título-1.jpg Object is locked skipped
C:\Documents and Settings\Administrador\Mis documentos\666 DeViL 666\tel.txt Object is locked skipped
C:\Documents and Settings\Administrador\Mis documentos\666 DeViL 666\y1pFf4XTQ1CMGa8Fwtq4EoV-l2KiO8RyVb1BNb_yz4CA-EJLLZD_pF7FW8zW5k-PiyhCbHDNtlr9ry8Umcr--Fj_ul5-BTe6KzR.jpg Object is locked skipped
C:\Documents and Settings\Administrador\Mis documentos\666 DeViL 666\you.txt Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\PC Tools\PC Tools AntiVirus\Report Logs\Report39361.967870370368.xml Object is locked skipped
C:\Documents and Settings\All Users\Datos de programa\seek film amok web\CHIN README.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\Documents and Settings\LocalService\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Configuración local\Historial\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Manuel\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Manuel\Configuración local\Archivos temporales de Internet\Content.IE5\T6PZX72R\mando[1].htm Object is locked skipped
C:\Documents and Settings\Manuel\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Manuel\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Manuel\Configuración local\Historial\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Manuel\Configuración local\Historial\History.IE5\MSHist0120071006200710 07\index.dat Object is locked skipped
C:\Documents and Settings\Manuel\Configuración local\Historial\History.IE5\MSHist0120071007200710 08\index.dat Object is locked skipped
C:\Documents and Settings\Manuel\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Manuel\Datos de programa\PC Tools\PC Tools AntiVirus\Application Logs\PCToolsAntivirus.txt Object is locked skipped
C:\Documents and Settings\Manuel\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Manuel\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\RECYCLER\S-1-5-21-796845957-1303643608-682003330-500\Dc35.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-796845957-1303643608-682003330-500\Dc36.jpg Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{8A34E2C3-BA09-4812-9D91-B75860CBCE01}\RP21\A0019130.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{8A34E2C3-BA09-4812-9D91-B75860CBCE01}\RP22\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.lo g Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MA P Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MA P Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DAT A Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\IHA.tmp Object is locked skipped
C:\WINDOWS\Temp\~DF6268.tmp Object is locked skipped
C:\WINDOWS\Temp\~DF626F.tmp Object is locked skipped
C:\WINDOWS\Temp\~DF6F8B.tmp Object is locked skipped
C:\WINDOWS\Temp\~DF6FA8.tmp Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

Esto fue el resultado ¿Que puedo hacer para quitar el posible virus bueno el virus? gracias
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:20:11, on 07/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Archivos de programa\Eset\nod32kui.exe
C:\Archivos de programa\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\System32\Rundll32.exe
C:\Archivos de programa\PC Tools AntiVirus\PCTAV.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolba rNotifier.exe
C:\Archivos de programa\MSN Messenger\msnmsgr.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Archivos de programa\Eset\nod32krn.exe
C:\Archivos de programa\PC Tools AntiVirus\PCTAVSvc.exe
C:\Archivos de programa\MSN Messenger\usnsvc.exe
C:\Archivos de programa\Internet Explorer\IEXPLORE.EXE
C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\svchost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsue.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: ads_optimizer - {26E45419-7205-4fac-BBFE-174BC7337A79} - C:\WINDOWS\system32\nsi19AF.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: rightonadz browser optimizer - {971C3384-F75E-4562-95B3-CBE7417529BC} - C:\WINDOWS\system32\gzmrotate.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\archivos de programa\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Archivos de programa\Google\GoogleToolbarNotifier\2.0.301.7164 \swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\archivos de programa\google\googletoolbar2.dll
O3 - Toolbar: Adssite Toolbar - {41C29B07-6F91-4966-91BE-2E2841643C83} - C:\Archivos de programa\Adssite Advanced Toolbar\toolbar.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [nod32kui] "C:\Archivos de programa\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Amok web bash obj] C:\Documents and Settings\All Users\Datos de programa\seek film amok web\CHIN README.exe
O4 - HKLM\..\Run: [jucheck] C:\WINDOWS\system32\dllcache\jucheck.exe
O4 - HKLM\..\Run: [hid_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\gzmrotate.dll" DllVerify
O4 - HKLM\..\Run: [PCTAVApp] "C:\Archivos de programa\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolba rNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Archivos de programa\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Corn Move] C:\DOCUME~1\Manuel\DATOSD~1\GRAMTW~1\Extramagselse .exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Servicio de red')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Servicio de red')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O23 - Service: Google Updater Service (gusvc) - Google - C:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Archivos de programa\Eset\nod32krn.exe
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - C:\Archivos de programa\PC Tools AntiVirus\PCTAVSvc.exe

--
End of file - 5751 bytes

Hola raped.v3n0m, te doy la bienvenida al Foro de InfoSpyware.

Paso 1- Descarga estas herramientas pero no las ejecutes aun:

• SUPERAntiSpyware
• ComboFix.exe

Paso 2- Con todos los programas cerrados ejecuta el HijackThis y dale a estas entradas:


O2 - BHO: ads_optimizer - {26E45419-7205-4fac-BBFE-174BC7337A79} - C:\WINDOWS\system32\nsi19AF.dll (file missing)

O2 - BHO: rightonadz browser optimizer - {971C3384-F75E-4562-95B3-CBE7417529BC} - C:\WINDOWS\system32\gzmrotate.dll

O4 - HKLM\..\Run: [Amok web bash obj] C:\Documents and Settings\All Users\Datos de programa\seek film amok web\CHIN README.exe

O4 - HKLM\..\Run: [jucheck] C:\WINDOWS\system32\dllcache\jucheck.exe

O4 - HKLM\..\Run: [hid_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\gzmrotate.dll" DllVerify

O4 - HKCU\..\Run: [Corn Move] C:\DOCUME~1\Manuel\DATOSD~1\GRAMTW~1\Extramagselse .exe



Paso 3- Reinicia eh inicia en "Modo a prueba de fallos" (modo seguro)

Paso 4- Ejecuta estas herramientas, de a una:

• SUPERAntiSpyware

Paso 5- Descarga CCleaner y ejecútalo usando primero su opción de "Limpiador" para borrar cookies, temporales de Internet y todos los archivos que este te muestre como obsoletos, y luego usa su opción de "Registro" para limpiar todo el registro de Windows (haciendo copia de seguridad).

Reinicia y nos contas los resultados. junto con el reporte de CF.

Salu2

Hola perdon por el retardo aqui te traigo los resultados.
Empesare con el hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:35:20, on 08/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\ARCHIV~1\Grisoft\AVG7\avgamsvr.exe
C:\ARCHIV~1\Grisoft\AVG7\avgupsvc.exe
C:\ARCHIV~1\Grisoft\AVG7\avgemc.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Archivos de programa\Eset\nod32krn.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Archivos de programa\Eset\nod32kui.exe
C:\Archivos de programa\Java\jre1.6.0_03\bin\jusched.exe
C:\ARCHIV~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolba rNotifier.exe
C:\Archivos de programa\MSN Messenger\msnmsgr.exe
C:\Archivos de programa\MSN Messenger\usnsvc.exe
C:\Archivos de programa\Mozilla Firefox\firefox.exe
C:\Archivos de programa\WinRAR\WinRAR.exe
C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsue.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
R3 - URLSearchHook: Barra Yahoo! con bloqueador de ventanas emergentes - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\archivos de programa\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Archivos de programa\Google\GoogleToolbarNotifier\2.0.301.7164 \swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\archivos de programa\google\googletoolbar2.dll
O3 - Toolbar: Barra Yahoo! con bloqueador de ventanas emergentes - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [nod32kui] "C:\Archivos de programa\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\ARCHIV~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolba rNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Archivos de programa\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\ARCHIV~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Servicio de red')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Servicio de red')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Archivos de programa\Yahoo!\Common\yinsthelper.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Archivos de programa\Eset\nod32krn.exe

--
End of file - 5778 bytes

combofix:

ComboFix 07-10-07.2 - Manuel 2007-10-08 10:56:05.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.3082.18.91 [GMT -5:00]
Se ejecuta desde: C:\Documents and Settings\Manuel\Escritorio\ComboFix.exe
* Creado un nuevo punto de restauración
.

(((((((((((((((((((((((((((((((((((( Otras eliminaciones )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Archivos de programa\MSN Messenger\msimg32.dll

.
(((((((((((((((((( Archivos creados desde 2007-09-08 - 2007-10-08 )))))))))))))))))))))))))))))))))
.

