Blog Registrarse Manuales Programas Glosario

Regresar   Foro de Spyware » Spyware - Adware - Hijackers - Malwares » Temas Solucionados
Actualizar Mi pc esta completamente loca!(Solucionado)
 

Para evitar Virus, Spyware y otros Malwares, te recomendamos mantenerte informado en: InfoSpyware Blog


Temas Solucionados Casos de HijackThis y Malwares resueltos.
(Solo lectura)

Respuesta
Página 1 de 2 1 2
 
Enviar a: Herramientas
  post #1  
Antiguo 07/04/09, 01:59:58
Usuario
  
Registrado: dic 2005
Ubicación: Republica Dominicana
Mensajes: 51
Mi pc esta completamente loca!(Solucionado)
tengo una laptop acer aspire con windows vista y esta muy loca, se me habre constantemente una ventana diciendome que el explorer a dejado de funcionar y debo cerrarlo, esto sucede cada minuto, y tambien con los dispositivos del sonido, con el touchpad, con casi todos los dispositivos, me dice que han dejado de funcionar y debo cerrarlos, cuando cierro el explorer vuelve y se reabre solo y me deja utilizar la pc, pero sucede lo mismo luego de 1 o 2 minutos, tambien sucede lo mismo en modo a prueba de fallos, y me fije en los procesos que hay muchisimos proceso con numeros aleatorios> EJ: 333.exe, 645.exe, 456.exe, 683.exe, hay muchos procesos de estos y no se que son, si alguien me puede ayudar?
muchas gracias de antemano.
Última edición por Firewall fecha: 18/04/09 a las 22:51:29.
Responder Con Cita
InfoSpyware

  post #2  
Antiguo 07/04/09, 02:58:40
Avatar de Kirigi
Warrior
  
Registrado: jun 2007
Ubicación: Venezuela- Vargas- La Guaira
Mensajes: 6.545
Re: Mi pc esta completamente loca!
Hola El Father,
  • - Descarga ComboFix.exe
    • Dada tu infecciones, debes de cambiar el nombre antes de guardarlo en tu escritorio por Combo-Fix



--------------------------------------------------------------------
  • Desactiva temporalmente el Antivirus y/o Antispyware.
  • Cierra todas las ventanas abiertas.
  • Hacele doble clic al archivo ComboFix.exe y seguí las instrucciones.
  • Cuando termine, generara un registro en C:\ComboFix.txt.
    • *Nota* Mientras CF este trabajando no mover el mouse ya que pararía su proceso.
    • *Nota* ComboFix puede reiniciar automáticamente el PC para completar el proceso de eliminación.
Cita:
Atención!! No use ComboFix a menos que se le haya indicado específicamente en su mensaje por un integrante de nuestro Staff. Es una herramienta de gran alcance destinada por su creador a ser usada bajo la orientación y supervisión de un experto, no para uso privado. El uso de ComboFix incorrectamente podría generar problemas en su sistema. Por favor, lea las "Negaciones de la Garantía" de ComboFix.
  • Reinicia y pega el reporte de C:\ComboFix.txt en este mismo mensaje.


Salu2

Novedades del Foro | Antivirus Online | Eliminar Malwares | Políticas del Foro | Blog

* Ayúdanos haciendo una DONACIÓN para poder seguir Ayudando.
* Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
* No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.
Responder Con Cita
  post #3  
Antiguo 08/04/09, 13:19:18
Usuario
  
Registrado: dic 2005
Ubicación: Republica Dominicana
Mensajes: 51
Re: Mi pc esta completamente loca!
Saluods kagiri, aki esta el reporte de combofix, la pc todavia sigue igual
por cierto no pude desactivar el ESET se me hacia muy dificil, me fije k hay otros procesos que se crean constantemente se llama glps.exe

Cita:
ComboFix 09-04-04.01 - Luissanna 2009-04-07 15:44:25.1 - NTFSx86 NETWORK
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.1013.635 [GMT -4:00]
Running from: c:\users\Luissanna\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated)
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\x64

.
((((((((((((((((((((((((( Files Created from 2009-03-07 to 2009-04-07 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-04-06 19:45 64,160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-04-06 19:45 15,688 ----a-w c:\windows\System32\lsdelete.exe
2009-04-06 19:45 --------- d-----w c:\progra~2\Lavasoft
2009-04-06 19:40 --------- dc-h--w c:\progra~2\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-04-06 19:40 --------- d-----w c:\program files\Lavasoft
2009-04-06 19:36 --------- d-----w c:\users\Luissanna\AppData\Roaming\SUPERAntiSpywar e.com
2009-04-06 19:36 --------- d-----w c:\users\LUISSA~1\AppData\Roaming\SUPERAntiSpyware .com
2009-04-06 19:36 --------- d-----w c:\program files\SUPERAntiSpyware
2009-04-06 19:36 --------- d-----w c:\progra~2\SUPERAntiSpyware.com
2009-04-06 18:57 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-06 18:18 --------- d-----w c:\progra~2\Spybot - Search & Destroy
2009-04-06 18:17 --------- d-----w c:\program files\CCleaner
2009-04-06 17:40 --------- d-----w c:\users\Luissanna\AppData\Roaming\IObit
2009-04-06 17:40 --------- d-----w c:\users\LUISSA~1\AppData\Roaming\IObit
2009-04-06 17:40 --------- d-----w c:\program files\IObit
2009-04-06 04:13 --------- d-----w c:\users\Luissanna\AppData\Roaming\Malwarebytes
2009-04-06 04:13 --------- d-----w c:\users\LUISSA~1\AppData\Roaming\Malwarebytes
2009-04-06 04:13 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-06 04:13 --------- d-----w c:\progra~2\Malwarebytes
2009-04-06 03:53 --------- d-----w c:\users\Luissanna\AppData\Roaming\uTorrent
2009-04-06 03:53 --------- d-----w c:\users\LUISSA~1\AppData\Roaming\uTorrent
2009-04-03 19:09 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-02 05:18 --------- d-----w c:\progra~2\Lx_cats
2009-04-02 03:55 410,984 ----a-w c:\windows\System32\deploytk.dll
2009-04-02 03:55 --------- d-----w c:\program files\Java
2009-04-02 03:42 --------- d--h--w c:\program files\InstallShield Installation Information
2009-04-02 03:26 --------- d-----w c:\program files\ESET
2009-04-02 03:26 --------- d-----w c:\progra~2\ESET
2009-04-02 03:23 --------- d-----w c:\program files\NewTech Infosystems
2009-04-02 03:23 --------- d-----w c:\program files\Common Files\NewTech Infosystems
2009-04-02 03:13 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-04-02 03:12 --------- d-----w c:\progra~2\Symantec
2009-04-02 03:01 --------- d-----w c:\program files\Common Files\AOL
2009-03-27 05:23 --------- d-----w c:\users\Luissanna\AppData\Roaming\mjusbsp
2009-03-27 05:23 --------- d-----w c:\users\LUISSA~1\AppData\Roaming\mjusbsp
2009-03-26 20:49 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-26 20:49 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-03-26 00:21 --------- d-----w c:\users\Luissanna\AppData\Roaming\Wildfire
2009-03-26 00:21 --------- d-----w c:\users\LUISSA~1\AppData\Roaming\Wildfire
2009-03-11 15:15 --------- d-----w c:\program files\Windows Mail
2009-03-11 07:03 --------- d-----w c:\progra~2\Microsoft Help
2009-02-09 03:10 2,033,152 ----a-w c:\windows\System32\win32k.sys
2009-01-15 06:11 827,392 ----a-w c:\windows\System32\wininet.dll
2008-07-30 00:55 174 --sha-w c:\program files\desktop.ini
2008-01-19 07:34 165,749 --sha-r c:\users\Luissanna\AppData\Roaming\nfqui.dll
2008-01-19 07:34 165,749 --sha-r c:\users\LUISSA~1\AppData\Roaming\nfqui.dll
2008-12-20 00:54 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-12-20 00:54 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-20 00:54 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-12-20 00:55 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-12-20 00:55 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
2008-11-06 16:25 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Microsoft\Windows\History\History.IE5\index.da t
2008-11-06 16:25 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-11-06 16:25 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Ro aming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
"cdloader"="c:\users\Luissanna\AppData\Roaming\mju sbsp\cdloader2.exe" [2008-12-17 50520]
"ffzpy"="c:\users\Luissanna\AppData\Roaming\nfqui. dll" [2008-01-19 165749]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-03-23 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-16 815104]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-11-05 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-11-05 106496]
"Persistence"="c:\windows\system32\igfxpers.ex e" [2006-11-05 81920]
"PCMService"="c:\program files\Acer\Acer Arcade\PCMService.exe" [2007-01-09 151552]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2007-01-11 483328]
"Acer Assist Launcher"="c:\program files\Acer Assist\launcher.exe" [2006-12-07 1261568]
"Acer Product Registration"="c:\program files\Acer Registration\ACE1.exe" [2006-12-13 3166208]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-01-17 151552]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"lxdnmon.exe"="c:\program files\Lexmark 2600 Series\lxdnmon.exe" [2008-03-27 660136]
"lxdnamon"="c:\program files\Lexmark 2600 Series\lxdnamon.exe" [2008-03-27 16040]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2008-03-27 320168]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-08-18 1447168]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-01 148888]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-04-06 515416]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-01 c:\windows\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

c:\progra~2\MICROS~1\Windows\STARTM~1\Programs\Sta rtup\
Actualizar la licencia del NOD32.lnk - c:\program files\ESET\ESET NOD32 Antivirus\MiNODLogin.exe [2008-07-24 74240]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-04-10 528384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="c:\recycler\S-1-5-21-2381236816-5009724468-986204560-6659\glps.exe,explorer.exe,c:\recycler\S-1-5-21-2498003056-4378924616-091535333-9114\glps.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Taskman"="c:\recycler\S-1-5-21-2381236816-5009724468-986204560-6659\glps.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 12:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll
"VIDC.3iv2"= 3ivxVfWCodec.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"{A48F9325-8273-4BC4-8460-C9C94AAEFBD7}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{3373B3CC-D682-4FA8-B29F-103427C284EB}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{7DCBDC45-CE98-4B97-A3C2-86227684DC37}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{71BA1D25-6A69-418E-A09E-7F013ED6B1C2}"= UDP:c:\windows\System32\lxdncoms.exe:Lexmark Communications System
"{778453F6-70BA-4906-AD8B-EF9FB5D355C7}"= TCP:c:\windows\System32\lxdncoms.exe:Lexmark Communications System
"{E241BE67-2AB2-40A9-85FF-F6009E05CC0D}"= UDP:c:\program files\Lexmark 2600 Series\lxdnamon.exe:Lexmark Device Monitor
"{4E9124F1-5707-4413-BB06-D6614B883B6A}"= TCP:c:\program files\Lexmark 2600 Series\lxdnamon.exe:Lexmark Device Monitor
"{770EAD64-432C-498A-A0F3-EFF717CD3748}"= UDP:c:\program files\Lexmark 2600 Series\frun.exe:Lexmark Productivity Studio
"{B6BE1279-B5AF-45FD-80FE-93799BD0DBE6}"= TCP:c:\program files\Lexmark 2600 Series\frun.exe:Lexmark Productivity Studio
"{F34AC42B-7FDA-4925-83E6-1C761BDABD65}"= UDP:c:\program files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:ABBYY FineReader
"{95203E59-73BC-479D-A914-190F35DA1F25}"= TCP:c:\program files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:ABBYY FineReader
"{603D907D-F248-483C-84A8-14EBD2A261C0}"= UDP:c:\program files\Lexmark Fax Solutions\FaxCtr.exe:Fax software
"{1542E63E-051A-4306-B5F6-BE978FEB6CBC}"= TCP:c:\program files\Lexmark Fax Solutions\FaxCtr.exe:Fax software
"{342AEB34-3C68-49A9-9C8A-BE3EF6178824}"= UDP:c:\program files\Lexmark 2600 Series\lxdnmon.exe:Printer Device Monitor
"{64373533-91DE-4D41-8E1F-7E40393C778A}"= TCP:c:\program files\Lexmark 2600 Series\lxdnmon.exe:Printer Device Monitor
"{D2DDB4C5-3AC4-47E2-B112-C5C16BF2D7B2}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{D3E1740F-2003-4939-AEA2-47E571C6F746}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{FB7898C9-CA16-42BA-A2A6-96EB1157D97E}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{B913E8A9-ADB8-4E82-8255-A80BCC6803B7}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{183AA8E7-5409-4612-A003-816CC0F189E8}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{280EE575-4945-44BE-A32A-25463FFBF778}"= UDP:c:\program files\AIM6\aim6.exe:AIM
"{0C2372EE-C2C7-4EAF-9994-02F1AA906A03}"= TCP:c:\program files\AIM6\aim6.exe:AIM
"{178506FF-CB89-4CB6-B422-C7974F5C724B}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxd npswx.exe:Printer Status Window Interface
"{C965BFA1-073D-4BE0-B5B7-FC66973F5F08}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxd npswx.exe:Printer Status Window Interface
"{BC61B0D4-487E-48C3-90BD-C1E581701666}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxd njswx.exe:Job Status Window Interface
"{08E0DB07-06A6-4430-B171-37FC4AA5C372}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxd njswx.exe:Job Status Window Interface
"{2AA4954A-FF31-458A-B3D6-414546B3B686}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxd ntime.exe:Lexmark Connect Time Executable
"{20B08782-1BE1-4FE2-A340-D766D53D6193}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxd ntime.exe:Lexmark Connect Time Executable
"TCP Query User{BEE9F1EC-C901-4E6F-8665-CF7CB9DF2FD0}c:\\users\\luissanna\\appdata\\roamin g\\mjusbsp\\magicjack.exe"= UDP:c:\users\luissanna\appdata\roaming\mjusbsp\mag icjack.exe:magicjack.exe
"UDP Query User{79E56D64-D47D-4A24-8763-76AAC82A2DBB}c:\\users\\luissanna\\appdata\\roamin g\\mjusbsp\\magicjack.exe"= TCP:c:\users\luissanna\appdata\roaming\mjusbsp\mag icjack.exe:magicjack.exe

