• Registrarse
  • Iniciar sesión


  • Resultados 1 al 4 de 4

    Me estoy volviendo loco (Solucionado)

    Resumen del tema: Me estoy volviendo loco (Solucionado) - buenos días, continuamente mi pc va cada vez mas lento y mas lento y cada minuto aproximadamente se abre un maldito popup y ventanas de todo tipo, la ultima de ellas diciendome que me descargue ...

      
    1. #1
      Usuario Avatar de notecomesnada
      Registrado
      jun 2008
      Ubicación
      Madrid
      Mensajes
      2

      Me estoy volviendo loco (Solucionado)

      buenos días,

      continuamente mi pc va cada vez mas lento y mas lento y cada minuto aproximadamente se abre un maldito popup y ventanas de todo tipo, la ultima de ellas diciendome que me descargue un antispyware (algo muy sospechoso que por su puesto no he hecho) he intentado limpiar el registro, etc y hacer varias cosas pero nada. Sigue igual. He descargado y ejecutado el Hijackthis y me sale lo siguiente:

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 10:04:26, on 25/06/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16608)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\Program Files\ISS\Proventia Desktop\blackd.exe
      C:\Program Files\McAfee\Common Framework\FrameworkService.exe
      C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
      C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
      C:\Program Files\ISS\Proventia Desktop\RapApp.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
      C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\ISS\Proventia Desktop\RapUISvc.exe
      C:\Program Files\ISS\Proventia Desktop\vpatch.exe
      C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
      C:\WINDOWS\system32\CCM\CcmExec.exe
      C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
      C:\WINDOWS\system32\msiexec.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe
      C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
      C:\Program Files\McAfee\Common Framework\UdaterUI.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\McAfee\Common Framework\McTray.exe
      C:\Program Files\Microsoft ActiveSync\wcescomm.exe
      C:\documents and settings\alprieto\local settings\application data\quyuxd.exe
      C:\Program Files\Windows Desktop Search\WindowsSearch.exe
      C:\PROGRA~1\MICROS~2\rapimgr.exe
      C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
      C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
      C:\Program Files\Windows Live\Messenger\msnmsgr.exe
      C:\Program Files\Windows Desktop Search\WindowsSearchFilter.exe
      C:\Program Files\Windows Desktop Search\WindowsSearchFilter.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://portal.es.deloitte.com
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://portal.es.deloitte.com
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://portal.es.deloitte.com
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by PMS.
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://autoconfig.es.deloitte.com/w2kie60dt.ins
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.72:8080
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
      O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
      O2 - BHO: Plugin Class - {56CD20F0-7C09-11D5-A768-0050042307CE} - C:\Program Files\SAP\SAP Tutor\PlayerIE.dll
      O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
      O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
      O4 - HKCU\..\Run: [EFS Assistant] C:\Program Files\Microsoft EFS Assistant\EFSAssistant.exe
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
      O4 - HKCU\..\Run: [quyuxd] c:\documents and settings\alprieto\local settings\application data\quyuxd.exe quyuxd
      O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
      O4 - HKUS\S-1-5-19\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'LOCAL SERVICE')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
      O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
      O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
      O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
      O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
      O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
      O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: (no name) - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\system32\shdocvw.dll
      O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O10 - Unknown file in Winsock LSP: bmnet.dll
      O10 - Unknown file in Winsock LSP: bmnet.dll
      O10 - Unknown file in Winsock LSP: bmnet.dll
      O14 - IERESET.INF: START_PAGE_URL=http://portal.es.deloitte.com
      O15 - Trusted Zone: http://*.alphacorporate.es
      O15 - Trusted Zone: http://*.arthurandersen.es
      O15 - Trusted Zone: http://esmadln0002.es.deloitte.com
      O15 - Trusted Zone: http://esmadln0004.es.deloitte.com
      O15 - Trusted Zone: *.deloitte.com
      O15 - Trusted Zone: http://*.deloitte.es
      O15 - Trusted Zone: http://*.es.deloitte.com
      O15 - Trusted Zone: *.garrigues.com
      O15 - Trusted Zone: http://*.garrigues.com
      O15 - Trusted Zone: http://*.gms.com
      O15 - Trusted Zone: http://*.msspain.com
      O15 - Trusted Zone: http://*.sggestion.es
      O15 - Trusted Zone: http://*.alphacorporate.es (HKLM)
      O15 - Trusted Zone: http://*.arthurandersen.es (HKLM)
      O15 - Trusted Zone: http://esmadln0002.es.deloitte.com (HKLM)
      O15 - Trusted Zone: http://esmadln0004.es.deloitte.com (HKLM)
      O15 - Trusted Zone: *.deloitte.com (HKLM)
      O15 - Trusted Zone: http://*.deloitte.es (HKLM)
      O15 - Trusted Zone: http://*.es.deloitte.com (HKLM)
      O15 - Trusted Zone: *.garrigues.com (HKLM)
      O15 - Trusted Zone: http://*.garrigues.com (HKLM)
      O15 - Trusted Zone: http://*.gms.com (HKLM)
      O15 - Trusted Zone: http://*.msspain.com (HKLM)
      O15 - Trusted Zone: http://*.sggestion.es (HKLM)
      O15 - Trusted IP range: 10.*.*.*
      O15 - Trusted IP range: 10.74.16.29
      O15 - Trusted IP range: 10.*.*.* (HKLM)
      O15 - Trusted IP range: 10.74.16.29 (HKLM)
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1209938071062
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1210685272390
      O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft Terminal Services Client Control (redist)) - http://webservices.es.deloitte.com/msrdp.cab
      O16 - DPF: {A2505C6C-6F17-456F-89D2-4301FBDC6EC7} (Iewiper Control) - https://myoffice.deloitte.es/nortel_cacheable/iewiper.cab
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = es.deloitte.com
      O17 - HKLM\Software\..\Telephony: DomainName = es.deloitte.com
      O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = es.deloitte.com
      O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = es.deloitte.com,deloitte.com,pmsaie.com
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = es.deloitte.com,deloitte.com,pmsaie.com
      O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
      O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
      O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
      O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
      O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
      O23 - Service: Check Point SecuRemote Service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
      O23 - Service: Check Point SecuRemote WatchDog (SR_WatchDog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe

      Espero la ayuda de los expertos jejejeje

      Muchas gracias

    2. #2
      FS-Admin
      Avatar de ElPiedra
      Registrado
      ene 2005
      Ubicación
      Miami
      Mensajes
      37.943

      Re: Me estoy volviendo loco

      Hola notecomesnada, te doy la bienvenida al Foro de InfoSpyware.

      Paso 1- Descarga, Instala y/o actualiza estas herramientas: (pero no los ejecutes aun)

      Paso 2- Con todos los programas cerrados, ejecuta HijackThis y dale a las siguientes entradas:


      O4 - HKCU\..\Run: [quyuxd] c:\documents and settings\alprieto\local settings\application data\quyuxd.exe quyuxd





      Paso 3- Ejecuta estas herramientas, de a una:
      • Malwarebytes' Anti-Malware
        *Nota* Es importante que envíes a "Cuarentena" todo lo que este detecte antes de copiar y pegarnos su reporte.

      • Antes de usar ComboFix....
      • Desactiva temporalmente el Antivirus y/o Antispyware.
      • Cierra todas las ventanas abiertas.
      • Hacele doble clic al archivo ComboFix.exe y seguí las instrucciones.
      • Cuando termine, generara un registro en C:\ComboFix.txt.
        • *Nota* Mientras CF este trabajando no mover el mouse ya que pararía su proceso.
        • *Nota* ComboFix puede reiniciar automáticamente el PC para completar el proceso de eliminación.

      Atención!! No use ComboFix a menos que se le haya indicado específicamente en su mensaje por un integrante de nuestro Staff. Es una herramienta de gran alcance destinada por su creador a ser usada bajo la orientación y supervisión de un experto, no para uso privado. El uso de ComboFix incorrectamente podría generar problemas en su sistema. Por favor, lea las "Negaciones de la Garantía" de ComboFix.


      Paso 4- Descarga CCleaner y ejecútalo usando primero su opción de "Limpiador" para borrar cookies, temporales de Internet y todos los archivos que este te muestre como obsoletos, y luego usa su opción de "Registro" para limpiar todo el registro de Windows (haciendo copia de seguridad).

      Reinicia y nos contas los resultados. junto con el reporte de

      Paso 5- Reinicia en modo normal y nos dejas los reportes de:
      • Malwarebytes' Anti-Malware
      • C:\ComboFix.txt en este mismo mensaje.


      **Nota**
      - Para mayor comodidad imprime los pasos.
      - Recuerda regresar y contarnos los resultados.

      Salu2
      Marcelo Rivero
      Microsoft MVP Enterprise Security.



