Blog Registrarse Manuales Programas Glosario

Regresar   Foro de InfoSpyware » Spyware - Adware - Hijackers - Malwares » Temas Solucionados
Actualizar lentitud de respuesta de máquina despues de que mi madre vio su correo (Solucionado)
 

Para evitar Virus, Spyware y otros Malwares, te recomendamos mantenerte informado en: InfoSpyware Blog


Temas Solucionados Casos de HijackThis y Malwares resueltos.
(Solo lectura)

Respuesta
Página 1 de 2 1 2
 
Enviar a: Herramientas
  post #1  
Antiguo 04/08/09, 05:42:49
Usuario
  
Registrado: ene 2007
Ubicación: nicaragua
Mensajes: 107
Atención lentitud de respuesta de máquina despues de que mi madre vio su correo (Solucionado)
Bueno pues mi madre le dio por leer sus correos en casa con el consiguiente uso de mi laptop...y desde hace unos días veo muucha lentitud....no se ya he pasado análisis online y al kaspersky local pero como dije en otro post que nunca me solucionaron o dieron un gupia, pues no no confio en su analisis excesivamente rápido..Así que aqupi dejo mi log.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:30:28 a.m., on 21/07/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\WINDOWS\System32\rundll32.exe
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.umbrellamod.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ni&c=81&bd=Pavilion &pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ni&c=81&bd=Pavilion &pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\s wg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: HP Print Clips - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SynTPStart] "C:\Program Files\Synaptics\SynTP\SynTPStart.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe"
O4 - HKLM\..\Run: [OnScreenDisplay] "C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe"
O4 - HKLM\..\Run: [WAWifiMessage] "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [Clean System Memory 120 Sec. After Startup] "C:\Windows\system32\CleanMem.exe" 120
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.24\RivaTunerWrapper.exe" /S
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [ioCentre] "C:\Genius\ioCentre\gTaskBar.exe"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.ex e" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avp] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [USB Safely Remove] C:\Program Files\USB Safely Remove\USBSafelyRemove.exe /startup
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Servicio de red')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Descargar con IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Descargar con IDM el contenido de video FLV - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Descargar con IDM todos los enlaces - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: &Teclado virtual - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Compro&bar direcciones URL - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O13 - Gopher Prefix:
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1234080011897
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O20 - AppInit_DLLs: acaptuser32.dll,C:\PROGRA~1\Kaspersky Lab\Kaspersky Anti-Virus 2010\mzvkbd.dll,C:\PROGRA~1\Kaspersky Lab\Kaspersky Anti-Virus 2010\mzvkbd3.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Ad-Aware\aawservice.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
O23 - Service: USB Safely Remove Assistant (USBSafelyRemoveService) - Unknown owner - C:\Program Files\USB Safely Remove\USBSRService.exe
O23 - Service: Stardock WindowBlinds (WindowBlinds) - Stardock Corporation - C:\Program Files\Stardock\Object Desktop\WindowBlinds\vistasrv.exe

--
End of file - 13491 bytes
Responder Con Cita
InfoSpyware

  post #2  
Antiguo 06/08/09, 01:53:56
Avatar de GPastor
FS-Admin
  
Registrado: mar 2005
Ubicación: Lima - Perú
Mensajes: 22.848
Re: lentitud de respuesta de máquina despues de que mi madre vio su correo
Hola, el log está limpio, para descartar infecciones sigue estos pasos:

Descarga, actualiza y ejecuta el programa:Descarga CCleaner y ejecútalo usando primero su opción de "Limpiador" para borrar cookies, temporales de Internet y todos los archivos que este te muestre como obsoletos, y luego usa su opción de "Registro" para limpiar todo el registro de Windows (haciendo copia de seguridad).

- Descarga la herramienta ComboFix.exe y guárdala en el escritorio.
  • Desactiva temporalmente el Antivirus y/o Antispyware.
  • Cierra todas las ventanas abiertas.
  • Haz doble clic al archivo ComboFix.exe y sigue las instrucciones.
  • Cuando termine, generará un registro en C:\ComboFix.txt.
    • *Nota* Mientras CF este trabajando no mover el mouse ya que pararía su proceso.
    • *Nota* ComboFix puede reiniciar automáticamente el PC para completar el proceso de eliminación.
Cita:
Atención!! No use ComboFix a menos que se le haya indicado específicamente en su mensaje por un integrante de nuestro Staff. Es una herramienta de gran alcance destinada por su creador a ser usada bajo la orientación y supervisión de un experto, no para uso privado. El uso de ComboFix incorrectamente podría generar problemas en su sistema. Por favor, lea las "Negaciones de la Garantía" de ComboFix.
  • Reinicia y pega el reporte de C:\ComboFix.txt en este mismo mensaje.

Saludos

Novedades del Foro | Antivirus Online | Eliminar Malwares | Políticas del Foro | Blog

* Ayúdanos haciendo una DONACIÓN para poder seguir Ayudando.
* Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
* No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.
Responder Con Cita
  post #3  
Antiguo 21/08/09, 16:18:43
Usuario
  
Registrado: ene 2007
Ubicación: nicaragua
Mensajes: 107
Atención Re: lentitud de respuesta de máquina despues de que mi madre vio su correo
Bueno suplico me ayuden ´porque no habia podido leer lo que me pusieron antes......ayer 20 de agosto fui hackeado por un tal kbwi........etc.... no recuerdo me costó mucho recuperar la funcionalidad de la maquina tuve que usar todos los antirootkits que porporcionan aquí en infospyware.....

tengo como 5 logs diferentes de otros scaneos distintos pero como aqui es para hijackthis pues pongo este nuevo favor ayudenme....