R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [2009-04-06 64160]
R1 epfwtdir;epfwtdir;c:\windows\System32\drivers\epfw tdir.sys [2008-08-18 34312]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 951632]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-03-23 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-03-23 72944]
S2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-08-18 468224]
S2 lxdn_device;lxdn_device;c:\windows\system32\lxdnco ms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]
S2 lxdnCATSCustConnectService;lxdnCATSCustConnectServ ice;c:\windows\System32\spool\drivers\w32x86\3\lxd nserv.exe [2008-02-27 98984]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-04-02 1153368]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2008-12-31 24652]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-03-23 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\G]
\shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{0ef68380-5f47-11dd-ae34-001b2433b046}]
\shell\AutoRun\command - tgtighg.cmd
\shell\explore\Command - tgtighg.cmd
\shell\open\Command - tgtighg.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{e6eeeb12-8680-11dd-b829-001b2433b046}]
\shell\AutoRun\command - F:\xk2n.bat
\shell\explore\Command - F:\xk2n.bat
\shell\open\Command - F:\xk2n.bat

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{ed0e9e9a-1925-11de-b077-001b2433b046}]
\shell\AutoRun\command - F:\luk1ylq.com
\shell\open\Command - F:\luk1ylq.com

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{ed9fbc23-5cf2-11dd-b8c3-001b2433b046}]
\shell\AutoRun\command - tgtighg.cmd
\shell\explore\Command - tgtighg.cmd
\shell\open\Command - tgtighg.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{f32ba660-02bd-11de-ae3c-001b2433b046}]
\shell\AutoRun\command - F:\pook.com
\shell\open\Command - F:\pook.com

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{fd1d026a-1a3f-11de-befb-001b2433b046}]
\shell\AutoRun\command - G:\autorun.exe
\shell\phone\command - G:\autorun.exe
.
- - - - ORPHANS REMOVED - - - -

HKLM-RunOnce-<NO NAME> - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.do/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://es.us.acer.yahoo.com
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xportar a Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {B51DE4EF-7168-454F-9B97-2CD534CDCD95} = 196.3.81.5,196.3.81.132
FF - ProfilePath - c:\users\LUISSA~1\AppData\Roaming\Mozilla\Firefox\ Profiles\o391w81w.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&quer y=
FF - prefs.js: browser.search.selectedEngine - AIM Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.do/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query =
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_sett ing", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.hideGoButton", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.enabled", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&") ;
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&a ppver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");
.

************************************************** ************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-07 15:46:47
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2009-04-07 15:48:34
ComboFix-quarantined-files.txt 2009-04-07 19:48:30

Pre-Run: The system cannot find message text for message number 0x2379 in the message file for Application.
Post-Run: 2,347,601,920 bytes free

244 --- E O F --- 2009-04-06 22:35:56
Última edición por El Father fecha: 08/04/09 a las 13:22:40.
Responder Con Cita
  post #4  
Antiguo 12/04/09, 21:40:28
Usuario
  
Registrado: dic 2005
Ubicación: Republica Dominicana
Mensajes: 51
Re: Mi pc esta completamente loca!
alguien me podria audar?
Responder Con Cita
  post #5  
Antiguo 14/04/09, 01:40:48
Avatar de Kirigi
Warrior
  
Registrado: jun 2007
Ubicación: Venezuela- Vargas- La Guaira
Mensajes: 6.545
Re: Mi pc esta completamente loca!
Hola El Father,

Disculpa la demora pero estuve por fuera una semana por cosas de viaje .

Como han pasado varios dias desde el uso de CF, mejor te pediré que lo desinstales y te lo descargues y ejecutes nuevamente dejándome su reporte acá.


Desinstala CF de la siguiente manera:
  • Ir a Inicio > Ejecutar
  • Escribir lo siguiente: ComboFix /u como muestra la imagen debajo:
  • Esto activara el desinstalador de ComboFix abriendo su pantalla principal y luego de unos segundos veras ("ComboFix is uninstalled")

Luego lo descargas y ejecutas dejando acá su nuevo reporte.

Salu2

Novedades del Foro | Antivirus Online | Eliminar Malwares | Políticas del Foro | Blog

* Ayúdanos haciendo una DONACIÓN para poder seguir Ayudando.
* Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
* No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.
Responder Con Cita
  post #6  
Antiguo 16/04/09, 22:28:25
Usuario
  
Registrado: dic 2005
Ubicación: Republica Dominicana
Mensajes: 51
Re: Mi pc esta completamente loca!
aqui esta el log de combofix
Cita:
ComboFix 09-04-14.09 - Luissanna 15/04/2009 14:36.3 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.1013.425 [GMT -4:00]
Running from: c:\users\Luissanna\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Outdated)
* Resident AV is active

.

((((((((((((((((((((((((( Files Created from 2009-03-15 to 2009-04-15 )))))))))))))))))))))))))))))))
.

2009-04-14 19:19 . 2009-03-03 04:39 551424 ----a-w c:\windows\system32\rpcss.dll
2009-04-14 19:19 . 2009-03-03 04:46 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-04-14 19:19 . 2009-03-03 04:46 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
2009-04-14 19:19 . 2009-03-03 03:04 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-04-14 19:19 . 2009-03-03 04:39 183296 ----a-w c:\windows\system32\sdohlp.dll
2009-04-14 19:19 . 2009-03-03 04:39 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-04-14 19:19 . 2009-03-03 04:37 98304 ----a-w c:\windows\system32\iasrecst.dll
2009-04-14 19:19 . 2009-03-03 04:37 54784 ----a-w c:\windows\system32\iasads.dll
2009-04-14 19:19 . 2009-03-03 04:37 44032 ----a-w c:\windows\system32\iasdatastore.dll
2009-04-14 19:19 . 2009-03-03 02:38 17408 ----a-w c:\windows\system32\iashost.exe
2009-04-14 19:13 . 2009-02-13 08:49 1255936 ----a-w c:\windows\system32\lsasrv.dll
2009-04-14 19:13 . 2009-03-17 03:38 13824 ----a-w c:\windows\system32\apilogen.dll
2009-04-14 19:13 . 2009-03-17 03:38 24064 ----a-w c:\windows\system32\amxread.dll
2009-04-14 19:13 . 2009-02-13 08:49 72704 ----a-w c:\windows\system32\secur32.dll
2009-04-14 19:12 . 2008-06-06 03:27 38912 ----a-w c:\windows\system32\xolehlp.dll
2009-04-14 19:12 . 2008-06-06 03:27 562176 ----a-w c:\windows\system32\msdtcprx.dll
2009-04-14 19:10 . 2008-12-06 04:42 376832 ----a-w c:\windows\system32\winhttp.dll
2009-04-06 21:16 . 2009-04-06 19:45 15688 ----a-w c:\windows\system32\lsdelete.exe
2009-04-06 19:46 . 2009-04-06 19:45 64160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-04-06 19:46 . 2009-04-06 19:46 -------- dc----w c:\windows\system32\DRVSTORE
2009-04-06 19:40 . 2009-04-06 19:45 -------- d-----w c:\users\All Users\Lavasoft
2009-04-06 19:40 . 2009-04-06 19:45 -------- d-----w c:\programdata\Lavasoft
2009-04-06 19:36 . 2009-04-06 19:36 -------- d-----w c:\users\All Users\SUPERAntiSpyware.com
2009-04-06 19:36 . 2009-04-06 19:36 -------- d-----w c:\programdata\SUPERAntiSpyware.com
2009-04-06 19:36 . 2009-04-06 19:36 -------- d-----w c:\users\Luissanna\AppData\Roaming\SUPERAntiSpywar e.com
2009-04-06 18:56 . 2009-04-06 19:40 -------- dc-h--w c:\users\All Users\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-04-06 18:56 . 2009-04-06 19:40 -------- dc-h--w c:\programdata\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-04-06 17:40 . 2009-04-06 17:40 -------- d-----w c:\users\Luissanna\AppData\Roaming\IObit
2009-04-06 04:13 . 2009-04-06 04:13 -------- d-----w c:\users\Luissanna\AppData\Roaming\Malwarebytes
2009-04-06 04:13 . 2009-03-26 20:49 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-06 04:13 . 2009-03-26 20:49 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 04:13 . 2009-04-06 04:13 -------- d-----w c:\users\All Users\Malwarebytes
2009-04-06 04:13 . 2009-04-06 04:13 -------- d-----w c:\programdata\Malwarebytes
2009-04-03 12:14 . 2009-04-03 12:14 -------- d-----w c:\users\Luissanna\AppData\Local\ESET
2009-04-02 05:53 . 2009-04-09 20:04 -------- d-----w c:\users\All Users\Spybot - Search & Destroy
2009-04-02 05:53 . 2009-04-09 20:04 -------- d-----w c:\programdata\Spybot - Search & Destroy
2009-04-02 03:55 . 2009-04-02 03:55 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-02 03:26 . 2009-04-02 03:26 -------- d-----w c:\users\All Users\ESET
2009-04-02 03:26 . 2009-04-02 03:26 -------- d-----w c:\programdata\ESET
2009-04-02 03:13 . 2009-04-02 03:13 244 ---ha-w C:\sqmnoopt00.sqm
2009-04-02 03:13 . 2009-04-02 03:13 232 ---ha-w C:\sqmdata00.sqm
2009-04-01 20:04 . 2009-04-01 20:04 -------- d-----w c:\users\Luissanna\AppData\Local\tjnet
2009-03-27 05:09 . 2009-03-27 05:23 -------- d-----w c:\users\Luissanna\AppData\Roaming\mjusbsp
2009-03-23 07:05 . 2009-03-23 07:05 118 ----a-w c:\windows\system32\MRT.INI