      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    3. #3
      Usuario Avatar de notecomesnada
      Registrado
      jun 2008
      Ubicación
      Madrid
      Mensajes
      2

      Re: Me estoy volviendo loco

      jode pues al parecer ya esta todo solucionado. ni restro de los pop up.
      Muchisimas gracias


      os adjunto el resultado de los log:
      COMBOFIX
      ComboFix 08-06-20.4 - alprieto 2008-06-30 14:06:42.1 - NTFSx86
      Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1381 [GMT 2:00]
      Running from: C:\Documents and Settings\alprieto\Desktop\New Folder\ComboFix.exe
      * Created a new restore point
      * Resident AV is active


      WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
      .

      ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
      C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
      C:\Documents and Settings\alprieto\Local Settings\Application Data\quyuxd.dat
      C:\Documents and Settings\alprieto\Local Settings\Application Data\quyuxd.exe
      C:\Documents and Settings\alprieto\Local Settings\Application Data\quyuxd_nav.dat
      C:\Documents and Settings\alprieto\Local Settings\Application Data\quyuxd_navps.dat
      C:\WINDOWS\SETUP640_23-10001615.EXE
      C:\WINDOWS\system32\_000005_.tmp.dll

      ----- BITS: Possible infected sites -----

      hxxp://ESMADEM001.es.deloitte.com
      .
      ((((((((((((((((((((((((( Files Created from 2008-05-28 to 2008-06-30 )))))))))))))))))))))))))))))))
      .

      2008-06-30 13:46 . 2008-06-30 13:46 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
      2008-06-30 13:46 . 2008-06-30 13:46 <DIR> d-------- C:\Documents and Settings\alprieto\Application Data\Malwarebytes
      2008-06-30 13:46 . 2008-06-30 13:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
      2008-06-30 13:46 . 2008-06-28 14:16 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
      2008-06-30 13:46 . 2008-06-28 14:16 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
      2008-06-30 10:30 . 2008-06-30 10:30 <DIR> d-------- C:\temp
      2008-06-25 10:03 . 2008-06-25 10:03 <DIR> d-------- C:\Program Files\Trend Micro
      2008-06-25 09:31 . 2008-06-25 09:31 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
      2008-06-25 09:31 . 2008-06-25 09:31 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
      2008-06-25 09:31 . 2008-06-25 09:31 <DIR> d-------- C:\Documents and Settings\alprieto\Application Data\SUPERAntiSpyware.com
      2008-06-25 09:31 . 2008-06-25 09:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
      2008-06-25 09:20 . 2008-06-25 09:20 <DIR> d-------- C:\Program Files\CCleaner
      2008-06-25 09:09 . 2008-06-25 09:09 378 --a------ C:\WINDOWS\system32\mapisvc.inf
      2008-06-23 09:05 . 2008-06-23 09:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
      2008-06-19 10:12 . 2008-06-19 10:12 <DIR> d-------- C:\Documents and Settings\alprieto\Application Data\deskUNPDF
      2008-06-16 13:51 . 2008-06-16 13:51 <DIR> d-------- C:\Documents and Settings\alprieto\Application Data\InstallShield
      2008-06-10 18:51 . 2008-06-10 18:51 <DIR> d-------- C:\Program Files\Zattoo
      2008-06-03 16:14 . 2008-06-03 16:14 244 --ah----- C:\sqmnoopt10.sqm
      2008-06-03 16:14 . 2008-06-03 16:14 232 --ah----- C:\sqmdata10.sqm
      2008-06-03 15:54 . 2008-06-03 15:54 244 --ah----- C:\sqmnoopt09.sqm
      2008-06-03 15:54 . 2008-06-03 15:54 232 --ah----- C:\sqmdata09.sqm
      2008-05-20 10:16 . 2008-05-20 10:16 244 --ah----- C:\sqmnoopt08.sqm
      2008-05-20 10:16 . 2008-05-20 10:16 232 --ah----- C:\sqmdata08.sqm
      2008-05-20 10:13 . 2008-05-20 10:13 244 --ah----- C:\sqmnoopt07.sqm
      2008-05-20 10:13 . 2008-05-20 10:13 232 --ah----- C:\sqmdata07.sqm
      2008-05-19 19:25 . 2008-05-19 19:25 244 --ah----- C:\sqmnoopt06.sqm
      2008-05-19 19:25 . 2008-05-19 19:25 232 --ah----- C:\sqmdata06.sqm
      2008-05-19 16:37 . 2008-05-19 16:37 244 --ah----- C:\sqmnoopt05.sqm
      2008-05-19 16:37 . 2008-05-19 16:37 232 --ah----- C:\sqmdata05.sqm
      2008-05-19 16:36 . 2008-05-19 16:36 244 --ah----- C:\sqmnoopt04.sqm
      2008-05-19 16:36 . 2008-05-19 16:36 232 --ah----- C:\sqmdata04.sqm
      2008-05-19 16:35 . 2008-05-19 16:35 244 --ah----- C:\sqmnoopt03.sqm
      2008-05-19 16:35 . 2008-05-19 16:35 232 --ah----- C:\sqmdata03.sqm
      2008-05-19 14:51 . 2008-05-19 14:51 244 --ah----- C:\sqmnoopt02.sqm
      2008-05-19 14:51 . 2008-05-19 14:51 244 --ah----- C:\sqmnoopt01.sqm
      2008-05-19 14:51 . 2008-05-19 14:51 232 --ah----- C:\sqmdata02.sqm
      2008-05-19 14:51 . 2008-05-19 14:51 232 --ah----- C:\sqmdata01.sqm
      2008-05-19 14:49 . 2008-05-19 14:49 244 --ah----- C:\sqmnoopt00.sqm
      2008-05-19 14:49 . 2008-05-19 14:49 232 --ah----- C:\sqmdata00.sqm
      2008-05-06 11:04 . 2008-05-06 11:04 <DIR> d-------- C:\Program Files\Microsoft Office Communicator
      2008-05-05 17:19 . 2008-05-05 17:19 <DIR> d-------- C:\Program Files\Enterprise Vault
      2008-05-05 10:00 . 2008-05-05 10:02 <DIR> d-------- C:\Documents and Settings\alprieto\Contacts
      2008-05-05 00:23 . 2008-05-05 00:23 <DIR> d-------- C:\Documents and Settings\Alvaro\Contacts
      2008-05-05 00:21 . 2008-05-05 00:21 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
      2008-05-05 00:21 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
      2008-05-05 00:04 . 2008-05-05 00:19 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
      2008-05-05 00:03 . 2008-05-05 00:21 <DIR> d-------- C:\Program Files\Windows Live
      2008-05-04 23:59 . 2008-05-05 00:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
      2008-05-04 23:58 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
      2008-05-04 23:58 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
      2008-05-04 23:58 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
      2008-05-04 23:58 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui

      .
      (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-06-25 14:36 --------- d-----w C:\Program Files\Google
      2008-06-25 07:08 --------- d-----w C:\Program Files\DTSC
      2008-06-16 11:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
      2008-06-16 11:51 --------- d-----w C:\Program Files\Deloitte
      2008-05-29 14:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\VMware
      2008-05-29 13:59 --------- d-----w C:\Documents and Settings\LocalService\Application Data\VMware
      2008-05-04 22:01 --------- d-----w C:\Program Files\BitComet
      2008-05-03 22:50 --------- d-----w C:\Program Files\Java
      2008-04-26 12:06 2,560 ----a-w C:\WINDOWS\system32\bitcometres.dll
      2008-04-08 11:53 143,740 ----a-w C:\WINDOWS\ADDADMINS.EXE
      2008-03-26 22:00 1,442,816 ----a-w C:\WINDOWS\system32\lmxp32.dll
      2008-03-25 11:51 18,790 ----a-w C:\WINDOWS\system32\ddmon.dll
      2008-03-10 11:25 466,982 ----a-w C:\WINDOWS\PMSbackup.EXE
      .

      ------- Sigcheck -------

      2004-08-04 14:00 14336 8f078ae4ed187aaabc0a305146de6716 C:\WINDOWS\system32\svchost.exe
      2004-08-04 14:00 14336 8f078ae4ed187aaabc0a305146de6716 C:\WINDOWS\system32\dllcache\svchost.exe

      2005-03-02 20:19 577024 1800f293bccc8ede8a70e12b88d80036 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
      2007-03-08 17:48 578048 7aa4f6c00405dfc4b70ed4214e7d687b C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
      2007-03-08 17:36 577536 b409909f6e2e8a7067076ed748abf1e7 C:\WINDOWS\SDtemp\Download\4d9d678c0d8af22c04a4a7fc7f1ff86c\sp2gdr\user32.dll
      2007-03-08 17:48 578048 7aa4f6c00405dfc4b70ed4214e7d687b C:\WINDOWS\SDtemp\Download\4d9d678c0d8af22c04a4a7fc7f1ff86c\sp2qfe\user32.dll
      2007-03-08 17:36 577536 b409909f6e2e8a7067076ed748abf1e7 C:\WINDOWS\system32\user32.dll
      2007-03-08 17:36 577536 b409909f6e2e8a7067076ed748abf1e7 C:\WINDOWS\system32\dllcache\user32.dll