2007-10-08 10:55 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-07 19:55 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\Yahoo! Companion
2007-10-07 19:27 <DIR> d-------- C:\Archivos de programa\Yahoo!
2007-10-07 19:26 <DIR> d-------- C:\Archivos de programa\CCleaner
2007-10-07 01:16 <DIR> d-------- C:\Archivos de programa\Trend Micro
2007-10-06 20:40 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-10-06 20:40 <DIR> d-------- C:\Archivos de programa\PC Tools AntiVirus
2007-10-05 18:51 <DIR> d---s---- C:\Documents and Settings\Manuel\UserData
2007-10-05 18:06 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\Messenger Plus!
2007-10-05 14:20 <DIR> d-------- C:\Documents and Settings\Manuel\Datos de programa\Gram Two Soap
2007-10-05 14:20 <DIR> d-------- C:\Archivos de programa\Gram Two Soap
2007-10-05 14:19 <DIR> d-------- C:\Archivos de programa\Windows Live
2007-10-05 14:14 <DIR> d-------- C:\Documents and Settings\Manuel\Contacts
2007-10-05 14:10 <DIR> d-------- C:\Documents and Settings\Manuel\Shared
2007-10-05 14:10 <DIR> d-------- C:\Documents and Settings\Manuel\Incomplete
2007-10-05 14:10 <DIR> d-------- C:\Documents and Settings\Manuel\Datos de programa\LimeWire
2007-10-05 14:09 <DIR> d-------- C:\Archivos de programa\LimeWire
2007-10-05 14:06 <DIR> d-------- C:\Documents and Settings\Manuel\Datos de programa\WinRAR
2007-10-05 10:50 <DIR> dr------- C:\Documents and Settings\Manuel\Mis documentos
2007-10-05 10:50 <DIR> dr------- C:\Documents and Settings\Manuel\Men£ Inicio
2007-10-05 10:50 <DIR> dr------- C:\Documents and Settings\Manuel\Favoritos
2007-10-05 10:50 <DIR> d--h----- C:\Documents and Settings\Manuel\Plantillas
2007-10-05 10:50 <DIR> d--h----- C:\Documents and Settings\Manuel\Impresoras
2007-10-05 10:50 <DIR> d--h----- C:\Documents and Settings\Manuel\Entorno de red
2007-10-05 10:50 <DIR> d--h----- C:\Documents and Settings\Manuel\Datos de programa
2007-10-05 10:50 <DIR> d--h----- C:\Documents and Settings\Manuel\Configuraci¢n local
2007-10-05 10:50 <DIR> d-------- C:\Documents and Settings\Manuel\Escritorio
2007-10-05 10:50 <DIR> d-------- C:\Documents and Settings\Manuel\Datos de programa\Google
2007-10-04 08:02 63,488 --a------ C:\WINDOWS\system32\gzmrotate.dll
2007-10-04 01:37 45,056 --a------ C:\WINDOWS\NCUNINST.EXE
2007-10-04 01:37 <DIR> d-------- C:\Archivos de programa\Archivos comunes\SWF Studio
2007-10-03 23:15 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-10-03 23:15 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\Kaspersky Lab
2007-10-03 23:11 <DIR> d-------- C:\Documents and Settings\Administrador\Datos de programa\Adssite Advanced Toolbar
2007-10-03 23:11 <DIR> d-------- C:\Archivos de programa\Adssite Advanced Toolbar
2007-10-03 23:06 79,832 --a------ C:\WINDOWS\system32\adssite-remove.exe
2007-10-03 23:06 40,733 --a------ C:\WINDOWS\system32\rightonadz-uninst.exe
2007-10-02 01:22 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-09-27 20:14 <DIR> d-------- C:\Documents and Settings\Administrador\Datos de programa\WinRAR
2007-09-22 23:01 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-09-22 22:22 1,184 --a------ C:\WINDOWS\mozver.dat
2007-09-22 17:00 0 --a------ C:\WINDOWS\nsreg.dat
2007-09-22 16:41 <DIR> d-------- C:\Archivos de programa\Messenger Plus! Live
2007-09-22 16:20 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\seek film amok web
2007-09-22 16:19 <DIR> d-------- C:\Documents and Settings\Administrador\Datos de programa\Gram Two Soap
2007-09-22 15:41 <DIR> d-a------ C:\Documents and Settings\All Users\Datos de programa\TEMP
2007-09-22 14:35 <DIR> d-------- C:\WINDOWS\system32\EWS
2007-09-22 14:35 <DIR> d-------- C:\Archivos de programa\Checkers Buddy Yahoo
2007-09-22 14:23 188,416 --a------ C:\WINDOWS\amuninst.exe
2007-09-22 14:23 <DIR> d-------- C:\Program Files
2007-09-22 13:55 <DIR> d-------- C:\Documents and Settings\Administrador\Datos de programa\Google
2007-09-22 13:53 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\Google
2007-09-22 13:53 <DIR> d-------- C:\Archivos de programa\Google
2007-09-22 13:25 <DIR> d---s---- C:\Documents and Settings\Administrador\UserData
2007-09-22 13:12 <DIR> d-------- C:\Documents and Settings\Administrador\Contacts
2007-09-22 12:52 23,040 --------- C:\WINDOWS\system32\DllCache\fltmc.exe
2007-09-22 12:52 16,896 --------- C:\WINDOWS\system32\DllCache\fltlib.dll
2007-09-22 12:52 128,896 --------- C:\WINDOWS\system32\DllCache\fltmgr.sys
2007-09-22 12:44 <DIR> d-------- C:\Documents and Settings\Administrador\Shared
2007-09-22 12:44 <DIR> d-------- C:\Documents and Settings\Administrador\Incomplete
2007-09-22 12:44 <DIR> d-------- C:\Documents and Settings\Administrador\Datos de programa\LimeWire
2007-09-22 12:43 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-09-22 12:43 <DIR> d-------- C:\Archivos de programa\MSN Messenger
2007-09-22 12:12 2,374,472 --------- C:\WINDOWS\system32\DllCache\wmvcore.dll
2007-09-21 17:19 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-09-21 17:18 58,624 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-09-21 17:18 44,672 --a------ C:\WINDOWS\system32\drivers\UAGP35.SYS
2007-09-21 17:17 77,824 --a------ C:\WINDOWS\system32\usbui.dll
2007-09-21 17:17 27,165 --a------ C:\WINDOWS\system32\drivers\fetnd5.sys
2007-09-21 17:16 <DIR> dr-h----- C:\Documents and Settings\Default User\Configuraci¢n local
2007-09-21 17:16 <DIR> dr------- C:\Documents and Settings\Default User\Men£ Inicio
2007-09-21 17:16 <DIR> dr------- C:\Documents and Settings\All Users\Men£ Inicio
2007-09-21 17:16 <DIR> dr------- C:\Documents and Settings\All Users\Documentos
2007-09-21 17:16 <DIR> d--h----- C:\Documents and Settings\Default User\Reciente
2007-09-21 17:16 <DIR> d--h----- C:\Documents and Settings\Default User\Plantillas
2007-09-21 17:16 <DIR> d--h----- C:\Documents and Settings\Default User\Impresoras
2007-09-21 17:16 <DIR> d--h----- C:\Documents and Settings\Default User\Entorno de red
2007-09-21 17:16 <DIR> d--h----- C:\Documents and Settings\All Users\Plantillas
2007-09-21 17:16 <DIR> d-------- C:\Documents and Settings\Default User\Mis documentos
2007-09-21 17:16 <DIR> d-------- C:\Documents and Settings\Default User\Favoritos
2007-09-21 17:16 <DIR> d-------- C:\Documents and Settings\Default User\Escritorio
2007-09-21 17:16 <DIR> d-------- C:\Documents and Settings\All Users\Favoritos
2007-09-21 17:16 <DIR> d-------- C:\Documents and Settings\All Users\Escritorio
2007-09-21 17:16 <DIR> d-------- C:\Archivos de programa\Archivos comunes\ODBC
2007-09-21 17:15 <DIR> dr-h----- C:\Documents and Settings\Default User\Datos de programa
2007-09-21 17:15 <DIR> dr-h----- C:\Documents and Settings\All Users\Datos de programa
2007-09-21 17:15 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2007-09-21 17:15 <DIR> d-------- C:\WINDOWS\system32\CatRoot

.
(((((((((((((((((((((((((((((((((((((( Reporte Find3M )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
2007-10-05 17:42 --------- d--h----- C:\Archivos de programa\InstallShield Installation Information
2007-09-21 16:57 --------- d-------- C:\Archivos de programa\Microsoft Works
2007-09-21 16:36 502368 --a------ C:\WINDOWS\system32\drivers\amon.sys
2007-09-21 16:36 270336 --a------ C:\WINDOWS\system32\imon.dll
2007-09-21 16:31 315392 --a------ C:\WINDOWS\HideWin.exe
2007-09-21 16:31 --------- d-------- C:\Archivos de programa\Realtek
2007-09-21 16:30 --------- d-------- C:\Archivos de programa\S3
2007-09-21 16:29 --------- d-------- C:\Archivos de programa\Archivos comunes\InstallShield
2007-09-21 16:21 --------- d-------- C:\Archivos de programa\Archivos comunes\MSSoap
2007-07-30 12:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 12:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 12:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 12:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 12:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 12:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 12:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 12:18 33624 --a------ C:\WINDOWS\system32\wups.dll
.

