 |
| |||||||
 InfoSpyware sortea una T-Shirts |
| Participa en el sorteo por una
"Camiseta Oficial de InfoSpyware" gracias al amigo
Enjuto Mojamuto |
| Foro Oficial de HijackThis en español Analizamos tu log de HijackThis para eliminar Hijackers, Spyware, Adware, ToolBars, Virus, Troyanos y Malwares en gral. Antes lea las Políticas del Foro de HijackThis. |
 |
| | Herramientas |
 | 
04/04/08, 13:02:37
|  |
| |||
| Os pido un analisis de HijackThis, gracias Saludos; El problema es de malware (los popups con "system integrity scan wizard", etc.) El log es el siguiente: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:02:05, on 04/04/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16609) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\TOSHIBA\Utilities\KeNotify.exe C:\Windows\RtHDVCpl.exe C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe C:\Program Files\VoipBuster.com\VoipBuster\voipbuster.exe C:\Users\Jaume\AppData\Local\sfhtejvh.exe C:\ProgramData\ulajijmz\snwlkpqp.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\ProgramData\mzyhvtsa\yjmfmvgz.exe C:\Program Files\Synaptics\SynTP\SynToshiba.exe C:\Program Files\totalcmd\TOTALCMD.EXE C:\Windows\explorer.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\system32\conime.exe C:\Program Files\Windows Mail\WinMail.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cat/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Barra Yahoo! con bloqueador de ventanas emergentes - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O1 - Hosts: ::1 localhost O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll O3 - Toolbar: Babylon - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - C:\Program Files\Babylon\Babylon Toolbar\BabylonIEToolBar.dll O3 - Toolbar: Barra Yahoo! con bloqueador de ventanas emergentes - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe O4 - HKLM\..\Run: [HWSetup] \HWSetup.exe hwSetUP O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [Desktop SMS] C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe /auto O4 - HKLM\..\Run: [Skytel] Skytel.exe O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe O4 - HKCU\..\Run: [VoipBuster] "C:\Program Files\VoipBuster.com\VoipBuster\voipbuster.exe" -nosplash -minimized O4 - HKCU\..\Run: [sfhtejvh] c:\users\jaume\appdata\local\sfhtejvh.exe sfhtejvh O4 - HKCU\..\Run: [pejswanj] C:\ProgramData\pejswanj\aribihsd.exe O4 - HKCU\..\Run: [eQGCnznfC1] C:\ProgramData\ulajijmz\snwlkpqp.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [mzyhvtsa] C:\ProgramData\mzyhvtsa\yjmfmvgz.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICIO LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICIO LOCAL') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Servicio de red') O8 - Extra context menu item: &Winamp Toolbar Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?SP (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O13 - Gopher Prefix: O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/spanish/kavwebscan_unicode.cab O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: Programador de LiveUpdate automático - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HD DVD PLAYER\TNaviSrv.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 13167 bytes Muchas gracias por todo      |
|
05/04/08, 20:50:20
| |
| ||||
| Re: Os pido un analisis de HijackThis, gracias Hola, te doy la bienvenida al Foro de InfoSpyware, sigue estos pasos: Descarga, actualiza y ejecuta el programa:Descarga CCleaner y ejecútalo usando primero su opción de "Limpiador" para borrar cookies, temporales de Internet y todos los archivos que este te muestre como obsoletos, y luego usa su opción de "Registro" para limpiar todo el registro de Windows (haciendo copia de seguridad).  - Descarga la herramienta ComboFix.exe y guárdala en el escritorio.
Cita:
Saludos  Novedades del Foro | Antivirus Online | Eliminar Malwares | Políticas del Foro | Blog * Ayúdanos haciendo una DONACIÓN para poder seguir Ayudando. * Para evitar Virus y Spywares al navegar por internet, USE FIREFOX !! * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro. |
|
06/04/08, 10:53:17
| |
| |||
| Re: Os pido un analisis de HijackThis, gracias Muchas gracias por tu atención. He hecho tal y como me dijiste, y aquí tienes el log de combofix: ComboFix 08-04-04.1 - Jaume 2008-04-06 16:34:08.1 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.3082.18.1011 [GMT 2:00] Se ejecuta desde: C:\Users\Jaume\Desktop\ComboFix.exe * Creado un nuevo punto de restauración . (((((((((((((((((((((((((((((((((((( Otras eliminaciones ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\Users\Jaume\AppData\Local\sfhtejvh.dat c:\users\jaume\appdata\local\sfhtejvh.exe c:\Users\Jaume\AppData\Local\sfhtejvh_nav.dat C:\Users\Jaume\AppData\Local\sfhtejvh_navps.dat C:\Users\Jaume\Desktopblackbird.jpg C:\Users\Jaume\DesktopEditorFKWP1.5.exe C:\Users\Jaume\DesktopEditorFKWP2.0.exe C:\Users\Jaume\Desktopfilemanagerclient.exe C:\Users\Jaume\Desktopfkwp1.5.exe C:\Users\Jaume\Desktopfkwp2.0.exe C:\Users\Jaume\Desktopfwebd.exe C:\Users\Jaume\DesktopFWebdEditor.exe C:\Users\Jaume\DesktopTrojan.Win32.BlackBird.exe C:\Users\Jaume\Desktopvirii . (((((((((((((((((( Archivos creados desde 2008-03-06 - 2008-04-06 ))))))))))))))))))))))))))))))))) . Ningún archivo ha sido creado durante este intervalo de tiempo . (((((((((((((((((((((((((((((((((((((( Reporte Find3M )))))))))))))))))))))))))))))))))))))))))))))))))) ) . 2008-04-04 19:48 --------- d-----w C:\ProgramData\SUPERAntiSpyware.com 2008-04-04 19:47 --------- d-----w C:\Users\Jaume\AppData\Roaming\SUPERAntiSpyware.co m 2008-04-04 19:47 --------- d-----w C:\Program Files\SUPERAntiSpyware 2008-04-04 19:47 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-04-04 15:27 --------- d-----w C:\ProgramData\mzyhvtsa 2008-04-04 14:41 --------- d-----w C:\ProgramData\Spybot - Search & Destroy 2008-04-04 14:21 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-04-04 10:12 --------- d-----w C:\Program Files\MiniRacingOnline 2008-04-03 14:20 --------- d-----w C:\Program Files\Panda Security 2008-04-03 11:14 --------- d---a-w C:\ProgramData\TEMP 2008-04-02 21:53 --------- d-----w C:\ProgramData\Yahoo! Companion 2008-04-02 15:30 --------- d-----w C:\Program Files\Babylon 2008-04-02 14:26 --------- d-----w C:\Users\Jaume\AppData\Roaming\Skype 2008-04-02 13:33 --------- d-----w C:\Program Files\Winamp 2008-04-02 13:28 --------- d-----w C:\Program Files\CCleaner 2008-04-02 13:27 --------- d-----w C:\Program Files\Yahoo! 