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-04-15 07:14 . 2008-05-13 04:11 81920 --sha-w c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2009-04-15 07:14 . 2008-05-13 04:11 16384 --sha-w c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
2009-04-15 07:14 . 2008-05-13 04:11 16384 --sha-w c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
2009-04-15 07:14 . 2009-04-15 07:14 2048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive1.dat
2009-04-15 07:14 . 2009-04-15 07:14 2048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive0.dat
2009-04-15 07:13 . 2009-04-06 22:24 17020 ----a-w C:\aaw7boot.log
2009-04-15 07:12 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-04-15 07:04 . 2008-05-27 06:15 -------- d-----w c:\programdata\Microsoft Help
2009-04-15 03:42 . 2008-09-18 16:03 -------- d-----w c:\programdata\Lx_cats
2009-04-08 01:22 . 2009-04-08 01:22 20405 ----a-w C:\log2.txt
2009-04-07 19:53 . 2009-04-07 19:53 19627 ----a-w C:\log.txt
2009-04-06 19:40 . 2009-04-06 19:40 -------- d-----w c:\program files\Lavasoft
2009-04-06 19:36 . 2009-04-06 19:36 -------- d-----w c:\program files\SUPERAntiSpyware
2009-04-06 18:57 . 2009-04-06 18:57 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-06 18:17 . 2009-04-06 18:17 -------- d-----w c:\program files\CCleaner
2009-04-06 17:40 . 2009-04-06 17:40 -------- d-----w c:\program files\IObit
2009-04-06 04:13 . 2009-04-06 04:13 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-06 03:53 . 2008-11-11 04:13 -------- d-----w c:\users\Luissanna\AppData\Roaming\uTorrent
2009-04-03 19:09 . 2009-04-02 05:53 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-02 03:55 . 2009-04-02 03:55 -------- d-----w c:\program files\Java
2009-04-02 03:44 . 2008-05-13 04:21 55376 ----a-w c:\users\Luissanna\AppData\Local\GDIPFONTCACHEV1.D AT
2009-04-02 03:42 . 2007-04-10 16:29 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-02 03:26 . 2009-04-02 03:26 -------- d-----w c:\program files\ESET
2009-04-02 03:23 . 2007-04-10 16:48 -------- d-----w c:\program files\NewTech Infosystems
2009-04-02 03:23 . 2007-04-10 16:48 -------- d-----w c:\program files\Common Files\NewTech Infosystems
2009-04-02 03:13 . 2007-04-10 17:32 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-04-02 03:12 . 2007-04-10 17:33 -------- d-----w c:\programdata\Symantec
2009-04-02 03:01 . 2008-12-31 18:14 -------- d-----w c:\program files\Common Files\AOL
2009-03-26 19:56 . 2009-01-23 22:33 680 ----a-w c:\users\Luissanna\AppData\Local\d3d9caps.dat
2009-03-26 00:21 . 2008-07-07 04:45 -------- d-----w c:\users\Luissanna\AppData\Roaming\Wildfire
2009-03-24 16:30 . 2009-03-24 16:30 206443 ----a-w c:\users\All Users\SPL310D.tmp
2009-03-24 16:30 . 2009-03-24 16:30 206443 ----a-w c:\programdata\SPL310D.tmp
2009-03-24 16:28 . 2009-03-24 16:28 206443 ----a-w c:\users\All Users\SPLDA1C.tmp
2009-03-24 16:28 . 2009-03-24 16:28 206443 ----a-w c:\programdata\SPLDA1C.tmp
2009-03-19 06:10 . 2009-03-19 06:10 39856 ----a-w c:\users\All Users\SPLB52B.tmp
2009-03-19 06:10 . 2009-03-19 06:10 39856 ----a-w c:\programdata\SPLB52B.tmp
2009-03-19 06:07 . 2009-03-19 06:07 39856 ----a-w c:\users\All Users\SPLED80.tmp
2009-03-19 06:07 . 2009-03-19 06:07 39856 ----a-w c:\programdata\SPLED80.tmp
2009-03-17 03:38 . 2009-04-14 19:13 40960 ----a-w c:\windows\AppPatch\apihex86.dll
2009-03-06 18:21 . 2009-03-06 18:21 12078 ----a-w c:\users\All Users\SPLCCEF.tmp
2009-03-06 18:21 . 2009-03-06 18:21 12078 ----a-w c:\programdata\SPLCCEF.tmp
2009-03-06 18:12 . 2009-03-06 18:12 146 ----a-w C:\lxdn.log
2009-03-05 19:21 . 2009-03-05 19:21 12078 ----a-w c:\users\All Users\SPL6334.tmp
2009-03-05 19:21 . 2009-03-05 19:21 12078 ----a-w c:\programdata\SPL6334.tmp
2009-03-03 16:39 . 2009-03-03 16:39 42972 ----a-w c:\users\All Users\SPL684C.tmp
2009-03-03 16:39 . 2009-03-03 16:39 42972 ----a-w c:\programdata\SPL684C.tmp
2009-03-03 04:40 . 2009-04-14 19:20 827392 ----a-w c:\windows\System32\wininet.dll
2009-03-03 04:37 . 2009-04-14 19:20 78336 ----a-w c:\windows\System32\ieencode.dll
2009-03-03 02:28 . 2009-04-14 19:20 26624 ----a-w c:\windows\System32\ieUnatt.exe
2009-02-09 03:10 . 2009-03-11 05:59 2033152 ----a-w c:\windows\System32\win32k.sys
2008-07-30 00:55 . 2006-11-02 12:48 174 --sha-w c:\program files\desktop.ini
2008-12-20 00:2008-06-05 18:33 54:57 . c:\program files\mozilla firefox\components\jar50.dll
2008-12-20 00:2008-06-05 18:33 54:58 . c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-20 00:2008-06-05 18:33 54:58 . c:\program files\mozilla firefox\components\myspell.dll
2008-12-20 00:2008-06-05 18:34 55:00 . c:\program files\mozilla firefox\components\spellchk.dll
2008-12-20 00:2008-06-05 18:34 55:00 . c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-04-15_03.06.37 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-14 19:19 . 2009-03-03 04:32 26112 c:\windows\winsxs\x86_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_6.0.6001.22389_non e_2be9bd5af4bd3b16\printfilterpipelineprxy.dll
+ 2009-04-14 19:19 . 2009-03-03 04:39 26112 c:\windows\winsxs\x86_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_6.0.6001.18226_non e_2b9dff39db71a7a1\printfilterpipelineprxy.dll
+ 2009-04-14 19:19 . 2009-03-03 04:17 26112 c:\windows\winsxs\x86_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_6.0.6000.21023_non e_2a3e34a2f76b9db7\printfilterpipelineprxy.dll
+ 2009-04-14 19:19 . 2009-03-03 04:19 24576 c:\windows\winsxs\x86_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_6.0.6000.16830_non e_29a6eeebde589a97\printfilterpipelineprxy.dll
+ 2009-04-14 19:19 . 2009-03-03 02:24 17408 c:\windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6001.2 2389_none_d16ab47d4f561502\iashost.exe
+ 2009-04-14 19:19 . 2009-03-03 04:28 47104 c:\windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6001.2 2389_none_d16ab47d4f561502\iasdatastore.dll
+ 2009-04-14 19:19 . 2009-03-03 04:28 57344 c:\windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6001.2 2389_none_d16ab47d4f561502\iasads.dll
+ 2009-04-14 19:19 . 2009-03-03 04:37 98304 c:\windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6001.1 8226_none_d11ef65c360a818d\iasrecst.dll
+ 2009-04-14 19:19 . 2009-03-03 02:38 17408 c:\windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6001.1 8226_none_d11ef65c360a818d\iashost.exe
+ 2009-04-14 19:19 . 2009-03-03 04:37 44032 c:\windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6001.1 8226_none_d11ef65c360a818d\iasdatastore.dll
+ 2009-04-14 19:19 . 2009-03-03 04:37 54784 c:\windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6001.1 8226_none_d11ef65c360a818d\iasads.dll
+ 2009-04-14 19:19 . 2009-03-03 04:14 97280 c:\windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6000.2 1023_none_cfbf2bc5520477a3\iasrecst.dll
+ 2009-04-14 19:19 . 2009-03-03 04:14 37888 c:\windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6000.2 1023_none_cfbf2bc5520477a3\iasdatastore.dll
+ 2009-04-14 19:19 . 2009-03-03 04:14 53248 c:\windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6000.2 1023_none_cfbf2bc5520477a3\iasads.dll
+ 2009-04-14 19:19 . 2009-03-03 04:16 97280 c:\windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6000.1 6830_none_cf27e60e38f17483\iasrecst.dll
+ 2009-04-14 19:19 . 2009-03-03 04:16 37888 c:\windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6000.1 6830_none_cf27e60e38f17483\iasdatastore.dll
+ 2009-04-14 19:19 . 2009-03-03 04:16 53248 c:\windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6000.1 6830_none_cf27e60e38f17483\iasads.dll
+ 2009-04-14 19:13 . 2009-02-13 08:21 72704 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22376_none_a68e7da17 61c2def\secur32.dll
+ 2009-04-14 19:13 . 2009-02-13 08:49 72704 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18215_none_a644c0145 ccecd28\secur32.dll
+ 2009-04-14 19:13 . 2009-02-13 07:15 72704 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21010_none_a4e2f4e97 8ca9090\secur32.dll
+ 2009-04-14 19:13 . 2009-02-13 07:26 72704 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16820_none_a44eb0105 fb4d975\secur32.dll
+ 2009-04-14 19:20 . 2009-03-03 04:14 52736 c:\windows\winsxs\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.21023_none_2a86 66ad812ddf1b\iebrshim.dll
+ 2009-04-14 19:20 . 2009-03-03 04:16 52736 c:\windows\winsxs\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.16830_none_29ef 20f6681adbfb\iebrshim.dll
+ 2009-04-14 19:20 . 2009-03-03 04:14 56320 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.21023_none_c4615 03d7a7e09be\iesetup.dll
+ 2009-04-14 19:20 . 2009-03-03 04:14 44544 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.21023_none_c4615 03d7a7e09be\iernonce.dll
+ 2009-04-14 19:20 . 2009-03-03 02:06 70656 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.21023_none_c4615 03d7a7e09be\ie4uinit.exe
+ 2009-04-14 19:20 . 2009-03-03 04:16 56320 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16830_none_c3ca0 a86616b069e\iesetup.dll
+ 2009-04-14 19:20 . 2009-03-03 04:16 44544 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16830_none_c3ca0 a86616b069e\iernonce.dll
+ 2009-04-14 19:20 . 2009-03-03 02:08 70656 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16830_none_c3ca0 a86616b069e\ie4uinit.exe
+ 2009-04-14 19:20 . 2009-03-03 02:15 26624 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22389_n one_2f9e23da3354de78\ieUnatt.exe
+ 2009-04-14 19:20 . 2009-03-03 02:28 26624 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18226_n one_2f5265b91a094b03\ieUnatt.exe
+ 2009-04-14 19:20 . 2009-03-03 02:06 26624 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21023_n one_2df29b2236034119\ieUnatt.exe
+ 2009-04-14 19:20 . 2009-03-03 02:08 26624 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16830_n one_2d5b556b1cf03df9\ieUnatt.exe
+ 2009-04-14 19:20 . 2009-03-03 04:14 63488 c:\windows\winsxs\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_6.0.6000.21023_none_592c 1a7f8042c775\icardie.dll
+ 2009-04-14 19:20 . 2009-03-03 04:16 63488 c:\windows\winsxs\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_6.0.6000.16830_none_5894 d4c8672fc455\icardie.dll
+ 2009-04-14 19:20 . 2009-03-03 02:14 48128 c:\windows\winsxs\x86_microsoft-windows-ie-htmleditingsupport_31bf3856ad364e35_6.0.6001.22389 _none_f3a9aa51d37cf9f0\mshtmler.dll
+ 2009-04-14 19:20 . 2009-03-03 04:28 78336 c:\windows\winsxs\x86_microsoft-windows-ie-htmleditingsupport_31bf3856ad364e35_6.0.6001.22389 _none_f3a9aa51d37cf9f0\ieencode.dll
+ 2009-04-14 19:20 . 2009-03-03 04:37 78336 c:\windows\winsxs\x86_microsoft-windows-ie-htmleditingsupport_31bf3856ad364e35_6.0.6001.18226 _none_f35dec30ba31667b\ieencode.dll
+ 2009-04-14 19:20 . 2009-03-03 00:41 48128 c:\windows\winsxs\x86_microsoft-windows-ie-htmleditingsupport_31bf3856ad364e35_6.0.6000.21023 _none_f1fe2199d62b5c91\mshtmler.dll
+ 2009-04-14 19:20 . 2009-03-03 04:14 78336 c:\windows\winsxs\x86_microsoft-windows-ie-htmleditingsupport_31bf3856ad364e35_6.0.6000.21023 _none_f1fe2199d62b5c91\ieencode.dll
+ 2009-04-14 19:20 . 2009-03-03 00:44 48128 c:\windows\winsxs\x86_microsoft-windows-ie-htmleditingsupport_31bf3856ad364e35_6.0.6000.16830 _none_f166dbe2bd185971\mshtmler.dll
+ 2009-04-14 19:20 . 2009-03-03 04:16 78336 c:\windows\winsxs\x86_microsoft-windows-ie-htmleditingsupport_31bf3856ad364e35_6.0.6000.16830 _none_f166dbe2bd185971\ieencode.dll
+ 2009-04-14 19:20 . 2009-03-03 04:26 72704 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6001.22389_ none_ae6e459e201c473b\admparse.dll
+ 2009-04-14 19:20 . 2009-03-03 04:13 72704 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6000.21023_ none_acc2bce622caa9dc\admparse.dll
+ 2009-04-14 19:20 . 2009-03-03 04:15 72704 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6000.16830_ none_ac2b772f09b7a6bc\admparse.dll
+ 2009-04-14 19:20 . 2009-03-03 04:32 64512 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.2 2389_none_0225174ebb296f95\WininetPlugin.dll
+ 2009-04-14 19:20 . 2009-03-03 04:29 28160 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.2 2389_none_0225174ebb296f95\jsproxy.dll
+ 2009-04-14 19:20 . 2009-03-03 04:37 28160 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.1 8226_none_01d9592da1dddc20\jsproxy.dll
+ 2009-04-14 19:20 . 2009-03-03 04:18 64512 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.2 1023_none_00798e96bdd7d236\WininetPlugin.dll
+ 2009-04-14 19:20 . 2009-03-03 04:14 27648 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.2 1023_none_00798e96bdd7d236\jsproxy.dll
+ 2009-04-14 19:20 . 2009-03-03 04:20 64512 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.1 6830_none_ffe248dfa4c4cf16\WininetPlugin.dll
+ 2009-04-14 19:20 . 2009-03-03 04:16 27648 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.1 6830_none_ffe248dfa4c4cf16\jsproxy.dll
+ 2009-04-14 19:20 . 2009-03-03 04:17 44544 c:\windows\winsxs\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_6.0.6000.2 1023_none_ec570a422f6e343f\pngfilt.dll
+ 2009-04-14 19:20 . 2009-03-03 04:19 44544 c:\windows\winsxs\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_6.0.6000.1 6830_none_ebbfc48b165b311f\pngfilt.dll
+ 2009-04-14 19:12 . 2008-06-06 03:25 38912 c:\windows\winsxs\x86_microsoft-windows-com-dtc-client_31bf3856ad364e35_6.0.6001.22197_none_4d223d 3bd2ae154b\xolehlp.dll
+ 2009-04-14 19:12 . 2008-06-06 03:27 38912 c:\windows\winsxs\x86_microsoft-windows-com-dtc-client_31bf3856ad364e35_6.0.6001.18085_none_4ca16f c8b98a26e2\xolehlp.dll
+ 2009-04-14 19:12 . 2008-06-06 03:23 30208 c:\windows\winsxs\x86_microsoft-windows-com-dtc-client_31bf3856ad364e35_6.0.6000.20852_none_4b623e b9d56b930a\xolehlp.dll
+ 2009-04-14 19:12 . 2008-06-05 04:50 30208 c:\windows\winsxs\x86_microsoft-windows-com-dtc-client_31bf3856ad364e35_6.0.6000.16697_none_4ab261 cabc69e490\xolehlp.dll
+ 2009-04-14 19:13 . 2009-03-21 03:14 13824 c:\windows\winsxs\x86_microsoft-windows-a..lity-infrastructure_31bf3856ad364e35_6.0.6001.22399_non e_7b098a66fa8bd087\apilogen.dll
+ 2009-04-14 19:13 . 2009-03-21 03:14 40960 c:\windows\winsxs\x86_microsoft-windows-a..lity-infrastructure_31bf3856ad364e35_6.0.6001.22399_non e_7b098a66fa8bd087\apihex86.dll
+ 2009-04-14 19:13 . 2009-03-21 03:14 24064 c:\windows\winsxs\x86_microsoft-windows-a..lity-infrastructure_31bf3856ad364e35_6.0.6001.22399_non e_7b098a66fa8bd087\amxread.dll
+ 2009-04-14 19:13 . 2009-03-17 03:38 13824 c:\windows\winsxs\x86_microsoft-windows-a..lity-infrastructure_31bf3856ad364e35_6.0.6001.18230_non e_7ab7ca89e145a508\apilogen.dll
+ 2009-04-14 19:13 . 2009-03-17 03:38 40960 c:\windows\winsxs\x86_microsoft-windows-a..lity-infrastructure_31bf3856ad364e35_6.0.6001.18230_non e_7ab7ca89e145a508\apihex86.dll
+ 2009-04-14 19:13 . 2009-03-17 03:38 24064 c:\windows\winsxs\x86_microsoft-windows-a..lity-infrastructure_31bf3856ad364e35_6.0.6001.18230_non e_7ab7ca89e145a508\amxread.dll
+ 2009-04-14 19:13 . 2009-03-17 03:19 14848 c:\windows\winsxs\x86_microsoft-windows-a..lity-infrastructure_31bf3856ad364e35_6.0.6000.21029_non e_796ed356fd2caf41\apilogen.dll
+ 2009-04-14 19:13 . 2009-03-17 03:19 40960 c:\windows\winsxs\x86_microsoft-windows-a..lity-infrastructure_31bf3856ad364e35_6.0.6000.21029_non e_796ed356fd2caf41\apihex86.dll
+ 2009-04-14 19:13 . 2009-03-17 03:19 25600 c:\windows\winsxs\x86_microsoft-windows-a..lity-infrastructure_31bf3856ad364e35_6.0.6000.21029_non e_796ed356fd2caf41\amxread.dll
+ 2009-04-14 19:13 . 2009-03-17 03:16 14848 c:\windows\winsxs\x86_microsoft-windows-a..lity-infrastructure_31bf3856ad364e35_6.0.6000.16834_non e_78d58d0be41b7973\apilogen.dll
+ 2009-04-14 19:13 . 2009-03-17 03:16 40960 c:\windows\winsxs\x86_microsoft-windows-a..lity-infrastructure_31bf3856ad364e35_6.0.6000.16834_non e_78d58d0be41b7973\apihex86.dll
+ 2009-04-14 19:13 . 2009-03-17 03:16 25600 c:\windows\winsxs\x86_microsoft-windows-a..lity-infrastructure_31bf3856ad364e35_6.0.6000.16834_non e_78d58d0be41b7973\amxread.dll
- 2008-06-20 17:12 . 2008-01-19 07:37 38912 c:\windows\System32\xolehlp.dll
+ 2009-04-14 19:12 . 2008-06-06 03:27 38912 c:\windows\System32\xolehlp.dll
- 2008-06-20 17:10 . 2008-01-19 07:36 72704 c:\windows\System32\secur32.dll
+ 2009-04-14 19:13 . 2009-02-13 08:49 72704 c:\windows\System32\secur32.dll
+ 2009-04-14 19:19 . 2009-03-03 04:39 26112 c:\windows\System32\printfilterpipelineprxy.dll
- 2008-06-20 17:09 . 2008-01-19 07:36 26112 c:\windows\System32\printfilterpipelineprxy.dll
- 2009-02-11 04:49 . 2009-01-15 06:08 28160 c:\windows\System32\jsproxy.dll
+ 2009-04-14 19:20 . 2009-03-03 04:37 28160 c:\windows\System32\jsproxy.dll