      2004-08-04 14:00 82944 2ed0b7f12a60f90092081c50fa0ec2b2 C:\WINDOWS\system32\ws2_32.dll
      2004-08-04 14:00 82944 2ed0b7f12a60f90092081c50fa0ec2b2 C:\WINDOWS\system32\dllcache\ws2_32.dll

      2006-05-10 07:25 663552 d94cffdb53e7ac867438e2dfd50e7cbc C:\WINDOWS\$hf_mig$\KB916281\SP2QFE\wininet.dll
      2007-08-20 12:02 825344 357d54bf94fe9d6d8505a96b5c2a3bca C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
      2007-12-07 04:01 825344 b5b411bb229ae6ead7652a32ed47bfb9 C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
      2007-08-22 14:55 665600 a1bc17eb3758d73c3938b2318820f5b4 C:\WINDOWS\ie7\wininet.dll
      2007-08-13 19:54 818688 a4a0fc92358f39538a6494c42ef99fe9 C:\WINDOWS\ie7updates\KB939653-IE7\wininet.dll
      2007-08-20 12:04 824832 774435e499d8e9643ec961a6103c361f C:\WINDOWS\ie7updates\KB944533-IE7\wininet.dll
      2007-02-20 11:48 658944 30d1c47e40efbb792ff8d3c3b51ce507 C:\WINDOWS\SDtemp\Download\e7315ae76f5adc7c9afda4e7adacef1d\SP2GDR\wininet.dll
      2007-02-20 11:52 665600 b258c922d22deec880b60720531d7627 C:\WINDOWS\SDtemp\Download\e7315ae76f5adc7c9afda4e7adacef1d\SP2QFE\wininet.dll
      2007-12-07 04:21 824832 806d274c9a6c3aaea5eae8e4af841e04 C:\WINDOWS\system32\wininet.dll
      2007-12-07 04:21 824832 806d274c9a6c3aaea5eae8e4af841e04 C:\WINDOWS\system32\dllcache\wininet.dll

      2006-04-20 14:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
      2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\system32\dllcache\tcpip.sys
      2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\system32\drivers\tcpip.sys

      2004-08-04 14:00 502272 01c3346c241652f43aed8e2149881bfe C:\WINDOWS\system32\winlogon.exe
      2004-08-04 14:00 502272 01c3346c241652f43aed8e2149881bfe C:\WINDOWS\system32\dllcache\winlogon.exe

      2006-01-10 03:01 182528 aa898f84d2b59129fb92e143a2c73434 C:\WINDOWS\system32\dllcache\ndis.sys
      2006-01-10 03:01 182528 aa898f84d2b59129fb92e143a2c73434 C:\WINDOWS\system32\drivers\ndis.sys

      2004-08-04 14:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\dllcache\ip6fw.sys
      2004-08-04 14:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys

      2005-03-02 02:36 2056832 d8aba3eab509627e707a3b14f00fbb6b C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
      2007-02-28 11:15 2059392 4d3dbdccbf97f5ba1e74f322b155c3ba C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
      2007-02-28 11:15 2059392 4d3dbdccbf97f5ba1e74f322b155c3ba C:\WINDOWS\SDtemp\Download\10e16e65c532d077de7c89a212bd8df8\sp2qfe\ntkrnlpa.exe
      2007-02-28 11:15 2017280 2dfb215e291e3d9b1cf9a6739b3bf16c C:\WINDOWS\system32\ntkrnlpa.exe
      2007-02-28 11:15 2059392 4d3dbdccbf97f5ba1e74f322b155c3ba C:\WINDOWS\system32\dllcache\ntkrnlpa.exe

      2005-03-02 03:04 2179456 28187802b7c368c0d3aef7d4c382aabb C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
      2007-02-28 11:55 2182144 5a5c8db4aa962c714c8371fbdf189fc9 C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
      2007-02-28 11:55 2182144 5a5c8db4aa962c714c8371fbdf189fc9 C:\WINDOWS\SDtemp\Download\10e16e65c532d077de7c89a212bd8df8\sp2qfe\ntoskrnl.exe
      2007-02-28 11:53 2137600 e6679c3023b17d8b78946bc5df53fa20 C:\WINDOWS\system32\ntoskrnl.exe
      2007-02-28 11:55 2182144 5a5c8db4aa962c714c8371fbdf189fc9 C:\WINDOWS\system32\dllcache\ntoskrnl.exe

      2004-08-04 14:00 1032192 a0732187050030ae399b241436565e64 C:\WINDOWS\explorer.exe
      2004-08-04 14:00 1032192 a0732187050030ae399b241436565e64 C:\WINDOWS\system32\dllcache\explorer.exe