2008-04-01 16:57 --------- d-----w C:\Program Files\ewido 2008-04-01 13:50 --------- d-----w C:\ProgramData\MSScanAppDataDir 2008-03-29 17:45 1,146,232 ----a-w C:\Windows\System32\aswBoot.exe 2008-03-29 17:35 20,560 ----a-w C:\Windows\system32\drivers\aswFsBlk.sys 2008-03-29 17:32 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys 2008-03-29 17:31 75,856 ----a-w C:\Windows\system32\drivers\aswSP.sys 2008-03-29 17:29 23,152 ----a-w C:\Windows\system32\drivers\aswRdr.sys 2008-03-29 17:27 42,912 ----a-w C:\Windows\system32\drivers\aswTdi.sys 2008-03-29 17:23 95,608 ----a-w C:\Windows\System32\AvastSS.scr 2008-03-26 14:00 --------- d-----w C:\ProgramData\ulajijmz 2008-03-26 14:00 --------- d-----w C:\ProgramData\pejswanj 2008-03-19 23:22 --------- d-----w C:\Program Files\rFactor 2008-03-14 21:53 --------- d-----w C:\Users\Jaume\AppData\Roaming\uTorrent 2008-03-13 12:35 --------- d-----w C:\Program Files\Windows Mail 2008-03-09 18:02 --------- d-----w C:\Program Files\SopCast 2008-02-27 21:26 --------- d-----w C:\Program Files\TVAnts 2008-02-17 15:02 --------- d-----w C:\Program Files\Common Files\Steam 2008-02-17 14:09 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-02-14 02:07 194,560 ----a-w C:\Windows\System32\WebClnt.dll 2008-02-14 02:07 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys 2008-02-14 02:04 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys 2008-02-14 02:04 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe 2008-02-14 02:04 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe 2008-02-14 02:04 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys 2008-02-14 02:04 17,464 ----a-w C:\Windows\system32\drivers\intelide.sys 2008-02-14 02:04 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys 2008-02-14 02:03 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys 2008-02-14 02:03 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll 2008-02-14 02:03 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-02-14 02:03 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll 2008-02-14 02:03 24,064 ----a-w C:\Windows\System32\netcfg.exe 2008-02-14 02:03 22,016 ----a-w C:\Windows\System32\netiougc.exe 2008-02-14 02:03 216,632 ----a-w C:\Windows\system32\drivers\netio.sys 2008-02-14 02:03 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-02-14 02:03 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-02-14 02:03 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll 2008-02-14 02:03 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys 2008-02-14 02:03 1,686,528 ----a-w C:\Windows\System32\gameux.dll 2008-02-14 02:01 824,832 ----a-w C:\Windows\System32\wininet.dll 2008-02-14 02:01 56,320 ----a-w C:\Windows\System32\iesetup.dll 2008-02-14 02:01 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll 2008-02-14 02:01 26,624 ----a-w C:\Windows\System32\ieUnatt.exe 2008-02-09 17:31 --------- d-----w C:\Users\Jaume\AppData\Roaming\Paludour 2008-02-06 00:39 --------- d-----w C:\Users\Jaume\AppData\Roaming\SopCast 2008-01-10 08:40 11,776 ----a-w C:\Windows\System32\sbunattend.exe 2008-01-10 05:50 1,244,672 ----a-w C:\Windows\System32\mcmde.dll 2007-09-15 15:09 174 --sha-w C:\Program Files\desktop.ini 2007-08-17 12:31 5,059,072 ----a-w C:\Users\Jaume\autorun.dat 2007-08-17 12:01 26,272 ----a-w C:\Users\Jaume\config.dat 2007-08-17 12:00 5,640,192 ----a-w C:\Users\Jaume\FIFA08 Demo.exe 2007-08-17 05:16 402,696 ----a-w C:\Users\Jaume\AutoRun.exe 2007-08-17 05:16 386,312 ----a-w C:\Users\Jaume\EASetup.exe . ((((((((((((((((((((((((((((((((( Cargando Puntos Reg )))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* entradas vacías & entradas legítimas predeterminadas no son mostradas [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}] 2007-12-13 18:49 1185120 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2007-12-13 18:49 1185120] "{965B54B0-71E0-4611-8DE7-F73FA0B20E26}"= "C:\Program Files\Babylon\Babylon Toolbar\BabylonIEToolBar.dll" [2007-12-18 15:42 267488] [HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1] [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand] [HKEY_CLASSES_ROOT\clsid\{965b54b0-71e0-4611-8de7-f73fa0b20e26}] [HKEY_CLASSES_ROOT\BabylonTBLib.BabylonTB.1] [HKEY_CLASSES_ROOT\TypeLib\{162484B8-B114-453f-A344-C0B24B0F1D99}] [HKEY_CLASSES_ROOT\BabylonTBLib.BabylonTB] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-12-13 18:49 1185120] "{965B54B0-71E0-4611-8DE7-F73FA0B20E26}"= C:\Program Files\Babylon\Babylon Toolbar\BabylonIEToolBar.dll [2007-12-18 15:42 267488] [HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1] [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand] [HKEY_CLASSES_ROOT\clsid\{965b54b0-71e0-4611-8de7-f73fa0b20e26}] [HKEY_CLASSES_ROOT\BabylonTBLib.BabylonTB.1] [HKEY_CLASSES_ROOT\TypeLib\{162484B8-B114-453f-A344-C0B24B0F1D99}] [HKEY_CLASSES_ROOT\BabylonTBLib.BabylonTB] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe" [2007-09-20 21:45 171448] "VoipBuster"="C:\Program Files\VoipBuster.com\VoipBuster\voipbuster.exe" [2008-01-22 19:30 8811824] "pejswanj"="C:\ProgramData\pejswanj\aribihsd.e xe" [2008-03-26 16:00 86016] "eQGCnznfC1"="C:\ProgramData\ulajijmz\snwlkpqp.exe " [2008-03-26 16:00 37376] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36 201728] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488] "mzyhvtsa"="C:\ProgramData\mzyhvtsa\yjmfmvgz.e xe" [2008-04-04 17:27 90112] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-07-12 03:03 1006264] "KeNotify"="C:\Program Files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-06 17:14 34352] "SVPWUTIL"="C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-03-22 21:42 438272] "topi"="C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-04-02 12:48 577536] "RtHDVCpl"="RtHDVCpl.exe" [2007-06-13 07:11 4489216 C:\Windows\RtHDVCpl.exe] "TPwrMain"="C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE" [2007-03-29 10:39 411192] "HSON"="C:\Program Files\TOSHIBA\TBS\HSON.exe" [2006-12-07 16:49 55416] "SmoothView"="C:\Program Files\Toshiba\SmoothView\SmoothView.exe" [2007-05-23 15:57 509496] "00TCrdMain"="C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-05-22 16:32 538744] "HWSetup"="\HWSetup.exe" [ ] "NDSTray.exe"="NDSTray.exe" [] "Desktop SMS"="C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe" [2007-06-18 10:51 1507328] "Skytel"="Skytel.exe" [2007-05-28 14:39 1826816 C:\Windows\SkyTel.exe] "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112] "Camera Assistant Software"="C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" [2007-04-10 16:40 413696] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-08 04:53 894512] "Toshiba Registration"="C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe " [2007-02-19 16:00 571024] "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 14:37 174872] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 10:22 517768] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-09-29 18:32 185632] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-12-20 17:16 37376] "NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 16:57 153136] "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 10:51 1836328] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 21:16 286720] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp. exe" [2008-03-29 