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:08:47 p.m., on 21/08/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\PROGRAM FILES\PANDA SECURITY\PANDA GLOBAL PROTECTION 2010\WebProxy.exe
C:\Windows\SYSTEM32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\SYSTEM32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Genius\ioCentre\gTaskBar.exe
C:\Program Files\Panda Security\Panda Global Protection 2010\ApVxdWin.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\USB Safely Remove\USBSafelyRemove.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Genius\ioCentre\gMouseTask.exe
C:\Genius\ioCentre\gKbdTask.exe
C:\Genius\ioCentre\gAutoPan.exe
C:\Genius\ioCentre\gAutoScroll.exe
C:\Genius\ioCentre\gZoom.exe
C:\Genius\ioCentre\gMGlass.exe
C:\Genius\ioCentre\gIMMgm.exe
C:\Genius\ioCentre\gKbStatus.exe
C:\Genius\ioCentre\gDeskMgm.exe
C:\Genius\ioCentre\gTaskSwitch.exe
C:\Genius\ioCentre\gMouseTask.exe
C:\Genius\ioCentre\gKbdTask.exe
C:\Genius\ioCentre\gZoom.exe
C:\Genius\ioCentre\gMouseTask.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Panda Security\Panda Global Protection 2010\PavBckPT.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\IObit Security 360\is360.exe
C:\Program Files\IObit Security 360\is360tray.exe
C:\Program Files\Everything\Everything.exe
C:\Program Files\IObit Security 360\a_hijackscan.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://funnylogo.info/engines/Google/Red/Noeljarod.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ni&c=81&bd=Pavilion &pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ni&c=81&bd=Pavilion &pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\s wg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: HP Print Clips - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SynTPStart] "C:\Program Files\Synaptics\SynTP\SynTPStart.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe"
O4 - HKLM\..\Run: [OnScreenDisplay] "C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe"
O4 - HKLM\..\Run: [WAWifiMessage] "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [Clean System Memory 120 Sec. After Startup] "C:\Windows\system32\CleanMem.exe" 120
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.24\RivaTunerWrapper.exe" /S
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [ioCentre] "C:\Genius\ioCentre\gTaskBar.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Global Protection 2010\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Security\Panda Global Protection 2010\Inicio.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [USB Safely Remove] C:\Program Files\USB Safely Remove\USBSafelyRemove.exe /startup
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Descargar con IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Descargar con IDM el contenido de video FLV - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Descargar con IDM todos los enlaces - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O13 - Gopher Prefix:
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1234080011897
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IS360service - IObit - C:\Program Files\IObit Security 360\IS360srv.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2010\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2010\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Security, S.L. - C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe
O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2010\pavsrvx86.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Panda Host Service (PSHost) - Panda Security International - c:\program files\panda security\panda global protection 2010\firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Program Files\Panda Security\Panda Global Protection 2010\PsImSvc.exe
O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2010\PskSvc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: QXUKX - Sysinternals - www.sysinternals.com - C:\Users\NFRJ\AppData\Local\Temp\QXUKX.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2010\TPSrv.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
O23 - Service: USB Safely Remove Assistant (USBSafelyRemoveService) - Unknown owner - C:\Program Files\USB Safely Remove\USBSRService.exe
O23 - Service: XCNLMMTJ - Sysinternals - www.sysinternals.com - C:\Users\NFRJ\AppData\Local\Temp\XCNLMMTJ.exe
O23 - Service: ZGRQSY - Sysinternals - www.sysinternals.com - C:\Users\NFRJ\AppData\Local\Temp\ZGRQSY.exe

--
End of file - 14626 bytes

Marque en azul esos porque no se me parecen raros y he de decir que se me relaciona con algo de un paquete que contenía un batch para instalar el dreamscene en vista no ultimate.......favor ayudarme que deseo saber si sigo hackeado....si me indican puedo poner todos los logs de los demás softwares aquí...Saludes y espero me ayuden con urgencia me da miedo esto de que me hackeen, ......el sintoma general que tenia la maquina era que cada programa que se ejecutara daba un errro al inicio haciaendo referencia al tal kbwi....... , pongo puntos porque en realidad son varios y en internet no encontre nada más que un foro en ingles de norton donde habalaban de un rootkit de alto riesgo y muy nuevo...y por lo visto cambia de nombre porque lo que mantiene son las primeras letras nada mas......Ok ya saludos nuevamente y SOCORROOOO!!!!


PD: Puedo usar el Combofix que me recomendaron con Vista Home premium estoy confundido porque en el blog dice que es para XP o inferiores. tengo Vista Home Premium
Última edición por noeljarod fecha: 21/08/09 a las 20:28:52. Razón: Duda extra Vista y Combofix
Responder Con Cita
  post #4  
Antiguo 21/08/09, 23:19:53
Usuario
  
Registrado: ene 2007
Ubicación: nicaragua
Mensajes: 107
Atención Re: lentitud de respuesta de máquina despues de que mi madre vio su correo
Pasé el ComboFix como me lo dijeron y aquí esta el log:

ComboFix 09-08-20.07 - NFRJ 21/08/2009 19:04.2.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.505.1033.18.3070.1920 [GMT -6:00]
Running from: c:\users\NFRJ\Desktop\ComboFix.exe
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-3941799431-3655476644-333612531-500
c:\users\NFRJ\AppData\Roaming\.#
c:\users\NFRJ\AppData\Roaming\.#\MBX@1068@CB1F18.# ##
c:\users\NFRJ\AppData\Roaming\.#\MBX@1068@CB1F28.# ##
c:\users\NFRJ\AppData\Roaming\.#\MBX@10D8@13D1F18. ###
c:\users\NFRJ\AppData\Roaming\.#\MBX@10D8@13D1F28. ###
c:\users\NFRJ\AppData\Roaming\.#\MBX@1310@2DC1F18. ###
c:\users\NFRJ\AppData\Roaming\.#\MBX@1310@2DC1F28. ###
c:\users\NFRJ\AppData\Roaming\inst.exe
c:\windows\Fonts\AcadEref.ttf
c:\windows\is-UFI52.exe
c:\windows\system32\KBL.LOG
c:\windows\system32\kw.dat
c:\windows\system32\lsprst7.dll
c:\windows\system32\mfc45.dll
c:\windows\system32\nsprs.dll
c:\windows\system32\ssprs.dll
c:\windows\system32\web.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_kbiwkmnooousfx
-------\Service_kbiwkmnooousfx


((((((((((((((((((((((((( Files Created from 2009-07-22 to 2009-08-22 )))))))))))))))))))))))))))))))
.