      2004-08-04 14:00 108032 c6ce6eec82f187615d1002bb3bb50ed4 C:\WINDOWS\system32\services.exe
      2004-08-04 14:00 108032 c6ce6eec82f187615d1002bb3bb50ed4 C:\WINDOWS\system32\dllcache\services.exe

      2004-08-04 14:00 13312 84885f9b82f4d55c6146ebf6065d75d2 C:\WINDOWS\system32\lsass.exe
      2004-08-04 14:00 13312 84885f9b82f4d55c6146ebf6065d75d2 C:\WINDOWS\system32\dllcache\lsass.exe

      2004-08-04 14:00 15360 24232996a38c0b0cf151c2140ae29fc8 C:\WINDOWS\system32\ctfmon.exe
      2004-08-04 14:00 15360 24232996a38c0b0cf151c2140ae29fc8 C:\WINDOWS\system32\dllcache\ctfmon.exe
      .
      ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown
      REGEDIT4

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
      "EFS Assistant"="C:\Program Files\Microsoft EFS Assistant\EFSAssistant.exe" [2007-05-22 16:39 62888]
      "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-06-26 16:13 1207080]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]
      "Communicator"="C:\Program Files\Microsoft Office Communicator\Communicator.exe" [2007-07-23 10:33 5803368]
      "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 16:58 1744896]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
      "consentpromptbehavioradmin"= 0 (0x0)
      "enableinstallerdetection"= 0 (0x0)

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
      "NoWelcomeScreen"= 1 (0x1)

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
      "DisablePersonalDirChange"= 1 (0x1)
      "NoTaskGrouping"= 1 (0x1)

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\disallowrun]
      "1"= emule.exe

      [HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
      "NoAutoUpdate"= 1 (0x1)

      [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
      "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-11-21 15:50 233472]
      "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
      C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ckpNotify]
      ckpNotify.dll 2005-01-30 11:49 24672 C:\WINDOWS\system32\ckpNotify.dll

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Proventia Desktop Agent.lnk]
      path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Proventia Desktop Agent.lnk
      backup=C:\WINDOWS\pss\Proventia Desktop Agent.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TMMonitor.lnk]
      path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TMMonitor.lnk
      backup=C:\WINDOWS\pss\TMMonitor.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]
      path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk
      backup=C:\WINDOWS\pss\Windows Desktop Search.lnkCommon Startup

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AccelerometerSysTrayApplet]
      --a------ 2006-01-16 22:01 53248 C:\WINDOWS\system32\AccelerometerSt.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
      --a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AgentNotifierRunKey]
      --a------ 2006-06-28 02:36 180224 C:\Program Files\Iron Mountain\Connected BackupPC\AgentNotifier.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
      --a------ 2005-12-12 15:00 88203 C:\WINDOWS\AGRSMMSG.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
      --a------ 2006-01-02 17:41 45056 C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
      --a------ 2006-02-22 08:03 40960 C:\Program Files\HPQ\Default Settings\cpqset.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
      --a------ 2004-08-04 14:00 15360 C:\WINDOWS\system32\ctfmon.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
      --a------ 2005-08-31 05:20 122940 C:\WINDOWS\System32\DLA\DLACTRLW.EXE

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EFS Assistant]
      --a------ 2007-05-22 16:39 62888 C:\Program Files\Microsoft EFS Assistant\EFSAssistant.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\endisems_pms]
      --a------ 2006-10-04 10:59 137930 C:\WINDOWS\system32\endisesm.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
      --a------ 2006-06-26 16:13 1207080 C:\Program Files\Microsoft ActiveSync\wcescomm.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
      --a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfeeUpdaterUI]
      --a------ 2007-10-25 11:04 136512 C:\Program Files\McAfee\Common Framework\UdaterUI.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
      --a------ 2007-03-27 16:58 1744896 C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
      --a------ 2007-03-23 14:20 227328 C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PTHOSTTR]
      --a------ 2006-02-14 11:56 122880 C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
      --a------ 2006-03-02 15:39 131072 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
      --a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\qttask.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistrarUsrDNIeCertStoreDLL]
      --a------ 2007-12-18 17:56 24576 C:\WINDOWS\system32\udcs.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShStatEXE]
      --a------ 2006-11-30 08:50 112216 C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
      --a------ 2005-05-06 14:06 716800 C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
      -ra------ 2005-05-20 10:11 925696 C:\Program Files\Analog Devices\Core\smax4pnp.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spoo1sv.exe]
      C:\WINDOWS\system32\spoo1sv.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
      --a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
      --a------ 2006-03-03 18:46 761948 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VodafoneUSBPP.exe]
      --a------ 2006-10-09 16:29 1024000 C:\Program Files\Huawei technologies\Vodafone Mobile Connect Modem\VodafoneUSBPP.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]
      --a------ 2006-03-31 13:58 184320 C:\Program Files\InterVideo\DVD Check\DVDCheck.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
      --a------ 2006-10-18 21:05 204288 C:\Program Files\Windows Media Player\WMPNSCFG.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
      "Bonjour Service"=2 (0x2)
      "WLSetupSvc"=3 (0x3)
      "usnjsvc"=3 (0x3)
      "ose"=3 (0x3)
      "IDriverT"=3 (0x3)
      "Adobe LM Service"=3 (0x3)
      "VMware NAT Service"=2 (0x2)
      "VMnetDHCP"=2 (0x2)
      "VMAuthdService"=2 (0x2)
      "WMPNetworkSvc"=2 (0x2)
      "VPatch"=2 (0x2)
      "vmount2"=2 (0x2)
      "ufad-p2v"=2 (0x2)
      "ServiceLayer"=3 (0x3)
      "RapApp"=2 (0x2)
      "MDM"=2 (0x2)
      "iPod Service"=3 (0x3)
      "bmwebcfg"=2 (0x2)
      "BlackICE"=2 (0x2)
      "Apple Mobile Device"=2 (0x2)
      "AgentService"=2 (0x2)