19:37 79224] [hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "MSVideo8"= VfWWDM32.dll "msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm.acm [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UacDisableNotify"=dword:00000001 "InternetSettingsDisableNotify"=dword:00000001 "AutoUpdateDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules] "TCP Query User{8A320215-5546-40AA-A653-8376AB86483C}E:\\jocs\\steam\\steamapps\\jaumecv@e mail.com\\day of defeat source\\hl2.exe"= UDP:E:\jocs\steam\steamapps\jaumecv@email.com\day of defeat source\hl2.exe:hl2 "UDP Query User{9C25FB62-C88E-4F88-B27B-91B9FDEE4B70}E:\\jocs\\steam\\steamapps\\jaumecv@e mail.com\\day of defeat source\\hl2.exe"= TCP:E:\jocs\steam\steamapps\jaumecv@email.com\day of defeat source\hl2.exe:hl2 "TCP Query User{629B9401-2E99-4731-9291-71ABC3A0D7A9}E:\\jocs\\steam\\steamapps\\jaumecv@e mail.com\\half-life 2\\hl2.exe"= UDP:E:\jocs\steam\steamapps\jaumecv@email.com\half-life 2\hl2.exe:hl2 "UDP Query User{8C626A83-6FFC-4432-BFFE-87D616B54365}E:\\jocs\\steam\\steamapps\\jaumecv@e mail.com\\half-life 2\\hl2.exe"= TCP:E:\jocs\steam\steamapps\jaumecv@email.com\half-life 2\hl2.exe:hl2 "{5ACA8506-D40C-4D6B-8806-3257A342252A}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{8FD4EB2C-9E6C-4BE3-A15D-B56578C6C94A}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{07CAF7FE-FA47-40B7-8846-32AD5A447A06}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{ED799DCE-DCCC-4D69-9C05-CCC348BDE392}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{C1448998-3F84-4E62-BEA5-2828A0A5DBE5}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{F44205CA-CAE9-43D9-AD06-24C6B6A91339}"= UDP:29900:LocalSubnet:LocalSubnet:team fortress "{D9EA02A7-E493-45BD-A9E0-EECD58B3D015}"= UDP:28900:LocalSubnet:LocalSubnet:Team fortress 2 "TCP Query User{07EDF16D-DE76-471D-B703-CCF5D2A9E56F}E:\\jocs\\steam\\steamapps\\jaumecv@e mail.com\\team fortress 2\\hl2.exe"= UDP:E:\jocs\steam\steamapps\jaumecv@email.com\team fortress 2\hl2.exe:hl2 "UDP Query User{5F1519A7-9BE0-4122-8DCE-084FFCF2C74E}E:\\jocs\\steam\\steamapps\\jaumecv@e mail.com\\team fortress 2\\hl2.exe"= TCP:E:\jocs\steam\steamapps\jaumecv@email.com\team fortress 2\hl2.exe:hl2 "TCP Query User{3B0E5FAB-6184-437D-A5D9-3334AA4C8356}E:\\jocs\\steam\\steamapps\\jaumecv@e mail.com\\day of defeat source\\hl2.exe"= UDP:E:\jocs\steam\steamapps\jaumecv@email.com\day of defeat source\hl2.exe:hl2 "UDP Query User{0047251F-698D-4633-8D45-25B8BB4BAC64}E:\\jocs\\steam\\steamapps\\jaumecv@e mail.com\\day of defeat source\\hl2.exe"= TCP:E:\jocs\steam\steamapps\jaumecv@email.com\day of defeat source\hl2.exe:hl2 "TCP Query User{7F386566-84E5-40FD-A2DE-F7A935271B73}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath "UDP Query User{A601802E-02D4-42DB-B04A-6E006584D77D}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath "{E03589D9-B96B-43EB-8CE5-448D6CA53595}"= UDP:E:\Jocs\Steam\Steam.exe:Steam "{24D55F4E-E29A-4BDC-AB8D-226FF98C420B}"= TCP:E:\Jocs\Steam\Steam.exe:Steam "TCP Query User{53050EE2-186C-43B4-AFC2-D9DB265DB328}C:\\program files\\sopcast\\sopcast.exe"= UDP:C:\program files\sopcast\sopcast.exe:SopCast Main Application "UDP Query User{B09E7127-DEEB-4389-8852-F73561A43777}C:\\program files\\sopcast\\sopcast.exe"= TCP:C:\program files\sopcast\sopcast.exe:SopCast Main Application "TCP Query User{130A50DD-BA28-41FC-9188-A9D145532529}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{1E18F374-BEC4-4B0A-BF02-71C9603DE75A}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "{3317F407-EE72-4215-8A0F-AB259C532C7D}"= UDP:C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe:Voi pBuster "{9C4807E4-A078-4724-A3FF-6268E0D5AA02}"= TCP:C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe:Voi pBuster "TCP Query User{F04E39A2-231E-4CF2-BCA3-98C95171B319}E:\\jocs\\steam\\steamapps\\jaumecv@e mail.com\\source sdk base\\hl2.exe"= UDP:E:\jocs\steam\steamapps\jaumecv@email.com\sour ce sdk base\hl2.exe:hl2 "UDP Query User{53AF2585-90B9-4365-B4CE-DD71B0B8653F}E:\\jocs\\steam\\steamapps\\jaumecv@e mail.com\\source sdk base\\hl2.exe"= TCP:E:\jocs\steam\steamapps\jaumecv@email.com\sour ce sdk base\hl2.exe:hl2 "TCP Query User{AAC50D31-AAB1-4287-BD4D-89DF995570E6}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent "UDP Query User{C7671289-BDEB-455D-9D05-F694A75FFE12}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent "{5D06BB24-2984-4E49-A8D7-EFA3C1087976}"= UDP:28114:utorrent "TCP Query User{C8045284-DA59-4188-A20C-BE66213D56DA}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox "UDP Query User{5F827502-ED65-4095-9A72-9620642AF729}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox "TCP Query User{41BC2A72-0141-415F-B31F-F00BE1842285}C:\\program files\\windows sidebar\\sidebar.exe"= UDP:C:\program files\windows sidebar\sidebar.exe:Windows Sidebar "UDP Query User{C70395A0-08E4-4801-AA7B-2DCBE0778BF1}C:\\program files\\windows sidebar\\sidebar.exe"= TCP:C:\program files\windows sidebar\sidebar.exe:Windows Sidebar "{F25144A9-7FDF-4CBA-87A9-745B100A1D56}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb "{0274D5B8-80BB-40D7-96AF-040DE5F00EAF}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb "{DA65E4F4-0E31-4FD9-B6FF-8F4284C7359D}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray "{F2556135-AC4E-4822-8361-4CA4C40E7A27}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray "{5DBA1E68-2BA8-4332-9498-629C0E875B40}"= UDP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR "{E6A4E6A1-9BAF-4B9A-9EA2-DD1EE7DFBE3B}"= TCP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR "{355583A9-C588-47F1-889E-A948C8797A62}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client "{0F52A932-BF41-4F1A-8B84-4867926BA36E}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client "TCP Query User{01ADDEEF-E847-4828-AD05-FAF5BA9E84F5}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule "UDP Query User{F5EAFD20-7BEF-44E7-B498-C8E4F66C1647}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule "TCP Query User{A79B4DC8-03B0-4489-9E73-F121F51B9F34}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath "UDP Query User{7A1271DE-39EF-4995-823E-F2F375F4685C}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath "TCP Query User{A057FFD4-1641-465A-A054-C4207B9BEC7F}C:\\program files\\kylotonn entertainment\\speedball 2 tournament\\speedball 2\\speedball2.exe"= UDP:C:\program files\kylotonn entertainment\speedball 2 tournament\speedball 2\speedball2.exe:speedball2 "UDP Query User{51D2326B-6AFA-479D-8285-07BC7A9A99BD}C:\\program files\\kylotonn entertainment\\speedball 2 tournament\\speedball 2\\speedball2.exe"= TCP:C:\program files\kylotonn entertainment\speedball 2 tournament\speedball 2\speedball2.exe:speedball2 "TCP Query User{9544255B-DA59-4EEC-819C-B8DB384E850F}C:\\program files\\totalcmd\\totalcmd.exe"= UDP:C:\program files\totalcmd\totalcmd.exe:Total