2009-08-22 01:14 . 2009-08-22 01:20 -------- d-----w- c:\users\NFRJ\AppData\Local\temp
2009-08-22 01:14 . 2009-08-22 01:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-08-22 01:14 . 2009-08-22 01:14 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2009-08-22 01:14 . 2009-08-22 01:14 -------- d-----w- c:\users\Administrator.NFRJ-PC\AppData\Local\temp
2009-08-21 17:41 . 2009-08-21 17:41 -------- d-----w- c:\programdata\IObit
2009-08-21 17:41 . 2009-08-21 20:15 -------- d-----w- c:\program files\IObit Security 360
2009-08-21 14:45 . 2009-08-21 14:45 -------- d-----w- c:\users\Administrator.NFRJ-PC\AppData\Roaming\TuneUp Software
2009-08-21 14:01 . 2009-08-21 14:01 -------- d-----w- c:\users\Administrator.NFRJ-PC\AppData\Local\Mozilla
2009-08-21 06:57 . 2009-08-21 06:57 -------- d-----w- c:\users\Administrator.NFRJ-PC\AppData\Roaming\Uniblue
2009-08-21 06:54 . 2009-08-21 06:54 -------- d-----w- c:\users\Administrator.NFRJ-PC\AppData\Roaming\Malwarebytes
2009-08-21 06:43 . 2009-08-21 06:43 -------- d-----w- c:\users\Administrator.NFRJ-PC\DoctorWeb
2009-08-21 06:42 . 2009-08-21 06:42 -------- d-----w- c:\users\Administrator.NFRJ-PC\AppData\Roaming\WinMount
2009-08-21 06:38 . 2009-08-21 06:38 -------- d-----w- c:\users\Administrator.NFRJ-PC\AppData\Local\Panda Security
2009-08-21 00:10 . 2009-08-21 00:10 -------- d-----w- c:\program files\Sophos
2009-08-20 23:29 . 2009-08-21 02:10 -------- d-----w- c:\users\NFRJ\Pavark
2009-08-20 23:28 . 2007-03-22 15:36 43584 ------w- c:\windows\system32\drivers\avipbb.sys
2009-08-20 23:28 . 2009-08-20 23:28 -------- d-----w- c:\program files\Avira GmbH
2009-08-20 09:32 . 2009-07-06 03:34 2568220 -c--a-w- c:\programdata\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}\Uniblue RegistryBooster.exe
2009-08-20 09:32 . 2008-08-26 16:48 99624 -c--a-w- c:\programdata\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}\registrybooster2\7390E4F0\6383BC9B\S tartRegistryBooster.exe
2009-08-20 09:32 . 2008-08-26 16:48 757760 -c--a-w- c:\programdata\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}\registrybooster2\2B86F085\6383BC9B\U BVarRB.dll
2009-08-20 09:32 . 2008-08-26 16:48 6676480 -c--a-w- c:\programdata\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}\registrybooster2\4E45A1A4\6383BC9B\R egistryBooster.dll
2009-08-20 09:32 . 2008-08-26 16:48 497496 -c--a-w- c:\programdata\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}\registrybooster2\AF01B0B\6383BC9B\Xc eedZip.dll
2009-08-20 09:32 . 2008-08-26 16:48 413696 -c--a-w- c:\programdata\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}\registrybooster2\52CD59C9\6383BC9B\u pdate.dll
2009-08-20 09:32 . 2008-08-26 16:48 2019624 -c--a-w- c:\programdata\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}\registrybooster2\7CE1607E\6383BC9B\R egistryBooster.exe
2009-08-20 09:32 . 2008-08-26 16:48 111912 -c--a-w- c:\programdata\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}\registrybooster2\65B92A91\6383BC9B\K illRBProcess.exe
2009-08-20 09:32 . 2009-08-20 09:32 -------- dc-h--w- c:\programdata\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}
2009-08-20 06:53 . 2009-08-20 08:02 -------- d-----w- c:\program files\Themida 2.0.5.0
2009-08-20 05:02 . 2009-08-20 05:02 -------- d-----w- c:\users\NFRJ\AppData\Local\SPSS 15.0 para Windows
2009-08-20 04:50 . 2006-05-10 17:15 1929216 ----a-w- c:\windows\system32\cdintf250.dll
2009-08-20 04:50 . 2009-08-20 04:50 1024 ----a-w- c:\windows\system32\clauth2.dll
2009-08-20 04:50 . 2009-08-20 04:50 1024 ----a-w- c:\windows\system32\clauth1.dll
2009-08-20 04:46 . 2009-08-20 05:01 -------- d-----w- c:\program files\SPSS
2009-08-20 04:46 . 2009-08-20 04:46 1025 ----a-w- c:\windows\system32\sysprs7.dll
2009-08-20 00:08 . 2009-08-20 03:14 -------- d-----w- c:\program files\HTV
2009-08-19 17:27 . 2009-08-22 01:00 -------- d-----w- c:\program files\Everything
2009-08-19 08:07 . 2009-08-19 08:08 -------- d-----w- c:\users\NFRJ\AppData\Local\ACD Systems
2009-08-19 08:07 . 2009-08-19 08:07 -------- d-----w- c:\users\NFRJ\AppData\Roaming\ACD Systems
2009-08-19 08:06 . 2009-08-19 08:31 -------- d-----w- c:\program files\Common Files\ACD Systems
2009-08-19 03:01 . 2009-08-19 04:09 -------- d-----w- c:\users\NFRJ\AppData\Roaming\Stardock
2009-08-19 03:00 . 2009-03-06 14:47 2591064 -c----w- c:\programdata\{3324F7A6-7151-481D-8C80-99FEE7AFB967}\Impulse_setup.exe
2009-08-19 03:00 . 2009-08-19 03:37 -------- dc-h--w- c:\programdata\{3324F7A6-7151-481D-8C80-99FEE7AFB967}
2009-08-17 07:34 . 2009-08-17 09:18 -------- d-----w- c:\programdata\WinZip
2009-08-16 21:04 . 2009-08-16 21:04 -------- d-----w- c:\program files\FileASSASSIN
2009-08-16 17:28 . 2009-08-21 17:37 -------- d-----w- c:\program files\Game Booster
2009-08-15 16:07 . 2009-08-15 16:44 -------- d-----w- c:\program files\BSplayerPro
2009-08-15 08:18 . 2009-08-15 08:20 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-08-15 06:47 . 2009-08-15 06:49 872868 ----a-w- c:\users\NFRJ\AppData\Roaming\IDM\DwnlData\NFRJ\18 5\185.exe
2009-08-15 06:47 . 2009-08-15 06:49 789252 ----a-w- c:\users\NFRJ\AppData\Roaming\IDM\DwnlData\NFRJ\18 3\183.exe
2009-08-15 06:13 . 2009-08-15 06:13 36864 ----a-w- c:\users\NFRJ\AppData\Roaming\Autodesk\AutoCAD 2010\R18.0\enu\ContextualTabSelectorRules.dll
2009-08-15 05:21 . 2009-08-15 05:28 -------- d-----w- c:\program files\AutoCAD 2010
2009-08-15 04:17 . 2009-08-15 04:17 -------- d-----w- C:\Autodesk
2009-08-13 02:38 . 2009-06-15 14:52 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-08-13 02:38 . 2009-06-15 14:54 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-08-13 02:38 . 2009-06-15 14:53 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-08-13 02:38 . 2009-06-15 14:53 270848 ----a-w- c:\windows\system32\schannel.dll
