Posible Infeccion tarda mucho en iniciar, etc. (Solucionado)

Buscar

		Foro de InfoSpyware » Spyware - Adware - Hijackers - Malwares » Temas Solucionados
Posible Infeccion tarda mucho en iniciar, etc. (Solucionado)

Para evitar Virus, Spyware y otros Malwares, te recomendamos mantenerte informado en: InfoSpyware Blog

Temas Solucionados Casos de HijackThis y Malwares resueltos.
(Solo lectura)

Enviar a:

Herramientas

post #1

11/03/09, 14:54:43

QueenMilk

Usuario

Registrado: mar 2009

Ubicación: Mexico

Mensajes: 25

Posible Infeccion tarda mucho en iniciar, etc. (Solucionado)

Hola de nuevo

Aqui estoy molestandolos porque mi computadora con xp continua muy rara, los iconos de la derecha desaparecieron de nuevo, tarda muchisimo cuando la prendo o la reinicio en cargar, ademas a veces se traba el explorer y parpadean unos como flashes blancos y no sirve el click derecho.

La verdad es que la noto rara, no se si alguien pudiera porfavor ayudarme, o al menos decirme si mi log esta bien, esta es la tercera vez que pongo el log, gracias de nuevo.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:54:03 p.m., on 11/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\PROGRA~1\CYBERL~1\INSTAN~1\Win2K\IBurn.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\NetLimiter 2 Pro\NLClient.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\Milk\My Documents\RegSeeker\RegSeeker\RegSeeker.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch_1.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PowerISO.lnk] C:\Program Files\PowerISO\PowerISO.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [InstantBurn] C:\PROGRA~1\CYBERL~1\INSTAN~1\Win2K\IBurn.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [EPSON Stylus Photo R290 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIC KL.EXE /FU "C:\WINDOWS\TEMP\E_SA1.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Shortcut to egui.lnk = C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Descargar con Fl&ashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Descargar todo con Flas&hGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Portafolios de HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Selección inteligente de HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\WINDOWS\system32\Wacom_Tablet.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 12394 bytes

Malwarebytes' Anti-Malware 1.34
Versión de la Base de Datos: 1832
Windows 5.1.2600 Service Pack 3

10/03/2009 06:50:39 p.m.
mbam-log-2009-03-10 (18-50-33).txt

Tipo de examen : Examen Rápido
Objetos examinados: 72901
Tiempo transcurrido: 7 minute(s), 31 second(s)

Procesos en Memoria Infectados: 0
Módulos en Memoria Infectados: 0
Claves del Registro Infectadas: 1
Valores del Registro Infectados: 0
Elementos de Datos del Registro Infectados: 0
Carpetas Infectadas: 0
Ficheros Infectados: 0

Procesos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Módulos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Claves del Registro Infectadas:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\WS2IFSL (Fake.Driver) -> No action taken.

Valores del Registro Infectados:
(No se han detectado elementos maliciosos)

Elementos de Datos del Registro Infectados:
(No se han detectado elementos maliciosos)

Carpetas Infectadas:
(No se han detectado elementos maliciosos)

Ficheros Infectados:
(No se han detectado elementos maliciosos)

;************************************************* ************************************************** ************************************************** ******************************
ANALYSIS: 2009-03-10 22:49:31
PROTECTIONS: 1
MALWARE: 5
SUSPECTS: 0
;************************************************* ************************************************** ************************************************** ******************************
PROTECTIONS
Description Version Active Updated
;================================================= ================================================== ================================================== ==============================
ESET NOD32 Antivirus 3.0 3.0 Yes Yes
;================================================= ================================================== ================================================== ==============================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;================================================= ================================================== ================================================== ==============================
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Milk\Cookies\milk@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Milk\Cookies\milk@doubleclick[2].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Milk\Cookies\milk@tribalfusion[2].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Milk\Cookies\milk@mediaplex[1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Milk\Cookies\milk@statcounter[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Milk\Cookies\milk@ad.yieldmanager[1].txt
;================================================= ================================================== ================================================== ==============================
SUSPECTS
Sent Location
;================================================= ================================================== ================================================== ==============================
;================================================= ================================================== ================================================== ==============================
VULNERABILITIES
Id Severity Description
;================================================= ================================================== ================================================== ==============================
;================================================= ================================================== ================================================== ==============================

Última edición por QueenMilk fecha: 13/03/09 a las 14:06:16.

