 |
| |||||||
| Foro Oficial de HijackThis en español Analizamos tu log de HijackThis para eliminar Hijackers, Spyware, Adware, ToolBars, Virus, Troyanos y Malwares en gral. Antes lea las Políticas del Foro de HijackThis. |
 |
| | Herramientas |
 | 
30/04/08, 18:01:49
|  |
| |||
| csrss.exe , y sin panel de control Hola. Hace dias que tengo el ordenador de los niños hiperralentizado. Casi no funciona nada. Mirando los procesos descubri que tenia el csrss.exe casi al 80% y me abria 2 tareas del iexplore.exe sin solicitarlas y sin visualizarlas. Pase un antivirus y encontre multiples virus que he intentado eliminar todos. ( El vundo se resistio bastante ). Ahora me encuento que da error en el panel de control y por lo tanto no puedo desactivar restaurar sistema, ni nada de nada ( da error de \windows\system32\rundll32.exe y aunque lo restaure con el expand y el disco de instalacion sigue indicandome que no lo encuentra cuando pico el panel ). Resumiendo, adjunto log del Hijack y del antivirus para que le echeis un vistazo a los virus. Logfile of HijackThis v1.99.1 Scan saved at 16:19:36, on 27/04/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Archivos de programa\Archivos comunes\Symantec Shared\ccProxy.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Archivos de programa\Archivos comunes\Symantec Shared\ccSetMgr.exe C:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exe C:\Archivos de programa\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Archivos de programa\TOSHIBA\ConfigFree\CFSvcs.exe C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe C:\Archivos de programa\Network Associates\VirusScan\Mcshield.exe C:\Archivos de programa\Network Associates\VirusScan\VsTskMgr.exe C:\Archivos de programa\Archivos comunes\Symantec Shared\Security Center\SymWSC.exe C:\Archivos de programa\Apoint2K\Apoint.exe C:\Archivos de programa\TOSHIBA\E-KEY\CeEKey.exe C:\WINDOWS\system32\TCtrlIOHook.exe C:\WINDOWS\system32\TPSMain.exe C:\Archivos de programa\TOSHIBA\Tvs\TvsTray.exe C:\Archivos de programa\TOSHIBA\ConfigFree\NDSTray.exe C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Archivos de programa\Windows Live\Protección infantil\fssui.exe C:\Archivos de programa\Network Associates\VirusScan\SHSTAT.EXE C:\Archivos de programa\Network Associates\Common Framework\UpdaterUI.exe C:\Archivos de programa\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe C:\Archivos de programa\TOSHIBA\TouchPad\TPTray.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\TPSBattM.exe C:\Archivos de programa\Apoint2K\Apntex.exe C:\Archivos de programa\Toshiba\TOSHIBA Controls\TFncKy.exe C:\Archivos de programa\Archivos comunes\Symantec Shared\SNDSrvc.exe C:\Archivos de programa\Messenger\msmsgs.exe C:\Archivos de programa\HJT\HijackThis.exe C:\Archivos de programa\Internet Explorer\iexplore.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://es.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://es.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://es.search.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://es.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://es.search.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://es.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://resultsmaster.com/SmartOffers/Services/resultsmaster/ResultsMasterHomeLeftPane.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\ARCHIV~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: (no name) - {51E061B3-C242-4032-8700-1CECA171CF49} - (no file) O2 - BHO: {12041ab2-2b60-f4fa-29c4-ba295a512997} - {799215a5-92ab-4c92-af4f-06b22ba14021} - (no file) O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Archivos de programa\Windows Live Toolbar\msntb.dll O2 - BHO: (no name) - {e8fcb647-4b1f-4485-a2f0-0ebbae0478b2} - (no file) O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Archivos de programa\Archivos comunes\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Archivos de programa\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [Apoint] C:\Archivos de programa\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [CeEKEY] C:\Archivos de programa\TOSHIBA\E-KEY\CeEKey.exe O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [Tvs] C:\Archivos de programa\TOSHIBA\Tvs\TvsTray.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [ccApp] "C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Archivos de programa\Norton Internet Security\UrlLstCk.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [fssui] "C:\Archivos de programa\Windows Live\Protección infantil\fssui.exe" -autorun O4 - HKLM\..\Run: [ShStatEXE] "C:\Archivos de programa\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Archivos de programa\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [HWSetup] C:\Archivos de programa\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP O4 - HKLM\..\Run: [SmoothView] C:\Archivos de programa\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe O4 - HKLM\..\Run: [TPNF] C:\Archivos de programa\TOSHIBA\TouchPad\TPTray.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Inicio rápido de Adobe Reader.lnk = C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Archivos de programa\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O9 - Extra button: Agregar entrada - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Archivos de programa\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Agregar entrada en Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Archivos de programa\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Archivos de programa\ShoppingReport\Bin\2.5.0\ShoppingReport.d ll O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Archivos de programa\ShoppingReport\Bin\2.5.0\ShoppingReport.d ll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARCHIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARCHIV~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Archivos de programa\Windows Live\Mail\mailcomm.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: partnershipreg - C:\Documents and Settings\All Users\Documentos\Settings\partnership.dll O20 - Winlogon Notify: rqRJBUMf - rqRJBUMf.dll (file missing) O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Archivos de programa\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Archivos de programa\Ares\chatServer.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccSetMgr.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Archivos de programa\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Archivos de programa\Norton Internet Security\ISSVC.exe O23 - Service: McAfee Framework Service (mcafeeframework) - Network Associates, Inc. - C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (mcshield) - Network Associates, Inc. - C:\Archivos de programa\Network Associates\VirusScan\Mcshield.exe O23 - Service: Network Associates Task Manager (mctaskmanager) - Network Associates, Inc. - C:\Archivos de programa\Network Associates\VirusScan\VsTskMgr.exe O23 - Service: Servicio Auto-Protect de Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Archivos de programa\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: SAVScan - Symantec Corporation - C:\Archivos de programa\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\ARCHIV~1\ARCHIV~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\Security Center\SymWSC.exe O23 - Service: TuneUp WinStyler Theme Service (tuwinstylerthemesvc) - TuneUp Software GmbH - C:\Archivos de programa\TuneUp Utilities 2006\WinStylerThemeSvc.exe ----------------------------------------------------------------- 22/04/2008 23:03 Scan Started BEQA\beqa Scan All Fixed Disks 22/04/2008 23:03 Scan Summary BEQA\beqa Scan Summary (Regular Scanning) 22/04/2008 23:03 Scan Summary BEQA\beqa Boot sectors scanned : 1 22/04/2008 23:03 Scan Summary BEQA\beqa Boot sectors infected : 0 22/04/2008 23:03 Scan Summary BEQA\beqa Boot sectors cleaned : 0 22/04/2008 23:03 Scan Summary BEQA\beqa Files scanned : 0 22/04/2008 23:03 Scan Summary BEQA\beqa Files infected : 0 22/04/2008 23:03 Scan Summary BEQA\beqa Files cleaned : 0 22/04/2008 23:03 Scan Summary BEQA\beqa Files deleted : 0 22/04/2008 23:03 Scan Summary BEQA\beqa Files moved : 0 22/04/2008 23:03 Scan Summary BEQA\beqa Scan Summary (Memory Scanning) 22/04/2008 23:03 Scan Summary BEQA\beqa Files scanned : 13 22/04/2008 23:03 Scan Summary BEQA\beqa Files infected : 0 22/04/2008 23:03 Scan Terminated BEQA\beqa Scan All Fixed Disks 23/04/2008 0:53 Scan Started BEQA\beqa Scan All Fixed Disks 23/04/2008 0:53 Memory Infected BEQA\beqa C:\WINDOWS\system32\winlogon.exe Spy-Agent.bw!mem (Trojan) (No Remover Available) 23/04/2008 0:55 Infected BEQA\beqa C:\d.exe\00001260.EXE\00001260.EXE Proxy-Agent.ai (Trojan) (Removable) 23/04/2008 0:55 Deleted BEQA\beqa C:\d.exe File was deleted as part of Cleaning it 23/04/2008 0:55 Infected BEQA\beqa C:\d1.exe Generic Packed (Trojan) (Removable) 23/04/2008 0:55 Deleted BEQA\beqa C:\d1.exe File was deleted as part of Cleaning it 23/04/2008 0:55 Infected BEQA\beqa C:\whcbdc.exe AdClicker-EL (Trojan) (Removable) 23/04/2008 0:55 Deleted BEQA\beqa C:\whcbdc.exe File was deleted as part of Cleaning it 23/04/2008 6:59 Infected BEQA\beqa C:\Archivos de programa\Helper\1207418900.dll\1207418900.dll Puper.dll (Trojan) (Removable) 23/04/2008 6:59 Deleted BEQA\beqa C:\Archivos de programa\Helper\1207418900.dll File was deleted as part of Cleaning it 23/04/2008 6:59 Infected BEQA\beqa C:\Archivos de programa\Helper\1207470144.dll\1207470144.dll Puper.dll (Trojan) (Removable) 23/04/2008 6:59 Deleted BEQA\beqa C:\Archivos de programa\Helper\1207470144.dll File was deleted as part of Cleaning it 