((((((((((((((((((((((((((((((((( Cargando Puntos Reg ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vacías & entradas legítimas predeterminadas no son mostradas

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"VTTimer"="VTTimer.exe" [2006-09-21 09:36 C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2007-02-06 00:30 C:\WINDOWS\system32\VTTrayp.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-02-26 08:03 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 11:04 C:\WINDOWS\SkyTel.exe]
"nod32kui"="C:\Archivos de programa\Eset\nod32kui.exe" [2007-09-21 16:36]
"SunJavaUpdateSched"="C:\Archivos de programa\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"AVG7_CC"="C:\ARCHIV~1\Grisoft\AVG7\avgcc.exe" [2007-10-07 21:15]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 08:42]
"swg"="C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolba rNotifier.exe" [2007-09-22 14:01]
"msnmsgr"="C:\Archivos de programa\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55]

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\runonce]
"nlsf"=cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll"
"tscuninstall"=%systemroot%\system32\tscupgrd. exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"DisableStatusMessages"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer]
"NoDesktopCleanupWizard"=1 (0x1)
"ForceClassicControlPanel"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"NoSMHelp"=1 (0x1)
"NoSMConfigurePrograms"=1 (0x1)
"NoSharedDocuments"=1 (0x1)
"NoResolveTrack"=1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies\explorer]
"NoSMHelp"=1 (0x1)
"NoSMConfigurePrograms"=1 (0x1)
"NoSharedDocuments"=1 (0x1)
"NoResolveTrack"=1 (0x1)

S1 BIOS;BIOS;\??\C:\WINDOWS\system32\drivers\BIOS.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService Alerter WebClient LmHosts upnphost SSDPSRV

.
Contenido de carpeta 'Tareas Programadas'
"2007-10-08 15:00:00 C:\WINDOWS\Tasks\AAFED741919D528D.job"
.
************************************************** ************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-08 10:59:22
Windows 5.1.2600 Service Pack 2 NTFS

escaneando procesos ocultos ...

escaneando entradas ocultas de autostart ...

escaneando archivos ocultos ...

el escaneo se completo con exito
archivos ocultos: 0

************************************************** ************************
.
Tiempo completado: 2007-10-08 11:00:09 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-10-08 11:00
.
--- E O F ---



kaspersky online scaner:

KASPERSKY ONLINE SCANNER INFORME
lunes, 08 de octubre de 2007 11:31:18
Sistema operativo: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner versión: 5.0.93.1
Ultima actualización: 8/10/2007
Registros en la base antivirus: 429266
-------------------------------------------------------------------------------

Configuración del análisis:
Analizar usando las siguientes bases: estendidas
Analizar archivos: verdadero
Analizar bases de correo: verdadero

Objetivo a analizar - Mi PC:
A:\
C:\

Estadísticas:
Número de objeros analizados: 26078
Virus encontrados: 1
Objetos infectados: 2
Objetos sospechosos: 0
Duración del análisis: 00:25:48

Bombre del objeto infectado / Nombre del virus / Última acción
C:\Archivos de programa\Eset\cache\CACHE.NDB Object is locked saltado
C:\Archivos de programa\Eset\logs\virlog.dat Object is locked saltado
C:\Archivos de programa\Eset\logs\warnlog.dat Object is locked saltado
C:\Archivos de programa\Trend Micro\HijackThis\backups\backup-20071007-191635-687.dll Infectados: not-a-virus:AdWare.Win32.TrafficSol.k saltado
C:\Documents and Settings\Administrador\Mis documentos\666 DeViL 666\14oDD.tmp.jpg Object is locked saltado
C:\Documents and Settings\Administrador\Mis documentos\666 DeViL 666\adobe_photoshop_8_cs_full_+_serial_spanish_cas tellano.exe Object is locked saltado
C:\Documents and Settings\Administrador\Mis documentos\666 DeViL 666\BLACK WA.jpg Object is locked saltado
C:\Documents and Settings\Administrador\Mis documentos\666 DeViL 666\black warrior.jpg Object is locked saltado
C:\Documents and Settings\Administrador\Mis documentos\666 DeViL 666\BLACK.jpg Object is locked saltado
C:\Documents and Settings\Administrador\Mis documentos\666 DeViL 666\borrachoui3.jpg Object is locked saltado
C:\Documents and Settings\Administrador\Mis documentos\666 DeViL 666\Brothers Pool.doc Object is locked saltado
C:\Documents and Settings\Administrador\Mis documentos\666 DeViL 666\c.doc Object is locked saltado
C:\Documents and Settings\Administrador\Mis documentos\666 DeViL 666\corazon.txt Object is locked saltado
C:\Documents and Settings\Administrador\Mis documentos\666 DeViL 666\fubu.bmp Object is locked saltado
C:\Documents and Settings\Administrador\Mis documentos\666 DeViL 666\hacer cuenta gmail.txt Object is locked saltado
C:\Documents and Settings\Administrador\Mis documentos\666 DeViL 666\HTD.jpg Object is locked saltado
C:\Documents and Settings\Administrador\Mis documentos\666 DeViL 666\IMG_0660.JPG Object is locked saltado
C:\Documents and Settings\Administrador\Mis documentos\666 DeViL 666\Indice.doc Object is locked saltado
C:\Documents and Settings\Administrador\Mis documentos\666 DeViL 666\letras del link..txt Object is locked saltado
C:\Documents and Settings\Administrador\Mis documentos\666 DeViL 666\link de black warrior htd.txt Object is locked saltado
C:\Documents and Settings\Administrador\Mis documentos\666 DeViL 666\link de imagen.txt Object is locked saltado
C:\Documents and Settings\Administrador\Mis documentos\666 DeViL 666\link de l4s letras del link.txt Object is locked saltado
C:\Documents and Settings\Administrador\Mis documentos\666 DeViL 666\link de las letras de l..txt Object is locked saltado
C:\Documents and Settings\Administrador\Mis documentos\666 DeViL 666\link.jpg Object is locked saltado
C:\Documents and Settings\Administrador\Mis documentos\666 DeViL 666\masters.txt Object is locked saltado
C:\Documents and Settings\Administrador\Mis documentos\666 DeViL 666\MeSenGeR.txt Object is locked saltado
C:\Documents and Settings\Administrador\Mis documentos\666 DeViL 666\mis cuentas de black warrior.txt Object is locked saltado
C:\Documents and Settings\Administrador\Mis documentos\666 DeViL 666\MsgPlusLive-423.exe Object is locked saltado
C:\Documents and Settings\Administrador\Mis documentos\666 DeViL 666\msn.doc Object is locked saltado
C:\Documents and Settings\Administrador\Mis documentos\666 DeViL 666\pag..txt Object is locked saltado
C:\Documents and Settings\Administrador\Mis documentos\666 DeViL 666\PAJAS.jpg Object is locked saltado
C:\Documents and Settings\Administrador\Mis documentos\666 DeViL 666\PILLO.jpg Object is locked saltado
C:\Documents and Settings\Administrador\Mis documentos\666 DeViL 666\rares.txt Object is locked saltado
C:\Documents and Settings\Administrador\Mis documentos\666 DeViL 666\rugal death.gif Object is locked saltado
C:\Documents and Settings\Administrador\Mis documentos\666 DeViL 666\Script-Messenger Plus-NameEditor(mess[1].es).zip Object is locked saltado
C:\Documents and Settings\Administrador\Mis documentos\666 DeViL 666\Sin título-1.jpg Object is locked saltado
C:\Documents and Settings\Administrador\Mis documentos\666 DeViL 666\tel.txt Object is locked saltado
C:\Documents and Settings\Administrador\Mis documentos\666 DeViL 666\y1pFf4XTQ1CMGa8Fwtq4EoV-l2KiO8RyVb1BNb_yz4CA-EJLLZD_pF7FW8zW5k-PiyhCbHDNtlr9ry8Umcr--Fj_ul5-BTe6KzR.jpg Object is locked saltado
C:\Documents and Settings\Administrador\Mis documentos\666 DeViL 666\you.txt Object is locked saltado
C:\Documents and Settings\All Users\Datos de programa\avg7\Log\emc.log Object is locked saltado
C:\Documents and Settings\All Users\Datos de programa\Grisoft\Avg7Data\avg7log.log Object is locked saltado
C:\Documents and Settings\All Users\Datos de programa\Grisoft\Avg7Data\avg7log.log.lck Object is locked saltado
C:\Documents and Settings\LocalService\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked saltado
C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked saltado
C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked saltado
C:\Documents and Settings\LocalService\Configuración local\Historial\History.IE5\index.dat Object is locked saltado
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked saltado
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked saltado
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked saltado
C:\Documents and Settings\Manuel\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked saltado
C:\Documents and Settings\Manuel\Configuración local\Datos de programa\Microsoft\Media Player\CurrentDatabase_219.wmdb Object is locked saltado
C:\Documents and Settings\Manuel\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked saltado
C:\Documents and Settings\Manuel\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked saltado
C:\Documents and Settings\Manuel\Configuración local\Datos de programa\Mozilla\Firefox\Profiles\63lp71tb.default \Cache\_CACHE_001_ Object is locked saltado
C:\Documents and Settings\Manuel\Configuración local\Datos de programa\Mozilla\Firefox\Profiles\63lp71tb.default \Cache\_CACHE_002_ Object is locked saltado
C:\Documents and Settings\Manuel\Configuración local\Datos de programa\Mozilla\Firefox\Profiles\63lp71tb.default \Cache\_CACHE_003_ Object is locked saltado
C:\Documents and Settings\Manuel\Configuración local\Datos de programa\Mozilla\Firefox\Profiles\63lp71tb.default \Cache\_CACHE_MAP_ Object is locked saltado
C:\Documents and Settings\Manuel\Configuración local\Historial\History.IE5\index.dat Object is locked saltado
C:\Documents and Settings\Manuel\Configuración local\Historial\History.IE5\MSHist0120071008200710 09\index.dat Object is locked saltado
C:\Documents and Settings\Manuel\Cookies\index.dat Object is locked saltado
C:\Documents and Settings\Manuel\Datos de programa\Mozilla\Firefox\Profiles\63lp71tb.default \cert8.db Object is locked saltado
C:\Documents and Settings\Manuel\Datos de programa\Mozilla\Firefox\Profiles\63lp71tb.default \formhistory.dat Object is locked saltado
C:\Documents and Settings\Manuel\Datos de programa\Mozilla\Firefox\Profiles\63lp71tb.default \history.dat Object is locked saltado
C:\Documents and Settings\Manuel\Datos de programa\Mozilla\Firefox\Profiles\63lp71tb.default \key3.db Object is locked saltado
C:\Documents and Settings\Manuel\Datos de programa\Mozilla\Firefox\Profiles\63lp71tb.default \parent.lock Object is locked saltado
C:\Documents and Settings\Manuel\Datos de programa\Mozilla\Firefox\Profiles\63lp71tb.default \search.sqlite Object is locked saltado
C:\Documents and Settings\Manuel\Datos de programa\Mozilla\Firefox\Profiles\63lp71tb.default \urlclassifier2.sqlite Object is locked saltado
C:\Documents and Settings\Manuel\NTUSER.DAT Object is locked saltado
C:\Documents and Settings\Manuel\ntuser.dat.LOG Object is locked saltado
C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked saltado
C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked saltado
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked saltado
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked saltado
C:\RECYCLER\S-1-5-21-796845957-1303643608-682003330-500\Dc35.jpg Object is locked saltado
C:\RECYCLER\S-1-5-21-796845957-1303643608-682003330-500\Dc36.jpg Object is locked saltado
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked saltado
C:\System Volume Information\_restore{8A34E2C3-BA09-4812-9D91-B75860CBCE01}\RP24\change.log Object is locked saltado
C:\WINDOWS\Debug\PASSWD.LOG Object is locked saltado
C:\WINDOWS\SchedLgU.Txt Object is locked saltado
C:\WINDOWS\SoftwareDistribution\EventCache\{B879DE 9D-D9B9-4233-903D-EAAFF4D3E3F0}.bin Object is locked saltado
C:\WINDOWS\SoftwareDistribution\ReportingEvents.lo g Object is locked saltado
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked saltado
C:\WINDOWS\system32\config\default Object is locked saltado
C:\WINDOWS\system32\config\default.LOG Object is locked saltado
C:\WINDOWS\system32\config\SAM Object is locked saltado
C:\WINDOWS\system32\config\SAM.LOG Object is locked saltado
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked saltado
C:\WINDOWS\system32\config\SECURITY Object is locked saltado
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked saltado
C:\WINDOWS\system32\config\software Object is locked saltado
C:\WINDOWS\system32\config\software.LOG Object is locked saltado
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked saltado
C:\WINDOWS\system32\config\system Object is locked saltado
C:\WINDOWS\system32\config\system.LOG Object is locked saltado
C:\WINDOWS\system32\gzmrotate.dll Infectados: not-a-virus:AdWare.Win32.TrafficSol.k saltado
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked saltado
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked saltado
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked saltado
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MA P Object is locked saltado
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MA P Object is locked saltado
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DAT A Object is locked saltado
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked saltado
C:\WINDOWS\WindowsUpdate.log Object is locked saltado