InfoSpyware

post #2

12/03/09, 21:14:41

GPastor

FS-Admin

Registrado: mar 2005

Ubicación: Lima - Perú

Mensajes: 22.848

Re: Posible Infeccion tarda mucho en iniciar, etc.

Hola, el log está limpio, para descartar infecciones sigue estos pasos:

- Descarga la herramienta ComboFix.exe y guárdala en el escritorio.

Desactiva temporalmente el Antivirus y/o Antispyware.
Cierra todas las ventanas abiertas.
Haz doble clic al archivo ComboFix.exe y sigue las instrucciones.
Cuando termine, generará un registro en C:\ComboFix.txt.
- *Nota* Mientras CF este trabajando no mover el mouse ya que pararía su proceso.
- *Nota* ComboFix puede reiniciar automáticamente el PC para completar el proceso de eliminación.

Cita:

Atención!! No use ComboFix a menos que se le haya indicado específicamente en su mensaje por un integrante de nuestro Staff. Es una herramienta de gran alcance destinada por su creador a ser usada bajo la orientación y supervisión de un experto, no para uso privado. El uso de ComboFix incorrectamente podría generar problemas en su sistema. Por favor, lea las "Negaciones de la Garantía" de ComboFix.

Reinicia y pega el reporte de C:\ComboFix.txt en este mismo mensaje.

Saludos

Novedades del Foro | Antivirus Online | Eliminar Malwares | Políticas del Foro | Blog

* Ayúdanos haciendo una DONACIÓN para poder seguir Ayudando.
* Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
* No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

post #3

12/03/09, 22:44:25

QueenMilk

Usuario

Registrado: mar 2009

Ubicación: Mexico

Mensajes: 25

Re: Posible Infeccion tarda mucho en iniciar, etc.

Muchas gracias por su ayuda, ya use el combo fix y si vi que elimino varias cosas, sin embargo ahora me volvio a eliminar los iconos de la derecha y aunque uso el regseeker no me aparecen de nuevo, aqui esta el log:

Ya es todo?, la noto mejorcita.

ComboFix 09-03-12.01 - Milk 2009-03-12 20:00:21.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1471.942 [GMT -6:00]
Running from: c:\documents and settings\Milk\My Documents\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated)
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Milk\Application Data\inst.exe
c:\windows\system32\AutoRun.inf
c:\windows\system32\Setup_ver1.1351.25.exe

----- BITS: Possible infected sites -----

hxxp://au.download.windowsupdate.j+|Cv+@J:NGD_DQ{zcxLJS@a o,>AD#Messenger Update.S-1-5-21-1454471165-963894560-1417001333-1003XtD$?wV s9uuT? wV s9uuTwV s9uuT6VwoQZCDHM
.
((((((((((((((((((((((((( Files Created from 2009-02-13 to 2009-03-13 )))))))))))))))))))))))))))))))
.