Commander 32 bit international version, file manager replacement for Windows "UDP Query User{F58E0F63-FA00-44C2-9818-986EDF800859}C:\\program files\\totalcmd\\totalcmd.exe"= TCP:C:\program files\totalcmd\totalcmd.exe:Total Commander 32 bit international version, file manager replacement for Windows "TCP Query User{C1428D1B-CCDB-4E1E-9E69-BCF962202227}E:\\jocs\\flatout2\\flatout2.exe"= UDP:E:\jocs\flatout2\flatout2.exe:FlatOut2 "UDP Query User{EB0CE1FC-1880-4BC9-8296-0456911DAD22}E:\\jocs\\flatout2\\flatout2.exe"= TCP:E:\jocs\flatout2\flatout2.exe:FlatOut2 "TCP Query User{E063BFB8-7332-42AD-8B21-BF08E871B42D}E:\\jocs\\flatout2\\flatout2.exe"= UDP:E:\jocs\flatout2\flatout2.exe:FlatOut2 "UDP Query User{DC1ABB61-6783-41C0-ACBD-1F4CF5C70005}E:\\jocs\\flatout2\\flatout2.exe"= TCP:E:\jocs\flatout2\flatout2.exe:FlatOut2 "TCP Query User{50F96DCA-CA8C-4F4A-9642-AE8C0C910F6E}E:\\jocs\\team fortress 2\\hl2.exe"= UDP:E:\jocs\team fortress 2\hl2.exe:hl2 "UDP Query User{74BB2D3D-8C28-4014-92BB-607E1ECFC02B}E:\\jocs\\team fortress 2\\hl2.exe"= TCP:E:\jocs\team fortress 2\hl2.exe:hl2 "TCP Query User{3BE16B3E-C2F5-4387-88DB-55F1013B8005}E:\\jocs\\crimson çskies\\crimson.icd"= UDP:E:\jocs\crimson çskies\crimson.icd:Crimson Skies Executable "UDP Query User{404AD68D-3C8E-44A4-8D6F-D77BAF602A62}E:\\jocs\\crimson çskies\\crimson.icd"= TCP:E:\jocs\crimson çskies\crimson.icd:Crimson Skies Executable "TCP Query User{50004D95-E629-45D4-9F26-4E079C7B85FC}C:\\windows\\system32\\dplaysvr.exe"= UDP:C:\windows\system32\dplaysvr.exe:Archivo auxiliar de DirectPlay de Microsoft "UDP Query User{BFFB2732-F9B3-4599-9409-E42EA1BC3355}C:\\windows\\system32\\dplaysvr.exe"= TCP:C:\windows\system32\dplaysvr.exe:Archivo auxiliar de DirectPlay de Microsoft "TCP Query User{75EC8F70-E0AE-4795-B80C-BB3183CAECA4}E:\\jocs\\testdriveunlimited\\testdri veunlimited.exe"= UDP:E:\jocs\testdriveunlimited\testdriveunlimited. exe:Test Drive Unlimited "UDP Query User{DF08A004-5997-4A06-812B-5069BC3E5D2D}E:\\jocs\\testdriveunlimited\\testdri veunlimited.exe"= TCP:E:\jocs\testdriveunlimited\testdriveunlimited. exe:Test Drive Unlimited "TCP Query User{D3F20D70-2E17-45FC-9327-88FB11F6D000}E:\\jocs\\ravenshield\\system\\ravens hield.exe"= UDP:E:\jocs\ravenshield\system\ravenshield.exe:rav enshield "UDP Query User{0E42A06E-3AA4-4D06-94DE-F71B1C7D9078}E:\\jocs\\ravenshield\\system\\ravens hield.exe"= TCP:E:\jocs\ravenshield\system\ravenshield.exe:rav enshield "TCP Query User{5AB9297C-E212-4F7A-9FE7-FE9841894BF2}E:\\jocs\\crimson çskies\\crimson.exe"= UDP:E:\jocs\crimson çskies\crimson.exe:Crimson Skies Executable "UDP Query User{05B5BA9A-0253-4E78-A1AD-66ACFF684D2A}E:\\jocs\\crimson çskies\\crimson.exe"= TCP:E:\jocs\crimson çskies\crimson.exe:Crimson Skies Executable "{A850880F-1E1C-4FD8-AA68-EF5F1E72C606}"= UDP:C:\Program Files\Sierra\FEAR\FEAR.exe:FEAR "{0CCCEDD4-79C5-4828-B6AF-5513D9A69B7C}"= TCP:C:\Program Files\Sierra\FEAR\FEAR.exe:FEAR "{3B01B727-9BAC-40DC-90F9-E948984B1178}"= UDP:C:\Program Files\Sierra\FEAR\FEARMP.exe:FEAR "{1E2FFF04-246B-476F-9535-662738D4B8E7}"= TCP:C:\Program Files\Sierra\FEAR\FEARMP.exe:FEAR "TCP Query User{54E89C9C-7C7F-4E2C-A5BF-F2B31D3D82CD}E:\\jocs\\rfactor\\rfactor.exe"= UDP:E:\jocs\rfactor\rfactor.exe:rFactor "UDP Query User{F479F160-D7FE-41AA-ACCC-EFD96FF11988}E:\\jocs\\rfactor\\rfactor.exe"= TCP:E:\jocs\rfactor\rfactor.exe:rFactor "TCP Query User{945DF74C-BB0B-4C4F-B22F-93E493E047C2}C:\\jocs\\pes 2008\\pes2008.exe"= UDP:C:\jocs\pes 2008\pes2008.exe:Pro Evolution Soccer 2008 "UDP Query User{CB1A0D16-1907-42D3-8D89-0369409F8B20}C:\\jocs\\pes 2008\\pes2008.exe"= TCP:C:\jocs\pes 2008\pes2008.exe:Pro Evolution Soccer 2008 "{9364368A-25F4-4DC9-B8C6-76BB7F4E9C57}"= TCP:5739:pes 2008 "{B5298CBB-3027-4371-8366-6038CC9C58A8}"= UDP:80:pes2008 1 "{77EEE340-7995-4692-B27B-EC25F93C60ED}"= UDP:443:pes2008 2 "{317FA801-F607-48E8-B7D4-9E46355F0400}"= UDP:8800:pes 2008 "{0D4177D0-268F-4720-A14A-BE129785C8B6}"= UDP:8801:pes 2008 "{45DDCB12-E70C-4340-A923-4BBB35009ADA}"= UDP:8802:pes 2008 "{7EAB0B87-887E-4EBA-AC01-91083763791A}"= UDP:8803:pes 2008 "{021E2E12-BABF-42A4-89FD-F26F8B4980BC}"= UDP:8804:pes 2008 "{A0721B39-3DA6-4AB3-8073-3EE6D6115877}"= UDP:8805:pes 2008 "{ECEE7C47-5FDF-4F81-BED9-E0CEF107F5BC}"= UDP:8806:pes 2008 "{75C82DDF-DF0B-4FAC-940C-699E46001864}"= UDP:8807:pes 2008 "{31459A95-8E85-47AA-BCEE-FCD9AD717820}"= UDP:8809:pes 2008 "{B3357E85-AE27-45E4-83E8-8D24A18B1C27}"= UDP:8810:pes 2008 "{5ADD63D9-E7F8-4E04-8667-294E6C39C36F}"= UDP:8811:pes 2008 "{8E64D1A8-FCC8-47E9-9B12-57EEF92F2C45}"= UDP:8812:pes 2008 "{BA5DB2C4-1C99-46FD-9019-A4F3EE46F117}"= UDP:8813:pes 2008 "{82E26D9B-7465-4F3A-9E68-E062636BFF43}"= UDP:8814:pes 2008 "{BBF816AF-427F-4EA0-B6B8-A9C4EEAA178D}"= UDP:8815:pes 2008 "{7FE6D300-7106-42D4-932C-24567EDB2F61}"= UDP:8816:pes 2008 "{EED0A23A-7A0E-40AB-8DF5-2F768971085E}"= UDP:8817:pes 2008 "{6F9AE6C3-8092-4393-B1DD-906AD8C46658}"= UDP:8818:pes 2008 "{56F0AE5B-C49E-4E1E-B29A-5703FFD21BF2}"= UDP:8819:pes 2008 "{FC20F79E-AF1D-4C17-8CB6-AE66CA81CC0C}"= UDP:8820:pes 2008 "{B3D8AD81-8E36-4651-A70F-33D929550C56}"= UDP:8821:pes 2008 "{FA3780A0-DA2D-41CD-9611-8E3E4533FA3C}"= UDP:8822:pes 2008 "{83E60F80-629F-4EBC-BBFC-B963E4A3FAC8}"= UDP:8823:pes 2008 "{951561A5-B5CA-4F9F-B63B-0249BB944C66}"= UDP:8824:pes 2008 "{A12E7F39-AAD3-4C4B-B874-C7418C83D511}"= UDP:8825:pes 2008 "{15A63926-2D19-4DB3-9B27-BFDD31EA2F00}"= UDP:8826:pes 2008 "{6EEDB058-7281-43EF-A6E2-0708D78D167F}"= UDP:8827:pes 2008 "{7F4BFF22-7879-4C18-8196-FA37079CEC27}"= UDP:8828:pes 2008 "{3CF1F4B4-71CA-44B4-805C-5F1D4397C55D}"= UDP:8829:pes 2008 "{B3311CB9-CFD7-4C65-B900-C2A61BA9C1F4}"= UDP:8830:pes 2008 "{6A316D99-3D2E-4555-B622-960929BDCF37}"= UDP:8831:pes 2008 "{7E42A69C-A161-441F-8628-B77780841985}"= UDP:8832:pes 2008 "{06FA45DD-6255-49BB-BF12-DBCC9D8D242C}"= UDP:8833:pes 2008 "{8BDB8706-E90F-4303-8538-1B722544A0E0}"= UDP:8834:pes 2008 "{EB8F5005-3242-428A-A17F-74A1ADCCEDAE}"= UDP:8835:pes 2008 "{4FDD9BF3-952F-4B66-9A0A-F058132862E9}"= UDP:8836:pes 2008 "{ABC2211A-F468-46CB-81E7-3F6535CB0586}"= UDP:8837:pes 2008 "{11576496-DE89-4F0B-B3D2-EF72060312C9}"= UDP:8838:pes 2008 "{52B7B7CE-A8A8-43CF-BCE4-DBC78699D4E5}"= UDP:8839:pes 2008 "{0195AEB5-DD78-4E28-834E-3AA15F7BE6BC}"= UDP:8840:pes 2008 "{0AA82A6C-D1FC-4542-AF39-0A60FB8E9A0C}"= UDP:8841:pes 2008 "{419F3C2A-2659-493D-B26E-ACBE150E97C2}"= UDP:8842:pes 2008 "{42A4EE7C-F7AE-4E87-825B-24D2476A9A71}"= UDP:8843:pes 2008 "{3E39AD09-C9D8-4812-8802-AE1D72782706}"= UDP:8844:pes 2008 "{488DE13A-A690-49FA-AE18-D8EABBD16E21}"= UDP:8845:pes 2008 "{55456879-7352-4D8D-827A-7C43CEC5641B}"= UDP:8846:pes 2008 "{0D221F34-68B8-4F31-BE86-FB002C333F13}"= UDP:8847:pes 2008 "{E40E90D3-8D72-477A-849C-FC1965424EAF}"= UDP:8848:pes 2008 "{11FB3509-5818-403B-ADE4-9529602797E2}"= UDP:8849:pes 2008 "{FDBBA9BD-2FA5-4713-BCE6-06AB5D1E1F1F}"= UDP:8850:pes 2008 "{2D35F049-172E-4BF7-B955-78961F62BFD9}"= UDP:14020:pes 