Análisis completado.

ayudenme

Hola, ComboFix detecto y elimino ya algunos Malwares, pero todavía le quedaron algunas cosas para sacar siguiendo estos pasos:

1.-Abrir el Notepad

• Clic en INICIO > EJECUTAR >
• Y ahí pones notepad.exe y ACEPTAR

2.- Ahora copia y pega estos archivos dentro del Notepad

3.- Graba este archivo con el nombre CFScript.txt

4.- Arrastra y soltar el archivo CFScript.txt dentro del archivo ComboFix.exe como lo muestra la animación de abajo. Esto activara ComboFix nuevamente.



Reinicia y nos contas los resultados. junto con un nuevo reporte de ComboFix.

Salu2

Hola que tal amigo aqui estan los resultados:

ComboFix 07-10-12.1 - Manuel 2007-10-12 16:46:21.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.3082.18.131 [GMT -5:00]
Se ejecuta desde: C:\Documents and Settings\Manuel\Mis documentos\manuelito\ComboFix.exe
Command switches used :: C:\Documents and Settings\Manuel\Escritorio\CFScript.txt
* Creado un nuevo punto de restauración

FILE::
C:\WINDOWS\system32\gzmrotate.dll
.

(((((((((((((((((( Archivos creados desde 2007-09-12 - 2007-10-12 )))))))))))))))))))))))))))))))))
.