2009-03-12 19:50 . 2009-03-12 19:50 <DIR> d-------- c:\windows\Sun
2009-03-12 19:50 . 2009-03-12 19:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\GlobalSCAPE
2009-03-12 19:07 . 2009-03-12 19:07 244 --ah----- C:\sqmnoopt19.sqm
2009-03-12 19:07 . 2009-03-12 19:07 232 --ah----- C:\sqmdata19.sqm
2009-03-12 18:52 . 2009-03-12 18:52 244 --ah----- C:\sqmnoopt18.sqm
2009-03-12 18:52 . 2009-03-12 18:52 232 --ah----- C:\sqmdata18.sqm
2009-03-12 18:51 . 2009-03-12 19:54 <DIR> d-------- c:\program files\SpeedFan
2009-03-12 18:51 . 2009-03-12 18:51 45 --a------ c:\windows\system32\initdebug.nfo
2009-03-12 18:34 . 2009-03-12 18:34 244 --ah----- C:\sqmnoopt17.sqm
2009-03-12 18:34 . 2009-03-12 18:34 232 --ah----- C:\sqmdata17.sqm
2009-03-11 13:22 . 2009-03-11 13:22 244 --ah----- C:\sqmnoopt16.sqm
2009-03-11 13:22 . 2009-03-11 13:22 232 --ah----- C:\sqmdata16.sqm
2009-03-11 12:38 . 2009-03-11 12:38 244 --ah----- C:\sqmnoopt15.sqm
2009-03-11 12:38 . 2009-03-11 12:38 232 --ah----- C:\sqmdata15.sqm
2009-03-11 12:34 . 2009-03-11 12:34 244 --ah----- C:\sqmnoopt14.sqm
2009-03-11 12:34 . 2009-03-11 12:34 232 --ah----- C:\sqmdata14.sqm
2009-03-10 23:40 . 2009-03-10 23:40 244 --ah----- C:\sqmnoopt13.sqm
2009-03-10 23:40 . 2009-03-10 23:40 232 --ah----- C:\sqmdata13.sqm
2009-03-10 23:32 . 2009-03-10 23:32 244 --ah----- C:\sqmnoopt12.sqm
2009-03-10 23:32 . 2009-03-10 23:32 232 --ah----- C:\sqmdata12.sqm
2009-03-10 23:26 . 2009-03-10 23:26 244 --ah----- C:\sqmnoopt11.sqm
2009-03-10 23:26 . 2009-03-10 23:26 232 --ah----- C:\sqmdata11.sqm
2009-03-10 14:38 . 2009-03-10 14:38 268 --ah----- C:\sqmdata10.sqm
2009-03-10 14:38 . 2009-03-10 14:38 244 --ah----- C:\sqmnoopt10.sqm
2009-03-10 14:23 . 2009-03-10 14:23 244 --ah----- C:\sqmnoopt09.sqm
2009-03-10 14:23 . 2009-03-10 14:23 232 --ah----- C:\sqmdata09.sqm
2009-03-10 12:21 . 2009-03-10 12:21 <DIR> d-------- c:\program files\Panda Security
2009-03-10 12:21 . 2008-06-19 16:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys
2009-03-10 11:54 . 2009-03-10 11:54 244 --ah----- C:\sqmnoopt08.sqm
2009-03-10 11:54 . 2009-03-10 11:54 232 --ah----- C:\sqmdata08.sqm
2009-03-10 10:46 . 2009-03-10 10:46 244 --ah----- C:\sqmnoopt07.sqm
2009-03-10 10:46 . 2009-03-10 10:46 232 --ah----- C:\sqmdata07.sqm
2009-03-08 12:22 . 2009-03-08 12:22 603,904 --a------ c:\windows\system32\TUProgSt.exe
2009-03-08 12:22 . 2009-03-08 12:22 362,240 --a------ c:\windows\system32\TuneUpDefragService.exe
2009-03-08 12:22 . 2008-11-12 16:44 27,904 --a------ c:\windows\system32\uxtuneup.dll
2009-03-07 00:53 . 2009-03-07 00:53 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-07 00:53 . 2009-03-07 00:53 <DIR> d-------- c:\documents and settings\Milk\Application Data\Malwarebytes
2009-03-07 00:53 . 2009-03-07 00:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-07 00:53 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-07 00:53 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-06 20:44 . 2009-03-06 20:50 <DIR> d---s---- c:\documents and settings\Administrator
2009-03-04 12:34 . 2009-03-04 12:34 <DIR> d-------- c:\program files\GlobalSCAPE
2009-03-04 12:34 . 2009-03-04 12:34 <DIR> d-------- c:\documents and settings\Milk\Application Data\GlobalSCAPE
2009-03-03 19:43 . 2009-03-03 20:09 <DIR> d-------- c:\program files\Traction Software
2009-03-02 15:26 . 2009-03-02 15:26 <DIR> d-------- c:\program files\NetLimiter 2 Pro
2009-03-02 15:26 . 2009-03-02 15:26 <DIR> d-------- c:\documents and settings\Milk\Application Data\Locktime
2009-03-02 15:26 . 2009-03-02 15:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\Locktime
2009-02-25 19:59 . 2009-02-25 19:59 <DIR> d-------- c:\documents and settings\Milk\Application Data\ArcSoft
2009-02-25 19:57 . 2009-02-25 19:57 <DIR> d-------- c:\program files\ArcSoft
2009-02-25 19:57 . 1995-08-01 04:44 212,480 --a------ c:\windows\PCDLIB32.DLL
2009-02-25 14:31 . 2009-02-25 14:31 <DIR> d-------- c:\program files\Common Files\CyberLink
2009-02-25 14:29 . 2009-02-25 14:29 29,480 --a------ c:\windows\system32\msxml3a.dll
2009-02-25 14:22 . 2009-02-25 14:24 <DIR> d-------- c:\documents and settings\Milk\Application Data\CyberLink
2009-02-25 14:18 . 2009-02-25 14:18 <DIR> d-------- c:\program files\Common Files\LightScribe
2009-02-25 14:16 . 2005-01-07 17:34 486,766 --a------ c:\windows\CLBUDF.tbl
2009-02-25 14:16 . 2007-10-26 10:55 162,344 --------- c:\windows\system32\drivers\CLBUDF.sys
2009-02-25 14:16 . 2007-10-26 10:55 131,072 --a------ c:\windows\IBUnInst.exe
2009-02-25 14:16 . 2007-10-26 10:55 15,784 --------- c:\windows\system32\drivers\CLBStor.sys
2009-02-25 14:15 . 2009-02-25 14:35 <DIR> d-------- c:\program files\CyberLink
2009-02-25 14:15 . 2009-03-03 21:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\CyberLink
2009-02-24 12:54 . 2009-02-24 12:54 <DIR> d-------- c:\program files\Webteh
2009-02-24 12:54 . 2009-02-24 13:00 <DIR> d-------- c:\documents and settings\Milk\Application Data\BSplayer PRO
2009-02-24 12:46 . 2009-02-24 12:46 <DIR> d-------- c:\documents and settings\Milk\Application Data\GRETECH
2009-02-24 12:45 . 2009-02-24 12:45 <DIR> d-------- c:\program files\GRETECH