+ 2009-04-14 19:20 . 2009-03-03 02:28 26624 c:\windows\System32\ieUnatt.exe
- 2006-11-02 08:49 . 2006-11-02 09:45 26624 c:\windows\System32\ieUnatt.exe
+ 2009-04-14 19:20 . 2009-03-03 04:37 78336 c:\windows\System32\ieencode.dll
- 2008-06-20 17:08 . 2008-01-19 07:34 78336 c:\windows\System32\ieencode.dll
- 2008-06-20 17:10 . 2008-01-19 07:34 98304 c:\windows\System32\iasrecst.dll
+ 2009-04-14 19:19 . 2009-03-03 04:37 98304 c:\windows\System32\iasrecst.dll
+ 2009-04-14 19:19 . 2009-03-03 02:38 17408 c:\windows\System32\iashost.exe
- 2008-06-20 17:10 . 2008-01-19 07:33 17408 c:\windows\System32\iashost.exe
- 2008-06-20 17:10 . 2008-01-19 07:34 44032 c:\windows\System32\iasdatastore.dll
+ 2009-04-14 19:19 . 2009-03-03 04:37 44032 c:\windows\System32\iasdatastore.dll
+ 2009-04-14 19:19 . 2009-03-03 04:37 54784 c:\windows\System32\iasads.dll
- 2008-06-20 17:10 . 2008-01-19 07:34 54784 c:\windows\System32\iasads.dll
+ 2008-05-13 04:11 . 2009-04-15 07:14 16384 c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
- 2008-05-13 04:11 . 2009-04-14 18:42 16384 c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
- 2008-05-13 04:11 . 2009-04-14 18:42 81920 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-13 04:11 . 2009-04-15 07:14 81920 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-05-13 04:11 . 2009-04-14 18:42 16384 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
+ 2008-05-13 04:11 . 2009-04-15 07:14 16384 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
- 2008-06-20 17:08 . 2008-01-19 07:33 13824 c:\windows\System32\apilogen.dll
+ 2009-04-14 19:13 . 2009-03-17 03:38 13824 c:\windows\System32\apilogen.dll
+ 2009-04-14 19:13 . 2009-03-17 03:38 24064 c:\windows\System32\amxread.dll
- 2008-06-20 17:08 . 2008-01-19 07:33 24064 c:\windows\System32\amxread.dll
- 2008-05-27 06:22 . 2009-03-11 07:03 35088 c:\windows\Installer\{90120000-0012-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-05-27 06:22 . 2009-04-15 07:04 35088 c:\windows\Installer\{90120000-0012-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-05-27 06:22 . 2009-03-11 07:03 18704 c:\windows\Installer\{90120000-0012-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-05-27 06:22 . 2009-04-15 07:04 18704 c:\windows\Installer\{90120000-0012-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-05-27 06:22 . 2009-03-11 07:03 20240 c:\windows\Installer\{90120000-0012-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-05-27 06:22 . 2009-04-15 07:04 20240 c:\windows\Installer\{90120000-0012-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-04-14 19:13 . 2009-03-17 03:38 40960 c:\windows\AppPatch\apihex86.dll
- 2008-06-20 17:09 . 2008-01-19 07:33 40960 c:\windows\AppPatch\apihex86.dll
+ 2009-04-14 19:13 . 2009-02-13 08:20 9728 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22376_none_a68e7da17 61c2def\lsass.exe
+ 2009-04-14 19:13 . 2009-02-13 04:58 7680 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21010_none_a4e2f4e97 8ca9090\lsass.exe
+ 2009-04-14 19:13 . 2009-02-13 07:26 7680 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16820_none_a44eb0105 fb4d975\lsass.exe
+ 2009-04-15 07:14 . 2009-04-15 07:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive1.dat
- 2009-04-15 01:58 . 2009-04-15 01:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive1.dat
- 2009-04-15 01:58 . 2009-04-15 01:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive0.dat
+ 2009-04-15 07:14 . 2009-04-15 07:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive0.dat
+ 2009-04-14 19:10 . 2008-12-06 04:26 376832 c:\windows\winsxs\x86_microsoft.windows.winhttp_31 bf3856ad364e35_5.1.6001.22323_none_2544fb0bdb4e81f 9\winhttp.dll
+ 2009-04-14 19:10 . 2008-12-06 04:42 376832 c:\windows\winsxs\x86_microsoft.windows.winhttp_31 bf3856ad364e35_5.1.6001.18178_none_248a4e30c254ef7 0\winhttp.dll
+ 2009-04-14 19:10 . 2008-12-08 04:19 377344 c:\windows\winsxs\x86_microsoft.windows.winhttp_31 bf3856ad364e35_5.1.6000.20971_none_2326ac35de524a0 f\winhttp.dll
+ 2009-04-14 19:10 . 2008-12-08 04:34 376832 c:\windows\winsxs\x86_microsoft.windows.winhttp_31 bf3856ad364e35_5.1.6000.16786_none_22973f0ac53847c 2\winhttp.dll
+ 2009-04-14 19:19 . 2009-03-03 02:03 247296 c:\windows\winsxs\x86_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_6.0.6001.22389_none_ 109ee25ca4bb6776\WmiPrvSE.exe
+ 2009-04-14 19:19 . 2009-03-03 04:33 499200 c:\windows\winsxs\x86_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_6.0.6001.22389_none_ 109ee25ca4bb6776\WmiPrvSD.dll
+ 2009-04-14 19:19 . 2009-03-03 04:33 129024 c:\windows\winsxs\x86_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_6.0.6001.22389_none_ 109ee25ca4bb6776\WmiDcPrv.dll
+ 2009-04-14 19:19 . 2009-03-03 02:16 247296 c:\windows\winsxs\x86_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_6.0.6001.18226_none_ 1053243b8b6fd401\WmiPrvSE.exe
+ 2009-04-14 19:19 . 2009-03-03 04:40 499200 c:\windows\winsxs\x86_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_6.0.6001.18226_none_ 1053243b8b6fd401\WmiPrvSD.dll
+ 2009-04-14 19:19 . 2009-03-03 04:40 129024 c:\windows\winsxs\x86_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_6.0.6001.18226_none_ 1053243b8b6fd401\WmiDcPrv.dll
+ 2009-04-14 19:19 . 2009-03-03 01:57 247296 c:\windows\winsxs\x86_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_6.0.6000.21023_none_ 0ef359a4a769ca17\WmiPrvSE.exe
+ 2009-04-14 19:19 . 2009-03-03 04:18 501760 c:\windows\winsxs\x86_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_6.0.6000.21023_none_ 0ef359a4a769ca17\WmiPrvSD.dll
+ 2009-04-14 19:19 . 2009-03-03 04:18 130560 c:\windows\winsxs\x86_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_6.0.6000.21023_none_ 0ef359a4a769ca17\WmiDcPrv.dll
+ 2009-04-14 19:19 . 2009-03-03 01:59 247296 c:\windows\winsxs\x86_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_6.0.6000.16830_none_ 0e5c13ed8e56c6f7\WmiPrvSE.exe
+ 2009-04-14 19:19 . 2009-03-03 04:20 501760 c:\windows\winsxs\x86_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_6.0.6000.16830_none_ 0e5c13ed8e56c6f7\WmiPrvSD.dll
+ 2009-04-14 19:19 . 2009-03-03 04:20 130560 c:\windows\winsxs\x86_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_6.0.6000.16830_none_ 0e5c13ed8e56c6f7\WmiDcPrv.dll
+ 2009-04-14 19:19 . 2009-03-03 04:28 615424 c:\windows\winsxs\x86_microsoft-windows-wmi-core-fastprox-dll_31bf3856ad364e35_6.0.6001.22389_none_fb85772b9 3130197\fastprox.dll
+ 2009-04-14 19:19 . 2009-03-03 04:36 615424 c:\windows\winsxs\x86_microsoft-windows-wmi-core-fastprox-dll_31bf3856ad364e35_6.0.6001.18226_none_fb39b90a7 9c76e22\fastprox.dll
+ 2009-04-14 19:19 . 2009-03-03 04:14 614912 c:\windows\winsxs\x86_microsoft-windows-wmi-core-fastprox-dll_31bf3856ad364e35_6.0.6000.21023_none_f9d9ee739 5c16438\fastprox.dll
+ 2009-04-14 19:19 . 2009-03-03 04:16 614912 c:\windows\winsxs\x86_microsoft-windows-wmi-core-fastprox-dll_31bf3856ad364e35_6.0.6000.16830_none_f942a8bc7 cae6118\fastprox.dll
+ 2009-04-14 19:19 . 2009-03-03 02:49 666624 c:\windows\winsxs\x86_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_6.0.6001.22389_non e_2be9bd5af4bd3b16\printfilterpipelinesvc.exe
+ 2009-04-14 19:19 . 2009-03-03 03:04 666624 c:\windows\winsxs\x86_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_6.0.6001.18226_non e_2b9dff39db71a7a1\printfilterpipelinesvc.exe
+ 2009-04-14 19:19 . 2009-03-03 02:37 659456 c:\windows\winsxs\x86_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_6.0.6000.21023_non e_2a3e34a2f76b9db7\printfilterpipelinesvc.exe
+ 2009-04-14 19:19 . 2009-03-03 02:40 654336 c:\windows\winsxs\x86_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_6.0.6000.16830_non e_29a6eeebde589a97\printfilterpipelinesvc.exe
+ 2009-04-14 19:19 . 2009-03-03 04:32 324608 c:\windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6001.2 2389_none_d16ab47d4f561502\sdohlp.dll
+ 2009-04-14 19:19 . 2009-03-03 04:28 119296 c:\windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6001.2 2389_none_d16ab47d4f561502\iasrecst.dll
+ 2009-04-14 19:19 . 2009-03-03 04:39 183296 c:\windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6001.1 8226_none_d11ef65c360a818d\sdohlp.dll
+ 2009-04-14 19:19 . 2009-03-03 04:17 158720 c:\windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6000.2 1023_none_cfbf2bc5520477a3\sdohlp.dll
+ 2009-04-14 19:19 . 2009-03-03 04:19 158720 c:\windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6000.1 6830_none_cf27e60e38f17483\sdohlp.dll
+ 2009-04-14 19:13 . 2009-01-30 00:29 441400 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22376_none_a68e7da17 61c2def\ksecdd.sys
+ 2009-04-14 19:13 . 2009-02-13 08:21 890880 c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.22376_none_9401 d8206f9c7e67\kernel32.dll
+ 2009-04-14 19:13 . 2009-02-13 08:49 888832 c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18215_none_93b8 1a93564f1da0\kernel32.dll
+ 2009-04-14 19:13 . 2009-02-13 07:13 875520 c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6000.21010_none_9256 4f68724ae108\kernel32.dll
+ 2009-04-14 19:13 . 2009-02-13 07:26 875520 c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6000.16820_none_91c2 0a8f593529ed\kernel32.dll
+ 2009-04-14 19:20 . 2009-03-03 02:07 301568 c:\windows\winsxs\x86_microsoft-windows-ieuser_31bf3856ad364e35_6.0.6000.21023_none_0bd4a9 53f021dd83\ieuser.exe
+ 2009-04-14 19:20 . 2009-03-03 02:09 301568 c:\windows\winsxs\x86_microsoft-windows-ieuser_31bf3856ad364e35_6.0.6000.16830_none_0b3d63 9cd70eda63\ieuser.exe
+ 2009-04-14 19:20 . 2009-03-03 02:07 263168 c:\windows\winsxs\x86_microsoft-windows-ieinstal_31bf3856ad364e35_6.0.6000.21023_none_e72c 7437ada71dd1\ieinstal.exe
+ 2009-04-14 19:20 . 2009-03-03 02:08 263168 c:\windows\winsxs\x86_microsoft-windows-ieinstal_31bf3856ad364e35_6.0.6000.16830_none_e695 2e8094941ab1\ieinstal.exe
+ 2009-04-14 19:20 . 2009-03-03 04:28 180736 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.22389_none_64de9 070c77566f8\ieui.dll
+ 2009-04-14 19:20 . 2009-03-03 04:14 180736 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.21023_none_63330 7b8ca23c999\ieui.dll
+ 2009-04-14 19:20 . 2009-03-03 04:16 180736 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.16830_none_629bc 201b110c679\ieui.dll
+ 2009-04-14 19:20 . 2009-03-03 04:32 129536 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.22389_n one_47dfce2aa5da8df2\sqmapi.dll
+ 2009-04-14 19:20 . 2009-03-03 04:28 270848 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.22389_n one_47dfce2aa5da8df2\iertutil.dll
+ 2009-04-14 19:20 . 2009-03-03 04:37 270336 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.18226_n one_479410098c8efa7d\iertutil.dll
+ 2009-04-14 19:20 . 2009-03-03 04:17 134144 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.21023_n one_46344572a888f093\sqmapi.dll
+ 2009-04-14 19:20 . 2009-03-03 04:14 268288 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.21023_n one_46344572a888f093\iertutil.dll
+ 2009-04-14 19:20 . 2009-03-03 04:19 134144 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.16830_n one_459cffbb8f75ed73\sqmapi.dll
+ 2009-04-14 19:20 . 2009-03-03 04:16 268288 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.16830_n one_459cffbb8f75ed73\iertutil.dll
+ 2009-04-14 19:20 . 2009-03-03 04:31 102912 c:\windows\winsxs\x86_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_6.0.6001.2238 9_none_37628bfd2d797360\occache.dll
+ 2009-04-14 19:20 . 2009-03-03 04:39 102912 c:\windows\winsxs\x86_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_6.0.6001.1822 6_none_3716cddc142ddfeb\occache.dll
+ 2009-04-14 19:20 . 2009-03-03 04:17 102912 c:\windows\winsxs\x86_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_6.0.6000.2102 3_none_35b703453027d601\occache.dll
+ 2009-04-14 19:20 . 2009-03-03 04:19 102912 c:\windows\winsxs\x86_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_6.0.6000.1683 0_none_351fbd8e1714d2e1\occache.dll
+ 2009-04-14 19:20 . 2009-03-03 04:32 636072 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22389_n one_2f9e23da3354de78\iexplore.exe
+ 2009-04-14 19:20 . 2009-03-03 04:40 636072 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18226_n one_2f5265b91a094b03\iexplore.exe
+ 2009-04-14 19:20 . 2009-03-03 04:18 636072 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21023_n one_2df29b2236034119\iexplore.exe
+ 2009-04-14 19:20 . 2009-03-03 04:22 636072 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16830_n one_2d5b556b1cf03df9\iexplore.exe
+ 2009-04-14 19:20 . 2009-03-03 04:15 477696 c:\windows\winsxs\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6000.21023_none_4 6b984805f698544\mshtmled.dll
+ 2009-04-14 19:20 . 2009-03-03 04:17 477696 c:\windows\winsxs\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6000.16830_none_4 6223ec946568224\mshtmled.dll
+ 2009-04-14 19:20 . 2009-03-03 04:30 458240 c:\windows\winsxs\x86_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_6.0.6001.22389_none_6022 ae1d53ccc24d\msfeeds.dll
+ 2009-04-14 19:20 . 2009-03-03 04:38 458240 c:\windows\winsxs\x86_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_6.0.6001.18226_none_5fd6 effc3a812ed8\msfeeds.dll
+ 2009-04-14 19:20 . 2009-03-03 04:15 459264 c:\windows\winsxs\x86_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_6.0.6000.21023_none_5e77 2565567b24ee\msfeeds.dll
+ 2009-04-14 19:20 . 2009-03-03 04:17 459264 c:\windows\winsxs\x86_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_6.0.6000.16830_none_5ddf dfae3d6821ce\msfeeds.dll
+ 2009-04-14 19:20 . 2009-03-03 04:14 214528 c:\windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.21023_ none_9656ea289da8d2b7\dxtrans.dll
+ 2009-04-14 19:20 . 2009-03-03 04:14 347136 c:\windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.21023_ none_9656ea289da8d2b7\dxtmsft.dll
+ 2009-04-14 19:20 . 2009-03-03 04:16 214528 c:\windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.16830_ none_95bfa4718495cf97\dxtrans.dll
+ 2009-04-14 19:20 . 2009-03-03 04:16 347136 c:\windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.16830_ none_95bfa4718495cf97\dxtmsft.dll
+ 2009-04-14 19:20 . 2009-03-03 04:14 380928 c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.21023_no ne_fa22b17087c34c89\ieapfltr.dll
+ 2009-04-14 19:20 . 2009-03-03 04:16 383488 c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.16830_no ne_f98b6bb96eb04969\ieapfltr.dll
+ 2009-04-14 19:20 . 2009-03-03 04:28 161792 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6001.22389_ none_ae6e459e201c473b\ieakui.dll
+ 2009-04-14 19:20 . 2009-03-03 04:28 230400 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6001.22389_ none_ae6e459e201c473b\ieaksie.dll
+ 2009-04-14 19:20 . 2009-03-03 04:37 230400 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6001.18226_ none_ae22877d06d0b3c6\ieaksie.dll
+ 2009-04-14 19:20 . 2009-03-03 04:14 161792 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6000.21023_ none_acc2bce622caa9dc\ieakui.dll
+ 2009-04-14 19:20 . 2009-03-03 04:14 230400 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6000.21023_ none_acc2bce622caa9dc\ieaksie.dll
+ 2009-04-14 19:20 . 2009-03-03 04:16 161792 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6000.16830_ none_ac2b772f09b7a6bc\ieakui.dll
+ 2009-04-14 19:20 . 2009-03-03 04:16 230400 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_6.0.6000.16830_ none_ac2b772f09b7a6bc\ieaksie.dll
+ 2009-04-14 19:20 . 2009-03-03 04:28 389120 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_6.0.6001.22389_n one_748c904a70d3905c\iedkcs32.dll
+ 2009-04-14 19:20 . 2009-03-03 04:37 389120 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_6.0.6001.18226_n one_7440d2295787fce7\iedkcs32.dll
+ 2009-04-14 19:20 . 2009-03-03 04:14 388608 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_6.0.6000.21023_n one_72e107927381f2fd\iedkcs32.dll
+ 2009-04-14 19:20 . 2009-03-03 04:16 385024 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_6.0.6000.16830_n one_7249c1db5a6eefdd\iedkcs32.dll
+ 2009-04-14 19:20 . 2009-03-03 04:32 827904 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.2 2389_none_0225174ebb296f95\wininet.dll
+ 2009-04-14 19:20 . 2009-03-03 04:40 827392 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.1 8226_none_01d9592da1dddc20\wininet.dll
+ 2009-04-14 19:20 . 2009-03-03 04:18 828416 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.2 1023_none_00798e96bdd7d236\wininet.dll
+ 2009-04-14 19:20 . 2009-03-03 04:20 826368 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.1 6830_none_ffe248dfa4c4cf16\wininet.dll