2008 "{9D1C78FE-1945-4997-BB2D-5FBC806F69A5}"= TCP:5730:pes 2008 "{C44723DA-87E9-4501-A290-68F14349740B}"= TCP:5731:pes 2008 "{CC037DA3-3D02-4493-BD68-29A719B9F244}"= TCP:5732:pes 2008 "{2B377D7F-7E85-47B6-8841-93CB7BC161F8}"= TCP:5733:pes 2008 "{15F6811A-62ED-48C9-9384-9747972C392F}"= TCP:5734:pes 2008 "{FFFEA570-3859-4E74-AC88-F4B79F152136}"= TCP:5735:pes 2008 "{E5FC3F69-8A75-4EA8-A5F2-BAA1907363B1}"= TCP:5736:pes 2008 "{729DEE13-8230-4D9E-BF4D-719A3B14AC55}"= TCP:5737:pes 2008 "{7F57950A-FD6C-430B-B874-7E1B592E7AF1}"= TCP:5738:pes 2008 "{7EBF2651-6697-4BC7-9D94-A15AB433DFCA}"= UDP:8851:pes 2008 "{3D49B0A6-B78C-4D6C-B3E6-84EE61B536AE}"= UDP:8852:pes 2008 "{26AE0EC9-7862-4CB9-9D3A-EB41DC848A58}"= UDP:8853:pes 2008 "{6838A6E7-3B64-4729-9400-1229B371C3D3}"= UDP:8854:pes 2008 "{4F4B72AE-945C-4D84-9964-C7660CCC5226}"= UDP:8855:pes 2008 "{A347C0E3-E7DB-44DC-A686-4CDC78367203}"= UDP:8856:pes 2008 "{34215373-66C2-439E-B41D-6EEE00171F95}"= UDP:8857:pes 2008 "{6CE81FD6-D553-40D0-858F-EF7B0C81CE9E}"= UDP:8858:pes 2008 "{9BBBE457-544B-41A1-8214-8A2AA7948949}"= UDP:8859:pes 2008 "{B15371D6-51E9-4311-A5BF-424FCC882156}"= UDP:8860:pes 2008 "{8D58BA7E-6240-4C00-B794-FF7639FD3E56}"= UDP:8861:pes 2008 "{BD90609E-1F73-4FE3-A5AE-417EB7C3348B}"= UDP:8862:pes 2008 "{8025A80F-CBA6-4C23-962E-84587617E212}"= UDP:8863:pes 2008 "{02521F7A-B3C4-4662-AB5F-BBA1DE2D1F6F}"= UDP:8864:pes 2008 "{64BB60D3-C64C-4DEB-96AE-496594625EDB}"= UDP:8865:pes 2008 "{567EDD7A-76D7-495B-9931-03664BBFF9CC}"= UDP:8866:pes 2008 "{DE16ACCE-3F12-4E1F-B78E-38021B1C6A57}"= UDP:8867:pes 2008 "{2DB44F1F-208A-45F3-9BF1-D2D1FB9216A2}"= UDP:8868:pes 2008 "{CE86D9C5-A321-4975-A0AE-FB84B415A794}"= UDP:8869:pes 2008 "{42ACA596-3A16-49C1-955B-7F1E3F8C6027}"= UDP:8870:pes 2008 "{B5A1E947-FE24-45D9-A57E-E9E96D5D36E1}"= UDP:8871:pes 2008 "{9A2FA8E6-BAEF-4486-92AC-A48ADD868B99}"= UDP:8872:pes 2008 "{7FC19D9D-DE9C-4A8E-8F30-9B3C37B59418}"= UDP:8873:pes 2008 "{62A8F3C2-EECF-4445-93DC-D571E9BEF8F1}"= UDP:8874:pes 2008 "{DB3E9DFA-74CC-482A-8B21-E1EF53674220}"= UDP:8875:pes 2008 "{4FE0E106-DE73-4C38-ABEC-6CD15D51F34E}"= UDP:8876:pes 2008 "{83EFCA02-5832-49D3-AA33-4B1FBA27DFB9}"= UDP:8877:pes 2008 "{EDB1E4E2-A16F-4CED-8A85-B9D33ABC0346}"= UDP:8878:pes 2008 "{C7220C4A-17A2-4824-8BCE-CD9F524EBEEF}"= UDP:8879:pes 2008 "{6B858CD6-EF2F-48FE-BBCD-2C7BFD455102}"= UDP:8880:pes 2008 "{D3695EC4-5916-42BB-969C-38D2656FE876}"= UDP:8881:pes 2008 "{9761DA6C-8085-43C2-AB81-4E7D4F5A9D5E}"= UDP:8882:pes 2008 "{1E2CBF68-3AA1-4F1A-B126-B6E9C389FB1F}"= UDP:8883:pes 2008 "{FE186DB3-8B38-4D9E-9BDE-C7224960FD54}"= UDP:8884:pes 2008 "{2B71AE18-D6EA-459D-A8F7-76A006644154}"= UDP:8885:pes 2008 "{A573B296-113B-47DC-B4E3-609AC5906BBA}"= UDP:8886:pes 2008 "{C6728DFB-4824-441E-85A4-2A97233C7237}"= UDP:8887:pes 2008 "{A432D256-C987-4444-918C-6379EDB3E52A}"= UDP:8888:pes 2008 "{6EDFC778-063E-4859-8FD7-7DED27682BCE}"= UDP:8889:pes 2008 "{A22B0C22-84AF-4382-BA36-0D943E926D07}"= UDP:8890:pes 2008 "{BC7F26C2-B92F-4754-A9E0-04EF9A360AF5}"= UDP:8891:pes 2008 "{5B3A89D2-30E3-4AF8-AC73-BE5FA81B5EFC}"= UDP:8892:pes 2008 "{4B297556-7A73-4D4C-AAE7-74EB7CC3F627}"= UDP:8893:pes 2008 "{EEF3349C-42D5-458F-85B0-C4DF31500C0D}"= UDP:8894:pes 2008 "{26C9A03C-48FF-405F-8EDF-BF959880EF07}"= UDP:8895:pes 2008 "{B50155EF-6BD2-4BDD-A40B-00BB80262201}"= UDP:8896:pes 2008 "{DEC91D48-6EFC-4C38-83A4-95105DB7FE4D}"= UDP:8897:pes 2008 "{7F85FDA5-2592-43BF-A53E-524B9D616BCE}"= UDP:8898:pes 2008 "{5341BA6D-5CB3-425D-B8E9-B1EC4F8588A5}"= UDP:8899:pes 2008 "TCP Query User{4CB2B73E-D401-45CF-990A-ABE2FD99FB5D}E:\\jocs\\testdriveunlimited\\testdri veunlimited.exe"= UDP:E:\jocs\testdriveunlimited\testdriveunlimited. exe:Test Drive Unlimited "UDP Query User{DB260EDA-8660-45B2-9182-E411760DCF2A}E:\\jocs\\testdriveunlimited\\testdri veunlimited.exe"= TCP:E:\jocs\testdriveunlimited\testdriveunlimited. exe:Test Drive Unlimited "TCP Query User{C3DDABA8-F245-4841-88D3-F7C21D835DB4}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent "UDP Query User{A4E70C34-A224-4980-8ABB-1782A038CB85}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent "{569F9E4F-7715-4D01-A8AA-97D350B0C106}"= UDP:C:\Program Files\MiniRacingOnline\MiniRacingOnLine.exe:MiniRa cingOnLine "{D3962026-C064-440D-840F-F326D03E08E7}"= TCP:C:\Program Files\MiniRacingOnline\MiniRacingOnLine.exe:MiniRa cingOnLine [HKLM\~\services\sharedaccess\parameters\firewallpo licy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|S vc=DFSR:Allow inbound TCP traffic| [HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile] "DisableNotifications"= 1 (0x1) R0 CplIR;Embedded IR Driver;C:\Windows\system32\DRIVERS\CplIR.SYS [2007-03-06 15:01] R0 LPCFilter;LPC Lower Filter Driver;C:\Windows\system32\DRIVERS\LPCFilter.sys [2006-07-28 16:25] R0 tos_sps32;TOSHIBA tos_sps32 Service;C:\Windows\system32\DRIVERS\tos_sps32.sys [2007-06-15 21:04] R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-03-29 19:31] R1 BRCMDECO;BRCMDECO;C:\Windows\system32\DRIVERS\BRCM HD32.sys [2007-05-15 15:44] R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswF sBlk.sys [2008-03-29 19:35] R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\as wMonFlt.sys [2008-03-29 19:32] R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43] R2 TNaviSrv;TOSHIBA Navi Support Service;C:\Program Files\TOSHIBA\TOSHIBA HD DVD PLAYER\TNaviSrv.exe [2007-06-15 21:46] R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service;c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2007-02-25 21:55] R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atik mdag.sys [2007-06-21 11:36] R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver;C:\Windows\system32\DRIVERS\tdcmdpst.sys [2006-10-18 12:50] R3 tosrfec;Bluetooth ACPI;C:\Windows\system32\DRIVERS\tosrfec.sys [2006-10-23 16:32] R3 UVCFTR;UVCFTR;C:\Windows\system32\Drivers\UVCFTR_S .SYS [2007-04-16 10:19] S3 athr;Controlador de dispositivo de LAN inalámbrica extensible Atheros;C:\Windows\system32\DRIVERS\athr.sys [2006-11-02 09:30] S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-02-16 20:04] S4 KR10I;KR10I;C:\Windows\system32\drivers\kr10i.sys [2007-01-18 16:40] S4 KR10N;KR10N;C:\Windows\system32\drivers\kr10n.sys [2007-01-18 16:47] [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{12b7de87-ae06-11dc-ac07-001b381daaeb}] \shell\Auto\command - qbtsydcvp.exe \shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL qbtsydcvp.exe . ************************************************** ************************ catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-06 16:36:59 Windows 6.0.6000 NTFS escaneando procesos ocultos ... escaneando entradas ocultas de autostart ... escaneando archivos ocultos ... el escaneo se completo con exito archivos ocultos: 0 ************************************************** ************************ . Tiempo completado: 2008-04-06 16:37:34 ComboFix-quarantined-files.txt 2008-04-06 14:37:31 El sistema no puede encontrar el texto del mensaje para el mensaje número 0x2379 en el archivo de mensajes para Application. El sistema no puede encontrar el texto del mensaje para el mensaje número 0x2379 en el archivo de mensajes para Application. . 2008-04-04 10:04:09 --- E O F --- |