2007-10-09 15:39 584,192 --------- C:\WINDOWS\system32\DllCache\rpcrt4.dll
2007-10-08 13:54 <DIR> d-------- C:\Archivos de programa\Gram Two Soap
2007-10-08 13:53 <DIR> d-------- C:\Archivos de programa\Adverts
2007-10-08 10:55 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-07 21:16 <DIR> d-------- C:\Documents and Settings\Manuel\Datos de programa\AVG7
2007-10-07 21:16 <DIR> d-------- C:\Documents and Settings\LocalService\Datos de programa\AVG7
2007-10-07 21:16 <DIR> d-------- C:\Documents and Settings\LocalService\Datos de programa\AVG7
2007-10-07 21:16 <DIR> d-------- C:\Documents and Settings\LocalService\Datos de programa\AVG7
2007-10-07 21:15 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\Grisoft
2007-10-07 21:15 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\avg7
2007-10-07 19:55 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\Yahoo! Companion
2007-10-07 19:27 <DIR> d-------- C:\Archivos de programa\Yahoo!
2007-10-07 01:16 <DIR> d-------- C:\Archivos de programa\Trend Micro
2007-10-06 20:40 <DIR> d-------- C:\Archivos de programa\PC Tools AntiVirus
2007-10-06 20:40 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-10-05 18:51 <DIR> d---s---- C:\Documents and Settings\Manuel\UserData
2007-10-05 18:06 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\Messenger Plus!
2007-10-05 17:42 <DIR> d-------- C:\Archivos de programa\Archivos comunes\Adobe
2007-10-05 14:20 <DIR> d-------- C:\Documents and Settings\Manuel\Datos de programa\Gram Two Soap
2007-10-05 14:19 <DIR> d-------- C:\Archivos de programa\Windows Live
2007-10-05 14:14 <DIR> d-------- C:\Documents and Settings\Manuel\Contacts
2007-10-05 14:10 <DIR> d-------- C:\Documents and Settings\Manuel\Shared
2007-10-05 14:10 <DIR> d-------- C:\Documents and Settings\Manuel\Incomplete
2007-10-05 14:10 <DIR> d-------- C:\Documents and Settings\Manuel\Datos de programa\LimeWire
2007-10-05 14:09 <DIR> d-------- C:\Archivos de programa\LimeWire
2007-10-05 10:50 <DIR> d--h----- C:\Documents and Settings\Manuel\Plantillas
2007-10-05 10:50 <DIR> dr------- C:\Documents and Settings\Manuel\Mis documentos
2007-10-05 10:50 <DIR> dr------- C:\Documents and Settings\Manuel\Men£ Inicio
2007-10-05 10:50 <DIR> d--h----- C:\Documents and Settings\Manuel\Impresoras
2007-10-05 10:50 <DIR> dr------- C:\Documents and Settings\Manuel\Favoritos
2007-10-05 10:50 <DIR> d-------- C:\Documents and Settings\Manuel\Escritorio
2007-10-05 10:50 <DIR> d--h----- C:\Documents and Settings\Manuel\Entorno de red
2007-10-05 10:50 <DIR> d--h----- C:\Documents and Settings\Manuel\Datos de programa
2007-10-05 10:50 <DIR> d--h----- C:\Documents and Settings\Manuel\Configuraci¢n local
2007-10-04 01:37 <DIR> d-------- C:\Archivos de programa\Archivos comunes\SWF Studio
2007-10-04 01:37 45,056 --a------ C:\WINDOWS\NCUNINST.EXE
2007-10-03 23:15 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-10-03 23:15 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\Kaspersky Lab
2007-10-03 23:11 <DIR> d-------- C:\Documents and Settings\Administrador\Datos de programa\Adssite Advanced Toolbar
2007-10-03 23:11 <DIR> d-------- C:\Archivos de programa\Adssite Advanced Toolbar
2007-10-03 23:06 79,832 --a------ C:\WINDOWS\system32\adssite-remove.exe
2007-10-03 23:06 40,733 --a------ C:\WINDOWS\system32\rightonadz-uninst.exe
2007-10-02 01:22 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-09-22 23:01 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-09-22 22:22 1,184 --a------ C:\WINDOWS\mozver.dat
2007-09-22 17:00 0 --a------ C:\WINDOWS\nsreg.dat
2007-09-22 16:41 <DIR> d-------- C:\Archivos de programa\Messenger Plus! Live
2007-09-22 16:20 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\seek film amok web
2007-09-22 16:19 <DIR> d-------- C:\Documents and Settings\Administrador\Datos de programa\Gram Two Soap
2007-09-22 15:41 <DIR> d-a------ C:\Documents and Settings\All Users\Datos de programa\TEMP
2007-09-22 14:35 <DIR> d-------- C:\WINDOWS\system32\EWS
2007-09-22 14:35 <DIR> d-------- C:\Archivos de programa\Checkers Buddy Yahoo
2007-09-22 14:23 <DIR> d-------- C:\Program Files
2007-09-22 14:23 188,416 --a------ C:\WINDOWS\amuninst.exe
2007-09-22 13:53 <DIR> d-------- C:\Archivos de programa\Google
2007-09-22 13:51 <DIR> d-------- C:\Archivos de programa\Java
2007-09-22 13:38 <DIR> d-------- C:\Archivos de programa\Archivos comunes\Java
2007-09-22 13:25 <DIR> d---s---- C:\Documents and Settings\Administrador\UserData
2007-09-22 13:18 <DIR> d-------- C:\WINDOWS\Sun
2007-09-22 13:12 <DIR> d-------- C:\Documents and Settings\Administrador\Contacts
2007-09-22 12:52 <DIR> d-------- C:\WINDOWS\system32\DllCache
2007-09-22 12:52 128,896 --------- C:\WINDOWS\system32\DllCache\fltmgr.sys
2007-09-22 12:52 23,040 --------- C:\WINDOWS\system32\DllCache\fltmc.exe
2007-09-22 12:52 16,896 --------- C:\WINDOWS\system32\DllCache\fltlib.dll
2007-09-22 12:44 <DIR> d-------- C:\Documents and Settings\Administrador\Shared
2007-09-22 12:44 <DIR> d-------- C:\Documents and Settings\Administrador\Incomplete
2007-09-22 12:44 <DIR> d-------- C:\Documents and Settings\Administrador\Datos de programa\LimeWire
2007-09-22 12:43 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-09-22 12:43 <DIR> d-------- C:\Archivos de programa\MSN Messenger
2007-09-22 12:12 2,374,472 --------- C:\WINDOWS\system32\DllCache\wmvcore.dll
2007-09-21 17:19 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-09-21 17:18 58,624 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-09-21 17:18 44,672 --a------ C:\WINDOWS\system32\drivers\UAGP35.SYS
2007-09-21 17:17 77,824 --a------ C:\WINDOWS\system32\usbui.dll
2007-09-21 17:17 27,165 --a------ C:\WINDOWS\system32\drivers\fetnd5.sys
2007-09-21 17:16 <DIR> d--h----- C:\Documents and Settings\Default User\Reciente
2007-09-21 17:16 <DIR> d--h----- C:\Documents and Settings\Default User\Plantillas
2007-09-21 17:16 <DIR> d-------- C:\Documents and Settings\Default User\Mis documentos
2007-09-21 17:16 <DIR> dr------- C:\Documents and Settings\Default User\Men£ Inicio
2007-09-21 17:16 <DIR> d--h----- C:\Documents and Settings\Default User\Impresoras
2007-09-21 17:16 <DIR> d-------- C:\Documents and Settings\Default User\Favoritos
2007-09-21 17:16 <DIR> d-------- C:\Documents and Settings\Default User\Escritorio
2007-09-21 17:16 <DIR> d--h----- C:\Documents and Settings\Default User\Entorno de red
2007-09-21 17:16 <DIR> dr-h----- C:\Documents and Settings\Default User\Configuraci¢n local
2007-09-21 17:16 <DIR> d--h----- C:\Documents and Settings\All Users\Plantillas
2007-09-21 17:16 <DIR> dr------- C:\Documents and Settings\All Users\Men£ Inicio
2007-09-21 17:16 <DIR> d-------- C:\Documents and Settings\All Users\Favoritos
2007-09-21 17:16 <DIR> d-------- C:\Documents and Settings\All Users\Escritorio
2007-09-21 17:16 <DIR> dr------- C:\Documents and Settings\All Users\Documentos
2007-09-21 17:16 <DIR> d-------- C:\Archivos de programa\Archivos comunes\ODBC
2007-09-21 17:15 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2007-09-21 17:15 <DIR> d-------- C:\WINDOWS\system32\CatRoot
2007-09-21 17:15 <DIR> dr-h----- C:\Documents and Settings\Default User\Datos de programa
2007-09-21 17:15 <DIR> dr-h----- C:\Documents and Settings\All Users\Datos de programa
2007-09-21 17:15 <DIR> d-------- C:\Documents and Settings

.
(((((((((((((((((((((((((((((((((((((( Reporte Find3M )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
2007-10-11 17:11 --------- d-----w C:\Archivos de programa\Checkers Buddy Yahoo
2007-10-05 22:42 --------- d--h--w C:\Archivos de programa\InstallShield Installation Information
2007-09-21 21:57 --------- d-----w C:\Archivos de programa\Microsoft Works
2007-09-21 21:36 502,368 ----a-w C:\WINDOWS\system32\drivers\amon.sys
2007-09-21 21:36 270,336 ----a-w C:\WINDOWS\system32\imon.dll
2007-09-21 21:31 315,392 ----a-w C:\WINDOWS\HideWin.exe
2007-09-21 21:31 --------- d-----w C:\Archivos de programa\Realtek
2007-09-21 21:30 --------- d-----w C:\Archivos de programa\S3
2007-09-21 21:29 --------- d-----w C:\Archivos de programa\Archivos comunes\InstallShield
2007-09-21 21:21 --------- d-----w C:\Archivos de programa\Archivos comunes\MSSoap
2007-08-22 13:13 96,768 ------w C:\WINDOWS\system32\DllCache\inseng.dll
2007-08-22 13:13 661,504 ------w C:\WINDOWS\system32\DllCache\wininet.dll
2007-08-22 13:13 616,448 ------w C:\WINDOWS\system32\DllCache\urlmon.dll
2007-08-22 13:13 55,808 ------w C:\WINDOWS\system32\DllCache\extmgr.dll
2007-08-22 13:13 532,480 ------w C:\WINDOWS\system32\DllCache\mstime.dll
2007-08-22 13:13 474,624 ------w C:\WINDOWS\system32\DllCache\shlwapi.dll
2007-08-22 13:13 449,024 ------w C:\WINDOWS\system32\DllCache\mshtmled.dll
2007-08-22 13:13 39,424 ------w C:\WINDOWS\system32\DllCache\pngfilt.dll
2007-08-22 13:13 357,888 ------w C:\WINDOWS\system32\DllCache\dxtmsft.dll
2007-08-22 13:13 3,079,168 ------w C:\WINDOWS\system32\DllCache\mshtml.dll
2007-08-22 13:13 251,392 ------w C:\WINDOWS\system32\DllCache\iepeers.dll
2007-08-22 13:13 205,312 ------w C:\WINDOWS\system32\DllCache\dxtrans.dll
2007-08-22 13:13 16,384 ------w C:\WINDOWS\system32\DllCache\jsproxy.dll
2007-08-22 13:13 151,552 ------w C:\WINDOWS\system32\DllCache\cdfview.dll
2007-08-22 13:13 146,432 ------w C:\WINDOWS\system32\DllCache\msrating.dll
2007-08-22 13:13 1,495,040 ------w C:\WINDOWS\system32\DllCache\shdocvw.dll
2007-08-22 13:13 1,056,256 ------w C:\WINDOWS\system32\DllCache\danim.dll
2007-08-22 13:13 1,022,976 ------w C:\WINDOWS\system32\DllCache\browseui.dll
2007-08-21 10:30 18,432 ------w C:\WINDOWS\system32\DllCache\iedw.exe
2007-08-21 06:17 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-21 06:17 683,520 ------w C:\WINDOWS\system32\DllCache\inetcomm.dll
2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 17:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 17:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 17:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 17:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 17:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
.