+ 2009-04-14 19:20 . 2009-03-03 04:30 671232 c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6001.2 2389_none_e101ca7595c90871\mstime.dll
+ 2009-04-14 19:20 . 2009-03-03 04:38 671232 c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6001.1 8226_none_e0b60c547c7d74fc\mstime.dll
+ 2009-04-14 19:20 . 2009-03-03 04:16 671232 c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6000.2 1023_none_df5641bd98776b12\mstime.dll
+ 2009-04-14 19:20 . 2009-03-03 04:18 671232 c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6000.1 6830_none_debefc067f6467f2\mstime.dll
+ 2009-04-14 19:12 . 2008-06-06 03:23 562176 c:\windows\winsxs\x86_microsoft-windows-com-dtc-client_31bf3856ad364e35_6.0.6001.22197_none_4d223d 3bd2ae154b\msdtcprx.dll
+ 2009-04-14 19:12 . 2008-06-06 03:27 562176 c:\windows\winsxs\x86_microsoft-windows-com-dtc-client_31bf3856ad364e35_6.0.6001.18085_none_4ca16f c8b98a26e2\msdtcprx.dll
+ 2009-04-14 19:12 . 2008-06-06 03:21 500736 c:\windows\winsxs\x86_microsoft-windows-com-dtc-client_31bf3856ad364e35_6.0.6000.20852_none_4b623e b9d56b930a\msdtcprx.dll
+ 2009-04-14 19:12 . 2008-06-05 04:50 500736 c:\windows\winsxs\x86_microsoft-windows-com-dtc-client_31bf3856ad364e35_6.0.6000.16697_none_4ab261 cabc69e490\msdtcprx.dll
+ 2009-04-14 19:19 . 2009-03-03 04:32 551424 c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.22389_none_6a06ffc d57365beb\rpcss.dll
+ 2009-04-14 19:19 . 2009-03-03 04:39 551424 c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.18226_none_69bb41a c3deac876\rpcss.dll
+ 2009-04-14 19:19 . 2009-03-03 04:17 550400 c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6000.21023_none_685b771 559e4be8c\rpcss.dll
+ 2009-04-14 19:19 . 2009-03-03 04:19 549888 c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6000.16830_none_67c4315 e40d1bb6c\rpcss.dll
+ 2009-04-14 19:20 . 2009-03-03 04:13 124928 c:\windows\winsxs\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.21023_none_aa5c0 0930ed54e40\advpack.dll
+ 2009-04-14 19:20 . 2009-03-03 04:15 124928 c:\windows\winsxs\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.16830_none_a9c4b adbf5c24b20\advpack.dll
- 2009-02-11 04:49 . 2009-01-15 06:11 827392 c:\windows\System32\wininet.dll
+ 2009-04-14 19:20 . 2009-03-03 04:40 827392 c:\windows\System32\wininet.dll
- 2008-06-20 17:11 . 2008-01-19 07:36 376832 c:\windows\System32\winhttp.dll
+ 2009-04-14 19:10 . 2008-12-06 04:42 376832 c:\windows\System32\winhttp.dll
+ 2008-05-13 05:19 . 2009-04-15 18:24 227792 c:\windows\System32\WDI\SuspendPerformanceDiagnost ics_SystemData_S3.bin
+ 2009-04-14 19:19 . 2009-03-03 02:16 247296 c:\windows\System32\wbem\WmiPrvSE.exe
+ 2009-04-14 19:19 . 2009-03-03 04:40 499200 c:\windows\System32\wbem\WmiPrvSD.dll
+ 2009-04-14 19:19 . 2009-03-03 04:40 129024 c:\windows\System32\wbem\WmiDcPrv.dll
+ 2009-04-14 19:19 . 2009-03-03 04:36 615424 c:\windows\System32\wbem\fastprox.dll
+ 2009-04-14 19:19 . 2009-03-03 04:39 183296 c:\windows\System32\sdohlp.dll
- 2008-06-20 17:11 . 2008-01-19 07:36 183296 c:\windows\System32\sdohlp.dll
+ 2009-04-14 19:19 . 2009-03-03 04:39 551424 c:\windows\System32\rpcss.dll
+ 2009-04-14 19:19 . 2009-03-03 03:04 666624 c:\windows\System32\printfilterpipelinesvc.exe
- 2006-11-02 10:33 . 2009-04-15 02:04 587178 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-04-15 07:19 587178 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-04-15 02:04 101250 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2009-04-15 07:19 101250 c:\windows\System32\perfc009.dat
- 2008-06-20 17:09 . 2008-01-19 07:36 102912 c:\windows\System32\occache.dll
+ 2009-04-14 19:20 . 2009-03-03 04:39 102912 c:\windows\System32\occache.dll
+ 2009-04-14 19:20 . 2009-03-03 04:38 671232 c:\windows\System32\mstime.dll
- 2009-02-11 04:49 . 2009-01-15 06:08 671232 c:\windows\System32\mstime.dll
+ 2009-04-14 19:20 . 2009-03-03 04:38 458240 c:\windows\System32\msfeeds.dll
- 2009-02-11 04:49 . 2009-01-15 06:08 458240 c:\windows\System32\msfeeds.dll
+ 2009-04-14 19:12 . 2008-06-06 03:27 562176 c:\windows\System32\msdtcprx.dll
+ 2009-04-14 19:13 . 2009-02-13 08:49 888832 c:\windows\System32\kernel32.dll
+ 2009-04-14 19:20 . 2009-03-03 04:37 270336 c:\windows\System32\iertutil.dll
- 2009-02-11 04:49 . 2009-01-15 06:07 270336 c:\windows\System32\iertutil.dll
+ 2009-04-14 19:20 . 2009-03-03 04:37 389120 c:\windows\System32\iedkcs32.dll
- 2008-06-20 17:09 . 2008-01-19 07:34 230400 c:\windows\System32\ieaksie.dll
+ 2009-04-14 19:20 . 2009-03-03 04:37 230400 c:\windows\System32\ieaksie.dll
+ 2006-11-02 12:45 . 2009-04-15 07:17 262144 c:\windows\ServiceProfiles\NetworkService\ntuser.d at
- 2006-11-02 12:45 . 2009-04-15 02:00 262144 c:\windows\ServiceProfiles\NetworkService\ntuser.d at
+ 2006-11-02 12:45 . 2009-04-15 07:16 262144 c:\windows\ServiceProfiles\LocalService\ntuser.dat
- 2006-11-02 12:45 . 2009-04-15 01:59 262144 c:\windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-05-27 06:22 . 2009-04-15 07:04 888080 c:\windows\Installer\{90120000-0012-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-05-27 06:22 . 2009-03-11 07:03 888080 c:\windows\Installer\{90120000-0012-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-05-27 06:22 . 2009-03-11 07:03 922384 c:\windows\Installer\{90120000-0012-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-05-27 06:22 . 2009-04-15 07:04 922384 c:\windows\Installer\{90120000-0012-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-05-27 06:22 . 2009-04-15 07:04 845584 c:\windows\Installer\{90120000-0012-0000-0000-0000000FF1CE}\outicon.exe
- 2008-05-27 06:22 . 2009-03-11 07:03 845584 c:\windows\Installer\{90120000-0012-0000-0000-0000000FF1CE}\outicon.exe
- 2008-05-27 06:22 . 2009-03-11 07:03 217864 c:\windows\Installer\{90120000-0012-0000-0000-0000000FF1CE}\misc.exe
+ 2008-05-27 06:22 . 2009-04-15 07:04 217864 c:\windows\Installer\{90120000-0012-0000-0000-0000000FF1CE}\misc.exe
+ 2009-04-14 19:19 . 2009-03-03 04:37 3548656 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22389_none_6c6c85 71cd797017\ntoskrnl.exe
+ 2009-04-14 19:19 . 2009-03-03 04:37 3600880 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22389_none_6c6c85 71cd797017\ntkrnlpa.exe
+ 2009-04-14 19:19 . 2009-03-03 04:46 3547632 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18226_none_6c20c7 50b42ddca2\ntoskrnl.exe
+ 2009-04-14 19:19 . 2009-03-03 04:46 3599328 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18226_none_6c20c7 50b42ddca2\ntkrnlpa.exe
+ 2009-04-14 19:19 . 2009-03-03 04:22 3471328 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.21023_none_6ac0fc b9d027d2b8\ntoskrnl.exe
+ 2009-04-14 19:19 . 2009-03-03 04:22 3505120 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.21023_none_6ac0fc b9d027d2b8\ntkrnlpa.exe
+ 2009-04-14 19:19 . 2009-03-03 04:24 3469280 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16830_none_6a29b7 02b714cf98\ntoskrnl.exe
+ 2009-04-14 19:19 . 2009-03-03 04:24 3503584 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16830_none_6a29b7 02b714cf98\ntkrnlpa.exe
+ 2009-04-14 19:12 . 2009-03-13 22:23 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22395_none_f2b56ce18 4dc676b\OESpamFilter.dat
+ 2009-04-14 19:12 . 2009-03-13 22:26 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18229_none_f27b80b26 b826966\OESpamFilter.dat
+ 2009-04-14 19:12 . 2009-03-13 22:24 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.21027_none_f11cb6658 77b78d3\OESpamFilter.dat
+ 2009-04-14 19:12 . 2009-03-13 22:24 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16833_none_f08470646 e695c5c\OESpamFilter.dat
+ 2009-04-14 19:13 . 2009-02-13 08:21 1257472 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22376_none_a68e7da17 61c2def\lsasrv.dll
+ 2009-04-14 19:13 . 2009-02-13 08:49 1255936 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18215_none_a644c0145 ccecd28\lsasrv.dll
+ 2009-04-14 19:13 . 2009-02-13 07:13 1234432 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21010_none_a4e2f4e97 8ca9090\lsasrv.dll
+ 2009-04-14 19:13 . 2009-02-13 07:26 1233408 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16820_none_a44eb0105 fb4d975\lsasrv.dll
+ 2009-04-14 19:20 . 2009-03-03 04:28 6070784 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.22389_none_64de9 070c77566f8\ieframe.dll
+ 2009-04-14 19:20 . 2009-03-03 04:37 6068736 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.18226_none_6492d 24fae29d383\ieframe.dll
+ 2009-04-14 19:20 . 2009-03-03 04:14 6068736 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.21023_none_63330 7b8ca23c999\ieframe.dll
+ 2009-04-14 19:20 . 2009-03-03 04:16 6066176 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.16830_none_629bc 201b110c679\ieframe.dll
+ 2009-04-14 19:20 . 2009-03-03 04:30 3581440 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.22389_none _137f366d3b7fd8cb\mshtml.dll
+ 2009-04-14 19:20 . 2009-03-03 04:38 3580928 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.18226_none _1333784c22344556\mshtml.dll
+ 2009-04-14 19:20 . 2009-03-03 04:15 3596800 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.21023_none _11d3adb53e2e3b6c\mshtml.dll
+ 2009-04-14 19:20 . 2009-03-03 04:17 3595264 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16830_none _113c67fe251b384c\mshtml.dll
+ 2009-04-14 19:20 . 2009-03-03 04:32 1166848 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.2 2389_none_b51f3bacf0204902\urlmon.dll
+ 2009-04-14 19:20 . 2009-03-03 04:40 1166336 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.1 8226_none_b4d37d8bd6d4b58d\urlmon.dll
+ 2009-04-14 19:20 . 2009-03-03 04:18 1163264 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.2 1023_none_b373b2f4f2ceaba3\urlmon.dll
+ 2009-04-14 19:20 . 2009-03-03 04:20 1160192 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.1 6830_none_b2dc6d3dd9bba883\urlmon.dll
+ 2009-04-14 19:20 . 2009-03-03 04:40 1166336 c:\windows\System32\urlmon.dll
- 2009-02-11 04:49 . 2009-01-15 06:11 1166336 c:\windows\System32\urlmon.dll
+ 2006-11-02 10:22 . 2009-04-15 07:15 6291456 c:\windows\System32\SMI\Store\Machine\schema.dat
- 2006-11-02 10:22 . 2009-04-15 01:58 6291456 c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2009-04-14 19:19 . 2009-03-03 04:46 3547632 c:\windows\System32\ntoskrnl.exe
+ 2009-04-14 19:19 . 2009-03-03 04:46 3599328 c:\windows\System32\ntkrnlpa.exe
+ 2009-04-14 19:20 . 2009-03-03 04:38 3580928 c:\windows\System32\mshtml.dll
+ 2009-04-14 19:13 . 2009-02-13 08:49 1255936 c:\windows\System32\lsasrv.dll
- 2008-06-20 17:12 . 2008-01-19 07:36 1255936 c:\windows\System32\lsasrv.dll
+ 2009-04-14 19:20 . 2009-03-03 04:37 6068736 c:\windows\System32\ieframe.dll
- 2008-05-27 06:22 . 2009-03-11 07:03 1172240 c:\windows\Installer\{90120000-0012-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-05-27 06:22 . 2009-04-15 07:04 1172240 c:\windows\Installer\{90120000-0012-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-04-15 18:36 . 2009-04-15 18:36 6184960 c:\windows\ERDNT\Hiv-backup\schema.dat
+ 2006-11-02 10:24 . 2009-04-06 14:57 24921544 c:\windows\System32\mrt.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
"cdloader"="c:\users\Luissanna\AppData\Roaming\mju sbsp\cdloader2.exe" [2008-12-17 50520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-16 815104]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-02 148888]
"Persistence"="c:\windows\system32\igfxpers.ex e" [2006-11-06 81920]
"PCMService"="c:\program files\Acer\Acer Arcade\PCMService.exe" [2007-01-09 151552]
"lxdnmon.exe"="c:\program files\Lexmark 2600 Series\lxdnmon.exe" [2008-03-27 660136]
"lxdnamon"="c:\program files\Lexmark 2600 Series\lxdnamon.exe" [2008-03-27 16040]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2007-01-11 483328]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-11-06 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-11-06 106496]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2008-03-27 320168]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-08-18 1447168]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-04-06 515416]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-01-17 151552]
"Acer Product Registration"="c:\program files\Acer Registration\ACE1.exe" [2006-12-13 3166208]
"Acer Assist Launcher"="c:\program files\Acer Assist\launcher.exe" [2006-12-07 1261568]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2006-12-01 4186112]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-4-10 528384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="c:\recycler\S-1-5-21-2381236816-5009724468-986204560-6659\glps.exe,explorer.exe,c:\recycler\S-1-5-21-2498003056-4378924616-091535333-9114\glps.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Taskman"="c:\recycler\S-1-5-21-2381236816-5009724468-986204560-6659\glps.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll
"VIDC.3iv2"= 3ivxVfWCodec.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"{A48F9325-8273-4BC4-8460-C9C94AAEFBD7}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{3373B3CC-D682-4FA8-B29F-103427C284EB}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{7DCBDC45-CE98-4B97-A3C2-86227684DC37}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{71BA1D25-6A69-418E-A09E-7F013ED6B1C2}"= UDP:c:\windows\System32\lxdncoms.exe:Lexmark Communications System
"{778453F6-70BA-4906-AD8B-EF9FB5D355C7}"= TCP:c:\windows\System32\lxdncoms.exe:Lexmark Communications System
"{E241BE67-2AB2-40A9-85FF-F6009E05CC0D}"= UDP:c:\program files\Lexmark 2600 Series\lxdnamon.exe:Lexmark Device Monitor
"{4E9124F1-5707-4413-BB06-D6614B883B6A}"= TCP:c:\program files\Lexmark 2600 Series\lxdnamon.exe:Lexmark Device Monitor
"{770EAD64-432C-498A-A0F3-EFF717CD3748}"= UDP:c:\program files\Lexmark 2600 Series\frun.exe:Lexmark Productivity Studio
"{B6BE1279-B5AF-45FD-80FE-93799BD0DBE6}"= TCP:c:\program files\Lexmark 2600 Series\frun.exe:Lexmark Productivity Studio
"{F34AC42B-7FDA-4925-83E6-1C761BDABD65}"= UDP:c:\program files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:ABBYY FineReader
"{95203E59-73BC-479D-A914-190F35DA1F25}"= TCP:c:\program files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:ABBYY FineReader
"{603D907D-F248-483C-84A8-14EBD2A261C0}"= UDP:c:\program files\Lexmark Fax Solutions\FaxCtr.exe:Fax software
"{1542E63E-051A-4306-B5F6-BE978FEB6CBC}"= TCP:c:\program files\Lexmark Fax Solutions\FaxCtr.exe:Fax software
"{342AEB34-3C68-49A9-9C8A-BE3EF6178824}"= UDP:c:\program files\Lexmark 2600 Series\lxdnmon.exe:Printer Device Monitor
"{64373533-91DE-4D41-8E1F-7E40393C778A}"= TCP:c:\program files\Lexmark 2600 Series\lxdnmon.exe:Printer Device Monitor
"{D2DDB4C5-3AC4-47E2-B112-C5C16BF2D7B2}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{D3E1740F-2003-4939-AEA2-47E571C6F746}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{FB7898C9-CA16-42BA-A2A6-96EB1157D97E}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{B913E8A9-ADB8-4E82-8255-A80BCC6803B7}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{183AA8E7-5409-4612-A003-816CC0F189E8}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{280EE575-4945-44BE-A32A-25463FFBF778}"= UDP:c:\program files\AIM6\aim6.exe:AIM
"{0C2372EE-C2C7-4EAF-9994-02F1AA906A03}"= TCP:c:\program files\AIM6\aim6.exe:AIM
"{178506FF-CB89-4CB6-B422-C7974F5C724B}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxd npswx.exe:Printer Status Window Interface
"{C965BFA1-073D-4BE0-B5B7-FC66973F5F08}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxd npswx.exe:Printer Status Window Interface
"{BC61B0D4-487E-48C3-90BD-C1E581701666}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxd njswx.exe:Job Status Window Interface
"{08E0DB07-06A6-4430-B171-37FC4AA5C372}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxd njswx.exe:Job Status Window Interface
"{2AA4954A-FF31-458A-B3D6-414546B3B686}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxd ntime.exe:Lexmark Connect Time Executable
"{20B08782-1BE1-4FE2-A340-D766D53D6193}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxd ntime.exe:Lexmark Connect Time Executable
"TCP Query User{BEE9F1EC-C901-4E6F-8665-CF7CB9DF2FD0}c:\\users\\luissanna\\appdata\\roamin g\\mjusbsp\\magicjack.exe"= UDP:c:\users\luissanna\appdata\roaming\mjusbsp\mag icjack.exe:magicjack.exe
"UDP Query User{79E56D64-D47D-4A24-8763-76AAC82A2DBB}c:\\users\\luissanna\\appdata\\roamin g\\mjusbsp\\magicjack.exe"= TCP:c:\users\luissanna\appdata\roaming\mjusbsp\mag icjack.exe:magicjack.exe