2009-08-13 02:38 . 2009-06-15 23:15 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-08-13 02:38 . 2009-06-15 14:52 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2009-08-13 02:38 . 2009-06-15 14:53 72704 ----a-w- c:\windows\system32\secur32.dll
2009-08-13 02:38 . 2009-06-15 12:48 9728 ----a-w- c:\windows\system32\lsass.exe
2009-08-11 21:58 . 2009-07-15 12:39 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-08-11 21:58 . 2009-07-15 12:39 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-08-11 21:58 . 2009-07-15 12:39 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-08-11 21:58 . 2009-07-15 12:40 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-08-11 21:55 . 2009-07-17 13:54 71680 ----a-w- c:\windows\system32\atl.dll
2009-08-11 21:45 . 2009-06-04 12:07 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-08-11 21:20 . 2009-06-10 11:42 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-08-11 21:18 . 2009-06-10 11:38 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-08-06 05:53 . 2009-08-06 05:53 17542 ----a-r- c:\users\NFRJ\AppData\Roaming\Microsoft\Installer\ {CED3B64B-9381-4AB8-A213-6C084C952E43}\_412F0612BC89351371FBE2.exe
2009-08-06 05:53 . 2009-08-06 05:53 -------- d-----w- c:\program files\Zamzom
2009-08-05 15:37 . 2009-08-05 15:37 -------- dc----w- c:\windows\system32\DRVSTORE
2009-08-05 15:37 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-08-05 15:36 . 2009-08-05 15:36 -------- dc-h--w- c:\programdata\{EF63305C-BAD7-4144-9208-D65528260864}
2009-08-05 15:36 . 2009-07-08 17:28 2920112 -c--a-w- c:\programdata\{EF63305C-BAD7-4144-9208-D65528260864}\Ad-AwareAE.exe
2009-08-05 15:36 . 2009-08-05 15:36 -------- d-----w- c:\program files\Lavasoft
2009-08-04 22:24 . 2009-08-04 22:24 -------- d-----w- c:\users\NFRJ\AppData\Local\CyberLink
2009-08-04 04:30 . 2009-08-21 22:52 -------- d-----w- c:\program files\SpywareBlaster
2009-08-03 05:45 . 2004-08-04 13:00 506368 ----a-w- c:\windows\system32\msxml.dll
2009-07-29 14:07 . 2009-07-29 14:07 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-07-29 14:04 . 2009-08-16 06:33 21846 ----a-w- c:\windows\system32\perfc00A.dat
2009-07-29 14:04 . 2009-08-16 06:33 111066 ----a-w- c:\windows\system32\perfh00A.dat
2009-07-28 03:48 . 2009-07-28 03:48 -------- d-----w- c:\users\NFRJ\AppData\Local\LogMeIn
2009-07-28 03:48 . 2009-07-28 03:48 -------- d-----w- c:\programdata\LogMeIn
2009-07-26 22:07 . 2009-07-26 22:07 -------- d-----w- c:\program files\Common Files\TechSmith Shared
2009-07-26 21:59 . 2009-07-26 21:59 -------- d-----w- c:\users\NFRJ\AppData\Local\Panda Security
2009-07-26 21:59 . 2009-07-26 21:59 13880 ----a-w- c:\windows\system32\drivers\COMFiltr.sys
2009-07-26 21:58 . 2009-07-26 21:58 262 ----a-w- c:\windows\system32\PavCPL.dat
2009-07-26 21:58 . 2009-08-21 19:29 357732 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT
2009-07-26 21:58 . 2008-06-18 22:06 46720 ----a-w- c:\windows\system32\drivers\wnmflt.sys
2009-07-26 21:58 . 2008-06-18 22:06 193792 ----a-w- c:\windows\system32\drivers\idsflt.sys
2009-07-26 21:58 . 2008-06-18 22:06 52992 ----a-w- c:\windows\system32\drivers\dsaflt.sys
2009-07-26 21:57 . 2008-07-11 20:58 158848 ----a-w- c:\windows\system32\drivers\NETFLTDI.SYS
2009-07-26 21:57 . 2008-06-25 21:42 73728 ----a-w- c:\windows\system32\drivers\APPFLT.SYS
2009-07-26 21:57 . 2008-03-28 17:25 22072 ----a-w- c:\windows\system32\drivers\fnetmon.sys
2009-07-26 21:56 . 2003-10-23 00:23 446464 ----a-w- c:\windows\system32\HHActiveX.dll
2009-07-26 21:56 . 2009-03-31 00:23 193792 ----a-w- c:\windows\system32\TpUtil.dll
2009-07-26 21:56 . 2009-03-31 00:22 87296 ----a-w- c:\windows\system32\PavLspHook.dll
2009-07-26 21:56 . 2007-02-08 16:53 107568 ----a-w- c:\windows\system32\SYSTOOLS.DLL
2009-07-26 21:56 . 2009-03-31 00:22 55552 ----a-w- c:\windows\system32\pavipc.dll
2009-07-26 21:56 . 2009-03-31 00:22 518400 ----a-w- c:\windows\system32\PavSHook.dll
2009-07-26 21:56 . 2008-06-26 17:25 197888 ----a-w- c:\windows\system32\drivers\neti1634.sys
2009-07-26 21:56 . 2009-07-26 21:56 -------- d-----w- c:\windows\system32\PAV
2009-07-26 21:56 . 2008-02-14 04:14 49208 ----a-w- c:\windows\system32\drivers\amm8660.sys
2009-07-26 21:56 . 2009-07-26 21:56 -------- d-----w- c:\users\NFRJ\AppData\Roaming\Panda Security
2009-07-26 21:56 . 2009-07-26 21:56 -------- d-----w- c:\programdata\Panda Security
2009-07-26 21:54 . 2008-06-19 23:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-07-26 21:54 . 2009-07-26 21:54 -------- d-----w- c:\program files\Common Files\Panda Security
2009-07-26 21:54 . 2009-06-02 19:12 177416 ----a-w- c:\windows\system32\drivers\PavProc.sys
2009-07-26 21:54 . 2008-03-04 21:59 41144 ----a-w- c:\windows\system32\drivers\ShlDrv51.sys
2009-07-26 04:32 . 2009-07-26 04:32 -------- d-----w- c:\programdata\Backup
2009-07-25 04:27 . 2007-03-19 03:37 65602 ----a-w- c:\windows\system32\cook3260.dll
2009-07-25 04:27 . 2006-09-29 19:26 176165 ----a-w- c:\windows\system32\drv23260.dll
2009-07-25 04:27 . 2006-09-29 19:25 208935 ----a-w- c:\windows\system32\drv33260.dll
2009-07-25 04:27 . 2006-09-29 19:24 217127 ----a-w- c:\windows\system32\drv43260.dll
2009-07-25 04:27 . 2002-12-10 09:20 102439 ----a-w- c:\windows\system32\sipr3260.dll
2009-07-25 04:27 . 2006-05-20 23:16 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
2009-07-25 04:27 . 2006-04-02 12:47 630784 ----a-w- c:\windows\system32\vp7vfw.dll
2009-07-25 04:27 . 2009-07-25 04:27 -------- d-----w- c:\program files\VSO