2009-02-23 15:17 . 2009-03-07 23:49 <DIR> d-------- C:\Downloads
2009-02-23 13:13 . 2009-03-08 01:51 <DIR> d-------- c:\program files\FlashGet
2009-02-22 23:01 . 2009-02-22 23:01 <DIR> d-------- c:\documents and settings\Milk\Application Data\vlc
2009-02-22 15:15 . 2009-02-22 15:15 <DIR> d-------- c:\program files\Real
2009-02-22 15:15 . 2009-02-27 00:22 <DIR> d-------- c:\program files\Common Files\Real
2009-02-22 01:11 . 2009-02-22 01:11 <DIR> d-------- c:\documents and settings\Milk\Application Data\FFSJ
2009-02-22 01:08 . 2009-02-22 01:08 <DIR> d-------- c:\windows\system32\FFSJ
2009-02-22 01:08 . 2009-02-22 01:08 794,906 --a------ c:\windows\unins000.exe
2009-02-22 01:08 . 2009-02-22 01:08 4,191 --a------ c:\windows\unins000.dat
2009-02-20 12:32 . 2009-02-20 12:32 <DIR> d-------- c:\documents and settings\LocalService\Application Data\WTablet
2009-02-19 19:14 . 2009-02-19 19:14 38 --a------ c:\windows\AviSplitter.INI
2009-02-19 14:15 . 2009-03-10 11:03 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-02-19 14:15 . 2009-02-23 13:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\SpeedBit
2009-02-19 14:14 . 2009-02-23 17:42 <DIR> d-------- c:\program files\DAP
2009-02-19 13:18 . 2009-02-25 18:50 952 --ahs---- c:\windows\system32\KGyGaAvL.sys
2009-02-19 13:18 . 2009-02-19 13:18 8 -r-hs---- c:\windows\system32\87DF98EDDC.sys
2009-02-17 16:39 . 2009-02-17 16:39 63 --ah----- c:\windows\winshell.dat
2009-02-17 16:15 . 2009-02-19 09:58 <DIR> d-------- c:\program files\Dachshund Software
2009-02-17 16:15 . 2009-02-18 11:24 441 --ah----- c:\windows\wininf.dat
2009-02-16 13:15 . 2009-02-16 13:15 <DIR> d-------- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-02-16 13:13 . 2009-02-16 13:13 <DIR> d-------- c:\program files\Messenger Plus! Live
2009-02-15 03:40 . 2008-03-03 18:21 568 --ah----- c:\windows\nod32fixtemdono.reg
2009-02-15 03:39 . 2009-02-15 03:39 <DIR> d-------- c:\program files\ESET
2009-02-15 03:31 . 2008-03-03 14:25 5,702 --ah----- c:\windows\nod32restoretemdono.reg
2009-02-15 03:23 . 2009-02-15 03:24 42 --a------ c:\windows\system32\Jiii_PNUCT.pnc
2009-02-15 03:15 . 2009-03-06 19:52 <DIR> d-------- c:\program files\Perfect Uninstaller
2009-02-15 03:15 . 2009-02-15 03:15 42 --a------ c:\windows\system32\AK083E209605E394C.lie
2009-02-14 21:14 . 2009-02-14 21:14 <DIR> d-------- C:\WTablet
2009-02-14 21:10 . 2009-02-14 21:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\ESET
2009-02-14 04:28 . 2009-02-14 04:28 <DIR> d-------- c:\documents and settings\Milk\Application Data\Kasper-Key_Sharing_Networ
2009-02-14 03:59 . 2009-02-14 03:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-03-13 01:52 --------- d-----w c:\documents and settings\Milk\Application Data\WTablet
2009-03-11 18:32 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-03-11 02:48 5,642 --sha-w c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2009-03-11 02:47 88 --sh--r c:\documents and settings\All Users\Application Data\87DF98EDDC.sys
2009-03-11 02:47 --------- d-----w c:\documents and settings\Milk\Application Data\Vso
2009-03-10 19:51 --------- d-----w c:\program files\Windows Live Safety Center
2009-03-08 20:25 --------- d-----w c:\documents and settings\Milk\Application Data\uTorrent
2009-03-08 18:22 --------- d-----w c:\program files\TuneUp Utilities 2009
2009-03-07 18:16 --------- d-----w c:\program files\GatheringRO
2009-03-07 03:46 --------- d-sh--w c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-03-07 03:10 --------- d-----w c:\program files\PowerISO
2009-03-07 03:09 --------- d-----w c:\documents and settings\Milk\Application Data\dvdcss
2009-03-04 18:34 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-27 09:05 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-27 01:19 --------- d-----w c:\program files\Corel
2009-02-27 01:19 --------- d-----w c:\program files\Common Files\Corel
2009-02-27 01:09 --------- d-----w c:\documents and settings\All Users\Application Data\LightScribe
2009-02-26 01:00 --------- d-----w c:\documents and settings\All Users\Application Data\Corel
2009-02-25 20:16 1,066,544 ----a-w c:\windows\system32\MFC71.dll
2009-02-25 20:16 1,053,232 ----a-w c:\windows\system32\MFC71u.dll
2009-02-22 21:15 499,712 ----a-w c:\windows\system32\msvcp71.dll
2009-02-22 21:15 348,160 ----a-w c:\windows\system32\msvcr71.dll
2009-02-20 01:20 --------- d-----w c:\documents and settings\Milk\Application Data\Corel
2009-02-18 18:59 --------- d-----w c:\program files\Tablet
2009-02-14 10:17 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-02-14 10:10 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-02-14 10:10 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-10 19:22 --------- d-----w c:\documents and settings\Milk\Application Data\Bitstream
2009-02-10 19:16 --------- d-----w c:\program files\Common Files\Protexis
2009-02-10 04:28 --------- d-----w c:\documents and settings\All Users\Application Data\TuneUp Software
2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-02-09 08:37 --------- d-----w c:\documents and settings\All Users\Application Data\vsosdk