((((((((((((((((((((((((((((( snapshot@2007-10-08_10.59.46.75 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-07-09 13:19:27 582,656 ----a-w C:\WINDOWS\$hf_mig$\KB933729\SP2QFE\rpcrt4.dll
+ 2007-06-19 05:24:36 368,640 ----a-w C:\WINDOWS\$hf_mig$\KB933729\SP2QFE\spru0c0a.dll
+ 2005-10-12 23:13:27 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB933729\spmsg.dll
+ 2005-10-12 23:13:28 215,776 ----a-w C:\WINDOWS\$hf_mig$\KB933729\spuninst.exe
+ 2005-10-12 23:13:27 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB933729\update\spcustom.dll
+ 2005-10-12 23:14:09 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB933729\update\update.exe
+ 2005-10-12 23:14:15 389,856 ----a-w C:\WINDOWS\$hf_mig$\KB933729\update\updspapi.dll
+ 2007-08-22 12:57:22 1,022,976 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\browseui.dll
+ 2007-08-22 12:57:22 151,552 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\cdfview.dll
+ 2007-08-22 12:57:22 1,056,256 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\danim.dll
+ 2007-08-22 12:57:23 357,888 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\dxtmsft.dll
+ 2007-08-22 12:57:23 205,824 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\dxtrans.dll
+ 2007-08-22 12:57:23 55,808 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\extmgr.dll
+ 2007-08-21 10:19:39 18,432 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\iedw.exe
+ 2007-08-22 12:57:23 251,904 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\iepeers.dll
+ 2007-08-22 12:57:23 96,768 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\inseng.dll
+ 2007-08-22 12:57:23 16,384 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\jsproxy.dll
+ 2007-08-22 12:57:25 3,085,824 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\mshtml.dll
+ 2007-08-22 12:57:25 449,024 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\mshtmled.dll
+ 2007-08-22 12:57:25 146,432 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\msrating.dll
+ 2007-08-22 12:57:26 532,480 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\mstime.dll
+ 2007-08-22 12:57:26 39,424 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\pngfilt.dll
+ 2007-08-22 12:57:27 1,498,624 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\shdocvw.dll
+ 2007-08-22 12:57:27 474,624 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\shlwapi.dll
+ 2007-08-21 10:50:47 368,640 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\spru0c0a.dll
+ 2007-08-22 12:57:28 619,008 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\urlmon.dll
+ 2007-08-22 12:57:28 668,160 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\wininet.dll
+ 2007-03-06 01:27:45 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB939653\spmsg.dll
+ 2007-03-06 01:27:50 215,776 ----a-w C:\WINDOWS\$hf_mig$\KB939653\spuninst.exe
+ 2007-03-06 01:27:44 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB939653\update\spcustom.dll
+ 2007-03-06 01:28:08 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB939653\update\update.exe
+ 2007-03-06 01:29:00 389,856 ----a-w C:\WINDOWS\$hf_mig$\KB939653\update\updspapi.dll
+ 2007-08-21 06:25:35 683,520 ----a-w C:\WINDOWS\$hf_mig$\KB941202\SP2QFE\inetcomm.dll
+ 2007-03-06 01:27:45 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB941202\spmsg.dll
+ 2007-03-06 01:27:50 215,776 ----a-w C:\WINDOWS\$hf_mig$\KB941202\spuninst.exe
+ 2007-03-06 01:27:44 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941202\update\spcustom.dll
+ 2007-03-06 01:28:08 724,704 ----a-w C:\WINDOWS\$hf_mig$\KB941202\update\update.exe
+ 2007-03-06 01:29:00 389,856 ----a-w C:\WINDOWS\$hf_mig$\KB941202\update\updspapi.dll
+ 2006-01-11 21:42:22 582,144 -c----w C:\WINDOWS\$NtUninstallKB933729$\rpcrt4.dll
+ 2005-10-12 23:13:28 215,776 -c----w C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst .exe
+ 2005-10-12 23:14:15 389,856 -c----w C:\WINDOWS\$NtUninstallKB933729$\spuninst\updspapi .dll
+ 2007-06-14 18:09:35 1,023,488 -c----w C:\WINDOWS\$NtUninstallKB939653$\browseui.dll
+ 2007-06-14 18:09:35 151,552 -c----w C:\WINDOWS\$NtUninstallKB939653$\cdfview.dll
+ 2007-06-14 18:09:37 1,056,256 -c----w C:\WINDOWS\$NtUninstallKB939653$\danim.dll
+ 2007-06-14 18:09:37 357,888 -c----w C:\WINDOWS\$NtUninstallKB939653$\dxtmsft.dll
+ 2007-06-14 18:09:37 205,312 -c----w C:\WINDOWS\$NtUninstallKB939653$\dxtrans.dll
+ 2007-06-14 18:09:37 55,808 -c----w C:\WINDOWS\$NtUninstallKB939653$\extmgr.dll
+ 2007-06-14 14:07:24 18,432 -c----w C:\WINDOWS\$NtUninstallKB939653$\iedw.exe
+ 2007-06-14 18:09:37 251,392 -c----w C:\WINDOWS\$NtUninstallKB939653$\iepeers.dll
+ 2007-06-14 18:09:37 96,768 -c----w C:\WINDOWS\$NtUninstallKB939653$\inseng.dll
+ 2007-06-14 18:09:37 16,384 -c----w C:\WINDOWS\$NtUninstallKB939653$\jsproxy.dll
+ 2007-06-14 18:09:40 3,079,680 -c----w C:\WINDOWS\$NtUninstallKB939653$\mshtml.dll
+ 2007-06-14 18:09:39 449,024 -c----w C:\WINDOWS\$NtUninstallKB939653$\mshtmled.dll
+ 2007-06-14 18:09:39 146,432 -c----w C:\WINDOWS\$NtUninstallKB939653$\msrating.dll
+ 2007-06-14 18:09:39 532,480 -c----w C:\WINDOWS\$NtUninstallKB939653$\mstime.dll
+ 2007-06-14 18:09:39 39,424 -c----w C:\WINDOWS\$NtUninstallKB939653$\pngfilt.dll
+ 2007-06-14 18:09:41 1,495,040 -c----w C:\WINDOWS\$NtUninstallKB939653$\shdocvw.dll
+ 2007-06-14 18:09:41 474,624 -c----w C:\WINDOWS\$NtUninstallKB939653$\shlwapi.dll
+ 2007-03-06 01:27:50 215,776 -c----w C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst .exe
+ 2007-03-06 01:29:00 389,856 -c----w C:\WINDOWS\$NtUninstallKB939653$\spuninst\updspapi .dll
+ 2007-06-14 18:09:42 616,448 -c----w C:\WINDOWS\$NtUninstallKB939653$\urlmon.dll
+ 2007-06-26 14:09:39 661,504 -c----w C:\WINDOWS\$NtUninstallKB939653$\wininet.dll
+ 2007-06-14 14:24:32 121,856 -c----w C:\WINDOWS\$NtUninstallKB939653$\xpsp3res.dll
+ 2007-05-16 15:12:01 683,520 -c----w C:\WINDOWS\$NtUninstallKB941202$\inetcomm.dll
+ 2007-03-06 01:27:50 215,776 -c----w C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst .exe
+ 2007-03-06 01:29:00 389,856 -c----w C:\WINDOWS\$NtUninstallKB941202$\spuninst\updspapi .dll
+ 2007-08-21 06:17:25 683,520 ----a-w C:\WINDOWS\SoftwareDistribution\Download\01d191356 dc1743ec7fe99cc2cbba2de\sp2gdr\inetcomm.dll
+ 2007-08-21 06:25:35 683,520 ----a-w C:\WINDOWS\SoftwareDistribution\Download\01d191356 dc1743ec7fe99cc2cbba2de\sp2qfe\inetcomm.dll
+ 2007-03-06 01:27:45 15,584 ----a-w C:\WINDOWS\SoftwareDistribution\Download\01d191356 dc1743ec7fe99cc2cbba2de\spmsg.dll
+ 2007-03-06 01:27:50 215,776 ----a-w C:\WINDOWS\SoftwareDistribution\Download\01d191356 dc1743ec7fe99cc2cbba2de\spuninst.exe
+ 2007-03-06 01:27:44 22,752 ----a-w C:\WINDOWS\SoftwareDistribution\Download\01d191356 dc1743ec7fe99cc2cbba2de\update\spcustom.dll
+ 2007-03-06 01:28:08 724,704 ----a-w C:\WINDOWS\SoftwareDistribution\Download\01d191356 dc1743ec7fe99cc2cbba2de\update\update.exe
+ 2007-03-06 01:29:00 389,856 ----a-w C:\WINDOWS\SoftwareDistribution\Download\01d191356 dc1743ec7fe99cc2cbba2de\update\updspapi.dll
+ 2007-08-22 13:13:12 1,022,976 ----a-w C:\WINDOWS\SoftwareDistribution\Download\1b1f11a55 87c558e9101255e2eefda46\sp2gdr\browseui.dll
+ 2007-08-22 13:13:13 151,552 ----a-w C:\WINDOWS\SoftwareDistribution\Download\1b1f11a55 87c558e9101255e2eefda46\sp2gdr\cdfview.dll
+ 2007-08-22 13:13:13 1,056,256 ----a-w C:\WINDOWS\SoftwareDistribution\Download\1b1f11a55 87c558e9101255e2eefda46\sp2gdr\danim.dll
+ 2007-08-22 13:13:13 357,888 ----a-w C:\WINDOWS\SoftwareDistribution\Download\1b1f11a55 87c558e9101255e2eefda46\sp2gdr\dxtmsft.dll
+ 2007-08-22 13:13:13 205,312 ----a-w C:\WINDOWS\SoftwareDistribution\Download\1b1f11a55 87c558e9101255e2eefda46\sp2gdr\dxtrans.dll
+ 2007-08-22 13:13:13 55,808 ----a-w C:\WINDOWS\SoftwareDistribution\Download\1b1f11a55 87c558e9101255e2eefda46\sp2gdr\extmgr.dll
+ 2007-08-21 10:30:45 18,432 ----a-w C:\WINDOWS\SoftwareDistribution\Download\1b1f11a55 87c558e9101255e2eefda46\sp2gdr\iedw.exe
+ 2007-08-22 13:13:13 251,392 ----a-w C:\WINDOWS\SoftwareDistribution\Download\1b1f11a55 87c558e9101255e2eefda46\sp2gdr\iepeers.dll
+ 2007-08-22 13:13:13 96,768 ----a-w C:\WINDOWS\SoftwareDistribution\Download\1b1f11a55 87c558e9101255e2eefda46\sp2gdr\inseng.dll
+ 2007-08-22 13:13:13 16,384 ----a-w C:\WINDOWS\SoftwareDistribution\Download\1b1f11a55 87c558e9101255e2eefda46\sp2gdr\jsproxy.dll
+ 2007-08-22 13:13:14 3,079,168 ----a-w C:\WINDOWS\SoftwareDistribution\Download\1b1f11a55 87c558e9101255e2eefda46\sp2gdr\mshtml.dll
+ 2007-08-22 13:13:14 449,024 ----a-w C:\WINDOWS\SoftwareDistribution\Download\1b1f11a55 87c558e9101255e2eefda46\sp2gdr\mshtmled.dll
+ 2007-08-22 13:13:14 146,432 ----a-w C:\WINDOWS\SoftwareDistribution\Download\1b1f11a55 87c558e9101255e2eefda46\sp2gdr\msrating.dll
+ 2007-08-22 13:13:14 532,480 ----a-w C:\WINDOWS\SoftwareDistribution\Download\1b1f11a55 87c558e9101255e2eefda46\sp2gdr\mstime.dll
+ 2007-08-22 13:13:14 39,424 ----a-w C:\WINDOWS\SoftwareDistribution\Download\1b1f11a55 87c558e9101255e2eefda46\sp2gdr\pngfilt.dll