23/04/2008 7:15 Infected BEQA\beqa C:\Documents and Settings\beqa\Configuración local\Temp\file438.exe Spy-Agent.bw.gen.c (Trojan) (Removable) 23/04/2008 7:15 Deleted BEQA\beqa C:\Documents and Settings\beqa\Configuración local\Temp\file438.exe File was deleted as part of Cleaning it 23/04/2008 7:21 Infected BEQA\beqa C:\Documents and Settings\LocalService\Configuración local\Archivos temporales de Internet\Content.IE5\KPAN0DER\sdferw[1].htm\sdferw[1].htm\000030b0.EXE\000030b0.EXE Puper.dll (Trojan) (Removable) 23/04/2008 7:21 Deleted BEQA\beqa C:\Documents and Settings\LocalService\Configuración local\Archivos temporales de Internet\Content.IE5\KPAN0DER\sdferw[1].htm File was deleted as part of Cleaning it 23/04/2008 7:21 Infected BEQA\beqa C:\Documents and Settings\LocalService\Configuración local\Archivos temporales de Internet\Content.IE5\KPAN0DER\sdferw[2].htm\sdferw[2].htm\000030b0.EXE\000030b0.EXE Puper.dll (Trojan) (Removable) 23/04/2008 7:21 Deleted BEQA\beqa C:\Documents and Settings\LocalService\Configuración local\Archivos temporales de Internet\Content.IE5\KPAN0DER\sdferw[2].htm File was deleted as part of Cleaning it 23/04/2008 7:26 Infected BEQA\beqa C:\System Volume Information\_restore{1E62061E-E092-449F-BD23-384DE4A75560}\RP11\A0028554.exe Generic Dropper.az (Trojan) (Removable) 23/04/2008 7:26 Deleted BEQA\beqa C:\System Volume Information\_restore{1E62061E-E092-449F-BD23-384DE4A75560}\RP11\A0028554.exe File was deleted as part of Cleaning it 23/04/2008 7:27 Infected BEQA\beqa C:\System Volume Information\_restore{1E62061E-E092-449F-BD23-384DE4A75560}\RP12\A0029558.exe\00001260.EXE\00001 260.EXE Proxy-Agent.ai (Trojan) (Removable) 23/04/2008 7:27 Deleted BEQA\beqa C:\System Volume Information\_restore{1E62061E-E092-449F-BD23-384DE4A75560}\RP12\A0029558.exe File was deleted as part of Cleaning it 23/04/2008 7:27 Infected BEQA\beqa C:\System Volume Information\_restore{1E62061E-E092-449F-BD23-384DE4A75560}\RP12\A0029559.exe Generic Packed (Trojan) (Removable) 23/04/2008 7:27 Deleted BEQA\beqa C:\System Volume Information\_restore{1E62061E-E092-449F-BD23-384DE4A75560}\RP12\A0029559.exe File was deleted as part of Cleaning it 23/04/2008 7:27 Infected BEQA\beqa C:\System Volume Information\_restore{1E62061E-E092-449F-BD23-384DE4A75560}\RP12\A0029560.exe AdClicker-EL (Trojan) (Removable) 23/04/2008 7:27 Deleted BEQA\beqa C:\System Volume Information\_restore{1E62061E-E092-449F-BD23-384DE4A75560}\RP12\A0029560.exe File was deleted as part of Cleaning it 23/04/2008 7:27 Infected BEQA\beqa C:\System Volume Information\_restore{1E62061E-E092-449F-BD23-384DE4A75560}\RP12\A0029561.dll\A0029561.dll Puper.dll (Trojan) (Removable) 23/04/2008 7:27 Deleted BEQA\beqa C:\System Volume Information\_restore{1E62061E-E092-449F-BD23-384DE4A75560}\RP12\A0029561.dll File was deleted as part of Cleaning it 23/04/2008 7:27 Infected BEQA\beqa C:\System Volume Information\_restore{1E62061E-E092-449F-BD23-384DE4A75560}\RP12\A0029562.dll\A0029562.dll Puper.dll (Trojan) (Removable) 23/04/2008 7:27 Deleted BEQA\beqa C:\System Volume Information\_restore{1E62061E-E092-449F-BD23-384DE4A75560}\RP12\A0029562.dll File was deleted as part of Cleaning it 23/04/2008 7:28 Infected BEQA\beqa C:\System Volume Information\_restore{1E62061E-E092-449F-BD23-384DE4A75560}\RP4\A0002079.exe Spy-Agent.bw.gen.c (Trojan) (Removable) 23/04/2008 7:28 Deleted BEQA\beqa C:\System Volume Information\_restore{1E62061E-E092-449F-BD23-384DE4A75560}\RP4\A0002079.exe File was deleted as part of Cleaning it 23/04/2008 7:32 Infected BEQA\beqa C:\System Volume Information\_restore{1E62061E-E092-449F-BD23-384DE4A75560}\RP9\A0012513.exe Generic Packed (Trojan) (Removable) 23/04/2008 7:32 Deleted BEQA\beqa C:\System Volume Information\_restore{1E62061E-E092-449F-BD23-384DE4A75560}\RP9\A0012513.exe File was deleted as part of Cleaning it 23/04/2008 7:32 Infected BEQA\beqa C:\System Volume Information\_restore{1E62061E-E092-449F-BD23-384DE4A75560}\RP9\A0012514.exe Generic Packed (Trojan) (Removable) 23/04/2008 7:32 Deleted BEQA\beqa C:\System Volume Information\_restore{1E62061E-E092-449F-BD23-384DE4A75560}\RP9\A0012514.exe File was deleted as part of Cleaning it 23/04/2008 7:33 Infected BEQA\beqa C:\System Volume Information\_restore{1E62061E-E092-449F-BD23-384DE4A75560}\RP9\A0016514.exe AdClicker-EL (Trojan) (Removable) 23/04/2008 7:33 Deleted BEQA\beqa C:\System Volume Information\_restore{1E62061E-E092-449F-BD23-384DE4A75560}\RP9\A0016514.exe File was deleted as part of Cleaning it 23/04/2008 7:33 Infected BEQA\beqa C:\System Volume Information\_restore{1E62061E-E092-449F-BD23-384DE4A75560}\RP9\A0016515.exe Generic Packed (Trojan) (Removable) 23/04/2008 7:33 Deleted BEQA\beqa C:\System Volume Information\_restore{1E62061E-E092-449F-BD23-384DE4A75560}\RP9\A0016515.exe File was deleted as part of Cleaning it 23/04/2008 7:33 Infected BEQA\beqa C:\System Volume Information\_restore{1E62061E-E092-449F-BD23-384DE4A75560}\RP9\A0016516.exe Generic Packed (Trojan) (Removable) 23/04/2008 7:33 Deleted BEQA\beqa C:\System Volume Information\_restore{1E62061E-E092-449F-BD23-384DE4A75560}\RP9\A0016516.exe File was deleted as part of Cleaning it 23/04/2008 8:01 Infected BEQA\beqa C:\WINDOWS\system32\awtrRKby.dll vundo (Trojan) (Removable) 23/04/2008 8:02 Deleted BEQA\beqa C:\WINDOWS\system32\awtrRKby.dll File was deleted as part of Cleaning it 23/04/2008 8:04 Infected BEQA\beqa C:\WINDOWS\system32\iiFwuUKD.dll vundo (Trojan) (Removable) 23/04/2008 8:05 Deleted BEQA\beqa C:\WINDOWS\system32\iiFwuUKD.dll File was deleted as part of Cleaning it 23/04/2008 8:07 Infected BEQA\beqa C:\WINDOWS\system32\rqRJBUMf.dll vundo (Trojan) (Removable) 23/04/2008 8:09 Clean Error BEQA\beqa C:\WINDOWS\system32\rqRJBUMf.dll vundo (Trojan) (Removable) 23/04/2008 8:09 Move Error BEQA\beqa Error occurred while trying to access C:\WINDOWS\system32\rqRJBUMf.dll. Cannot write to the file. Please check if it is write protected. 23/04/2008 8:11 Infected BEQA\beqa C:\WINDOWS\system32\xxywWoPf.dll Vundo (Trojan) (Removable) 23/04/2008 8:11 Clean Error BEQA\beqa C:\WINDOWS\system32\xxywWoPf.dll Vundo (Trojan) (Removable) 23/04/2008 8:11 Move Error BEQA\beqa Error occurred while trying to access C:\WINDOWS\system32\xxywWoPf.dll. Cannot write to the file. Please check if it is write protected. 23/04/2008 8:11 Infected BEQA\beqa C:\WINDOWS\system32\config\systemprofile\Configura ción local\Archivos temporales de Internet\Content.IE5\1PY767PO\pcguuyzd[1].htm AdClicker-EL (Trojan) (Removable) 23/04/2008 8:11 Deleted BEQA\beqa C:\WINDOWS\system32\config\systemprofile\Configura ción local\Archivos temporales de Internet\Content.IE5\1PY767PO\pcguuyzd[1].htm File was deleted as part of Cleaning it 23/04/2008 8:11 Infected BEQA\beqa C:\WINDOWS\system32\config\systemprofile\Configura ción local\Archivos temporales de Internet\Content.IE5\1PY767PO\pcguuyzd[2].htm AdClicker-EL (Trojan) (Removable) 23/04/2008 8:11 Deleted BEQA\beqa C:\WINDOWS\system32\config\systemprofile\Configura ción local\Archivos temporales de Internet\Content.IE5\1PY767PO\pcguuyzd[2].htm File was deleted as part of Cleaning it 23/04/2008 8:11 Infected BEQA\beqa C:\WINDOWS\system32\config\systemprofile\Configura ción local\Archivos temporales de Internet\Content.IE5\FGN9YNOJ\ivwwnf[1].htm vundo (Trojan) (Removable) 23/04/2008 8:12 Deleted BEQA\beqa C:\WINDOWS\system32\config\systemprofile\Configura ción local\Archivos temporales de Internet\Content.IE5\FGN9YNOJ\ivwwnf[1].htm File was deleted as part of Cleaning it 23/04/2008 8:12 Infected BEQA\beqa C:\WINDOWS\system32\config\systemprofile\Configura ción local\Archivos temporales de Internet\Content.IE5\FGN9YNOJ\ivwwnf[2].htm vundo (Trojan) (Removable) 23/04/2008 8:12 Deleted BEQA\beqa C:\WINDOWS\system32\config\systemprofile\Configura ción local\Archivos temporales de Internet\Content.IE5\FGN9YNOJ\ivwwnf[2].htm File was deleted as part of Cleaning it 23/04/2008 8:12 Infected BEQA\beqa C:\WINDOWS\system32\config\systemprofile\Configura ción local\Archivos temporales de Internet\Content.IE5\TBYYNRO8\ddos[1].txt\00001260.EXE\00001260.EXE Proxy-Agent.ai (Trojan) (Removable) 23/04/2008 8:12 Deleted BEQA\beqa C:\WINDOWS\system32\config\systemprofile\Configura ción local\Archivos temporales de Internet\Content.IE5\TBYYNRO8\ddos[1].txt File was deleted as part of Cleaning it 23/04/2008 8:12 Infected BEQA\beqa C:\WINDOWS\system32\config\systemprofile\Configura ción local\Archivos temporales de Internet\Content.IE5\TBYYNRO8\raeswxxo[1].htm Generic Packed (Trojan) (Removable) 23/04/2008 8:12 Deleted BEQA\beqa C:\WINDOWS\system32\config\systemprofile\Configura ción local\Archivos temporales de Internet\Content.IE5\TBYYNRO8\raeswxxo[1].htm File was deleted as part of Cleaning it 23/04/2008 8:12 Infected BEQA\beqa C:\WINDOWS\system32\config\systemprofile\Configura ción local\Archivos temporales de Internet\Content.IE5\TBYYNRO8\raeswxxo[2].htm Generic Packed (Trojan) (Removable) 23/04/2008 8:12 Deleted BEQA\beqa C:\WINDOWS\system32\config\systemprofile\Configura ción local\Archivos temporales de Internet\Content.IE5\TBYYNRO8\raeswxxo[2].htm File was deleted as part of Cleaning it 23/04/2008 8:12 Infected BEQA\beqa C:\WINDOWS\system32\config\systemprofile\Configura ción local\Archivos temporales de Internet\Content.IE5\VN9V1M6N\abbct[1].htm Generic Packed (Trojan) (Removable) 23/04/2008 8:12 Deleted BEQA\beqa C:\WINDOWS\system32\config\systemprofile\Configura ción local\Archivos temporales de Internet\Content.IE5\VN9V1M6N\abbct[1].htm File was deleted as part of Cleaning it 23/04/2008 8:12 Infected BEQA\beqa C:\WINDOWS\system32\config\systemprofile\Configura ción local\Archivos