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-08-22 01:17 . 2009-07-26 21:58 1132 ----a-w- c:\windows\system32\drivers\APPFLTR.CFG.bck
2009-08-22 01:17 . 2009-07-26 21:58 1132 ----a-w- c:\windows\system32\drivers\APPFLTR.CFG
2009-08-22 01:00 . 2008-07-19 23:30 -------- d-----w- c:\users\NFRJ\AppData\Roaming\DMCache
2009-08-21 21:39 . 2009-04-21 18:46 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-08-21 20:18 . 2008-11-27 07:05 -------- d-----w- c:\program files\Advanced SystemCare 3
2009-08-21 19:29 . 2009-07-26 21:58 357732 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT.bck
2009-08-21 05:35 . 2008-07-08 06:34 -------- d-----w- c:\programdata\PrevxCSI
2009-08-21 05:31 . 2009-04-30 09:49 27656 ----a-w- c:\windows\system32\drivers\pxsec.sys
2009-08-21 05:31 . 2009-04-30 09:49 22024 ----a-w- c:\windows\system32\drivers\pxscan.sys
2009-08-20 23:28 . 2007-11-26 03:22 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-20 23:11 . 2008-07-31 04:00 1356 ----a-w- c:\users\NFRJ\AppData\Local\d3d9caps.dat
2009-08-20 14:57 . 2008-06-03 03:48 139568 ----a-w- c:\users\NFRJ\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-20 09:32 . 2008-11-22 08:00 -------- d-----w- c:\users\NFRJ\AppData\Roaming\Uniblue
2009-08-20 09:32 . 2008-11-22 08:00 -------- d-----w- c:\program files\Uniblue
2009-08-20 09:25 . 2008-11-22 08:00 -------- d-----w- c:\programdata\DriverScanner
2009-08-19 19:17 . 2009-04-21 07:08 -------- d-----w- c:\users\NFRJ\AppData\Roaming\MiniLyrics
2009-08-19 17:37 . 2009-05-13 03:49 -------- d-----w- c:\program files\TBS Cover Editor
2009-08-19 16:00 . 2009-05-08 04:10 -------- d-----w- c:\users\NFRJ\AppData\Roaming\Vso
2009-08-19 06:33 . 2009-08-19 06:22 132040 ----a-w- c:\programdata\nvModes.dat
2009-08-19 06:28 . 2009-04-21 07:07 -------- d-----w- c:\program files\Minilyrics
2009-08-19 04:28 . 2009-05-11 06:15 -------- d-----w- c:\programdata\Babylon
2009-08-19 04:19 . 2008-02-04 16:59 -------- d-----w- c:\programdata\NVIDIA
2009-08-19 03:00 . 2008-09-08 04:46 -------- d-----w- c:\programdata\Stardock
2009-08-19 03:00 . 2008-06-19 18:35 -------- d-----w- c:\program files\Stardock
2009-08-18 22:48 . 2009-06-28 18:40 -------- d-----w- c:\users\NFRJ\AppData\Roaming\WinMount
2009-08-18 17:11 . 2007-11-26 05:37 -------- d-----w- c:\program files\Java
2009-08-18 15:50 . 2008-07-16 06:55 -------- d-----w- c:\users\NFRJ\AppData\Roaming\IDMComp
2009-08-18 15:49 . 2008-07-16 06:51 -------- d-----w- c:\program files\IDM Computer Solutions
2009-08-17 16:06 . 2009-05-19 05:39 -------- d-----w- c:\users\NFRJ\AppData\Roaming\FrostWire
2009-08-17 07:23 . 2009-08-04 18:45 -------- d-----w- c:\program files\Vista Manager
2009-08-17 07:22 . 2008-07-03 17:44 -------- d-----w- c:\program files\Nero
2009-08-17 07:02 . 2008-07-03 17:47 -------- d-----w- c:\users\NFRJ\AppData\Roaming\Nero
2009-08-17 06:28 . 2008-07-03 17:44 -------- d-----w- c:\program files\Common Files\Nero
2009-08-17 06:25 . 2008-07-03 17:44 -------- d-----w- c:\programdata\Nero
2009-08-16 18:57 . 2008-10-17 05:56 -------- d-----w- c:\program files\Steam
2009-08-16 05:10 . 2009-04-21 18:46 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-16 01:32 . 2008-12-06 06:49 -------- d-----w- c:\users\NFRJ\AppData\Roaming\LimeWire
2009-08-15 23:47 . 2008-10-17 05:56 -------- d-----w- c:\program files\Common Files\Steam
2009-08-15 15:38 . 2009-05-14 07:34 -------- d-----w- c:\users\NFRJ\AppData\Roaming\BSplayer PRO
2009-08-15 08:43 . 2008-06-03 19:44 -------- d-----w- c:\users\NFRJ\AppData\Roaming\Autodesk
2009-08-15 08:43 . 2008-06-03 19:44 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2009-08-15 06:24 . 2008-06-03 19:46 -------- d-----w- c:\programdata\Autodesk
2009-08-15 06:24 . 2008-06-03 19:46 -------- d-----w- c:\program files\AutoCAD 2009
2009-08-15 06:13 . 2008-09-28 23:46 -------- d-----w- c:\programdata\FLEXnet
2009-08-13 07:20 . 2008-08-04 05:19 -------- d-----w- c:\users\NFRJ\AppData\Roaming\Skype
2009-08-13 06:05 . 2008-08-04 05:20 -------- d-----w- c:\users\NFRJ\AppData\Roaming\skypePM
2009-08-12 09:01 . 2007-11-26 05:02 -------- d-----w- c:\programdata\Microsoft Help
2009-08-12 09:00 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-07 07:24 . 2008-07-08 07:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-07 01:53 . 2008-07-19 15:54 3942048 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-08-05 15:49 . 2008-11-21 06:40 603904 ----a-w- c:\windows\system32\TUProgSt.exe
2009-08-05 15:49 . 2008-11-21 23:16 362240 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-08-05 15:22 . 2008-06-30 01:01 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-05 07:45 . 2008-11-08 03:43 -------- d-----w- c:\program files\USB Safely Remove
2009-08-04 22:35 . 2007-11-26 05:10 -------- d-----w- c:\program files\CyberLink
2009-08-04 05:38 . 2007-11-26 04:40 -------- d-----w- c:\program files\Microsoft Works
2009-08-04 04:03 . 2008-02-04 16:54 -------- d-----w- c:\programdata\WildTangent
2009-08-03 19:36 . 2008-07-19 15:56 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 19:36 . 2008-07-08 07:29 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-03 15:24 . 2008-12-06 06:43 -------- d-----w- c:\program files\LimeWire
2009-08-03 15:24 . 2009-05-11 06:15 -------- d-----w- c:\users\NFRJ\AppData\Roaming\Babylon
2009-08-02 01:30 . 2009-05-06 17:44 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-01 07:47 . 2008-08-21 06:27 -------- d-----w- c:\users\NFRJ\AppData\Roaming\Abvent_Artlantis2