+ 2007-08-22 13:13:15 1,495,040 ----a-w C:\WINDOWS\SoftwareDistribution\Download\1b1f11a55 87c558e9101255e2eefda46\sp2gdr\shdocvw.dll
+ 2007-08-22 13:13:15 474,624 ----a-w C:\WINDOWS\SoftwareDistribution\Download\1b1f11a55 87c558e9101255e2eefda46\sp2gdr\shlwapi.dll
+ 2007-08-21 10:53:22 121,856 ----a-w C:\WINDOWS\SoftwareDistribution\Download\1b1f11a55 87c558e9101255e2eefda46\sp2gdr\spru0c0a.dll
+ 2007-08-22 13:13:15 616,448 ----a-w C:\WINDOWS\SoftwareDistribution\Download\1b1f11a55 87c558e9101255e2eefda46\sp2gdr\urlmon.dll
+ 2007-08-22 13:13:15 661,504 ----a-w C:\WINDOWS\SoftwareDistribution\Download\1b1f11a55 87c558e9101255e2eefda46\sp2gdr\wininet.dll
+ 2007-08-22 12:57:22 1,022,976 ----a-w C:\WINDOWS\SoftwareDistribution\Download\1b1f11a55 87c558e9101255e2eefda46\sp2qfe\browseui.dll
+ 2007-08-22 12:57:22 151,552 ----a-w C:\WINDOWS\SoftwareDistribution\Download\1b1f11a55 87c558e9101255e2eefda46\sp2qfe\cdfview.dll
+ 2007-08-22 12:57:22 1,056,256 ----a-w C:\WINDOWS\SoftwareDistribution\Download\1b1f11a55 87c558e9101255e2eefda46\sp2qfe\danim.dll
+ 2007-08-22 12:57:23 357,888 ----a-w C:\WINDOWS\SoftwareDistribution\Download\1b1f11a55 87c558e9101255e2eefda46\sp2qfe\dxtmsft.dll
+ 2007-08-22 12:57:23 205,824 ----a-w C:\WINDOWS\SoftwareDistribution\Download\1b1f11a55 87c558e9101255e2eefda46\sp2qfe\dxtrans.dll
+ 2007-08-22 12:57:23 55,808 ----a-w C:\WINDOWS\SoftwareDistribution\Download\1b1f11a55 87c558e9101255e2eefda46\sp2qfe\extmgr.dll
+ 2007-08-21 10:19:39 18,432 ----a-w C:\WINDOWS\SoftwareDistribution\Download\1b1f11a55 87c558e9101255e2eefda46\sp2qfe\iedw.exe
+ 2007-08-22 12:57:23 251,904 ----a-w C:\WINDOWS\SoftwareDistribution\Download\1b1f11a55 87c558e9101255e2eefda46\sp2qfe\iepeers.dll
+ 2007-08-22 12:57:23 96,768 ----a-w C:\WINDOWS\SoftwareDistribution\Download\1b1f11a55 87c558e9101255e2eefda46\sp2qfe\inseng.dll
+ 2007-08-22 12:57:23 16,384 ----a-w C:\WINDOWS\SoftwareDistribution\Download\1b1f11a55 87c558e9101255e2eefda46\sp2qfe\jsproxy.dll
+ 2007-08-22 12:57:25 3,085,824 ----a-w C:\WINDOWS\SoftwareDistribution\Download\1b1f11a55 87c558e9101255e2eefda46\sp2qfe\mshtml.dll
+ 2007-08-22 12:57:25 449,024 ----a-w C:\WINDOWS\SoftwareDistribution\Download\1b1f11a55 87c558e9101255e2eefda46\sp2qfe\mshtmled.dll
+ 2007-08-22 12:57:25 146,432 ----a-w C:\WINDOWS\SoftwareDistribution\Download\1b1f11a55 87c558e9101255e2eefda46\sp2qfe\msrating.dll
+ 2007-08-22 12:57:26 532,480 ----a-w C:\WINDOWS\SoftwareDistribution\Download\1b1f11a55 87c558e9101255e2eefda46\sp2qfe\mstime.dll
+ 2007-08-22 12:57:26 39,424 ----a-w C:\WINDOWS\SoftwareDistribution\Download\1b1f11a55 87c558e9101255e2eefda46\sp2qfe\pngfilt.dll
+ 2007-08-22 12:57:27 1,498,624 ----a-w C:\WINDOWS\SoftwareDistribution\Download\1b1f11a55 87c558e9101255e2eefda46\sp2qfe\shdocvw.dll
+ 2007-08-22 12:57:27 474,624 ----a-w C:\WINDOWS\SoftwareDistribution\Download\1b1f11a55 87c558e9101255e2eefda46\sp2qfe\shlwapi.dll
+ 2007-08-21 10:50:47 368,640 ----a-w C:\WINDOWS\SoftwareDistribution\Download\1b1f11a55 87c558e9101255e2eefda46\sp2qfe\spru0c0a.dll
+ 2007-08-22 12:57:28 619,008 ----a-w C:\WINDOWS\SoftwareDistribution\Download\1b1f11a55 87c558e9101255e2eefda46\sp2qfe\urlmon.dll
+ 2007-08-22 12:57:28 668,160 ----a-w C:\WINDOWS\SoftwareDistribution\Download\1b1f11a55 87c558e9101255e2eefda46\sp2qfe\wininet.dll
+ 2007-03-06 01:27:45 15,584 ----a-w C:\WINDOWS\SoftwareDistribution\Download\1b1f11a55 87c558e9101255e2eefda46\spmsg.dll
+ 2007-03-06 01:27:50 215,776 ----a-w C:\WINDOWS\SoftwareDistribution\Download\1b1f11a55 87c558e9101255e2eefda46\spuninst.exe
+ 2007-03-06 01:27:44 22,752 ----a-w C:\WINDOWS\SoftwareDistribution\Download\1b1f11a55 87c558e9101255e2eefda46\update\spcustom.dll
+ 2007-03-06 01:28:08 724,704 ----a-w C:\WINDOWS\SoftwareDistribution\Download\1b1f11a55 87c558e9101255e2eefda46\update\update.exe
+ 2007-03-06 01:29:00 389,856 ----a-w C:\WINDOWS\SoftwareDistribution\Download\1b1f11a55 87c558e9101255e2eefda46\update\updspapi.dll
+ 2007-07-09 13:11:11 584,192 ----a-w C:\WINDOWS\SoftwareDistribution\Download\53b863a87 0073d148a6064558452898b\SP2GDR\rpcrt4.dll
+ 2007-06-13 04:53:14 121,856 ----a-w C:\WINDOWS\SoftwareDistribution\Download\53b863a87 0073d148a6064558452898b\SP2GDR\spru0c0a.dll
+ 2007-07-09 13:19:27 582,656 ----a-w C:\WINDOWS\SoftwareDistribution\Download\53b863a87 0073d148a6064558452898b\SP2QFE\rpcrt4.dll
+ 2007-06-19 05:24:36 368,640 ----a-w C:\WINDOWS\SoftwareDistribution\Download\53b863a87 0073d148a6064558452898b\SP2QFE\spru0c0a.dll
+ 2005-10-12 23:13:27 15,584 ----a-w C:\WINDOWS\SoftwareDistribution\Download\53b863a87 0073d148a6064558452898b\spmsg.dll
+ 2005-10-12 23:13:28 215,776 ----a-w C:\WINDOWS\SoftwareDistribution\Download\53b863a87 0073d148a6064558452898b\spuninst.exe
+ 2005-10-12 23:13:27 22,752 ----a-w C:\WINDOWS\SoftwareDistribution\Download\53b863a87 0073d148a6064558452898b\update\spcustom.dll
+ 2005-10-12 23:14:09 724,704 ----a-w C:\WINDOWS\SoftwareDistribution\Download\53b863a87 0073d148a6064558452898b\update\update.exe
+ 2005-10-12 23:14:15 389,856 ----a-w C:\WINDOWS\SoftwareDistribution\Download\53b863a87 0073d148a6064558452898b\update\updspapi.dll
- 2007-06-14 18:09:35 1,023,488 ----a-w C:\WINDOWS\system32\browseui.dll
+ 2007-08-22 13:13:12 1,022,976 ----a-w C:\WINDOWS\system32\browseui.dll
- 2007-06-14 18:09:35 151,552 ----a-w C:\WINDOWS\system32\cdfview.dll
+ 2007-08-22 13:13:13 151,552 ----a-w C:\WINDOWS\system32\cdfview.dll
- 2007-06-14 18:09:37 1,056,256 ----a-w C:\WINDOWS\system32\danim.dll
+ 2007-08-22 13:13:13 1,056,256 ----a-w C:\WINDOWS\system32\danim.dll
- 2007-06-14 18:09:37 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2007-08-22 13:13:13 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2007-06-14 18:09:37 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2007-08-22 13:13:13 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2007-06-14 18:09:37 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2007-08-22 13:13:13 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
- 2007-06-14 18:09:37 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll
+ 2007-08-22 13:13:13 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll
- 2007-06-14 18:09:37 96,768 ----a-w C:\WINDOWS\system32\inseng.dll
+ 2007-08-22 13:13:13 96,768 ----a-w C:\WINDOWS\system32\inseng.dll
- 2007-06-14 18:09:37 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2007-08-22 13:13:13 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2005-05-24 16:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2005-05-24 17:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
- 2007-09-07 16:29:00 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 20:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
- 2007-09-07 16:29:00 946,176 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
+ 2007-08-29 20:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
- 2007-09-06 00:50:44 17,474,680 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2007-09-28 05:19:39 18,089,592 ----a-w C:\WINDOWS\system32\MRT.exe
- 2007-06-14 18:09:40 3,079,680 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2007-08-22 13:13:14 3,079,168 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2007-06-14 18:09:39 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2007-08-22 13:13:14 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2007-06-14 18:09:39 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2007-08-22 13:13:14 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
- 2007-06-14 18:09:39 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2007-08-22 13:13:14 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
- 2007-06-14 18:09:39 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2007-08-22 13:13:14 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2006-01-11 21:42:22 582,144 ----a-w C:\WINDOWS\system32\rpcrt4.dll
+ 2007-07-09 13:11:11 584,192 ----a-w C:\WINDOWS\system32\rpcrt4.dll
- 2007-06-14 18:09:41 1,495,040 ----a-w C:\WINDOWS\system32\shdocvw.dll
+ 2007-08-22 13:13:15 1,495,040 ----a-w C:\WINDOWS\system32\shdocvw.dll
- 2007-06-14 18:09:41 474,624 ----a-w C:\WINDOWS\system32\shlwapi.dll
+ 2007-08-22 13:13:15 474,624 ----a-w C:\WINDOWS\system32\shlwapi.dll
- 2006-01-19 19:29:21 15,584 ------w C:\WINDOWS\system32\spmsg.dll
+ 2005-10-12 23:13:27 15,584 ------w C:\WINDOWS\system32\spmsg.dll
- 2007-06-14 18:09:42 616,448 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2007-08-22 13:13:15 616,448 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2007-06-26 14:09:39 661,504 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2007-08-22 13:13:15 661,504 ----a-w C:\WINDOWS\system32\wininet.dll
- 2007-06-14 14:24:32 121,856 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2007-08-21 10:53:22 121,856 ----a-w C:\WINDOWS\system32\xpsp3res.dll
- 2007-10-08 15:59:19 53,248 ----a-w C:\WINDOWS\Temp\sobdqeqb.dll
+ 2007-10-12 21:47:44 53,248 ----a-w C:\WINDOWS\TEMP\sobdqeqb.dll
.
((((((((((((((((((((((((((((((((( Cargando Puntos Reg ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vacías & entradas legítimas predeterminadas no son mostradas