temporales de Internet\Content.IE5\VN9V1M6N\abbct[2].htm Generic Packed (Trojan) (Removable) 23/04/2008 8:13 Deleted BEQA\beqa C:\WINDOWS\system32\config\systemprofile\Configura ción local\Archivos temporales de Internet\Content.IE5\VN9V1M6N\abbct[2].htm File was deleted as part of Cleaning it 23/04/2008 8:13 Infected BEQA\beqa C:\WINDOWS\system32\config\systemprofile\Configura ción local\Archivos temporales de Internet\Content.IE5\VN9V1M6N\ddos1[1].txt Generic Packed (Trojan) (Removable) 23/04/2008 8:13 Deleted BEQA\beqa C:\WINDOWS\system32\config\systemprofile\Configura ción local\Archivos temporales de Internet\Content.IE5\VN9V1M6N\ddos1[1].txt File was deleted as part of Cleaning it 23/04/2008 8:16 Infected BEQA\beqa C:\WINDOWS\Temp\13D.tmp Generic PWS.y (Trojan) (Removable) 23/04/2008 8:16 Deleted BEQA\beqa C:\WINDOWS\Temp\13D.tmp File was deleted as part of Cleaning it 23/04/2008 8:16 Infected BEQA\beqa C:\WINDOWS\Temp\152.tmp Spy-Agent.bw.gen.c (Trojan) (Removable) 23/04/2008 8:16 Deleted BEQA\beqa C:\WINDOWS\Temp\152.tmp File was deleted as part of Cleaning it 23/04/2008 8:16 Infected BEQA\beqa C:\WINDOWS\Temp\45.tmp Spy-Agent.bw.gen.c (Trojan) (Removable) 23/04/2008 8:16 Deleted BEQA\beqa C:\WINDOWS\Temp\45.tmp File was deleted as part of Cleaning it 23/04/2008 8:16 Infected BEQA\beqa C:\WINDOWS\Temp\9.tmp Generic PWS.y (Trojan) (Removable) 23/04/2008 8:16 Deleted BEQA\beqa C:\WINDOWS\Temp\9.tmp File was deleted as part of Cleaning it 23/04/2008 8:17 Scan Summary BEQA\beqa Scan Summary (Regular Scanning) 23/04/2008 8:17 Scan Summary BEQA\beqa Boot sectors scanned : 1 23/04/2008 8:17 Scan Summary BEQA\beqa Boot sectors infected : 0 23/04/2008 8:17 Scan Summary BEQA\beqa Boot sectors cleaned : 0 23/04/2008 8:17 Scan Summary BEQA\beqa Files scanned : 40723 23/04/2008 8:17 Scan Summary BEQA\beqa Files infected : 38 23/04/2008 8:17 Scan Summary BEQA\beqa Files cleaned : 0 23/04/2008 8:17 Scan Summary BEQA\beqa Files deleted : 36 23/04/2008 8:17 Scan Summary BEQA\beqa Files moved : 0 23/04/2008 8:17 Scan Summary BEQA\beqa Scan Summary (Memory Scanning) 23/04/2008 8:17 Scan Summary BEQA\beqa Files scanned : 51 23/04/2008 8:17 Scan Summary BEQA\beqa Files infected : 1 23/04/2008 8:17 Scan Complete BEQA\beqa Scan All Fixed Disks 23/04/2008 23:15 Scan Started BEQA\beqa Scan All Fixed Disks 23/04/2008 23:21 Scan Summary BEQA\beqa Scan Summary (Regular Scanning) 23/04/2008 23:21 Scan Summary BEQA\beqa Boot sectors scanned : 1 23/04/2008 23:21 Scan Summary BEQA\beqa Boot sectors infected : 0 23/04/2008 23:21 Scan Summary BEQA\beqa Boot sectors cleaned : 0 23/04/2008 23:21 Scan Summary BEQA\beqa Files scanned : 1801 23/04/2008 23:21 Scan Summary BEQA\beqa Files infected : 0 23/04/2008 23:21 Scan Summary BEQA\beqa Files cleaned : 0 23/04/2008 23:21 Scan Summary BEQA\beqa Files deleted : 0 23/04/2008 23:21 Scan Summary BEQA\beqa Files moved : 0 23/04/2008 23:21 Scan Summary BEQA\beqa Scan Summary (Memory Scanning) 23/04/2008 23:21 Scan Summary BEQA\beqa Files scanned : 48 23/04/2008 23:21 Scan Summary BEQA\beqa Files infected : 0 23/04/2008 23:21 Scan Terminated BEQA\beqa Scan All Fixed Disks 24/04/2008 22:46 Scan Started BEQA\Administrador On-Demand Scan 24/04/2008 22:52 Scan Started BEQA\Administrador Scan All Fixed Disks 24/04/2008 22:54 Scan Summary BEQA\Administrador Scan Summary (Regular Scanning) 24/04/2008 22:54 Scan Summary BEQA\Administrador Boot sectors scanned : 2 24/04/2008 22:54 Scan Summary BEQA\Administrador Boot sectors infected : 0 24/04/2008 22:54 Scan Summary BEQA\Administrador Boot sectors cleaned : 0 24/04/2008 22:54 Scan Summary BEQA\Administrador Files scanned : 1847 24/04/2008 22:54 Scan Summary BEQA\Administrador Files infected : 0 24/04/2008 22:54 Scan Summary BEQA\Administrador Files cleaned : 0 24/04/2008 22:54 Scan Summary BEQA\Administrador Files deleted : 0 24/04/2008 22:54 Scan Summary BEQA\Administrador Files moved : 0 24/04/2008 22:54 Scan Summary BEQA\Administrador Scan Summary (Memory Scanning) 24/04/2008 22:54 Scan Summary BEQA\Administrador Files scanned : 9 24/04/2008 22:54 Scan Summary BEQA\Administrador Files infected : 0 24/04/2008 22:54 Scan Terminated BEQA\Administrador On-Demand Scan 24/04/2008 23:27 Infected BEQA\Administrador C:\System Volume Information\_restore{1E62061E-E092-449F-BD23-384DE4A75560}\RP13\A0029603.exe Spy-Agent.bw.gen.c (Trojan) (Removable) 24/04/2008 23:27 Deleted BEQA\Administrador C:\System Volume Information\_restore{1E62061E-E092-449F-BD23-384DE4A75560}\RP13\A0029603.exe File was deleted as part of Cleaning it 25/04/2008 0:07 Infected BEQA\Administrador C:\WINDOWS\system32\rqRJBUMf.dll vundo (Trojan) (Removable) 25/04/2008 0:07 Clean Error BEQA\Administrador C:\WINDOWS\system32\rqRJBUMf.dll vundo (Trojan) (Removable) 25/04/2008 0:07 Move Error BEQA\Administrador Error occurred while trying to access C:\WINDOWS\system32\rqRJBUMf.dll. Cannot write to the file. Please check if it is write protected. 25/04/2008 0:09 Infected BEQA\Administrador C:\WINDOWS\system32\xxywWoPf.dll Vundo (Trojan) (Removable) 25/04/2008 0:09 Clean Error BEQA\Administrador C:\WINDOWS\system32\xxywWoPf.dll Vundo (Trojan) (Removable) 25/04/2008 0:09 Move Error BEQA\Administrador Error occurred while trying to access C:\WINDOWS\system32\xxywWoPf.dll. Cannot write to the file. Please check if it is write protected. 25/04/2008 0:13 Scan Summary BEQA\Administrador Scan Summary (Regular Scanning) 25/04/2008 0:13 Scan Summary BEQA\Administrador Boot sectors scanned : 1 25/04/2008 0:13 Scan Summary BEQA\Administrador Boot sectors infected : 0 25/04/2008 0:13 Scan Summary BEQA\Administrador Boot sectors cleaned : 0 25/04/2008 0:13 Scan Summary BEQA\Administrador Files scanned : 39088 25/04/2008 0:13 Scan Summary BEQA\Administrador Files infected : 3 25/04/2008 0:13 Scan Summary BEQA\Administrador Files cleaned : 0 25/04/2008 0:13 Scan Summary BEQA\Administrador Files deleted : 1 25/04/2008 0:13 Scan Summary BEQA\Administrador Files moved : 0 25/04/2008 0:13 Scan Summary BEQA\Administrador Scan Summary (Memory Scanning) 25/04/2008 0:13 Scan Summary BEQA\Administrador Files scanned : 12 25/04/2008 0:13 Scan Summary BEQA\Administrador Files infected : 0 25/04/2008 0:13 Scan Complete BEQA\Administrador Scan All Fixed Disks 25/04/2008 6:40 Scan Started BEQA\Administrador Scan All Fixed Disks 25/04/2008 6:40 Scan Summary BEQA\Administrador Scan Summary (Regular Scanning) 25/04/2008 6:40 Scan Summary BEQA\Administrador Boot sectors scanned : 1 25/04/2008 6:40 Scan Summary BEQA\Administrador Boot sectors infected : 0 25/04/2008 6:40 Scan Summary BEQA\Administrador Boot sectors cleaned : 0 25/04/2008 6:40 Scan Summary BEQA\Administrador Files scanned : 0 25/04/2008 6:40 Scan Summary BEQA\Administrador Files infected : 0 25/04/2008 6:40 Scan Summary BEQA\Administrador Files cleaned : 0 25/04/2008 6:40 Scan Summary BEQA\Administrador Files deleted : 0 25/04/2008 6:40 Scan Summary BEQA\Administrador Files moved : 0 25/04/2008 6:40 Scan Summary BEQA\Administrador Scan Summary (Memory Scanning) 25/04/2008 6:40 Scan Summary BEQA\Administrador Files scanned : 4 25/04/2008 6:40 Scan Summary BEQA\Administrador Files infected : 0 25/04/2008 6:40 Scan Terminated BEQA\Administrador Scan All Fixed Disks 25/04/2008 22:43 Scan Started BEQA\beqa Scan All Fixed Disks 25/04/2008 22:44 Infected BEQA\beqa C:\!KillBox\rqRJBUMf.dll vundo (Trojan) (Removable) 25/04/2008 22:45 Deleted BEQA\beqa C:\!KillBox\rqRJBUMf.dll File was deleted as part of Cleaning it 25/04/2008 22:45 Infected BEQA\beqa C:\!KillBox\rqRJBUMf.dll( 2) vundo (Trojan) (Removable) 25/04/2008 22:45 Deleted BEQA\beqa C:\!KillBox\rqRJBUMf.dll( 2) File was deleted as part of Cleaning it 25/04/2008 22:45 Infected BEQA\beqa C:\!KillBox\xxywWoPf.dll Vundo (Trojan) (Removable) 25/04/2008 22:45 Deleted BEQA\beqa C:\!KillBox\xxywWoPf.dll File was deleted as part of Cleaning it 25/04/2008 22:45 Infected BEQA\beqa C:\!KillBox\xxywWoPf.dll( 1) Vundo (Trojan) (Removable) 25/04/2008 22:45 Deleted BEQA\beqa C:\!KillBox\xxywWoPf.dll( 1) File was deleted as part of Cleaning it 25/04/2008 23:21 Infected BEQA\beqa C:\System Volume Information\_restore{1E62061E-E092-449F-BD23-384DE4A75560}\RP13\A0030612.dll vundo (Trojan) (Removable) 25/04/2008 23:22 Deleted BEQA\beqa C:\System Volume Information\_restore{1E62061E-E092-449F-BD23-384DE4A75560}\RP13\A0030612.dll File was deleted as part of Cleaning it 25/04/2008 23:22 Infected BEQA\beqa C:\System Volume Information\_restore{1E62061E-E092-449F-BD23-384DE4A75560}\RP13\A0030613.dll Vundo (Trojan) (Removable) 25/04/2008 23:22 Deleted BEQA\beqa C:\System Volume Information\_restore{1E62061E-E092-449F-BD23-384DE4A75560}\RP13\A0030613.dll File was deleted as part of Cleaning it 26/04/2008 0:02 Infected BEQA\beqa C:\WINDOWS\system32\rqRJBUMf.dll vundo (Trojan) (Removable) 26/04/2008 0:02 Clean Error BEQA\beqa C:\WINDOWS\system32\rqRJBUMf.dll vundo (Trojan) (Removable) 26/04/2008 0:02 Move Error BEQA\beqa Error occurred while trying to access C:\WINDOWS\system32\rqRJBUMf.dll. Cannot write to the file. Please check if it is write protected. 26/04/2008 0:04 Infected BEQA\beqa C:\WINDOWS\system32\xxywWoPf.dll Vundo (Trojan) (Removable) 26/04/2008 0:04 Clean Error BEQA\beqa C:\WINDOWS\system32\xxywWoPf.dll Vundo (Trojan) (Removable) 26/04/2008 0:04 Move Error BEQA\beqa Error occurred while trying to access C:\WINDOWS\system32\xxywWoPf.dll. Cannot write to the file. Please check if it is write protected. 