2009-02-09 07:04 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2009-02-09 07:04 47,360 ----a-w c:\documents and settings\Milk\Application Data\pcouffin.sys
2009-02-09 07:04 --------- d-----w c:\program files\VSO
2009-02-09 06:35 --------- d-----w c:\documents and settings\Milk\Application Data\Nero
2009-02-09 06:33 --------- d-----w c:\program files\Avi2Dvd
2009-02-09 06:30 --------- d-----w c:\program files\AviSynth 2.5
2009-02-09 06:14 --------- d-----w c:\documents and settings\All Users\Application Data\Nero
2009-02-09 06:09 --------- d-----w c:\program files\Common Files\Nero
2009-02-09 05:18 --------- d-----w c:\documents and settings\Milk\Application Data\Xilisoft Corporation
2009-02-09 05:16 --------- d-----w c:\program files\Xilisoft
2009-02-09 05:12 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-02-09 05:12 --------- d-----w c:\program files\Java
2009-01-29 22:23 --------- d-----w c:\documents and settings\All Users\Application Data\ATI
2009-01-29 22:11 --------- d-----w c:\program files\Reference Assemblies
2009-01-29 22:11 --------- d-----w c:\program files\MSBuild
2009-01-29 21:34 --------- d-----w c:\program files\ATI Technologies
2009-01-25 07:49 --------- d-----w c:\documents and settings\Milk\Application Data\SmartFTP
2009-01-24 00:47 --------- d-----w c:\program files\Opera 10 Preview
2009-01-23 05:07 --------- d-----w c:\program files\CCleaner
2009-01-21 13:49 118,656 ----a-w c:\windows\system32\drivers\Rtnicxp.sys
2009-01-19 22:08 --------- d-----w c:\program files\uTorrent
2009-01-19 18:52 --------- d-----w c:\program files\Microsoft
2009-01-16 20:45 73,728 ----a-w c:\windows\system32\RtNicProp32.dll
2009-01-14 07:14 3,455,488 ----a-w c:\windows\system32\drivers\ati2mtag.sys
2009-01-14 05:46 11,591,680 ----a-w c:\windows\system32\atioglxx.dll
2009-01-14 04:53 286,720 ----a-w c:\windows\system32\atiok3x2.dll
2009-01-14 04:49 425,984 ----a-w c:\windows\system32\ATIDEMGX.dll
2009-01-14 04:47 323,584 ----a-w c:\windows\system32\ati2dvag.dll
2009-01-14 04:36 26,112 ----a-w c:\windows\system32\Ati2mdxx.exe
2009-01-14 04:36 196,608 ----a-w c:\windows\system32\atipdlxx.dll
2009-01-14 04:36 151,552 ----a-w c:\windows\system32\Oemdspif.dll
2009-01-14 04:35 43,520 ----a-w c:\windows\system32\ati2edxx.dll
2009-01-14 04:35 155,648 ----a-w c:\windows\system32\ati2evxx.dll
2009-01-14 04:34 598,016 ----a-w c:\windows\system32\ati2evxx.exe
2009-01-14 04:32 53,248 ----a-w c:\windows\system32\ATIDDC.DLL
2009-01-14 04:22 4,009,152 ----a-w c:\windows\system32\ati3duag.dll
2009-01-14 04:05 2,500,224 ----a-w c:\windows\system32\ativvaxx.dll
2009-01-14 03:50 48,640 ----a-w c:\windows\system32\amdpcom32.dll
2009-01-14 03:45 401,408 ----a-w c:\windows\system32\atikvmag.dll
2009-01-14 03:44 17,408 ----a-w c:\windows\system32\atitvo32.dll
2009-01-14 03:44 110,592 ----a-w c:\windows\system32\atiadlxx.dll
2009-01-14 03:43 53,248 ----a-w c:\windows\system32\drivers\ati2erec.dll
2009-01-14 03:37 577,536 ----a-w c:\windows\system32\ati2cqag.dll
2009-01-14 03:37 307,200 ----a-w c:\windows\system32\atiiiexx.dll
2009-01-14 03:05 593,920 ------w c:\windows\system32\ati2sgag.exe
2009-01-14 02:36 45,056 ----a-w c:\windows\system32\amdcalrt.dll
2009-01-14 02:36 45,056 ----a-w c:\windows\system32\amdcalcl.dll
2009-01-14 02:34 3,227,648 ----a-w c:\windows\system32\Amdcaldd.dll
2008-12-20 23:15 826,368 ----a-w c:\windows\system32\wininet.dll
2008-06-30 18:44 324,976 ----a-w c:\program files\mozilla firefox\components\coFFPlgn.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-02-11 399504]
"c:\documents and settings\All Users\Start Menu\Programs\Startup\PowerISO.lnk"="c:\program files\PowerISO\PowerISO.exe" [2008-03-14 1019904]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-03-14 233472]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-25 c:\windows\RTHDCPL.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Milk\Start Menu\Programs\Startup\
Shortcut to egui.lnk - c:\program files\ESET\ESET NOD32 Antivirus\egui.exe [2008-02-20 1443072]
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2008-10-09 3581680]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
"UpdatePDRShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "c:\program files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
"UpdatePPShortCut"="c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStart Menu.exe" "c:\program files\CyberLink\PowerProducer" update "Software\CyberLink\PowerProducer\5.0"
"P2Go_Menu"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu. exe" "c:\program files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
"ehTray"=c:\windows\ehome\ehtray.exe
"MSConfig"=c:\windows\PCHealth\HelpCtr\Binaries\MS Config.exe /auto
"PWRISOVM.EXE"=c:\program files\PowerISO\PWRISOVM.EXE
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"c:\documents and settings\Milk\Start Menu\Programs\Startup\Shortcut to PowerISO.lnk"=c:\program files\PowerISO\PowerISO.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Corel\\Corel Paint Shop Pro Photo X2\\Corel Paint Shop Pro Photo.exe"=
"c:\\Program Files\\FlashGet\\FlashGet.exe"=
"f:\\Juegos\\Snes\\ZSNES\\ZSNES\\zsnesw.exe"=