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"VTTimer"="VTTimer.exe" [2006-09-21 09:36 C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2007-02-06 00:30 C:\WINDOWS\system32\VTTrayp.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-02-26 08:03 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 11:04 C:\WINDOWS\SkyTel.exe]
"nod32kui"="C:\Archivos de programa\Eset\nod32kui.exe" [2007-09-21 16:36]
"SunJavaUpdateSched"="C:\Archivos de programa\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"AVG7_CC"="C:\ARCHIV~1\Grisoft\AVG7\avgcc.exe" [2007-10-07 21:15]
"Amok web bash obj"="C:\Documents and Settings\All Users\Datos de programa\seek film amok web\Dale Burn.exe" [2007-10-11 16:29]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 08:42]
"msnmsgr"="C:\Archivos de programa\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55]
"Corn Move"="C:\DOCUME~1\Manuel\DATOSD~1\GRAMTW~1\Extram agselse.exe" []

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\runonce]
"nlsf"=cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll"
"tscuninstall"=%systemroot%\system32\tscupgrd. exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"DisableStatusMessages"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer]
"NoDesktopCleanupWizard"=1 (0x1)
"ForceClassicControlPanel"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"NoSMHelp"=1 (0x1)
"NoSMConfigurePrograms"=1 (0x1)
"NoSharedDocuments"=1 (0x1)
"NoResolveTrack"=1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies\explorer]
"NoSMHelp"=1 (0x1)
"NoSMConfigurePrograms"=1 (0x1)
"NoSharedDocuments"=1 (0x1)
"NoResolveTrack"=1 (0x1)

R1 BIOS;BIOS;\??\C:\WINDOWS\system32\drivers\BIOS.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService Alerter WebClient LmHosts upnphost SSDPSRV

.
Contenido de carpeta 'Tareas Programadas'
"2007-10-11 21:00:00 C:\WINDOWS\Tasks\A5CDA40F91FE216F.job"
.
************************************************** ************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-12 16:47:45
Windows 5.1.2600 Service Pack 2 NTFS

escaneando procesos ocultos ...

escaneando entradas ocultas de autostart ...

escaneando archivos ocultos ...

el escaneo se completo con exito
archivos ocultos: 0

************************************************** ************************
.
Tiempo completado: 2007-10-12 16:48:21
C:\ComboFix-quarantined-files.txt ... 2007-10-08 11:00
C:\ComboFix2.txt ... 2007-10-08 11:00
.
--- E O F ---

gracias