26/04/2008 0:08 Scan Summary BEQA\beqa Scan Summary (Regular Scanning) 26/04/2008 0:08 Scan Summary BEQA\beqa Boot sectors scanned : 1 26/04/2008 0:08 Scan Summary BEQA\beqa Boot sectors infected : 0 26/04/2008 0:08 Scan Summary BEQA\beqa Boot sectors cleaned : 0 26/04/2008 0:08 Scan Summary BEQA\beqa Files scanned : 39112 26/04/2008 0:08 Scan Summary BEQA\beqa Files infected : 8 26/04/2008 0:08 Scan Summary BEQA\beqa Files cleaned : 0 26/04/2008 0:08 Scan Summary BEQA\beqa Files deleted : 6 26/04/2008 0:08 Scan Summary BEQA\beqa Files moved : 0 26/04/2008 0:08 Scan Summary BEQA\beqa Scan Summary (Memory Scanning) 26/04/2008 0:08 Scan Summary BEQA\beqa Files scanned : 11 26/04/2008 0:08 Scan Summary BEQA\beqa Files infected : 0 26/04/2008 0:08 Scan Complete BEQA\beqa Scan All Fixed Disks 26/04/2008 9:12 Scan Started BEQA\Administrador Scan All Fixed Disks 26/04/2008 10:30 Infected BEQA\Administrador C:\WINDOWS\system32\rqRJBUMf.dll vundo (Trojan) (Removable) 26/04/2008 10:31 Clean Error BEQA\Administrador C:\WINDOWS\system32\rqRJBUMf.dll vundo (Trojan) (Removable) 26/04/2008 10:31 Move Error BEQA\Administrador Error occurred while trying to access C:\WINDOWS\system32\rqRJBUMf.dll. Cannot write to the file. Please check if it is write protected. 26/04/2008 10:33 Infected BEQA\Administrador C:\WINDOWS\system32\xxywWoPf.dll Vundo (Trojan) (Removable) 26/04/2008 10:33 Clean Error BEQA\Administrador C:\WINDOWS\system32\xxywWoPf.dll Vundo (Trojan) (Removable) 26/04/2008 10:33 Move Error BEQA\Administrador Error occurred while trying to access C:\WINDOWS\system32\xxywWoPf.dll. Cannot write to the file. Please check if it is write protected. 26/04/2008 10:38 Infected BEQA\Administrador C:\WINDOWS\SYSTEM32\rqRJBUMf.dll vundo (Trojan) (Removable) 26/04/2008 10:39 Clean Error BEQA\Administrador C:\WINDOWS\SYSTEM32\rqRJBUMf.dll vundo (Trojan) (Removable) 26/04/2008 10:39 Move Error BEQA\Administrador Error occurred while trying to access C:\WINDOWS\SYSTEM32\rqRJBUMf.dll. Cannot write to the file. Please check if it is write protected. 26/04/2008 10:39 Infected BEQA\Administrador C:\WINDOWS\SYSTEM32\xxywWoPf.dll Vundo (Trojan) (Removable) 26/04/2008 10:39 Clean Error BEQA\Administrador C:\WINDOWS\SYSTEM32\xxywWoPf.dll Vundo (Trojan) (Removable) 26/04/2008 10:39 Move Error BEQA\Administrador Error occurred while trying to access C:\WINDOWS\SYSTEM32\xxywWoPf.dll. Cannot write to the file. Please check if it is write protected. 26/04/2008 10:40 Scan Summary BEQA\Administrador Scan Summary (Regular Scanning) 26/04/2008 10:40 Scan Summary BEQA\Administrador Boot sectors scanned : 1 26/04/2008 10:40 Scan Summary BEQA\Administrador Boot sectors infected : 0 26/04/2008 10:40 Scan Summary BEQA\Administrador Boot sectors cleaned : 0 26/04/2008 10:40 Scan Summary BEQA\Administrador Files scanned : 43080 26/04/2008 10:40 Scan Summary BEQA\Administrador Files infected : 4 26/04/2008 10:40 Scan Summary BEQA\Administrador Files cleaned : 0 26/04/2008 10:40 Scan Summary BEQA\Administrador Files deleted : 0 26/04/2008 10:40 Scan Summary BEQA\Administrador Files moved : 0 26/04/2008 10:40 Scan Summary BEQA\Administrador Scan Summary (Memory Scanning) 26/04/2008 10:40 Scan Summary BEQA\Administrador Files scanned : 11 26/04/2008 10:40 Scan Summary BEQA\Administrador Files infected : 0 26/04/2008 10:40 Scan Complete BEQA\Administrador Scan All Fixed Disks 26/04/2008 22:00 Scan Started BEQA\Administrador scan system 26/04/2008 22:06 Scan Summary BEQA\Administrador Scan Summary (Regular Scanning) 26/04/2008 22:06 Scan Summary BEQA\Administrador Boot sectors scanned : 1 26/04/2008 22:06 Scan Summary BEQA\Administrador Boot sectors infected : 0 26/04/2008 22:06 Scan Summary BEQA\Administrador Boot sectors cleaned : 0 26/04/2008 22:06 Scan Summary BEQA\Administrador Files scanned : 3948 26/04/2008 22:06 Scan Summary BEQA\Administrador Files infected : 0 26/04/2008 22:06 Scan Summary BEQA\Administrador Files cleaned : 0 26/04/2008 22:06 Scan Summary BEQA\Administrador Files deleted : 0 26/04/2008 22:06 Scan Summary BEQA\Administrador Files moved : 0 26/04/2008 22:06 Scan Summary BEQA\Administrador Scan Summary (Memory Scanning) 26/04/2008 22:06 Scan Summary BEQA\Administrador Files scanned : 0 26/04/2008 22:06 Scan Summary BEQA\Administrador Files infected : 0 26/04/2008 22:06 Scan Complete BEQA\Administrador scan system 26/04/2008 23:56 Scan Started BEQA\Administrador Scan All Fixed Disks 27/04/2008 0:19 Infected BEQA\Administrador C:\System Volume Information\_restore{1E62061E-E092-449F-BD23-384DE4A75560}\RP13\A0030644.dll Vundo (Trojan) (Removable) 27/04/2008 0:19 Deleted BEQA\Administrador C:\System Volume Information\_restore{1E62061E-E092-449F-BD23-384DE4A75560}\RP13\A0030644.dll File was deleted as part of Cleaning it 27/04/2008 0:19 Infected BEQA\Administrador C:\System Volume Information\_restore{1E62061E-E092-449F-BD23-384DE4A75560}\RP13\A0030656.dll vundo (Trojan) (Removable) 27/04/2008 0:19 Deleted BEQA\Administrador C:\System Volume Information\_restore{1E62061E-E092-449F-BD23-384DE4A75560}\RP13\A0030656.dll File was deleted as part of Cleaning it 27/04/2008 0:24 Infected BEQA\Administrador C:\VundoFix Backups\rqRJBUMf.dll.bad vundo (Trojan) (Removable) 27/04/2008 0:24 Deleted BEQA\Administrador C:\VundoFix Backups\rqRJBUMf.dll.bad File was deleted as part of Cleaning it 27/04/2008 0:24 Infected BEQA\Administrador C:\VundoFix Backups\xxywWoPf.dll.bad Vundo (Trojan) (Removable) 27/04/2008 0:24 Deleted BEQA\Administrador C:\VundoFix Backups\xxywWoPf.dll.bad File was deleted as part of Cleaning it 27/04/2008 0:48 Scan Summary BEQA\Administrador Scan Summary (Regular Scanning) 27/04/2008 0:48 Scan Summary BEQA\Administrador Boot sectors scanned : 1 27/04/2008 0:48 Scan Summary BEQA\Administrador Boot sectors infected : 0 27/04/2008 0:48 Scan Summary BEQA\Administrador Boot sectors cleaned : 0 27/04/2008 0:48 Scan Summary BEQA\Administrador Files scanned : 39280 27/04/2008 0:48 Scan Summary BEQA\Administrador Files infected : 4 27/04/2008 0:48 Scan Summary BEQA\Administrador Files cleaned : 0 27/04/2008 0:48 Scan Summary BEQA\Administrador Files deleted : 4 27/04/2008 0:48 Scan Summary BEQA\Administrador Files moved : 0 27/04/2008 0:48 Scan Summary BEQA\Administrador Scan Summary (Memory Scanning) 27/04/2008 0:48 Scan Summary BEQA\Administrador Files scanned : 12 27/04/2008 0:48 Scan Summary BEQA\Administrador Files infected : 0 27/04/2008 0:48 Scan Complete BEQA\Administrador Scan All Fixed Disks 27/04/2008 16:22 Scan Started BEQA\beqa scan system 27/04/2008 16:24 Scan Summary BEQA\beqa Scan Summary (Regular Scanning) 27/04/2008 16:24 Scan Summary BEQA\beqa Boot sectors scanned : 1 27/04/2008 16:24 Scan Summary BEQA\beqa Boot sectors infected : 0 27/04/2008 16:24 Scan Summary BEQA\beqa Boot sectors cleaned : 0 27/04/2008 16:24 Scan Summary BEQA\beqa Files scanned : 3957 27/04/2008 16:24 Scan Summary BEQA\beqa Files infected : 0 27/04/2008 16:24 Scan Summary BEQA\beqa Files cleaned : 0 27/04/2008 16:24 Scan Summary BEQA\beqa Files deleted : 0 27/04/2008 16:24 Scan Summary BEQA\beqa Files moved : 0 27/04/2008 16:24 Scan Summary BEQA\beqa Scan Summary (Memory Scanning) 27/04/2008 16:24 Scan Summary BEQA\beqa Files scanned : 0 27/04/2008 16:24 Scan Summary BEQA\beqa Files infected : 0 27/04/2008 16:24 Scan Complete BEQA\beqa scan system 27/04/2008 16:26 Scan Started BEQA\beqa Scan All Fixed Disks 27/04/2008 16:41 Scan Summary BEQA\beqa Scan Summary (Regular Scanning) 27/04/2008 16:41 Scan Summary BEQA\beqa Boot sectors scanned : 1 27/04/2008 16:41 Scan Summary BEQA\beqa Boot sectors infected : 0 27/04/2008 16:41 Scan Summary BEQA\beqa Boot sectors cleaned : 0 27/04/2008 16:41 Scan Summary BEQA\beqa Files scanned : 39478 27/04/2008 16:41 Scan Summary BEQA\beqa Files infected : 0 27/04/2008 16:41 Scan Summary BEQA\beqa Files cleaned : 0 27/04/2008 16:41 Scan Summary BEQA\beqa Files deleted : 0 27/04/2008 16:41 Scan Summary BEQA\beqa Files moved : 0 27/04/2008 16:41 Scan Summary BEQA\beqa Scan Summary (Memory Scanning) 27/04/2008 16:41 Scan Summary BEQA\beqa Files scanned : 47 27/04/2008 16:41 Scan Summary BEQA\beqa Files infected : 0 27/04/2008 16:41 Scan Complete BEQA\beqa Scan All Fixed Disks ----------------------------------------------------------------- Saludos a todos y gracias      |
|
30/04/08, 18:49:04
| |
| ||||
| Re: csrss.exe , y sin panel de control Hola forsa, Estas usando una versión antigua de HijackThis, por lo que descarga y ejecuta la nueva versión de *HijackThis 2.0.2 para generar y dejarnos un nuevo log en este mismo mensaje. Salu2 En preparativos por la llegada del "Huracán - IKE"" Novedades del Foro | Antivirus Online | Eliminar Malwares | Políticas del Foro | Blog * Ayúdanos haciendo una DONACIÓN para poder seguir Ayudando. * Para evitar Virus y Spywares al navegar por internet, USE FIREFOX !! * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro. |
|
01/05/08, 05:47:36
| |
| |||