2009-07-29 16:36 . 2008-07-19 23:30 -------- d-----w- c:\program files\Internet Download Manager
2009-07-28 15:20 . 2009-05-12 14:09 -------- d-----w- c:\program files\TweakVI
2009-07-28 14:02 . 2009-07-10 06:44 16118272 ----a-w- c:\windows\system32\imageres.dll
2009-07-27 16:22 . 2008-06-07 23:24 -------- d-----w- c:\program files\Xfire
2009-07-27 16:22 . 2008-06-07 23:24 -------- d-----w- c:\programdata\Xfire
2009-07-27 09:19 . 2008-10-31 22:38 -------- d-----w- c:\users\NFRJ\AppData\Roaming\Azureus
2009-07-27 08:22 . 2008-06-07 23:24 -------- d-----w- c:\users\NFRJ\AppData\Roaming\Xfire
2009-07-26 22:08 . 2008-11-05 04:26 -------- d-----w- c:\programdata\TechSmith
2009-07-26 22:07 . 2008-11-05 04:26 -------- d-----w- c:\program files\TechSmith
2009-07-26 21:57 . 2008-07-08 04:56 -------- d-----w- c:\program files\Panda Security
2009-07-26 21:32 . 2009-06-28 18:40 -------- d-----w- c:\program files\WinMount3
2009-07-26 06:09 . 2008-07-19 23:30 -------- d-----w- c:\users\NFRJ\AppData\Roaming\IDM
2009-07-26 04:12 . 2008-06-19 19:27 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2009-07-26 04:12 . 2008-06-19 19:29 -------- d-----w- c:\programdata\Kaspersky Lab
2009-07-25 11:23 . 2008-12-04 04:08 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-25 04:27 . 2009-05-08 04:10 47360 ----a-w- c:\users\NFRJ\AppData\Roaming\pcouffin.sys
2009-07-25 04:27 . 2009-05-08 04:10 47360 ----a-w- c:\users\NFRJ\AppData\Roaming\pcouffin.sys
2009-07-24 19:52 . 2008-10-16 16:39 -------- d-----w- c:\programdata\Google Updater
2009-07-24 16:53 . 2009-04-12 15:03 -------- d-----w- c:\program files\Error Repair Professional
2009-07-21 21:52 . 2009-07-29 03:03 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-29 03:03 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-29 03:03 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:30 . 2008-10-25 23:30 -------- d-----w- c:\program files\Multipower
2009-07-21 20:30 . 2008-10-16 14:32 13052 --sha-w- c:\windows\system32\sys_drv.dat
2009-07-21 20:13 . 2009-07-29 03:03 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-17 19:33 . 2009-07-17 19:33 -------- d-----w- c:\programdata\Ashampoo
2009-07-17 19:33 . 2009-05-15 13:36 -------- d-----w- c:\program files\Ashampoo
2009-07-15 07:16 . 2009-07-15 07:16 -------- d-----w- c:\program files\RivaTuner v2.24
2009-07-14 05:19 . 2008-07-21 18:51 -------- d-----w- c:\users\NFRJ\AppData\Roaming\Winamp
2009-07-14 05:12 . 2008-07-21 18:51 -------- d-----w- c:\program files\Winamp
2009-07-12 08:44 . 2009-07-12 08:42 -------- d-----w- c:\program files\Quick Batch File Compiler
2009-07-11 21:23 . 2008-07-24 04:51 -------- d-----w- c:\program files\Google
2009-07-11 21:14 . 2008-11-24 03:04 -------- d-----w- c:\program files\Windows Live
2009-07-10 18:11 . 2009-07-10 18:11 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-07-10 14:38 . 2009-07-10 14:38 25214 ----a-r- c:\users\NFRJ\AppData\Roaming\Microsoft\Installer\ {9509674F-3972-11DE-806D-005056806466}\UNINST_Uninstall_G_408FFBEED62349E08 B232864A94D2864.exe
2009-07-10 14:38 . 2009-07-10 14:38 25214 ----a-r- c:\users\NFRJ\AppData\Roaming\Microsoft\Installer\ {9509674F-3972-11DE-806D-005056806466}\ShortcutOGL_EB071909B9884F8CBF3D6115 D4ADEE5E.exe
2009-07-10 14:38 . 2009-07-10 14:38 25214 ----a-r- c:\users\NFRJ\AppData\Roaming\Microsoft\Installer\ {9509674F-3972-11DE-806D-005056806466}\ShortcutDX_EB071909B9884F8CBF3D6115D 4ADEE5E.exe
2008-03-29 19:27 . 2008-06-02 18:49 22 --sha-w- c:\windows\SMINST\HPCD.SYS
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"USB Safely Remove"="c:\program files\USB Safely Remove\USBSafelyRemove.exe" [2009-06-16 1434384]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-04-24 203928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-07-25 174616]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"Clean System Memory 120 Sec. After Startup"="c:\windows\system32\CleanMem.exe" [2008-10-03 28672]
"RivaTunerStartupDaemon"="c:\program files\RivaTuner v2.24\RivaTunerWrapper.exe" [2009-02-25 24576]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-06-09 7539232]
"ioCentre"="c:\genius\ioCentre\gTaskBar.exe" [2007-12-17 61440]
"APVXDWIN"="c:\program files\Panda Security\Panda Global Protection 2010\APVXDWIN.EXE" [2009-06-05 574720]
"SCANINICIO"="c:\program files\Panda Security\Panda Global Protection 2010\Inicio.exe" [2009-04-21 56064]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-04 13556256]
"NvMediaCenter"="c:\windows\system32\NvMcTray. dll" [2008-12-04 92704]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-08-03 419088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2008-09-17 14:05 222456 ----a-w- c:\program files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\PskSvcRetail]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run-]
"LightScribe Control Panel"=c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
"IDMan"=c:\program files\Internet Download Manager\IDMan.exe /onboot
"Steam"="c:\program files\Steam\Steam.exe" -silent
"AveDesk"=c:\descargas y software\Software CUSTOMIZAR PC\avedesk14\AveDesk.exe
"Google Update"="c:\users\NFRJ\AppData\Local\Google\Update \GoogleUpdate.exe" /c
"UIWatcher"=c:\program files\Ashampoo\Ashampoo UnInstaller 4\UIWatcher.exe
"TweakVI"="c:\program files\TweakVI\tweakvi.exe" -autostart