      [HKEY_LOCAL_MACHINE\software\microsoft\security center]
      "UpdatesDisableNotify"=dword:00000001

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
      "EnableFirewall"= 0 (0x0)

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
      "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
      "22810:TCP"= 22810:TCP:BitComet 22810 TCP
      "22810:UDP"= 22810:UDP:BitComet 22810 UDP

      R1 tidnet;TID NDIS Protocol Driver;C:\WINDOWS\system32\DRIVERS\tidnet.sys [2005-06-08 17:01]
      R2 CcmExec;SMS Agent Host;C:\WINDOWS\system32\CCM\CcmExec.exe [2007-04-13 02:50]
      R2 Scap;SecureClient Application Policy Module;C:\WINDOWS\system32\DRIVERS\Scap.sys [2005-01-30 11:49]
      R2 VPatch;ISS Buffer Overflow Exploit Prevention;"C:\Program Files\ISS\Proventia Desktop\vpatch.exe" [2007-09-25 13:15]
      R2 VPN-1;VPN-1 Module;C:\WINDOWS\system32\drivers\vpn.sys [2005-01-30 11:49]
      R2 vstor2-p2v30;Vstor2 P2V30 Virtual Storage Driver;C:\Program Files\VMware\VMware Converter\vstor2-p2v30.sys [2007-01-30 20:41]
      R3 FW1;SecuRemote Miniport;C:\WINDOWS\system32\DRIVERS\fw.sys [2005-01-30 11:49]
      R3 GTIPCI21;GTIPCI21;C:\WINDOWS\system32\DRIVERS\gtipci21.sys [2005-05-31 12:46]
      R3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2005-06-10 15:26]
      R3 MakoNT;MakoNT;C:\WINDOWS\system32\drivers\isskboep.sys [2007-05-07 17:06]
      R3 prepdrvr;SMS Process Event Driver;C:\WINDOWS\system32\CCM\prepdrv.sys [2007-04-13 02:50]
      R3 rap;rap;C:\WINDOWS\system32\drivers\RapDrv.sys [2007-09-25 13:15]
      R4 black;black;C:\WINDOWS\system32\drivers\BlackCat.sys [2007-05-07 17:06]
      S3 BDA_Capture_225;USB Digital-TV receiver Driver 2.0.1.8;C:\WINDOWS\system32\Drivers\BDA_Capture_225.sys [2006-04-04 03:36]
      S3 BDA_Loader_225;USB Digital-TV Receiver Firmware Loader 6.4.11.0;C:\WINDOWS\system32\Drivers\BDA_Loader_225.sys [2006-04-11 07:32]
      S3 G3GRUMDM;G3G R USB Modem;C:\WINDOWS\system32\DRIVERS\g3grumdm.sys [2005-11-18 08:58]
      S3 G3GRUSER;G3G R USB Serial;C:\WINDOWS\system32\DRIVERS\g3gruser.sys [2005-11-18 08:58]
      S3 GTF32BUS;GT F32 BUS;C:\WINDOWS\system32\DRIVERS\gtf32bus.sys [2006-03-17 13:30]
      S3 GTPTSER;GT PT SER;C:\WINDOWS\system32\DRIVERS\gtptser.sys [2006-03-17 13:30]
      S3 GTSCSER;GT SC SER;C:\WINDOWS\system32\DRIVERS\gtscser.sys [2006-03-17 13:30]
      S3 OMVA;VPN-1 SecureClient Adapter;C:\WINDOWS\system32\DRIVERS\OMVA.sys [2005-01-30 11:49]
      S3 W8100PCI;Marvell Libertas 802.11b/g Driver for Windows XP;C:\WINDOWS\system32\DRIVERS\mrv8k51.sys [2005-10-31 10:36]
      S4 AgentService;AgentService;"C:\Program Files\Iron Mountain\Connected BackupPC\AgentService.exe" -p 16386 []
      S4 ufad-p2v;VMware Converter Service;"C:\Program Files\VMware\VMware Converter\vmware-ufad.exe" -d "C:\Program Files\VMware\VMware Converter\\" -s ufad-p2v.xml []