|
06/04/08, 12:30:40
| |
| ||||
| Re: Os pido un analisis de HijackThis, gracias ComboFix detectó y eliminó ya algunos Malwares, pero todavía quedaron algunas cosas para sacar, sigue estos pasos: - Desactiva el Tea Timer para que no interfiera en la limpieza y reinicia el sistema. 1.-Abrir el Notepad
2.- Ahora copia y pega este código dentro del Notepad Código HTML: KillAll::
Folder::
C:\ProgramData\mzyhvtsa
C:\ProgramData\ulajijmz
C:\ProgramData\pejswanj
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"pejswanj"=-
"eQGCnznfC1"=-
"mzyhvtsa"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{12b7de87-ae06-11dc-ac07-001b381daaeb}]
4.- Arrastrar y soltar el archivo CFScript.txt dentro del archivo ComboFix.exe como lo muestra la animación de abajo. Esto activara ComboFix nuevamente.  Reinicia y nos cuentas los resultados. junto con un nuevo reporte de ComboFix y uno de Hijackthis. Saludos Novedades del Foro | Antivirus Online | Eliminar Malwares | Políticas del Foro | Blog * Ayúdanos haciendo una DONACIÓN para poder seguir Ayudando. * Para evitar Virus y Spywares al navegar por internet, USE FIREFOX !! * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro. |
|
06/04/08, 17:21:40
| |
| |||
| Re: Os pido un analisis de HijackThis, gracias Hola de nuevo; He intentado lo que me has dicho de poner el CfScript: se inicia el Combofix, pero al cabo de poco se pone la pantalla azul con un Fatal error system, y se reinicia solo. Lo he probado tres veces, y siempre igual. A qué es debido? Qué paso debe ser el siguiente? Muchas gracias |
|
06/04/08, 21:37:16
| |
| ||||
| Re: Os pido un analisis de HijackThis, gracias En ese caso intenta lo siguiente: - Desactiva el Tea Timer para que no interfiera en la limpieza y reinicia el sistema. - Descarga la herramienta OTMoveIt y lo guardas en el Escritorio. - Haz doble clic sobre OTMoveIt.exe para ejecutarlo. - Debes verificar que esté marcada la opción "Unregister Dll's and Ocx's". - Copia y pega este código en el marco izquierdo de OTMoveIt nombrado Paste List of Filas / Folders to be moved. Código HTML: C:\ProgramData\mzyhvtsa C:\ProgramData\ulajijmz C:\ProgramData\pejswanj - Cuando el resultado aparece en el marco Results, haz clic en Exit. - Reinicia el PC (Este paso es muy importante) Pega el reporte de OTMoveIt situado sobre C: \ _ OTMoveIt\MovedFiles. acompañado de un nuevo reporte de ComboFix. Seguimos pendientes. Saludos Novedades del Foro | Antivirus Online | Eliminar Malwares | Políticas del Foro | Blog * Ayúdanos haciendo una DONACIÓN para poder seguir Ayudando. * Para evitar Virus y Spywares al navegar por internet, USE FIREFOX !! * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro. |
|
07/04/08, 07:08:23
| |
| |||
| Re: Os pido un analisis de HijackThis, gracias Problema resuelto!!!!! Muchas gracias GPastor, eres el amo, ya no me aparece nada de nada, lo has conseguido!  No sé como poner que el tema está resuelto para cerrar este post. Muchas gracias de nuevo por toda tu disponibilidad  Aquí estan los dos logs C:\ProgramData\mzyhvtsa moved successfully. C:\ProgramData\ulajijmz moved successfully. C:\ProgramData\pejswanj moved successfully. OTMoveIt2 by OldTimer - Version 1.0.4.0 log created on 04072008_105539 ComboFix 08-04-04.1 - Jaume 2008-04-07 11:01:17.2 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.3082.18.1195 [GMT 2:00] Se ejecuta desde: C:\Users\Jaume\Desktop\ComboFix.exe . TimedOut: Windir.dat (((((((((((((((((( Archivos creados desde 2008-03-07 - 2008-04-07 ))))))))))))))))))))))))))))))))) . Ningún archivo ha sido creado durante este intervalo de tiempo . (((((((((((((((((((((((((((((((((((((( Reporte Find3M )))))))))))))))))))))))))))))))))))))))))))))))))) ) . 2008-04-06 16:35 --------- d-----w C:\ProgramData\mfufviti 2008-04-04 19:48 --------- d-----w C:\ProgramData\SUPERAntiSpyware.com 2008-04-04 19:47 --------- d-----w C:\Users\Jaume\AppData\Roaming\SUPERAntiSpyware.co m 2008-04-04 19:47 --------- d-----w C:\Program Files\SUPERAntiSpyware 2008-04-04 19:47 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-04-04 14:41 --------- d-----w C:\ProgramData\Spybot - Search & Destroy 2008-04-04 14:21 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-04-04 10:12 --------- d-----w C:\Program Files\MiniRacingOnline 2008-04-03 14:20 --------- d-----w C:\Program Files\Panda Security 2008-04-03 11:14 --------- d---a-w C:\ProgramData\TEMP 2008-04-02 21:53 --------- d-----w C:\ProgramData\Yahoo! Companion 2008-04-02 15:30 --------- d-----w C:\Program Files\Babylon 2008-04-02 14:26 --------- d-----w C:\Users\Jaume\AppData\Roaming\Skype 2008-04-02 13:33 --------- d-----w C:\Program Files\Winamp 2008-04-02 13:28 --------- d-----w C:\Program Files\CCleaner 2008-04-02 13:27 --------- d-----w C:\Program Files\Yahoo! 2008-04-01 16:57 --------- d-----w C:\Program Files\ewido 2008-04-01 13:50 --------- d-----w C:\ProgramData\MSScanAppDataDir 2008-03-29 17:45 1,146,232 ----a-w C:\Windows\System32\aswBoot.exe 2008-03-29 17:35 20,560 ----a-w C:\Windows\system32\drivers\aswFsBlk.sys 2008-03-29 17:32 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys 2008-03-29 17:31 75,856 ----a-w C:\Windows\system32\drivers\aswSP.sys 2008-03-29 17:29 23,152 ----a-w C:\Windows\system32\drivers\aswRdr.sys 2008-03-29 17:27 42,912 ----a-w C:\Windows\system32\drivers\aswTdi.sys 2008-03-29 17:23 95,608 ----a-w C:\Windows\System32\AvastSS.scr 2008-03-19 23:22 --------- d-----w C:\Program Files\rFactor 2008-03-14 21:53 --------- d-----w C:\Users\Jaume\AppData\Roaming\uTorrent 2008-03-13 12:35 --------- d-----w C:\Program Files\Windows Mail 2008-03-09 18:02 --------- d-----w C:\Program Files\SopCast 2008-02-27 21:26 --------- d-----w C:\Program Files\TVAnts 2008-02-17 15:02 --------- d-----w C:\Program Files\Common Files\Steam 2008-02-17 14:09 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-02-14 02:07 194,560 ----a-w C:\Windows\System32\WebClnt.dll 2008-02-14 02:07 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys 2008-02-14 02:04 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys 2008-02-14 02:04 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe 2008-02-14 02:04 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe 2008-02-14 02:04 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys 2008-02-14 02:04 17,464 ----a-w C:\Windows\system32\drivers\intelide.sys 2008-02-14 02:04 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys 2008-02-14 02:03 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys 2008-02-14 02:03 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll 2008-02-14 02:03 