| Re: csrss.exe , y sin panel de control ok Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:40:13, on 01/05/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Archivos de programa\Archivos comunes\Symantec Shared\ccProxy.exe C:\Archivos de programa\Archivos comunes\Symantec Shared\ccSetMgr.exe C:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exe C:\Archivos de programa\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Archivos de programa\TOSHIBA\ConfigFree\CFSvcs.exe C:\Archivos de programa\Sunbelt Software\Personal Firewall 4\kpf4ss.exe C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe C:\Archivos de programa\Sunbelt Software\Personal Firewall 4\kpf4gui.exe C:\Archivos de programa\Network Associates\VirusScan\Mcshield.exe C:\Archivos de programa\Network Associates\VirusScan\VsTskMgr.exe C:\Archivos de programa\Archivos comunes\Symantec Shared\Security Center\SymWSC.exe C:\Archivos de programa\Sunbelt Software\Personal Firewall 4\kpf4gui.exe C:\Archivos de programa\Apoint2K\Apoint.exe C:\Archivos de programa\TOSHIBA\E-KEY\CeEKey.exe C:\WINDOWS\system32\TCtrlIOHook.exe C:\WINDOWS\system32\TPSMain.exe C:\Archivos de programa\TOSHIBA\Tvs\TvsTray.exe C:\Archivos de programa\TOSHIBA\ConfigFree\NDSTray.exe C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Archivos de programa\Network Associates\VirusScan\SHSTAT.EXE C:\Archivos de programa\Network Associates\Common Framework\UpdaterUI.exe C:\Archivos de programa\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe C:\WINDOWS\system32\TPSBattM.exe C:\Archivos de programa\TOSHIBA\TouchPad\TPTray.exe C:\Archivos de programa\Apoint2K\Apntex.exe C:\WINDOWS\system32\ctfmon.exe C:\Archivos de programa\Toshiba\TOSHIBA Controls\TFncKy.exe C:\Archivos de programa\Archivos comunes\Symantec Shared\SNDSrvc.exe C:\Archivos de programa\Mozilla Firefox\firefox.exe C:\Archivos de programa\Messenger\msmsgs.exe C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe C:\Archivos de programa\Internet Explorer\iexplore.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://es.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://es.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://es.search.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://es.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://es.search.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://es.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://resultsmaster.com/SmartOffers/Services/resultsmaster/ResultsMasterHomeLeftPane.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\ARCHIV~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: (no name) - {51E061B3-C242-4032-8700-1CECA171CF49} - (no file) O2 - BHO: {12041ab2-2b60-f4fa-29c4-ba295a512997} - {799215a5-92ab-4c92-af4f-06b22ba14021} - (no file) O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Archivos de programa\Windows Live Toolbar\msntb.dll O2 - BHO: (no name) - {e8fcb647-4b1f-4485-a2f0-0ebbae0478b2} - (no file) O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Archivos de programa\Archivos comunes\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Archivos de programa\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Archivos de programa\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [Apoint] C:\Archivos de programa\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [CeEKEY] C:\Archivos de programa\TOSHIBA\E-KEY\CeEKey.exe O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [Tvs] C:\Archivos de programa\TOSHIBA\Tvs\TvsTray.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [ccApp] "C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Archivos de programa\Norton Internet Security\UrlLstCk.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [ShStatEXE] "C:\Archivos de programa\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Archivos de programa\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [HWSetup] C:\Archivos de programa\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP O4 - HKLM\..\Run: [SmoothView] C:\Archivos de programa\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe O4 - HKLM\..\Run: [TPNF] C:\Archivos de programa\TOSHIBA\TouchPad\TPTray.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICIO LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Servicio de red') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Inicio rápido de Adobe Reader.lnk = C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Archivos de programa\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O9 - Extra button: Agregar entrada - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Archivos de programa\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Agregar entrada en Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Archivos de programa\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Archivos de programa\ShoppingReport\Bin\2.5.0\ShoppingReport.d ll O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Archivos de programa\ShoppingReport\Bin\2.5.0\ShoppingReport.d ll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe O16 - DPF: {0eb0e74a-2a76-4ab3-a7fb-9bd8c29f7f75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O20 - Winlogon Notify: partnershipreg - C:\Documents and Settings\All Users\Documentos\Settings\partnership.dll O20 - Winlogon Notify: rqRJBUMf - rqRJBUMf.dll (file missing) O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Archivos de programa\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Archivos de programa\Ares\chatServer.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccSetMgr.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Archivos de programa\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Archivos de programa\Norton Internet Security\ISSVC.exe O23 - Service: Sunbelt Kerio Personal Firewall 4 (kpf4) - Sunbelt Software - C:\Archivos de programa\Sunbelt Software\Personal Firewall 4\kpf4ss.exe O23 - Service: McAfee Framework Service (mcafeeframework) - Network Associates, Inc. - C:\Archivos de programa\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (mcshield) - Network Associates, Inc. - C:\Archivos de programa\Network Associates\VirusScan\Mcshield.exe O23 - Service: Network Associates Task Manager (mctaskmanager) - Network Associates, Inc. - C:\Archivos de programa\Network Associates\VirusScan\VsTskMgr.exe O23 - Service: Servicio Auto-Protect de Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Archivos de programa\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: SAVScan - Symantec Corporation - C:\Archivos de programa\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\ARCHIV~1\ARCHIV~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\Security Center\SymWSC.exe O23 - Service: TuneUp WinStyler Theme Service (tuwinstylerthemesvc) - TuneUp Software GmbH - C:\Archivos de programa\TuneUp Utilities 2006\WinStylerThemeSvc.exe -- End of file - 10896 bytes Cita:
|
|
01/05/08, 16:17:40
| |
| ||||
| Re: csrss.exe , y sin panel de control Hola forsa, Paso 1- Descarga, Instala y/o actualiza estas herramientas: (pero no los ejecutes aun) Paso 2- Con todos los programas cerrados, ejecuta HijackThis y dale  a las siguientes entradas:R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://resultsmaster.com/SmartOffers/Services/resultsmaster/ResultsMasterHomeLef tPane.htm O2 - BHO: (no name) - {51E061B3-C242-4032-8700-1CECA171CF49} - (no file) O2 - BHO: {12041ab2-2b60-f4fa-29c4-ba295a512997} - {799215a5-92ab-4c92-af4f-06b22ba14021} - (no file) O2 - BHO: (no name) - {e8fcb647-4b1f-4485-a2f0-0ebbae0478b2} - (no file) O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Archivos de programa\ShoppingReport\Bin\2.5.0\ShoppingReport.d ll O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Archivos de programa\ShoppingReport\Bin\2.5.0\ShoppingReport.d ll O20 - Winlogon Notify: partnershipreg - C:\Documents and Settings\All Users\Documentos\Settings\partnership.dll O20 - Winlogon Notify: rqRJBUMf - rqRJBUMf.dll (file missing) Paso 3- Ejecuta estas herramientas, de a una:
Cita:
Paso 4- Descarga CCleaner y ejecútalo usando primero su opción de "Limpiador" para borrar cookies, temporales de Internet y todos los archivos que este te muestre como obsoletos, y luego usa su opción de "Registro" para limpiar todo el registro de Windows (haciendo copia de seguridad). Reinicia y nos contas los resultados. junto con el reporte de Paso 5- Reinicia en modo normal y nos dejas los reportes de:
**Nota** - Para mayor comodidad imprime los pasos. - Recuerda regresar y contarnos los resultados. Salu2 En preparativos por la llegada del "Huracán - IKE"" Novedades del Foro | Antivirus Online | Eliminar Malwares | Políticas del Foro | Blog * Ayúdanos haciendo una DONACIÓN para poder seguir Ayudando. * Para evitar Virus y Spywares al navegar por internet, USE FIREFOX !! * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro. |
Malwarebytes' Anti-Malware
Antes de usar ComboFix.... |
04/05/08, 13:32:43
| |
| |||
 Re: csrss.exe , y sin panel de control ºhola amigos. Parece que solamente ha mejorado, per veo que queda menos. He borrado las instancias del hijakthis pero esta se resiste, aun continua estando, he intentado eliminar el fichero, pero tampoco se deja. O20 - Winlogon Notify: partnershipreg - C:\Documents and Settings\All Users\Documentos\Settings\partnership.dll El sistema continua con porcentajes altos en el csrss.exe y el winlogon y continua abriendose dos procesos con el iexplorer que no se ven. Aqui dejo los logs y estoy en espera de sus noticias. Malwarebytes' Anti-Malware 1.11 Versión de la Base de Datos: 712 Tipo de examen : Examen Completo (C:\|) Objetos examinados: 68690 Tiempo transcurrido: 24 minute(s), 57 second(s) Procesos en Memoria Infectados: 0 Módulos en Memoria Infectados: 0 Claves del Registro Infectadas: 2 Valores del Registro Infectados: 0 Elementos de Datos del Registro Infectados: 0 Carpetas Infectadas: 0 Ficheros Infectados: 0 Procesos en Memoria Infectados: (No se han detectado elementos maliciosos) Módulos en Memoria Infectados: (No se han detectado elementos maliciosos) Claves del Registro Infectadas: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\partnershipreg (Trojan.Agent) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rundll32.exe (Security.Hijack) -> Quarantined and deleted successfully. Valores del Registro Infectados: (No se han detectado elementos maliciosos) Elementos de Datos del Registro Infectados: (No se han detectado elementos maliciosos) Carpetas Infectadas: (No se han detectado elementos maliciosos) Ficheros Infectados: (No se han detectado elementos maliciosos) ------------------------------------------------------------------ ComboFix 08-05-01.3 - Administrador 2008-05-04 0:02:03.2 - NTFSx86 NETWORK Microsoft Windows XP Professional 5.1.2600.2.1252.1.3082.18.819 [GMT 2:00] Se ejecuta desde: C:\Documents and Settings\beqa\Escritorio\seguridad\ComboFix.exe ADVERTENCIA - ESTE EQUIPO NO TIENE INSTALADA LA CONSOLA DE RECUPERACION! . (((((((((((((((((( Archivos creados desde 2008-04-03 - 2008-05-03 ))))))))))))))))))))))))))))))))) . 