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboo t.sys [2009-03-10 28544]
R1 CLBStor;InstantBurn Storage Helper Driver;c:\windows\system32\drivers\CLBStor.sys [2009-02-25 15784]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfw tdir.sys [2008-02-20 33800]
R1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [2007-04-23 82200]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [2008-10-07 20:31:38 61424]
R2 CLBUDF;CyberLink InstantBurn UDF Filesystem;c:\windows\system32\drivers\CLBUDF.sys [2009-02-25 162344]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-02-20 472320]
R2 TabletServiceWacom;TabletServiceWacom;c:\windows\s ystem32\Wacom_Tablet.exe [2008-10-10 2749224]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-03-08 603904]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\dr ivers\mbam.sys [2009-03-07 15504]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2009-03-07 179856]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2008-04-14 3584]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.s ys [2008-10-10 15656]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-03-11 c:\windows\Tasks\Malwarebytes' Scheduled Scan for Milk.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-02-11 10:19]

2009-03-10 c:\windows\Tasks\Malwarebytes' Scheduled Update for Milk.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-02-11 10:19]

2009-03-13 c:\windows\Tasks\User_Feed_Synchronization-{540606D3-6C5E-47B1-931D-A165A255D2CB}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 17:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.mx/
IE: &Descargar con Fl&ashGet - c:\program files\FlashGet\jc_link.htm
IE: &Descargar todo con Flas&hGet - c:\program files\FlashGet\jc_all.htm
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xportar a Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Milk\Application Data\Mozilla\Firefox\Profiles\gnpxozla.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.mx
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Opera 10 Preview\program\plugins\npdsplay.dll
FF - plugin: c:\program files\Opera 10 Preview\program\plugins\npwmsdrm.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.