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-02-14 02:03 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll 2008-02-14 02:03 24,064 ----a-w C:\Windows\System32\netcfg.exe 2008-02-14 02:03 22,016 ----a-w C:\Windows\System32\netiougc.exe 2008-02-14 02:03 216,632 ----a-w C:\Windows\system32\drivers\netio.sys 2008-02-14 02:03 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-02-14 02:03 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-02-14 02:03 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll 2008-02-14 02:03 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys 2008-02-14 02:03 1,686,528 ----a-w C:\Windows\System32\gameux.dll 2008-02-14 02:01 824,832 ----a-w C:\Windows\System32\wininet.dll 2008-02-14 02:01 56,320 ----a-w C:\Windows\System32\iesetup.dll 2008-02-14 02:01 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll 2008-02-14 02:01 26,624 ----a-w C:\Windows\System32\ieUnatt.exe 2008-02-09 17:31 --------- d-----w C:\Users\Jaume\AppData\Roaming\Paludour 2008-01-10 08:40 11,776 ----a-w C:\Windows\System32\sbunattend.exe 2008-01-10 05:50 1,244,672 ----a-w C:\Windows\System32\mcmde.dll 2007-09-15 15:09 174 --sha-w C:\Program Files\desktop.ini 2007-08-17 12:31 5,059,072 ----a-w C:\Users\Jaume\autorun.dat 2007-08-17 12:01 26,272 ----a-w C:\Users\Jaume\config.dat 2007-08-17 12:00 5,640,192 ----a-w C:\Users\Jaume\FIFA08 Demo.exe 2007-08-17 05:16 402,696 ----a-w C:\Users\Jaume\AutoRun.exe 2007-08-17 05:16 386,312 ----a-w C:\Users\Jaume\EASetup.exe . ((((((((((((((((((((((((((((( snapshot@2008-04-06_16.37.16,36 ))))))))))))))))))))))))))))))))))))))))) . - 2008-04-06 13  19 67,584 --s-a-w C:\Windows\bootstat.dat+ 2008-04-07 08:57:26 67,584 --s-a-w C:\Windows\bootstat.dat - 2008-04-05 22:23:57 1,773,072 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Lo cal\FontCache3.0.0.0.dat + 2008-04-07 08:56:13 1,773,072 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Lo cal\FontCache3.0.0.0.dat - 2008-04-06 14:25:35 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Lo cal\Microsoft\Windows\usrclass.dat + 2008-04-07 08:59:02 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Lo cal\Microsoft\Windows\usrclass.dat - 2008-04-06 13:11:53 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT + 2008-04-07 08:58:58 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT - 2008-04-06 14:33:26 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\ Local\Microsoft\Windows\usrclass.dat + 2008-04-07 09:00:31 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\ Local\Microsoft\Windows\usrclass.dat - 2008-04-06 13:11:48 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.D AT + 2008-04-07 08:58:52 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.D AT - 2008-04-06 13:15:28 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at + 2008-04-07 09:02:36 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at - 2008-04-06 13:15:28 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2008-04-07 09:02:36 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2008-04-06 13:15:28 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat + 2008-04-07 09:02:36 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat - 2008-04-06 13:14:43 104,768 ----a-w C:\Windows\System32\perfc009.dat + 2008-04-07 09:03:48 104,768 ----a-w C:\Windows\System32\perfc009.dat - 2008-04-06 13:14:43 123,364 ----a-w C:\Windows\System32\perfc00A.dat + 2008-04-07 09:03:48 123,364 ----a-w C:\Windows\System32\perfc00A.dat - 2008-04-06 13:14:43 613,046 ----a-w C:\Windows\System32\perfh009.dat + 2008-04-07 09:03:48 613,046 ----a-w C:\Windows\System32\perfh009.dat - 2008-04-06 13:14:43 691,180 ----a-w C:\Windows\System32\perfh00A.dat + 2008-04-07 09:03:48 691,180 ----a-w C:\Windows\System32\perfh00A.dat - 2008-04-06 13:12:18 10,142 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2804976899-3378241370-351480153-1000_UserData.bin + 2008-04-07 08:59:34 10,294 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2804976899-3378241370-351480153-1000_UserData.bin - 2008-04-06 13:12:18 95,702 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics _SystemData.bin + 2008-04-07 08:59:33 96,594 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics _SystemData.bin - 2008-04-06 13:12:16 54,532 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnos tics_SystemData.bin + 2008-04-07 08:59:32 55,020 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnos tics_SystemData.bin . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((( Cargando Puntos Reg )))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Nota* entradas vacías & entradas legítimas predeterminadas no son mostradas [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}] 2007-12-13 18:49 1185120 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2007-12-13 18:49 1185120] "{965B54B0-71E0-4611-8DE7-F73FA0B20E26}"= "C:\Program Files\Babylon\Babylon Toolbar\BabylonIEToolBar.dll" [2007-12-18 15:42 267488] [HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1] [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand] [HKEY_CLASSES_ROOT\clsid\{965b54b0-71e0-4611-8de7-f73fa0b20e26}] [HKEY_CLASSES_ROOT\BabylonTBLib.BabylonTB.1] [HKEY_CLASSES_ROOT\TypeLib\{162484B8-B114-453f-A344-C0B24B0F1D99}] [HKEY_CLASSES_ROOT\BabylonTBLib.BabylonTB] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-12-13 18:49 1185120] "{965B54B0-71E0-4611-8DE7-F73FA0B20E26}"= C:\Program Files\Babylon\Babylon Toolbar\BabylonIEToolBar.dll [2007-12-18 15:42 267488] [HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1] [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand] [HKEY_CLASSES_ROOT\clsid\{965b54b0-71e0-4611-8de7-f73fa0b20e26}] [HKEY_CLASSES_ROOT\BabylonTBLib.BabylonTB.1] [HKEY_CLASSES_ROOT\TypeLib\{162484B8-B114-453f-A344-C0B24B0F1D99}] [HKEY_CLASSES_ROOT\BabylonTBLib.BabylonTB] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe" [2007-09-20 21:45 171448] "VoipBuster"="C:\Program Files\VoipBuster.com\VoipBuster\voipbuster.exe" [2008-01-22 19:30 8811824] "pejswanj"="C:\ProgramData\pejswanj\aribihsd.e xe" [ ] "eQGCnznfC1"="C:\ProgramData\ulajijmz\snwlkpqp.exe " [ ] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36 201728] "mzyhvtsa"="C:\ProgramData\mzyhvtsa\yjmfmvgz.e xe" [ ] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-07-12 03:03 1006264] "KeNotify"="C:\Program Files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-06 17:14 34352] "SVPWUTIL"="C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-03-22 21:42 438272] "topi"="C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-04-02 12:48 577536] "RtHDVCpl"="RtHDVCpl.exe" [2007-06-13 07:11 4489216 C:\Windows\RtHDVCpl.exe] "TPwrMain"="C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE" [2007-03-29 10:39 411192] "HSON"="C:\Program Files\TOSHIBA\TBS\HSON.exe" [2006-12-07 16:49 55416] "SmoothView"="C:\Program Files\Toshiba\SmoothView\SmoothView.exe" [2007-05-23 15:57 