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-04-06 951632]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-03-23 7408]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-04-06 64160]
S1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfw tdir.sys [2008-08-18 34312]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-03-23 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-03-23 72944]
S2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-08-18 468224]
S2 lxdn_device;lxdn_device;c:\windows\system32\lxdnco ms.exe [2008-02-27 594600]
S2 lxdnCATSCustConnectService;lxdnCATSCustConnectServ ice;c:\windows\system32\spool\DRIVERS\W32X86\3\\lx dnserv.exe [2008-02-27 98984]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\G]
\shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{0ef68380-5f47-11dd-ae34-001b2433b046}]
\shell\AutoRun\command - tgtighg.cmd
\shell\explore\Command - tgtighg.cmd
\shell\open\Command - tgtighg.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{e6eeeb12-8680-11dd-b829-001b2433b046}]
\shell\AutoRun\command - F:\xk2n.bat
\shell\explore\Command - F:\xk2n.bat
\shell\open\Command - F:\xk2n.bat

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{ed0e9e9a-1925-11de-b077-001b2433b046}]
\shell\AutoRun\command - F:\luk1ylq.com
\shell\open\Command - F:\luk1ylq.com

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{ed9fbc23-5cf2-11dd-b8c3-001b2433b046}]
\shell\AutoRun\command - tgtighg.cmd
\shell\explore\Command - tgtighg.cmd
\shell\open\Command - tgtighg.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{f32ba660-02bd-11de-ae3c-001b2433b046}]
\shell\AutoRun\command - F:\pook.com
\shell\open\Command - F:\pook.com

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{fd1d026a-1a3f-11de-befb-001b2433b046}]
\shell\AutoRun\command - G:\autorun.exe
\shell\phone\command - G:\autorun.exe
.
Contents of the 'Scheduled Tasks' folder

2009-04-06 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 19:44]

2008-05-14 c:\windows\Tasks\Comprobar actualizaciones de Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 15:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.do/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://es.us.acer.yahoo.com
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xportar a Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {B51DE4EF-7168-454F-9B97-2CD534CDCD95} = 196.3.81.5,196.3.81.132
FF - ProfilePath - c:\users\Luissanna\AppData\Roaming\Mozilla\Firefox \Profiles\o391w81w.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&quer y=
FF - prefs.js: browser.search.selectedEngine - AIM Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.do/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query =
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_sett ing", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.hideGoButton", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.enabled", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&") ;
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&a ppver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");
.