************************************************** ************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-12 20:03:34
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{ FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1454471165-963894560-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\{C9BEE9A9-A5BC-461C-261D-A333742A154B}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iah"=hex:6b,61,61,00,68
"jah"=hex:62,61,64,00,00
"han"=hex:6b,61,61,00,68
"jahi"=hex:62,61,64,01,00,f0

[HKEY_USERS\S-1-5-21-1454471165-963894560-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\{EAF5FF8B-4A6D-BEB0-CD80-7B5C8FBEE66D}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"nadbnpdgokkmilkeamlkhhkmbgcm"=hex:6a,61,70,6a,67, 69,6c,6c,63,65,66,61,65,70,
6a,64,6b,68,6a,70,00,00
"managlmkadmamgkldfmkgkpnoe"=hex:6a,61,70,6a,67,69 ,6c,6c,63,65,66,61,65,70,6a,
64,6b,68,6a,70,00,30

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C9BEE9A 9-A5BC-461C-261D-A333742A154B}\InProcServer32*]
"kab~b*h~d"=hex:62,61,62,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1160)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-03-12 20:05:41
ComboFix-quarantined-files.txt 2009-03-13 02:05:38

Pre-Run: 213,577,318,400 bytes free
Post-Run: 214,427,844,608 bytes free

353 --- E O F --- 2009-03-11 18:43:17

post #4

12/03/09, 23:37:06

GPastor

FS-Admin

Registrado: mar 2005

Ubicación: Lima - Perú

Mensajes: 22.848

Re: Posible Infeccion tarda mucho en iniciar, etc.