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6790a5cd-1bb5-11db-b603-843ecfd65033}]
      \Shell\AutoRun\command - F:\setupSNK.exe

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b43622e8-22ed-11dc-b43e-0018de8c6728}]
      \Shell\AutoRun\command - E:\AutoRun.exe

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c17de470-ee80-11dc-bbe8-0018de8c6728}]
      \Shell\Auto\command - E:\wherestar.exe
      \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wherestar.exe

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ccc71220-04ab-11dd-bc01-0018de8c6728}]
      \Shell\Auto\command - E:\wherestar.exe
      \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wherestar.exe

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f90f9d69-9e9e-11dc-bb4e-545543445200}]
      \Shell\Auto\command - F:\wherestar.exe
      \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wherestar.exe

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fc799428-e37c-11dc-bbd0-0018de8c6728}]
      \Shell\Auto\command - wherestar.exe
      \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wherestar.exe

      *Newly Created Service* - CATCHME
      .
      Contents of the 'Scheduled Tasks' folder
      "2008-04-26 15:41:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
      - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
      .
      **************************************************************************

      catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-06-30 14:09:47
      Windows 5.1.2600 Service Pack 2 NTFS

      scanning hidden processes ...

      scanning hidden autostart entries ...

      scanning hidden files ...

      scan completed successfully
      hidden files: 0

      **************************************************************************
      .
      Completion time: 2008-06-30 1448
      ComboFix-quarantined-files.txt 2008-06-30 1241

      Pre-Run: 9,558,368,256 bytes free
      Post-Run: 9,652,408,320 bytes free

      331


      MALWARE
      Malwarebytes' Anti-Malware 1.19
      Versión de la Base de Datos: 907
      Windows 5.1.2600 Service Pack 2

      13:54:53 30/06/2008
      mbam-log-6-30-2008 (13-54-53).txt

      Tipo de examen : Examen Rápido
      Objetos examinados: 47379
      Tiempo transcurrido: 6 minute(s), 5 second(s)

      Procesos en Memoria Infectados: 0
      Módulos en Memoria Infectados: 0
      Claves del Registro Infectadas: 0
      Valores del Registro Infectados: 0
      Elementos de Datos del Registro Infectados: 2
      Carpetas Infectadas: 0
      Ficheros Infectados: 1

      Procesos en Memoria Infectados:
      (No se han detectado elementos maliciosos)

      Módulos en Memoria Infectados:
      (No se han detectado elementos maliciosos)

      Claves del Registro Infectadas:
      (No se han detectado elementos maliciosos)

      Valores del Registro Infectados:
      (No se han detectado elementos maliciosos)

      Elementos de Datos del Registro Infectados:
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

      Carpetas Infectadas:
      (No se han detectado elementos maliciosos)

      Ficheros Infectados:
      C:\WINDOWS\system32\nvs2.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.

    4. #4
      FS-Admin
      Avatar de ElPiedra
      Registrado
      ene 2005
      Ubicación
      Miami
      Mensajes
      37.943

      Re: Me estoy volviendo loco

      Hola, ComboFix ya se encargo de eliminar los archivos de malwares encontrados en tu PC, por lo que si todo esta funcionado bien, damos por terminado el tema.

      Para terminar solo te quedaría desinstalar CF de la siguiente manera:


      • Ir a Inicio > Ejecutar
      • Escribir lo siguiente: ComboFix /u como muestra la imagen debajo:


      • Esto activara el desinstalador de ComboFix abriendo su pantalla principal y luego de unos segundos veras ("ComboFix is uninstalled")



      Para evitar este tipo de infecciones te recomiendo usar un navegador mas seguro como Firefox
      Salu2
      Marcelo Rivero
      Microsoft MVP Enterprise Security.



      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.