************************************************** ************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-15 14:39
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\users\LUISSA~1\AppData\Local\Temp\WPDNSE


************************************************** ************************
.
Completion time: ~,10time:~,-3
ComboFix-quarantined-files.txt 2009-04-15 18:41
ComboFix2.txt 2009-04-15 03:08
ComboFix3.txt 2009-04-08 00:42
ComboFix4.txt 2009-04-07 19:48

Pre-Run: 3,311,431,680 bytes free
Post-Run: 3,294,867,456 bytes free

589 --- E O F --- 2009-04-15 07:06
Responder Con Cita
  post #7  
Antiguo 16/04/09, 22:31:38
Usuario
  
Registrado: dic 2005
Ubicación: Republica Dominicana
Mensajes: 51
Re: Mi pc esta completamente loca!
te cuento que le pase el windows malicious software removal tool, y encontro y elimino 2 archivos infectados con el ultimo virus que salio en estos dias que es el Conficker, para que sepas por si acaso.
despues de esto la pc a seguido con el mismo problema y ahi arriba esta el ultimo log de combofix que le hice.
Responder Con Cita
  post #8  
Antiguo 17/04/09, 02:39:05
Avatar de Kirigi
Warrior
  
Registrado: jun 2007
Ubicación: Venezuela- Vargas- La Guaira
Mensajes: 6.545
Re: Mi pc esta completamente loca!
Hola,

Antes de hacer lo siguiente primero seria bueno que desconectaras cualquier cable de red por el cual se conecte ese portátil ya que el archivo de malware glps.exe siempre busca de conectarse a internet.

1.-Abrir el Notepad (Bloc de Notas)
  • Ir a INICIO > EJECUTAR >
  • Y ahí pones notepad.exe y ACEPTAR
2.-Ahora copia y pega estos archivos dentro del Notepad

Código:
KillAll::

File::
c:\recycler\S-1-5-21-2381236816-5009724468-986204560-6659\glps.exe

Registry::
[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon]
"Shell"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Taskman"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0ef68380-5f47-11dd-ae34-001b2433b046}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e6eeeb12-8680-11dd-b829-001b2433b046}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ed0e9e9a-1925-11de-b077-001b2433b046}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ed9fbc23-5cf2-11dd-b8c3-001b2433b046}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f32ba660-02bd-11de-ae3c-001b2433b046}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fd1d026a-1a3f-11de-befb-001b2433b046}]
3.- Graba este archivo con el nombre CFScript.txt y déjalo en tu escritorio.

4.- Arrastrar y soltar el archivo CFScript.txt dentro del archivo ComboFix.exe como lo muestra la animación de abajo. Esto activara ComboFix nuevamente.

  • Reinicia tu PC y nos dejas un el nuevo reporte de ComboFix, comentándonos como esta funcionado todo actualmente?

Salu2

Novedades del Foro | Antivirus Online | Eliminar Malwares | Políticas del Foro | Blog

* Ayúdanos haciendo una DONACIÓN para poder seguir Ayudando.
* Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
* No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.
Responder Con Cita
  post #9  
Antiguo 17/04/09, 23:57:51
Usuario
  
Registrado: dic 2005
Ubicación: Republica Dominicana
Mensajes: 51
Re: Mi pc esta completamente loca!
al parecer todo volvio a la nomalidad aki esta el log del combofix

Cita:
ComboFix 09-04-14.09 - Luissanna 17/04/2009 18:54.4 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.1013.415 [GMT -4:00]
Running from: c:\users\Luissanna\Desktop\ComboFix.exe
Command switches used :: c:\users\Luissanna\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated)
* Created a new restore point

FILE ::
c:\recycler\S-1-5-21-2381236816-5009724468-986204560-6659\glps.exe
.
ADS - system32: deleted 94208 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-2381236816-5009724468-986204560-6659\glps.exe

.
((((((((((((((((((((((((( Files Created from 2009-03-17 to 2009-04-17 )))))))))))))))))))))))))))))))
.

2009-04-17 22:52 . 2006-03-03 03:42 73728 ----a-w C:\pv.exe
2009-04-17 22:51 . 2009-04-17 22:52 -------- d-----w C:\32788R22FWJFW
2009-04-17 07:02 . 2009-04-17 07:02 94208 ----a-w c:\windows\system32\É
2009-04-17 03:59 . 2009-04-17 03:59 -------- d-----w c:\windows\Sun
2009-04-16 07:19 . 2009-04-16 07:19 268 ---ha-w C:\sqmdata01.sqm
2009-04-16 07:19 . 2009-04-16 07:19 244 ---ha-w C:\sqmnoopt01.sqm
2009-04-14 19:19 . 2009-03-03 04:39 551424 ----a-w c:\windows\system32\rpcss.dll
2009-04-14 19:19 . 2009-03-03 04:46 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-04-14 19:19 . 2009-03-03 04:46 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
2009-04-14 19:19 . 2009-03-03 03:04 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-04-14 19:19 . 2009-03-03 04:39 183296 ----a-w c:\windows\system32\sdohlp.dll
2009-04-14 19:19 . 2009-03-03 04:39 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-04-14 19:19 . 2009-03-03 04:37 98304 ----a-w c:\windows\system32\iasrecst.dll
2009-04-14 19:19 . 2009-03-03 04:37 54784 ----a-w c:\windows\system32\iasads.dll
2009-04-14 19:19 . 2009-03-03 04:37 44032 ----a-w c:\windows\system32\iasdatastore.dll
2009-04-14 19:19 . 2009-03-03 02:38 17408 ----a-w c:\windows\system32\iashost.exe
2009-04-14 19:13 . 2009-02-13 08:49 1255936 ----a-w c:\windows\system32\lsasrv.dll
2009-04-14 19:13 . 2009-03-17 03:38 13824 ----a-w c:\windows\system32\apilogen.dll
2009-04-14 19:13 . 2009-03-17 03:38 24064 ----a-w c:\windows\system32\amxread.dll
2009-04-14 19:13 . 2009-02-13 08:49 72704 ----a-w c:\windows\system32\secur32.dll
2009-04-14 19:12 . 2008-06-06 03:27 38912 ----a-w c:\windows\system32\xolehlp.dll
2009-04-14 19:12 . 2008-06-06 03:27 562176 ----a-w c:\windows\system32\msdtcprx.dll
2009-04-14 19:10 . 2008-12-06 04:42 376832 ----a-w c:\windows\system32\winhttp.dll
2009-04-06 21:16 . 2009-04-06 19:45 15688 ----a-w c:\windows\system32\lsdelete.exe
2009-04-06 19:46 . 2009-04-06 19:45 64160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-04-06 19:46 . 2009-04-06 19:46 -------- dc----w c:\windows\system32\DRVSTORE
2009-04-06 19:40 . 2009-04-06 19:45 -------- d-----w c:\users\All Users\Lavasoft
2009-04-06 19:40 . 2009-04-06 19:45 -------- d-----w c:\programdata\Lavasoft
2009-04-06 19:36 . 2009-04-06 19:36 -------- d-----w c:\users\All Users\SUPERAntiSpyware.com
2009-04-06 19:36 . 2009-04-06 19:36 -------- d-----w c:\programdata\SUPERAntiSpyware.com
2009-04-06 19:36 . 2009-04-06 19:36 -------- d-----w c:\users\Luissanna\AppData\Roaming\SUPERAntiSpywar e.com
2009-04-06 18:56 . 2009-04-06 19:40 -------- dc-h--w c:\users\All Users\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-04-06 18:56 . 2009-04-06 19:40 -------- dc-h--w c:\programdata\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-04-06 17:40 . 2009-04-06 17:40 -------- d-----w c:\users\Luissanna\AppData\Roaming\IObit
2009-04-06 04:13 . 2009-04-06 04:13 -------- d-----w c:\users\Luissanna\AppData\Roaming\Malwarebytes
2009-04-06 04:13 . 2009-03-26 20:49 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-06 04:13 . 2009-03-26 20:49 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 04:13 . 2009-04-06 04:13 -------- d-----w c:\users\All Users\Malwarebytes
2009-04-06 04:13 . 2009-04-06 04:13 -------- d-----w c:\programdata\Malwarebytes
2009-04-03 12:14 . 2009-04-03 12:14 -------- d-----w c:\users\Luissanna\AppData\Local\ESET
2009-04-02 05:53 . 2009-04-17 03:41 -------- d-----w c:\users\All Users\Spybot - Search & Destroy
2009-04-02 05:53 . 2009-04-17 03:41 -------- d-----w c:\programdata\Spybot - Search & Destroy
2009-04-02 03:55 . 2009-04-02 03:55 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-02 03:26 . 2009-04-02 03:26 -------- d-----w c:\users\All Users\ESET
2009-04-02 03:26 . 2009-04-02 03:26 -------- d-----w c:\programdata\ESET
2009-04-02 03:13 . 2009-04-02 03:13 244 ---ha-w C:\sqmnoopt00.sqm
2009-04-02 03:13 . 2009-04-02 03:13 232 ---ha-w C:\sqmdata00.sqm
2009-04-01 20:04 . 2009-04-01 20:04 -------- d-----w c:\users\Luissanna\AppData\Local\tjnet
2009-03-27 05:09 . 2009-03-27 05:23 -------- d-----w c:\users\Luissanna\AppData\Roaming\mjusbsp
2009-03-23 07:05 . 2009-03-23 07:05 118 ----a-w c:\windows\system32\MRT.INI