ComboFix ya se encargó de eliminar los archivos de malwares encontrados en tu PC, por lo que si todo esta funcionado bien, damos por terminado el tema.

Para terminar solo te quedaría quitar CF de la siguiente manera:

Ir a Inicio > Ejecutar
Escribir lo siguiente: ComboFix /u como muestra la imagen debajo:

Esto realizara las siguientes tareas:

Se borraran:
- ComboFix: sus archivos y carpetas.
- VundoFix: copias de seguridad (si está presente)
- La carpeta C:\Deckard (si está presente)
- La carpeta C: _OtMoveIt (si está presente)
Restablece la configuración del reloj.
Ocultar extensiones de archivo (si es necesario.)
Oculta los archivos que estaban ocultos
Reactiva el "Restaurar Sistema"

Coméntanos como está funcionando el sistema ahora.

Saludos

post #5

13/03/09, 00:02:03

QueenMilk

Usuario

Registrado: mar 2009

Ubicación: Mexico

Mensajes: 25

Re: Posible Infeccion tarda mucho en iniciar, etc.

Hola, gracias de nuevo.

Ya desinstale el combofix.

El sistema lo noto que trabaja mejor, todavia tarda en iniciar windows, y tengo windows xp asi que segun yo no deberia de tardar tanto, es una pentium D con 1.5 gigas de ram, ya no tarda tanto como antes, pero todavia lo noto algo lento.

Alguna otra idea?

Tambien como comente arriba los iconos del lado derecho desaparecieron de nuevo, ya mande un mensaje para volver a abrir mi tema a ver si alguien me puede ayudar, pero por ahora esta un poco mejor, muchas gracias de nuevo por su ayuda. ^^

post #6

13/03/09, 09:44:19

GPastor

FS-Admin

Registrado: mar 2005

Ubicación: Lima - Perú

Mensajes: 22.848

Re: Posible Infeccion tarda mucho en iniciar, etc.

Si el problema persiste sigue los pasos para Optimizar Windows así como también descarga y ejecuta la utilidad Advanced SystemCare, para reparar y optimizar a fondo tu PC.

post #7

13/03/09, 14:05:13

QueenMilk

Usuario

Registrado: mar 2009

Ubicación: Mexico

Mensajes: 25

Re: Posible Infeccion tarda mucho en iniciar, etc.

Ya muchas gracias, voy a continuar usando los consejos de los manuales, la computadora va mucho mejor, gracias, solo me falta esperar que me abran el tema de los iconos de la derecha.

Por lo que doy este tema como solucionado.

Gracias de nuevo. ^^

« Tema Anterior | Próximo Tema »

Herramientas
Mostrar Versión Imprimible Enviar por Correo

Reglas del foro
No puedes crear nuevos temas No puedes responder temas No puedes subir adjuntos No puedes editar tus mensajes BB code is activado Las caritas están activado Código [IMG] está activado Código HTML está desactivado Trackbacks are desactivado Pingbacks are activado Refbacks are activado Políticas del foro

Temas Similares

Tema	Autor	Foro	Respuestas	Último mensaje
Posible infecciÓn de virus o troyano en mi sistema (Solucionado)	nicolas2468	Temas Solucionados	3	09/02/09 06:39:36
pc se cuelga cada segundo y tarda un mundo en iniciar (Solucionado)	lobolobito	Foro de Windows	17	07/04/08 00:22:29
PC no abre algunos programas y otros tarda mucho Antivirus desaparecido (Solucionado)	petete777	Temas Solucionados	3	26/01/08 13:20:17
Mi pc tarda mucho en iniciar y va lento	Druchi	Foro Oficial de HijackThis en español	4	01/09/06 18:19:47
¡¡Mi pc tarda mucho en iniciar!!	navacorp	Foro de Windows	8	09/05/06 21:16:21

Todas las horas son GMT -4. La hora es 01:50:27.

InfoSpyware es miembro de ASAP - Alliance of Security Analysis Professionals

Foro de InfoSpyware - Foro de Hijackthis - Foro de Virus