509496] "00TCrdMain"="C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-05-22 16:32 538744] "HWSetup"="\HWSetup.exe" [ ] "NDSTray.exe"="NDSTray.exe" [] "Desktop SMS"="C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe" [2007-06-18 10:51 1507328] "Skytel"="Skytel.exe" [2007-05-28 14:39 1826816 C:\Windows\SkyTel.exe] "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112] "Camera Assistant Software"="C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" [2007-04-10 16:40 413696] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-08 04:53 894512] "Toshiba Registration"="C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe " [2007-02-19 16:00 571024] "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 14:37 174872] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 10:22 517768] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-09-29 18:32 185632] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-12-20 17:16 37376] "NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 16:57 153136] "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 10:51 1836328] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 21:16 286720] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp. exe" [2008-03-29 19:37 79224] [hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "MSVideo8"= VfWWDM32.dll "msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm.acm [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UacDisableNotify"=dword:00000001 "InternetSettingsDisableNotify"=dword:00000001 "AutoUpdateDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules] "TCP Query User{8A320215-5546-40AA-A653-8376AB86483C}E:\\jocs\\steam\\steamapps\\jaumecv@e mail.com\\day of defeat source\\hl2.exe"= UDP:E:\jocs\steam\steamapps\jaumecv@email.com\day of defeat source\hl2.exe:hl2 "UDP Query User{9C25FB62-C88E-4F88-B27B-91B9FDEE4B70}E:\\jocs\\steam\\steamapps\\jaumecv@e mail.com\\day of defeat source\\hl2.exe"= TCP:E:\jocs\steam\steamapps\jaumecv@email.com\day of defeat source\hl2.exe:hl2 "TCP Query User{629B9401-2E99-4731-9291-71ABC3A0D7A9}E:\\jocs\\steam\\steamapps\\jaumecv@e mail.com\\half-life 2\\hl2.exe"= UDP:E:\jocs\steam\steamapps\jaumecv@email.com\half-life 2\hl2.exe:hl2 "UDP Query User{8C626A83-6FFC-4432-BFFE-87D616B54365}E:\\jocs\\steam\\steamapps\\jaumecv@e mail.com\\half-life 2\\hl2.exe"= TCP:E:\jocs\steam\steamapps\jaumecv@email.com\half-life 2\hl2.exe:hl2 "{5ACA8506-D40C-4D6B-8806-3257A342252A}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{8FD4EB2C-9E6C-4BE3-A15D-B56578C6C94A}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{07CAF7FE-FA47-40B7-8846-32AD5A447A06}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{ED799DCE-DCCC-4D69-9C05-CCC348BDE392}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{C1448998-3F84-4E62-BEA5-2828A0A5DBE5}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{F44205CA-CAE9-43D9-AD06-24C6B6A91339}"= UDP:29900:LocalSubnet:LocalSubnet:team fortress "{D9EA02A7-E493-45BD-A9E0-EECD58B3D015}"= UDP:28900:LocalSubnet:LocalSubnet:Team fortress 2 "TCP Query User{07EDF16D-DE76-471D-B703-CCF5D2A9E56F}E:\\jocs\\steam\\steamapps\\jaumecv@e mail.com\\team fortress 2\\hl2.exe"= UDP:E:\jocs\steam\steamapps\jaumecv@email.com\team fortress 2\hl2.exe:hl2 "UDP Query User{5F1519A7-9BE0-4122-8DCE-084FFCF2C74E}E:\\jocs\\steam\\steamapps\\jaumecv@e mail.com\\team fortress 2\\hl2.exe"= TCP:E:\jocs\steam\steamapps\jaumecv@email.com\team fortress 2\hl2.exe:hl2 "TCP Query User{3B0E5FAB-6184-437D-A5D9-3334AA4C8356}E:\\jocs\\steam\\steamapps\\jaumecv@e mail.com\\day of defeat source\\hl2.exe"= UDP:E:\jocs\steam\steamapps\jaumecv@email.com\day of defeat source\hl2.exe:hl2 "UDP Query User{0047251F-698D-4633-8D45-25B8BB4BAC64}E:\\jocs\\steam\\steamapps\\jaumecv@e mail.com\\day of defeat source\\hl2.exe"= TCP:E:\jocs\steam\steamapps\jaumecv@email.com\day of defeat source\hl2.exe:hl2 "TCP Query User{7F386566-84E5-40FD-A2DE-F7A935271B73}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath "UDP Query User{A601802E-02D4-42DB-B04A-6E006584D77D}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath "{E03589D9-B96B-43EB-8CE5-448D6CA53595}"= UDP:E:\Jocs\Steam\Steam.exe:Steam "{24D55F4E-E29A-4BDC-AB8D-226FF98C420B}"= TCP:E:\Jocs\Steam\Steam.exe:Steam "TCP Query User{53050EE2-186C-43B4-AFC2-D9DB265DB328}C:\\program files\\sopcast\\sopcast.exe"= UDP:C:\program files\sopcast\sopcast.exe:SopCast Main Application "UDP Query User{B09E7127-DEEB-4389-8852-F73561A43777}C:\\program files\\sopcast\\sopcast.exe"= TCP:C:\program files\sopcast\sopcast.exe:SopCast Main Application "TCP Query User{130A50DD-BA28-41FC-9188-A9D145532529}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{1E18F374-BEC4-4B0A-BF02-71C9603DE75A}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "{3317F407-EE72-4215-8A0F-AB259C532C7D}"= UDP:C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe:Voi pBuster "{9C4807E4-A078-4724-A3FF-6268E0D5AA02}"= TCP:C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe:Voi pBuster "TCP Query User{F04E39A2-231E-4CF2-BCA3-98C95171B319}E:\\jocs\\steam\\steamapps\\jaumecv@e mail.com\\source sdk base\\hl2.exe"= UDP:E:\jocs\steam\steamapps\jaumecv@email.com\sour ce sdk base\hl2.exe:hl2 "UDP Query User{53AF2585-90B9-4365-B4CE-DD71B0B8653F}E:\\jocs\\steam\\steamapps\\jaumecv@e mail.com\\source sdk base\\hl2.exe"= TCP:E:\jocs\steam\steamapps\jaumecv@email.com\sour ce sdk base\hl2.exe:hl2 "TCP Query User{AAC50D31-AAB1-4287-BD4D-89DF995570E6}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent "UDP Query User{C7671289-BDEB-455D-9D05-F694A75FFE12}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent "{5D06BB24-2984-4E49-A8D7-EFA3C1087976}"= UDP:28114:utorrent "TCP Query User{C8045284-DA59-4188-A20C-BE66213D56DA}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox "UDP Query User{5F827502-ED65-4095-9A72-9620642AF729}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox "TCP Query User{41BC2A72-0141-415F-B31F-F00BE1842285}C:\\program files\\windows sidebar\\sidebar.exe"= UDP:C:\program files\windows sidebar\sidebar.exe:Windows Sidebar "UDP Query User{C70395A0-08E4-4801-AA7B-2DCBE0778BF1}C:\\program files\\windows sidebar\\sidebar.exe"= TCP:C:\program files\windows sidebar\sidebar.exe:Windows Sidebar "{F25144A9-7FDF-4CBA-87A9-745B100A1D56}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb "{0274D5B8-80BB-40D7-96AF-040DE5F00EAF}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb "{DA65E4F4-0E31-4FD9-B6FF-8F4284C7359D}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray "{F2556135-AC4E-4822-8361-4CA4C40E7A27}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray "{5DBA1E68-2BA8-4332-9498-629C0E875B40}"= UDP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR "{E6A4E6A1-9BAF-4B9A-9EA2-DD1EE7DFBE3B}"= TCP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR "{355583A9-C588-47F1-889E-A948C8797A62}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client "{0F5 |