2008-05-03 22:27 . 2008-03-01 14:58 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll 2008-05-03 22:27 . 2007-04-17 11:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat 2008-05-03 22:27 . 2007-03-08 07:10 1,040,384 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui 2008-05-03 22:27 . 2008-03-01 14:58 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll 2008-05-03 22:27 . 2008-03-01 14:58 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2008-05-03 22:27 . 2008-03-01 14:58 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll 2008-05-03 22:27 . 2008-03-01 14:58 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll 2008-05-03 22:27 . 2008-03-01 14:58 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2008-05-03 22:27 . 2008-02-22 12:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-05-03 22:26 . 2008-05-03 22:27 <DIR> d-------- C:\WINDOWS\system32\es-es 2008-05-03 22:26 . 2008-05-03 22:26 773 --a------ C:\WINDOWS\system32\spupdsvc.inf 2008-05-03 22:22 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll 2008-05-03 22:15 . 2008-05-03 22:15 <DIR> d-------- C:\WINDOWS\LastGood.Tmp 2008-05-03 22:15 . 2008-05-03 22:28 1,355 --a------ C:\WINDOWS\imsins.BAK 2008-05-03 16:19 . 2008-05-03 16:19 <DIR> d-------- C:\Archivos de programa\CCleaner 2008-05-03 08:55 . 2008-05-03 08:55 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Configura ci¾n local 2008-05-03 08:55 . 2008-05-03 08:55 <DIR> d-------- C:\Documents and Settings\NetworkService\Configuraci¾n local 2008-05-03 08:55 . 2008-05-03 08:55 <DIR> d-------- C:\Documents and Settings\LocalService\Configuraci¾n local 2008-05-03 08:55 . 2008-05-03 08:55 <DIR> d-------- C:\Documents and Settings\beqa\Configuraci¾n local 2008-05-03 08:55 . 2008-05-03 08:55 <DIR> d-------- C:\Documents and Settings\Administrador\Configuraci¾n local 2008-05-02 22:39 . 2008-05-02 22:39 <DIR> d-------- C:\Documents and Settings\beqa\Datos de programa\Malwarebytes 2008-05-02 21:35 . 2008-05-02 21:35 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\Malwarebytes 2008-05-02 21:35 . 2008-05-02 21:35 <DIR> d-------- C:\Documents and Settings\Administrador\Datos de programa\Malwarebytes 2008-05-02 21:35 . 2008-05-02 23:40 <DIR> d-------- C:\Archivos de programa\Malwarebytes' Anti-Malware 2008-05-01 11:39 . 2008-05-01 11:39 <DIR> d-------- C:\Archivos de programa\Trend Micro 2008-04-27 23:49 . 2008-04-27 23:49 <DIR> d-------- C:\WINDOWS\McAfee.com 2008-04-27 21:31 . 2008-04-27 21:31 <DIR> d-------- C:\kav 2008-04-27 19:54 . 2008-04-27 19:54 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\Kaspersky Lab 2008-04-27 19:52 . 2008-04-27 19:52 <DIR> d---s---- C:\Documents and Settings\Administrador\UserData 2008-04-27 19:21 . 2008-04-27 19:21 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-04-27 19:02 . 2008-04-27 19:02 <DIR> d-------- C:\Archivos de programa\Sunbelt Software 2008-04-27 12:03 . 2004-08-19 15:43 33,280 --a------ C:\WINDOWS\system32\rundll32.ex_ 2008-04-27 11:28 . 2008-04-27 11:28 <DIR> d-------- C:\Archivos de programa\Lavasoft 2008-04-27 11:20 . 2008-04-27 11:20 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\Lavasoft 2008-04-26 16:59 . 2008-04-27 00:24 <DIR> d-------- C:\VundoFix Backups 2008-04-25 22:30 . 2008-04-25 22:30 <DIR> d-------- C:\Documents and Settings\Administrador\Datos de programa\TuneUp Software 2008-04-24 22:59 . 2008-04-28 00:07 <DIR> d-------- C:\Archivos de programa\HJT 2008-04-24 07:16 . 2008-04-24 07:18 <DIR> d-------- C:\Archivos de programa\Disk Cleaner 2008-04-24 00:19 . 2008-04-25 22:45 <DIR> d-------- C:\!KillBox 2008-04-23 23:31 . 2008-05-03 09:13 <DIR> d-------- C:\Archivos de programa\Enigma Software Group 2008-04-23 00:11 . 2008-04-23 00:11 <DIR> d-------- C:\Documents and Settings\beqa\Datos de programa\TuneUp Software 2008-04-23 00:11 . 2008-04-26 19:11 <DIR> d-------- C:\Archivos de programa\TuneUp Utilities 2006 2008-04-23 00:03 . 2008-04-23 00:03 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\TuneUp Software 2008-04-23 00:00 . 2008-04-26 23:42 <DIR> d-------- C:\Archivos de programa\Archivos comunes\Wise Installation Wizard 2008-04-22 23:38 . 2008-04-22 23:38 268 --ah----- C:\sqmdata01.sqm 2008-04-22 23:38 . 2008-04-22 23:38 244 --ah----- C:\sqmnoopt01.sqm 2008-04-22 23:35 . 2008-04-26 18:27 <DIR> d-------- C:\quarantine 2008-04-22 23:20 . 2008-04-22 23:20 268 --ah----- C:\sqmdata00.sqm 2008-04-22 23:20 . 2008-04-22 23:20 244 --ah----- C:\sqmnoopt00.sqm 2008-04-22 22:56 . 2008-04-22 23:00 <DIR> d-------- C:\Documents and Settings\All Users\Datos de programa\Network Associates 2008-04-22 22:55 . 2008-04-22 23:00 <DIR> d-------- C:\Archivos de programa\Network Associates 2008-04-22 22:55 . 2008-04-22 22:55 <DIR> d-------- C:\Archivos de programa\Archivos comunes\Network Associates 2008-04-22 22:51 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys 2008-04-06 09:57 . 2008-04-14 15:31 101,091 --a------ C:\WINDOWS\BM03da7bbe.xml 2008-04-05 20:07 . 2008-04-07 14:09 49,152 --a------ C:\mjdqc.exe 2008-04-05 20:07 . 2008-04-07 14:10 2 --a------ C:\15288461 . (((((((((((((((((((((((((((((((((((((( Reporte Find3M )))))))))))))))))))))))))))))))))))))))))))))))))) ) . 2008-04-23 21:13 --------- d--h--w C:\Archivos de programa\InstallShield Installation Information 2008-04-23 21:13 --------- d-----w C:\Archivos de programa\Toshiba 2008-04-01 20:24 29,696 ----a-w C:\WINDOWS\system32\13F.tmp 2008-04-01 12:28 --------- d-----w C:\Archivos de programa\Ares 2008-04-01 12:18 --------- d-----w C:\Archivos de programa\Microsoft CAPICOM 2.1.0.2 2008-04-01 12:15 --------- d-----w C:\Archivos de programa\Windows Live 2008-03-30 17:56 --------- d-----w C:\Archivos de programa\Windows Live Toolbar 2008-03-30 17:55 --------- d-----w C:\Archivos de programa\Windows Live Favorites 2008-03-30 17:47 --------- d-----w C:\Archivos de programa\Microsoft SQL Server Compact Edition 2008-03-30 17:39 --------- d-----w C:\Documents and Settings\All Users\Datos de programa\WLInstaller 2008-03-30 16:34 --------- d-----w C:\Archivos de programa\Live365 2008-03-30 16:32 --------- d-----w C:\Archivos de programa\Smart Pix Manager 2008-03-30 15:46 --------- d-----w C:\Archivos de programa\Jufsoft 2008-03-30 14:28 --------- dcsh--w C:\Archivos de programa\Archivos comunes\WindowsLiveInstaller 2008-03-30 13:44 --------- d-----w C:\Documents and Settings\beqa\Datos de programa\Yahoo! 2008-03-30 13:44 --------- d-----w C:\Documents and Settings\All Users\Datos de programa\Yahoo! Companion 2008-03-30 13:44 --------- d-----w C:\Documents and Settings\All Users\Datos de programa\Yahoo! 2008-03-30 13:44 --------- d-----w C:\Archivos de programa\Yahoo! 2008-03-30 13:38 0 --sha-r C:\WINDOWS\system32\drivers\TOSHIBA_Satellite Pro M70_03564000-SP_PSM76E-00L00.MRK 2008-03-30 13:38 --------- d-----w C:\Archivos de programa\InterVideo 2008-03-30 13:36 --------- d-----w C:\Archivos de programa\Intel 2008-03-30 13:36 --------- d-----w C:\Archivos de programa\ATI Technologies 2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll 2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll . ((((((((((((((((((((((((((((( snapshot@2008-05-03_ 8.53.47.17 ))))))))))))))))))))))))))))))))))))))))) . - 2008-05-03 06:49:55 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-05-03 21:58:51 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2004-08-20 10:00:00 61,440 -c----w C:\WINDOWS\ie7\admparse.dll + 2004-08-20 10:00:00 101,376 -c----w C:\WINDOWS\ie7\advpack.dll + 2004-08-20 10:00:00 35,328 -c----w C:\WINDOWS\ie7\corpol.dll + 2006-06-02 19:32:20 33,792 -c----w C:\WINDOWS\ie7\custsat.dll + 2008-02-16 09:01:57 357,888 -c----w C:\WINDOWS\ie7\dxtmsft.dll + 2008-02-16 09:01:57 205,312 -c----w C:\WINDOWS\ie7\dxtrans.dll + 2008-02-16 09:01:57 55,808 -c----w C:\WINDOWS\ie7\extmgr.dll + 2004-08-20 10:00:00 38,912 -c----w C:\WINDOWS\ie7\hmmapi.dll + 2004-08-20 10:00:00 34,304 -c----w C:\WINDOWS\ie7\ie4uinit.exe + 2004-08-20 10:00:00 139,264 -c----w C:\WINDOWS\ie7\ieakeng.dll + 2004-08-20 10:00:00 221,184 -c----w C:\WINDOWS\ie7\ieaksie.dll + 2004-08-20 10:00:00 241,664 -c----w C:\WINDOWS\ie7\ieakui.dll + 2004-08-20 10:00:00 323,584 -c----w C:\WINDOWS\ie7\iedkcs32.dll + 2008-02-15 09:23:37 18,432 -c----w C:\WINDOWS\ie7\iedw.exe + 2004-08-20 10:00:00 81,920 -c----w C:\WINDOWS\ie7\ieencode.dll + 2008-02-16 09:01:57 251,392 -c----w C:\WINDOWS\ie7\iepeers.dll + 2004-08-20 10:00:00 49,152 -c----w C:\WINDOWS\ie7\iernonce.dll + 2004-08-20 10:00:00 63,488 -c----w C:\WINDOWS\ie7\iesetup.dll + 2004-08-20 10:00:00 93,184 -c----w C:\WINDOWS\ie7\iexplore.exe + 2004-08-20 10:00:00 35,840 -c----w C:\WINDOWS\ie7\imgutil.dll + 2008-02-16 09:01:57 96,768 -c----w C:\WINDOWS\ie7\inseng.dll + 2007-12-18 14:42:03 450,560 -c----w C:\WINDOWS\ie7\jscript.dll + 2008-02-16 09:01:57 16,384 -c----w C:\WINDOWS\ie7\jsproxy.dll + 2004-08-20 10:00:00 22,528 -c----w C:\WINDOWS\ie7\licmgr10.dll + 2004-08-20 10:00:00 29,184 -c----w C:\WINDOWS\ie7\mshta.exe + 2008-02-16 22:32:00 3,080,704 -c----w C:\WINDOWS\ie7\mshtml.dll + 2008-02-16 22:32:00 3,080,704 -c----w C:\WINDOWS\ie7\mshtml.dll.000 + 2008-02-16 09:02:00 449,024 -c----w C:\WINDOWS\ie7\mshtmled.dll + 2004-08-20 10:00:00 57,344 -c----w C:\WINDOWS\ie7\mshtmler.dll + 2004-08-20 10:00:00 146,432 -c----w C:\WINDOWS\ie7\msls31.dll + 2008-02-16 09:02:00 146,432 -c----w C:\WINDOWS\ie7\msrating.dll + 2008-02-16 09:02:00 532,480 -c----w C:\WINDOWS\ie7\mstime.dll + 2004-08-20 10:00:00 97,280 -c----w C:\WINDOWS\ie7\occache.dll + 2008-02-16 09:02:00 39,424 -c----w C:\WINDOWS\ie7\pngfilt.dll + 2007-09-26 16:25:10 33,472 -c----w C:\WINDOWS\ie7\spuninst\iecustom.dll + 2007-09-26 16:18:52 66,048 -c--a-w C:\WINDOWS\ie7\spuninst\ieResetIcons.exe + 2006-09-06 15:43:22 215,776 -c----w C:\WINDOWS\ie7\spuninst\spuninst.exe + 2006-09-06 15:43:24 389,856 -c----w C:\WINDOWS\ie7\spuninst\updspapi.dll + 2004-08-20 10:00:00 37,888 -c----w C:\WINDOWS\ie7\url.dll + 2008-02-16 09:02:02 616,960 -c----w C:\WINDOWS\ie7\urlmon.dll + 2008-02-16 09:02:02 616,960 -c----w C:\WINDOWS\ie7\urlmon.dll.000 + 2007-12-18 14:42:03 417,792 -c----w C:\WINDOWS\ie7\vbscript.dll + 2007-06-26 13:56:57 851,968 -c----w C:\WINDOWS\ie7\vgx.dll + 2004-08-20 10:00:00 280,576 -c----w C:\WINDOWS\ie7\webcheck.dll + 2008-02-16 09:02:02 662,016 -c----w C:\WINDOWS\ie7\wininet.dll + 2008-02-16 09:02:02 662,016 -c----w C:\WINDOWS\ie7\wininet.dll.000 + 2007-08-13 16:39:00 123,904 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\advpack.dll + 2007-08-13 16:39:00 123,904 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\advpack.dll.000 + 2007-08-13 16:35:46 346,624 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\dxtmsft.dll + 2007-08-13 16:35:38 214,528 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\dxtrans.dll + 2007-08-13 16:54:10 131,584 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\extmgr.dll + 2007-08-13 16:36:26 61,952 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\icardie.dll + 2007-08-13 16:39:06 54,784 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ie4uinit.exe + 2007-08-13 16:39:06 54,784 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ie4uinit.exe.000 + 2007-08-13 16:39:26 152,064 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieakeng.dll + 2007-08-13 16:39:26 152,064 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieakeng.dll.000 + 2007-08-13 16:39:54 229,376 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieaksie.dll + 2007-08-13 16:39:54 229,376 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieaksie.dll.000 + 2007-08-13 15:56:54 161,792 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieakui.dll + 2007-08-13 15:56:54 161,792 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieakui.dll.000 + 2007-02-12 14  12 2,451,312 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieapfltr.dat+ 2007-07-11 10:27:48 383,488 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieapfltr.dll + 2007-08-13 16:39:50 382,976 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\iedkcs32.dll + 2007-08-13 16:39:50 382,976 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\iedkcs32.dll.000 + 2007-08-13 16:54:10 6,049,280 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieframe.dll + 2007-08-13 16:39:10 43,008 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\iernonce.dll + 2007-08-13 16:39:10 43,008 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\iernonce.dll.000 + 2007-08-13 16:34:04 266,752 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\iertutil.dll + 2007-08-13 16:39:10 13,312 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieudinit.exe + 2007-08-13 16:43:56 622,080 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\iexplore.exe + 2007-08-13 16:43:56 622,080 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\iexplore.exe.000 + 2007-08-13 16:54:10 27,136 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\jsproxy.dll + 2007-08-13 16:54:10 458,752 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\msfeeds.dll + 2007-08-13 16:54:10 50,688 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\msfeedsbs.dll + 2007-08-13 16:54:12 3,578,368 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\mshtml.dll + 2007-08-13 16:54:12 3,578,368 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\mshtml.dll.000 + 2007-08-13 16:54:10 475,648 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\mshtmled.dll + 2007-08-13 16:44:26 192,000 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\msrating.dll + 2007-08-13 16:54:10 670,720 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\mstime.dll + 2007-08-13 16:44:06 101,376 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\occache.dll + 2007-08-13 16:44:06 101,376 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\occache.dll.000 + 2007-08-13 16:36:12 44,544 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\pngfilt.dll + 2007-03-06 01:27:50 215,776 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe + 2007-03-06 01:29:00 389,856 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\updspapi.dll + 2007-08-13 16:44:30 105,984 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\url.dll + 2007-08-13 16:44:30 105,984 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\url.dll.000 + 2007-08-13 16:54:10 1,162,240 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\urlmon.dll + 2007-08-13 16:54:10 1,162,240 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\urlmon.dll.000 + 2007-08-13 16:54:10 231,424 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\webcheck.dll + 2007-08-13 16:54:10 231,424 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\webcheck.dll.000 + 2007-08-13 16:54:10 818,688 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\wininet.dll + 2007-08-13 16:54:10 818,688 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\wininet.dll.000 + 2007-12-07 02:08:48 124,928 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\advpack.dll + 2007-12-07 02:08:48 124,928 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\advpack.dll.000 + 2007-12-19 22:53:07 347,136 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtmsft.dll + 2007-12-07 02:08:49 214,528 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtrans.dll + 2007-12-07 02:08:49 133,120 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\extmgr.dll + 2007-12-07 02:08:49 63,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\icardie.dll + 2007-12-07 02:08:49 63,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\icardie.dll.000 + 2007-12-06 11:01:34 70,656 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ie4uinit.exe + 2007-12-07 02:08:49 153,088 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieakeng.dll + 2007-12-07 02:08:49 230,400 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieaksie.dll + 2007-12-06 04:59:51 161,792 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieakui.dll + 2007-04-17 09:32:38 2,455,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieapfltr.dat + 2007-12-07 02:08:49 383,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieapfltr.dll + 2007-12-07 02:08:49 383,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieapfltr.dll.000 + 2007-12-07 02:08:49 384,512 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iedkcs32.dll + 2007-12-07 02:08:51 6,066,176 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieframe.dll + 2007-12-07 02:08:51 6,066,176 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieframe.dll.000 + 2007-12-07 02:08:51 44,544 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iernonce.dll + 2007-12-07 02:08:51 267,776 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iertutil.dll + 2007-12-07 02:08:51 267,776 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iertutil.dll.000 + 2007-12-06 11:00:58 13,824 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieudinit.exe + 2007-12-06 11:02:07 625,664 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iexplore.exe + 2007-12-06 11:02:07 625,664 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iexplore.exe.000 + 2007-12-07 02:08:52 27,648 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\jsproxy.dll + 2007-12-07 02:08:52 459,264 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeeds.dll + 2007-12-07 02:08:52 459,264 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeeds.dll.000 + 2007-12-07 02:08:52 52,224 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeedsbs.dll + 2007-12-07 02:08:52 52,224 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeedsbs.dll.000 + 2007-12-08 08:38:54 3,592,192 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtml.dll + 2007-12-08 08:38:54 3,592,192 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtml.dll.000 + 2007-12-07 02:08:54 478,208 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtmled.dll + 2007-12-07 02:08:54 193,024 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msrating.dll + 2007-12-07 02:08:54 671,232 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mstime.dll + 2007-12-07 02:08:54 102,912 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\occache.dll + 2008-01-11 05:37:31 44,544 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\pngfilt.dll + 2007-03-06 01:27:50 215,776 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe + 2007-03-06 01:29:00 389,856 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\updspapi.dll + 2007-12-07 02:08:54 105,984 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\url.dll + 2007-12-07 02:08:54 105,984 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\url.dll.000 + 2007-12-07 02:08:55 1,159,680 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\urlmon.dll + 2007-12-07 02:08:55 1,159,680 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\urlmon.dll.000 + 2007-12-07 02:08:55 233,472 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\webcheck.dll + 2007-12-07 02:08:55 233,472 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\webcheck.dll.000 + 2007-12-07 02:08:55 824,832 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll + 2007-12-07 02:08:55 824,832 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll.000 + 2006-06-02 19:32:20 33,792 ------w C:\WINDOWS\network diagnostic\custsat.dll + 2006-10-10 12:44:50 557,568 ------w C:\WINDOWS\network diagnostic\xpnetdiag.exe - 2004-08-20 10:00:00 61,440 ----a-w C:\WINDOWS\system32\admparse.dll + 2007-08-13 16:39:20 71,680 ----a-w C:\WINDOWS\system32\admparse.dll - 2004-08-20 10:00:00 101,376 ----a-w C:\WINDOWS\system32\advpack.dll + 2008-03-01 12:58:33 124,928 ----a-w C:\WINDOWS\system32\advpack.dll - 2007-12-07 01:06:53 1,023,488 ----a-w C:\WINDOWS\system32\browseui.dll + 2008-02-16 09:01:56 1,023,488 ----a-w C:\WINDOWS\system32\browseui.dll - 2007-12-07 01:06:53 151,552 ----a-w C:\WINDOWS\system32\cdfview.dll + 2008-02-16 09:01:56 151,552 ----a-w C:\WINDOWS\system32\cdfview.dll - 2007-12-07 01:06:53 1,056,256 ----a-w C:\WINDOWS\system32\danim.dll + 2008-02-16 09:01:57 1,056,256 ----a-w C:\WINDOWS\system32\danim.dll + 2007-08-13 16:39:20 71,680 -c----w C:\WINDOWS\system32\dllcache\admparse.dll + 2008-03-01 12:58:33 124,928 -c----w C:\WINDOWS\system32\dllcache\advpack.dll - 2007-12-07 01:06:53 1,023,488 -c----w C:\WINDOWS\system32\dllcache\browseui.dll + 2008-02-16 09:01:56 1,023,488 -c----w C:\WINDOWS\system32\dllcache\browseui.dll - 2007-12-07 01:06:53 151,552 -c----w C:\WINDOWS\system32\dllcache\cdfview.dll + 2008-02-16 09:01:56 151,552 -c----w C:\WINDOWS\system32\dllcache\cdfview.dll + 2007-08-13 16:42:54 17,408 -c----w C:\WINDOWS\system32\dllcache\corpol.dll - 2007-12-07 01:06:53 1,056,256 -c----w C:\WINDOWS\system32\dllcache\danim.dll + 2008-02-16 09:01:57 1,056,256 -c----w C:\WINDOWS\system32\dllcache\danim.dll - 2006-06-26 17:41:27 148,480 -c----w C:\WINDOWS\system32\dllcache\dnsapi.dll + 2008-02-20 05:35:05 148,992 -c----w C:\WINDOWS\system32\dllcache\dnsapi.dll + 2008-02-20 05:35:06 45,568 -c----w C:\WINDOWS\system32\dllcache\dnsrslvr.dll - 2007-12-07 01:06:53 357,888 -c----w C:\WINDOWS\system32\dllcache\dxtmsft.dll + 2008-03-01 12:58:33 347,136 -c----w C:\WINDOWS\system32\dllcache\dxtmsft.dll - 2007-12-07 01:06:53 205,312 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll + 2008-03-01 12:58:33 214,528 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll - 2007-12-07 01:06:53 55,808 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll + 2008-03-01 12:58:33 133,120 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll - 2007-06-19 13:30:47 282,112 -c----w C:\WINDOWS\system32\dllcache\gdi32.dll + 2008-02-20 06:51:29 282,624 -c----w C:\WINDOWS\system32\dllcache\gdi32.dll + 2007-08-13 16:18:02 60,416 -c----w C:\WINDOWS\system32\dllcache\hmmapi.dll + 2008-02-29 08:55:23 70,656 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe + 2008-03-01 12:58:33 153,088 -c----w C:\WINDOWS\system32\dllcache\ieakeng.dll + 2008-03-01 12:58:34 230,400 -c----w C:\WINDOWS\system32\dllcache\ieaksie.dll + 2008-02-15 05:44:25 161,792 -c----w C:\WINDOWS\system32\dllcache\ieakui.dll + 2008-03-01 12:58:34 384,512 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll - 2007-12-06 13:07:07 18,432 -c----w C:\WINDOWS\system32\dllcache\iedw.exe + 2007-08-13 16:44:02 69,120 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe + 2007-08-13 16:45:18 78,336 -c----w C:\WINDOWS\system32\dllcache\ieencode.dll - 2007-12-07 01:06:53 251,392 -c----w C:\WINDOWS\system32\dllcache\iepeers.dll + 2007-08-13 16:54:10 191,488 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll + 2008-03-01 12:58:36 44,544 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll + 2007-08-13 16:39:12 55,296 -c----w C:\WINDOWS\system32\dllcache\iesetup.dll + 2008-02-29 08:55:45 625,664 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe + 2007-08-13 16:36:06 36,352 -c----w C:\WINDOWS\system32\dllcache\imgutil.dll - 2007-12-07 01:06:53 96,768 -c----w C:\WINDOWS\system32\dllcache\inseng.dll + 2007-08-13 16:39:02 92,672 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll - 2007-11-14 07:28:12 450,560 -c----w C:\WINDOWS\system32\dllcache\jscript.dll + 2007-08-13 16:38:04 491,520 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll - 2007-12-07 01:06:53 16,384 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll + 2008-03-01 12:58:38 27,648 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll + 2007-08-13 16:44:18 40,960 -c----w C:\WINDOWS\system32\dllcache\licmgr10.dll + 2007-08-13 16:32:30 45,568 -c----w C:\WINDOWS\system32\dllcache\mshta.exe - 2007-12-07 14:36:56 3,080,192 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll + 2008-03-01 16:28:42 3,591,680 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll - 2007-12-07 01:06:55 449,024 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll + 2008-03-01 12:58:40 478,208 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll + 2007-08-13 16:01:12 48,128 -c----w C:\WINDOWS\system32\dllcache\mshtmler.dll + 2007-08-13 16:54:10 156,160 -c----w C:\WINDOWS\system32\dllcache\msls31.dll - 2007-12-07 01:06:55 146,432 -c----w C:\WINDOWS\system32\dllcache\msrating.dll + 2008-03-01 12:58:40 193,024 -c----w C:\WINDOWS\system32\dllcache\msrating.dll - 2007-12-07 01:06:55 532,480 -c----w C:\WINDOWS\system32\dllcache\mstime.dll + 2008-03-01 12:58:41 671,232 -c----w C:\WINDOWS\system32\dllcache\mstime.dll + 2008-03-01 12:58:41 102,912 -c----w C:\WINDOWS\system32\dllcache\occache.dll - 2007-12-07 01:06:55 39,424 -c----w C:\WINDOWS\system32\dllcache\pngfilt.dll + 2008-03-01 12:58:41 44,544 -c----w C:\WINDOWS\system32\dllcache\pngfilt.dll - 2007-12-07 01:06:56 1,495,040 -c----w C:\WINDOWS\system32\dllcache\shdocvw.dll + 2008-02-16 09:02:01 1,495,040 -c----w C:\WINDOWS\system32\dllcache\shdocvw.dll - 2007-12-07 01:06:56 474,624 -c----w C:\WINDOWS\system32\dllcache\shlwapi.dll + 2008-02-16 09:02:01 474,624 -c----w C:\WINDOWS\system32\dllcache\shlwapi.dll + 2008-03-01 12:58:41 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll - 2007-12-07 01:06:57 616,448 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll + 2008-03-01 12:58:42 1,159,680 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll + 2007-08-13 16:54:10 413,696 -c--a-w C:\WINDOWS\system32\dllcache\vbscript.dll - 2007-06-26 13:56:57 851,968 -c----w C:\WINDOWS\system32\dllcache\vgx.dll + 2007-08-13 16:54:10 765,952 -c--a-w C:\WINDOWS\system32\dllcache\VGX.dll + 2008-03-01 12:58:42 233,472 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll - 2007-03-08 15:32:46 1,843,712 -c----w C:\WINDOWS\system32\dllcache\win32k.sys + 2008-03-20 08:09:25 1,845,376 -c----w C:\WINDOWS\system32\dllcache\win32k.sys - 2007-12-07 01:06:57 662,016 -c----w C:\WINDOWS\system32\dllcache\wininet.dll + 2008-03-01 12:58:42 826,368 -c----w C:\WINDOWS\system32\dllcache\wininet.dll - 2006-06-26 17:41:27 148,480 ----a-w C:\WINDOWS\system32\dnsapi.dll + 2008-02-20 05:35:05 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll - 2007-12-07 01:06:53 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll + 2008-03-01 12:58:33 347,136 ------w C:\WINDOWS\system32\dxtmsft.dll - 2007-12-07 01:06:53 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll + 2008-03-01 12:58:33 214,528 ------w C:\WINDOWS\system32\dxtrans.dll - 2007-12-07 01:06:53 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll + 2008-03-01 12:58:33 133,120 ------w C:\WINDOWS\system32\extmgr.dll - 2008-04-01 13:09:24 103,032 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT + 2008-05-03 20:30:28 103,032 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT + 2008-03-01 12:58:33 63,488 ----a-w C:\WINDOWS\system32\icardie.dll + 2006-06-29 06:05:44 26,112 ------w C:\WINDOWS\system32\idndl.dll - 2004-08-20 10:00:00 34,304 ----a-w C:\WINDOWS\system32\ie4uinit.exe + 2008-02-29 08:55:23 70,656 ------w C:\WINDOWS\system32\ie4uinit.exe - 2004-08-20 10:00:00 139,264 ----a-w C:\WINDOWS\system32\ieakeng.dll + 2008-03-01 12:58:33 153,088 ------w C:\WINDOWS\system32\ieakeng.dll - 2004-08-20 10:00:00 221,184 ----a-w C:\WINDOWS\system32\ieaksie.dll + 2008-03-01 12:58:34 230,400 ------w C:\WINDOWS\system32\ieaksie.dll - 2004-08-20 10:00:00 241,664 ----a-w C:\WINDOWS\system32\ieakui.dll + 2008-02-15 05:44:25 161,792 ------w C:\WINDOWS\system32\ieakui.dll + 2007-04-17 09:32:38 2,455,488 ----a-w C:\WINDOWS\system32\ieapfltr.dat + 2008-03-01 12:58:34 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll - 2004-08-20 10:00:00 323,584 ----a-w C:\WINDOWS\system32\iedkcs32.dll + 2008-03-01 12:58:34 384,512 ------w C:\WINDOWS\system32\iedkcs32.dll - 2004-08-20 10:00:00 81,920 ----a-w C:\WINDOWS\system32\ieencode.dll + 2007-08-13 16:45:18 78,336 ----a-w C:\WINDOWS\system32\ieencode.dll + 2008-03-01 12:58:36 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll - 2007-12-07 01:06:53 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll + 2007-08-13 16:54:10 191,488 ----a-w C:\WINDOWS\system32\iepeers.dll - 2004-08-20 10:00:00 49,152 ----a-w C:\WINDOWS\system32\iernonce.dll + 2008-03-01 12:58:36 44,544 ------w C:\WINDOWS\system32\iernonce.dll + 2008-03-01 12:58:37 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll - 2004-08-20 10:00:00 63,488 ----a-w C:\WINDOWS\system32\iesetup.dll + 2007-08-13 16:39:12 55,296 ----a-w C:\WINDOWS\system32\iesetup.dll + 2008-02-22 10:00:51 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe + 2007-08-13 16:54:10 180,736 ------w C:\WINDOWS\system32\ieui.dll - 2004-08-20 10:00:00 35,840 ----a-w C:\WINDOWS\system32\imgutil.dll + 2007-08-13 16:36:06 36,352 ----a-w C:\WINDOWS\system32\imgutil.dll - 2007-1 |