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-04-17 23:07 . 2009-04-17 23:07 2048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive1.dat
2009-04-17 23:07 . 2009-04-17 23:07 2048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive0.dat
2009-04-17 23:07 . 2009-04-06 22:24 17916 ----a-w C:\aaw7boot.log
2009-04-17 22:52 . 2009-04-17 22:52 4030 ----a-w C:\Bug.txt
2009-04-17 16:26 . 2008-05-13 04:11 81920 --sha-w c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2009-04-17 16:26 . 2008-05-13 04:11 16384 --sha-w c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
2009-04-17 16:26 . 2008-05-13 04:11 16384 --sha-w c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
2009-04-17 03:55 . 2008-11-11 04:14 -------- d-----w c:\program files\uTorrent
2009-04-17 03:46 . 2008-11-11 04:13 -------- d-----w c:\users\Luissanna\AppData\Roaming\uTorrent
2009-04-15 21:10 . 2009-04-15 21:10 70947 ----a-w C:\log11.txt
2009-04-15 07:12 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-04-15 07:04 . 2008-05-27 06:15 -------- d-----w c:\programdata\Microsoft Help
2009-04-15 03:42 . 2008-09-18 16:03 -------- d-----w c:\programdata\Lx_cats
2009-04-08 01:22 . 2009-04-08 01:22 20405 ----a-w C:\log2.txt
2009-04-07 19:53 . 2009-04-07 19:53 19627 ----a-w C:\log.txt
2009-04-06 19:40 . 2009-04-06 19:40 -------- d-----w c:\program files\Lavasoft
2009-04-06 19:36 . 2009-04-06 19:36 -------- d-----w c:\program files\SUPERAntiSpyware
2009-04-06 18:57 . 2009-04-06 18:57 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-06 18:17 . 2009-04-06 18:17 -------- d-----w c:\program files\CCleaner
2009-04-06 17:40 . 2009-04-06 17:40 -------- d-----w c:\program files\IObit
2009-04-06 04:13 . 2009-04-06 04:13 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-03 19:09 . 2009-04-02 05:53 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-02 03:55 . 2009-04-02 03:55 -------- d-----w c:\program files\Java
2009-04-02 03:44 . 2008-05-13 04:21 55376 ----a-w c:\users\Luissanna\AppData\Local\GDIPFONTCACHEV1.D AT
2009-04-02 03:42 . 2007-04-10 16:29 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-02 03:26 . 2009-04-02 03:26 -------- d-----w c:\program files\ESET
2009-04-02 03:23 . 2007-04-10 16:48 -------- d-----w c:\program files\NewTech Infosystems
2009-04-02 03:23 . 2007-04-10 16:48 -------- d-----w c:\program files\Common Files\NewTech Infosystems
2009-04-02 03:13 . 2007-04-10 17:32 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-04-02 03:12 . 2007-04-10 17:33 -------- d-----w c:\programdata\Symantec
2009-04-02 03:01 . 2008-12-31 18:14 -------- d-----w c:\program files\Common Files\AOL
2009-03-26 19:56 . 2009-01-23 22:33 680 ----a-w c:\users\Luissanna\AppData\Local\d3d9caps.dat
2009-03-26 00:21 . 2008-07-07 04:45 -------- d-----w c:\users\Luissanna\AppData\Roaming\Wildfire
2009-03-24 16:30 . 2009-03-24 16:30 206443 ----a-w c:\users\All Users\SPL310D.tmp
2009-03-24 16:30 . 2009-03-24 16:30 206443 ----a-w c:\programdata\SPL310D.tmp
2009-03-24 16:28 . 2009-03-24 16:28 206443 ----a-w c:\users\All Users\SPLDA1C.tmp
2009-03-24 16:28 . 2009-03-24 16:28 206443 ----a-w c:\programdata\SPLDA1C.tmp
2009-03-19 06:10 . 2009-03-19 06:10 39856 ----a-w c:\users\All Users\SPLB52B.tmp
2009-03-19 06:10 . 2009-03-19 06:10 39856 ----a-w c:\programdata\SPLB52B.tmp
2009-03-19 06:07 . 2009-03-19 06:07 39856 ----a-w c:\users\All Users\SPLED80.tmp
2009-03-19 06:07 . 2009-03-19 06:07 39856 ----a-w c:\programdata\SPLED80.tmp
2009-03-17 03:38 . 2009-04-14 19:13 40960 ----a-w c:\windows\AppPatch\apihex86.dll
2009-03-06 18:21 . 2009-03-06 18:21 12078 ----a-w c:\users\All Users\SPLCCEF.tmp
2009-03-06 18:21 . 2009-03-06 18:21 12078 ----a-w c:\programdata\SPLCCEF.tmp
2009-03-06 18:12 . 2009-03-06 18:12 146 ----a-w C:\lxdn.log
2009-03-05 19:21 . 2009-03-05 19:21 12078 ----a-w c:\users\All Users\SPL6334.tmp
2009-03-05 19:21 . 2009-03-05 19:21 12078 ----a-w c:\programdata\SPL6334.tmp
2009-03-03 16:39 . 2009-03-03 16:39 42972 ----a-w c:\users\All Users\SPL684C.tmp
2009-03-03 16:39 . 2009-03-03 16:39 42972 ----a-w c:\programdata\SPL684C.tmp
2009-03-03 04:40 . 2009-04-14 19:20 827392 ----a-w c:\windows\System32\wininet.dll
2009-03-03 04:37 . 2009-04-14 19:20 78336 ----a-w c:\windows\System32\ieencode.dll
2009-03-03 02:28 . 2009-04-14 19:20 26624 ----a-w c:\windows\System32\ieUnatt.exe
2009-02-09 03:10 . 2009-03-11 05:59 2033152 ----a-w c:\windows\System32\win32k.sys
2008-07-30 00:55 . 2006-11-02 12:48 174 --sha-w c:\program files\desktop.ini
2008-12-20 00:2008-06-05 18:33 54:57 . c:\program files\mozilla firefox\components\jar50.dll
2008-12-20 00:2008-06-05 18:33 54:58 . c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-20 00:2008-06-05 18:33 54:58 . c:\program files\mozilla firefox\components\myspell.dll
2008-12-20 00:2008-06-05 18:34 55:00 . c:\program files\mozilla firefox\components\spellchk.dll
2008-12-20 00:2008-06-05 18:34 55:00 . c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((( SnapShot_2009-04-15_18.39.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-04-10 16:44 . 2009-04-17 23:09 74642 c:\windows\System32\WDI\ShutdownPerformanceDiagnos tics_SystemData.bin
+ 2006-11-02 13:02 . 2009-04-17 16:28 70702 c:\windows\System32\WDI\BootPerformanceDiagnostics _SystemData.bin
+ 2008-05-13 04:20 . 2009-04-17 16:28 12322 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2191373209-2157763046-3521829622-1000_UserData.bin
+ 2008-05-13 04:11 . 2009-04-17 16:26 16384 c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
- 2008-05-13 04:11 . 2009-04-15 07:14 16384 c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
- 2008-05-13 04:11 . 2009-04-15 07:14 81920 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-13 04:11 . 2009-04-17 16:26 81920 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-13 04:11 . 2009-04-17 16:26 16384 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
- 2008-05-13 04:11 . 2009-04-15 07:14 16384 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
+ 2009-04-17 23:07 . 2009-04-17 23:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive1.dat
- 2009-04-15 07:14 . 2009-04-15 07:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive1.dat
- 2009-04-15 07:14 . 2009-04-15 07:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive0.dat
+ 2009-04-17 23:07 . 2009-04-17 23:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive0.dat
+ 2008-05-13 05:19 . 2009-04-17 22:51 232884 c:\windows\System32\WDI\SuspendPerformanceDiagnost ics_SystemData_S3.bin
- 2006-11-02 10:33 . 2009-04-15 07:19 587178 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-04-17 22:53 587178 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-04-15 07:19 101250 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2009-04-17 22:53 101250 c:\windows\System32\perfc009.dat
+ 2006-11-02 12:45 . 2009-04-17 23:08 262144 c:\windows\ServiceProfiles\NetworkService\ntuser.d at
- 2006-11-02 12:45 . 2009-04-15 07:17 262144 c:\windows\ServiceProfiles\NetworkService\ntuser.d at
- 2006-11-02 12:45 . 2009-04-15 07:16 262144 c:\windows\ServiceProfiles\LocalService\ntuser.dat
+ 2006-11-02 12:45 . 2009-04-17 23:08 262144 c:\windows\ServiceProfiles\LocalService\ntuser.dat
- 2006-11-02 10:22 . 2009-04-15 07:15 6291456 c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2006-11-02 10:22 . 2009-04-16 06:53 6291456 c:\windows\System32\SMI\Store\Machine\schema.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
"cdloader"="c:\users\Luissanna\AppData\Roaming\mju sbsp\cdloader2.exe" [2008-12-17 50520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-16 815104]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-02 148888]
"Persistence"="c:\windows\system32\igfxpers.ex e" [2006-11-06 81920]
"PCMService"="c:\program files\Acer\Acer Arcade\PCMService.exe" [2007-01-09 151552]
"lxdnmon.exe"="c:\program files\Lexmark 2600 Series\lxdnmon.exe" [2008-03-27 660136]
"lxdnamon"="c:\program files\Lexmark 2600 Series\lxdnamon.exe" [2008-03-27 16040]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2007-01-11 483328]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-11-06 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-11-06 106496]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2008-03-27 320168]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-08-18 1447168]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-04-06 515416]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-01-17 151552]
"Acer Product Registration"="c:\program files\Acer Registration\ACE1.exe" [2006-12-13 3166208]
"Acer Assist Launcher"="c:\program files\Acer Assist\launcher.exe" [2006-12-07 1261568]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2006-12-01 4186112]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-4-10 528384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll
"VIDC.3iv2"= 3ivxVfWCodec.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"{A48F9325-8273-4BC4-8460-C9C94AAEFBD7}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{3373B3CC-D682-4FA8-B29F-103427C284EB}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{7DCBDC45-CE98-4B97-A3C2-86227684DC37}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{71BA1D25-6A69-418E-A09E-7F013ED6B1C2}"= UDP:c:\windows\System32\lxdncoms.exe:Lexmark Communications System
"{778453F6-70BA-4906-AD8B-EF9FB5D355C7}"= TCP:c:\windows\System32\lxdncoms.exe:Lexmark Communications System
"{E241BE67-2AB2-40A9-85FF-F6009E05CC0D}"= UDP:c:\program files\Lexmark 2600 Series\lxdnamon.exe:Lexmark Device Monitor
"{4E9124F1-5707-4413-BB06-D6614B883B6A}"= TCP:c:\program files\Lexmark 2600 Series\lxdnamon.exe:Lexmark Device Monitor
"{770EAD64-432C-498A-A0F3-EFF717CD3748}"= UDP:c:\program files\Lexmark 2600 Series\frun.exe:Lexmark Productivity Studio
"{B6BE1279-B5AF-45FD-80FE-93799BD0DBE6}"= TCP:c:\program files\Lexmark 2600 Series\frun.exe:Lexmark Productivity Studio
"{F34AC42B-7FDA-4925-83E6-1C761BDABD65}"= UDP:c:\program files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:ABBYY FineReader
"{95203E59-73BC-479D-A914-190F35DA1F25}"= TCP:c:\program files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:ABBYY FineReader
"{603D907D-F248-483C-84A8-14EBD2A261C0}"= UDP:c:\program files\Lexmark Fax Solutions\FaxCtr.exe:Fax software
"{1542E63E-051A-4306-B5F6-BE978FEB6CBC}"= TCP:c:\program files\Lexmark Fax Solutions\FaxCtr.exe:Fax software
"{342AEB34-3C68-49A9-9C8A-BE3EF6178824}"= UDP:c:\program files\Lexmark 2600 Series\lxdnmon.exe:Printer Device Monitor
"{64373533-91DE-4D41-8E1F-7E40393C778A}"= TCP:c:\program files\Lexmark 2600 Series\lxdnmon.exe:Printer Device Monitor
"{D2DDB4C5-3AC4-47E2-B112-C5C16BF2D7B2}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{D3E1740F-2003-4939-AEA2-47E571C6F746}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{FB7898C9-CA16-42BA-A2A6-96EB1157D97E}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{B913E8A9-ADB8-4E82-8255-A80BCC6803B7}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{183AA8E7-5409-4612-A003-816CC0F189E8}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{280EE575-4945-44BE-A32A-25463FFBF778}"= UDP:c:\program files\AIM6\aim6.exe:AIM
"{0C2372EE-C2C7-4EAF-9994-02F1AA906A03}"= TCP:c:\program files\AIM6\aim6.exe:AIM
"{178506FF-CB89-4CB6-B422-C7974F5C724B}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxd npswx.exe:Printer Status Window Interface
"{C965BFA1-073D-4BE0-B5B7-FC66973F5F08}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxd npswx.exe:Printer Status Window Interface
"{BC61B0D4-487E-48C3-90BD-C1E581701666}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxd njswx.exe:Job Status Window Interface
"{08E0DB07-06A6-4430-B171-37FC4AA5C372}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxd njswx.exe:Job Status Window Interface
"{2AA4954A-FF31-458A-B3D6-414546B3B686}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxd ntime.exe:Lexmark Connect Time Executable
"{20B08782-1BE1-4FE2-A340-D766D53D6193}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxd ntime.exe:Lexmark Connect Time Executable
"TCP Query User{BEE9F1EC-C901-4E6F-8665-CF7CB9DF2FD0}c:\\users\\luissanna\\appdata\\roamin g\\mjusbsp\\magicjack.exe"= UDP:c:\users\luissanna\appdata\roaming\mjusbsp\mag icjack.exe:magicjack.exe
"UDP Query User{79E56D64-D47D-4A24-8763-76AAC82A2DBB}c:\\users\\luissanna\\appdata\\roamin g\\mjusbsp\\magicjack.exe"= TCP:c:\users\luissanna\appdata\roaming\mjusbsp\mag icjack.exe:magicjack.exe

R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-03-23 7408]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-04-06 64160]
S1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfw tdir.sys [2008-08-18 34312]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-03-23 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-03-23 72944]
S2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-08-18 468224]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-04-06 951632]
S2 lxdn_device;lxdn_device;c:\windows\system32\lxdnco ms.exe [2008-02-27 594600]
S2 lxdnCATSCustConnectService;lxdnCATSCustConnectServ ice;c:\windows\system32\spool\DRIVERS\W32X86\3\\lx dnserv.exe [2008-02-27 98984]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
Contents of the 'Scheduled Tasks' folder

2009-04-06 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 19:44]

2008-05-14 c:\windows\Tasks\Comprobar actualizaciones de Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 15:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.do/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://es.us.acer.yahoo.com
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xportar a Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {B51DE4EF-7168-454F-9B97-2CD534CDCD95} = 196.3.81.5,196.3.81.132
FF - ProfilePath - c:\users\Luissanna\AppData\Roaming\Mozilla\Firefox \Profiles\o391w81w.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&quer y=
FF - prefs.js: browser.search.selectedEngine - AIM Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.do/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query =
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_sett ing", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.hideGoButton", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.enabled", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&") ;
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&a ppver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");
.

************************************************** ************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-17 19:09
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\windows\System32\agrsmsvc.exe
c:\program files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
c:\program files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\System32\spool\drivers\w32x86\3\lxdnser v.exe
c:\program files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Launch Manager\QtZgAcer.EXE
c:\program files\Lexmark 2600 Series\lxdnmsdmon.exe
c:\windows\System32\wbem\unsecapp.exe
c:\windows\System32\igfxext.exe
c:\windows\System32\igfxsrvc.exe
c:\users\LUISSA~1\AppData\Local\Temp\RtkBtMnt.exe
c:\windows\System32\wbem\WMIADAP.exe
.
************************************************** ************************
.
Completion time: ~,10time:~,-3machine was rebootedCombobatch-by
ComboFix-quarantined-files.txt 2009-04-17 23:12
ComboFix2.txt 2009-04-15 18:42
ComboFix3.txt 2009-04-15 03:08
ComboFix4.txt 2009-04-08 00:42
ComboFix5.txt 2009-04-17 22:53

Pre-Run: 3,055,374,336 bytes free
Post-Run: 3,279,327,232 bytes free

330 --- E O F --- 2009-04-15 07:06
Responder Con Cita
  post #10  
Antiguo 17/04/09, 23:58:40
Usuario
  
Registrado: dic 2005
Ubicación: Republica Dominicana
Mensajes: 51
Re: Mi pc esta completamente loca!
Si ya no hay mas nada que remover, dime como optimizarla y protegela para que esto no vuelva a pasar en un futuro.

y muchisimas gracias.
Responder Con Cita
Respuesta
Página 1 de 2 1 2

« Tema Anterior | Próximo Tema »
Herramientas

Reglas del foro
No puedes crear nuevos temas
No puedes responder temas
No puedes subir adjuntos
No puedes editar tus mensajes
BB code is activado
Las caritas están activado
Código [IMG] está activado
Código HTML está desactivado
Trackbacks are desactivado
Pingbacks are activado
Refbacks are activado

Temas Similares
Tema Autor Foro Respuestas Último mensaje
Ayuda virus me vuelve locoo Anti-ViruS Foro de Virus y Spywares 1 24/11/08 12:40:15
infectado con Virus:Trj/Delf (Search-Daily) veroaimee Temas Solucionados 69 23/01/08 04:04:18
Quitar troyano win32/BHO.AGZ (Formateado) francol Temas Solucionados 11 06/01/08 04:45:36
Infectado con una variante de win32/Obfuscated jmorinigo Foro de Virus y Spywares 3 14/08/07 07:55:10
Error abriendo archivo (El archivo está bloqueado) [4] suso89 Foro de Virus y Spywares 3 22/04/07 12:28:01




Todas las horas son GMT -4. La hora es 21:19:31.

Sobre Infospyware - Contáctanos - Políticas del Foro - Staff - Archivo - Blog  

Powered by: InfoSpyware, Versión 3.8.4
Copyright © 2004 - 2009, ForoSpyware.com
© Copyright 2005 - 2009 InfoSpyware ® Todos los derechos reservados.
InfoSpyware es miembro de ASAP - Alliance of Security Analysis Professionals

 

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31