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
"hpqSRMon"=c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe
"QPService"="c:\program files\HP\QuickPlay\QPService.exe"
"HP Software Update"=c:\program files\Hp\HP Software Update\HPWuSchd2.exe
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
"HP Health Check Scheduler"=c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
"hpWirelessAssistant"=c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
"Babylon Client"=c:\program files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe"
"YouCam Mirror Tray icon"="c:\program files\CyberLink\YouCam\YouCamTray.exe" /s
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.ex e" "c:\program files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"
"SMSERIAL"=c:\program files\Motorola\SMSERIAL\sm56hlpr.exe
"HTV Agent"=c:\program files\HTV\HTV.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):17,77,e3,c0,e0,f0,c9,01

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\DomainProfile\AuthorizedApplications\List]
"c:\\Program Files\\FlashFXP\\FlashFXP.exe"= c:\program files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"{88901493-73B5-4508-B2C1-6B1321D319F1}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{A61FFC8C-9F51-4B08-85B3-F734AEE8DD31}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{024EC2AC-121D-42C7-B3BF-433BBDDF1748}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{7B7D14B1-C7CA-4E65-A56B-B4E6D0B1FF4B}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{547192FF-6A40-4864-9D00-AFECDB174310}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{391B6388-EF39-4888-80F0-848D80BEDBAC}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{F03776F8-FA59-4F49-A87C-38E4C8EA9856}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{83C3586C-66B5-4931-BFDD-44D97CCBE7FF}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{A6CFE4D9-FAAA-4D67-8343-52AB596F832C}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{4F73858A-418B-48AC-A7D5-677FD52580BC}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{FA54D22B-6381-4794-BE35-5D0D7E2D96F0}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{9FF8E740-B421-4AA9-90A0-E70903D2BFDB}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{7AD26D1C-B0B8-4B06-9A5E-A4529F2E69DD}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{94562CFF-CFD7-42F9-9FCD-C5A006E22DD3}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{84A15565-09B0-4005-B58E-959C4E28D1C2}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"TCP Query User{25FD1842-0E2E-4EAE-9657-1E7A03184CD9}c:\\programdata\\kaspersky lab setup files\\kaspersky anti-virus 2009\\english\\setup.exe"= UDP:c:\programdata\kaspersky lab setup files\kaspersky anti-virus 2009\english\setup.exe:Kaspersky Anti-Virus 2009 Setup
"UDP Query User{5E9E2A84-B61E-41BC-8463-249BE066B144}c:\\programdata\\kaspersky lab setup files\\kaspersky anti-virus 2009\\english\\setup.exe"= TCP:c:\programdata\kaspersky lab setup files\kaspersky anti-virus 2009\english\setup.exe:Kaspersky Anti-Virus 2009 Setup
"TCP Query User{CD5E1AFB-490B-4FBE-AF6D-63CB5376C3A1}c:\\program files\\xfire\\xfire.exe"= UDP:c:\program files\xfire\xfire.exe:Xfire
"UDP Query User{7EEEF865-A682-407B-B10C-E89D34D7787B}c:\\program files\\xfire\\xfire.exe"= TCP:c:\program files\xfire\xfire.exe:Xfire
"{4BAED7C0-7839-417C-B4E6-BFF71B4146E8}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{EADCE3D3-0919-4FE3-A9EF-F5311E504B52}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{CA6A6A71-A2D3-4535-A98D-7D6BD581774A}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"TCP Query User{0C13560D-D8EE-42C1-981C-65633653AA96}c:\\program files\\internet download manager\\idman.exe"= UDP:c:\program files\internet download manager\idman.exe:Internet Download Manager (IDM)
"UDP Query User{7DC94156-28FA-4A21-B15E-7542C0F347B7}c:\\program files\\internet download manager\\idman.exe"= TCP:c:\program files\internet download manager\idman.exe:Internet Download Manager (IDM)
"{86B33734-3417-4AF2-A1CE-D02D314C0ED8}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{36C01545-DCDE-4BFD-8E85-F5D3E4A5F5C0}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{FD60360D-F077-4A3D-9094-17D7733386B4}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{5FD156F8-7BAF-4119-A8BC-8F36EAD6908A}c:\\program files\\archicad 12\\archicad.exe"= UDP:c:\program files\archicad 12\archicad.exe:ArchiCAD 12.0.0 Component
"UDP Query User{8EE7C0E6-386E-4C72-892A-CFACC0D561EC}c:\\program files\\archicad 12\\archicad.exe"= TCP:c:\program files\archicad 12\archicad.exe:ArchiCAD 12.0.0 Component
"TCP Query User{9A66A6F5-5FAC-4E11-985A-22891E192AD1}c:\\program files\\archicad 12\\archicad.exe"= UDP:c:\program files\archicad 12\archicad.exe:ArchiCAD 12.0.0 Component
"UDP Query User{C82E028B-E02B-4411-BC9C-9376F95713D5}c:\\program files\\archicad 12\\archicad.exe"= TCP:c:\program files\archicad 12\archicad.exe:ArchiCAD 12.0.0 Component
"TCP Query User{41BFE48C-A5D9-488F-BC48-6A9FF0B85A54}c:\\program files\\steam\\steamapps\\noeljar13\\day of defeat source\\hl2.exe"= UDP:c:\program files\steam\steamapps\noeljar13\day of defeat source\hl2.exe:hl2
"UDP Query User{E3218A2F-25ED-408E-8A28-C6238874932C}c:\\program files\\steam\\steamapps\\noeljar13\\day of defeat source\\hl2.exe"= TCP:c:\program files\steam\steamapps\noeljar13\day of defeat source\hl2.exe:hl2
"TCP Query User{6E15FB4A-B927-465A-9450-25A6D663DD2F}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{F4904C9D-BF18-4EAB-98A5-A830AF86E27E}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"TCP Query User{04D9D5A6-47AF-4814-B01B-E67719EE101B}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{EFC6AECE-055A-4488-B3BF-6FF347C5A210}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
"{595DF82D-56B4-440D-8D06-D934268FC593}"= UDP:c:\program files\Ubisoft\Far Cry 2\bin\FarCry2.exe:Far Cry 2
"{C238CDA9-3E30-464C-9B07-F8F6F7E6528B}"= TCP:c:\program files\Ubisoft\Far Cry 2\bin\FarCry2.exe:Far Cry 2
"{6A59ACD2-6C5F-45F1-82B1-22134A824DB9}"= UDP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater
"{94646289-0F97-4989-A751-0E0DD4AD994E}"= TCP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater
"{5F1483F6-25EB-437F-A748-C7A39064BF4A}"= UDP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:Editor
"{57949019-0CE7-4E4E-BEF0-7614BD77467D}"= TCP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:Editor
"TCP Query User{7201C973-6129-4070-9A16-A6F4FCB3C74A}c:\\program files\\ubisoft\\far cry 2\\bin\\farcry2.exe"= UDP:c:\program files\ubisoft\far cry 2\bin\farcry2.exe:Far Cry® 2
"UDP Query User{51834857-ABA6-4D17-B8C6-5AFCAA58B3C1}c:\\program files\\ubisoft\\far cry 2\\bin\\farcry2.exe"= TCP:c:\program files\ubisoft\far cry 2\bin\farcry2.exe:Far Cry® 2
"TCP Query User{D05166CB-4032-4F2D-8C01-47305E651DBB}c:\\program files\\xfire\\xfire.exe"= UDP:c:\program files\xfire\xfire.exe:Xfire
"UDP Query User{E997EFE4-0338-4957-9BBA-F2F4DB6786A8}c:\\program files\\xfire\\xfire.exe"= TCP:c:\program files\xfire\xfire.exe:Xfire
"{D1ECEA4C-7968-427D-A6D5-92FEB1851D12}"= UDP:c:\program files\Malwarebytes' Anti-Malware\mbam.exe:Malwarebytes' Anti-Malware
"{AB8312E4-5721-420C-B35F-42F91BC3329D}"= TCP:c:\program files\Malwarebytes' Anti-Malware\mbam.exe:Malwarebytes' Anti-Malware
"{5060A622-0CE4-41A2-9235-5E6FC51FF458}"= Disabled:UDP:c:\program files\Folder Lock 6\Folder Lock 6.exe:Folder Lock 6
"{1BD30ABB-FFD3-4F77-B225-8342786B8265}"= Disabled:TCP:c:\program files\Folder Lock 6\Folder Lock 6.exe:Folder Lock 6
"TCP Query User{66106A75-4047-462A-986A-2E0E36A517A0}c:\\program files\\internet download manager\\idman.exe"= UDP:c:\program files\internet download manager\idman.exe:Internet Download Manager (IDM)
"UDP Query User{CACC5778-2DC1-4FF3-BACD-4C604F471BA9}c:\\program files\\internet download manager\\idman.exe"= TCP:c:\program files\internet download manager\idman.exe:Internet Download Manager (IDM)
"TCP Query User{1EA2F993-1CCD-43D8-9A32-A66A610965DA}c:\\program files\\steam\\steamapps\\common\\left 4 dead\\left4dead.exe"= UDP:c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe:left4dead
"UDP Query User{B37D02CC-ED7D-46A0-9F5A-28F3165C0135}c:\\program files\\steam\\steamapps\\common\\left 4 dead\\left4dead.exe"= TCP:c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe:left4dead
"TCP Query User{B10F0E7C-4667-42BC-8DAD-31246D7EFA22}c:\\program files\\steam\\steamapps\\common\\left 4 dead\\left4dead.exe"= UDP:c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe:left4dead
"UDP Query User{E8B52B0E-F81D-4062-8588-A8783E791E22}c:\\program files\\steam\\steamapps\\common\\left 4 dead\\left4dead.exe"= TCP:c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe:left4dead
"TCP Query User{EA372DCE-52C9-4EA2-9E91-C1519E3CA9E2}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{31AAE1D5-04AA-452D-82DB-E464D5F19842}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{FC9E152D-1927-4B9F-8FD0-ABB0DB190520}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{996EDD91-B9F1-4B3B-8045-9FCDD45E4133}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{8C4D13C7-F354-4ACB-8CAD-E8A7B856D96C}c:\\program files\\hamachi\\hamachi.exe"= UDP:c:\program files\hamachi\hamachi.exe:Hamachi Client
"UDP Query User{F8A3219F-BD58-474A-92EA-B28846C97AF5}c:\\program files\\hamachi\\hamachi.exe"= TCP:c:\program files\hamachi\hamachi.exe:Hamachi Client
"TCP Query User{3EB54927-8A93-410C-9DD8-680CFE7FC395}c:\\program files\\steam\\steamapps\\common\\left 4 dead\\hl2.exe"= UDP:c:\program files\steam\steamapps\common\left 4 dead\hl2.exe:hl2
"UDP Query User{5ECFB67F-C9D2-4E1C-84BD-105D4A1AB4BC}c:\\program files\\steam\\steamapps\\common\\left 4 dead\\hl2.exe"= TCP:c:\program files\steam\steamapps\common\left 4 dead\hl2.exe:hl2
"TCP Query User{9A917EF7-E619-464A-AE21-D5E367990A14}c:\\program files\\steam\\steamapps\\noeljar\\day of defeat\\hl.exe"= UDP:c:\program files\steam\steamapps\noeljar\day of defeat\hl.exe:Half-Life Launcher
"UDP Query User{C43B0805-4F51-494A-91DE-E455E2F55515}c:\\program files\\steam\\steamapps\\noeljar\\day of defeat\\hl.exe"= TCP:c:\program files\steam\steamapps\noeljar\day of defeat\hl.exe:Half-Life Launcher
"{8E03E757-7F90-4076-857D-F60A68EE3AB2}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{B7120966-32F9-419B-805B-A8AF4AA4F9DC}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{1EF16AB0-A1F3-43CC-96B9-ECE2E6E60D24}c:\\program files\\steam\\steamapps\\common\\left 4 dead\\hl2.exe"= UDP:c:\program files\steam\steamapps\common\left 4 dead\hl2.exe:hl2
"UDP Query User{9AF3BB06-D2B5-41A1-8684-BDDACE623F5C}c:\\program files\\steam\\steamapps\\common\\left 4 dead\\hl2.exe"= TCP:c:\program files\steam\steamapps\common\left 4 dead\hl2.exe:hl2
"{C0727AC4-8255-4740-8BDA-B9A5AF41250C}"= UDP:c:\program files\Vuze\AzureusUpdater.exe:AzureusUpdater.exe
"{C95620DB-89CA-4561-A58B-BCC49E1E73CD}"= TCP:c:\program files\Vuze\AzureusUpdater.exe:AzureusUpdater.exe
"TCP Query User{15178A2B-85AD-4A06-980C-A885DE3BD9A5}c:\\program files\\steam\\steamapps\\noeljar13\\day of defeat\\hl.exe"= UDP:c:\program files\steam\steamapps\noeljar13\day of defeat\hl.exe:Half-Life Launcher
"UDP Query User{F8C95503-77C7-44CB-9888-E1D9EF507A74}c:\\program files\\steam\\steamapps\\noeljar13\\day of defeat\\hl.exe"= TCP:c:\program files\steam\steamapps\noeljar13\day of defeat\hl.exe:Half-Life Launcher
"{951ED4CD-0D72-45A8-BD9A-AEB78AEC0C08}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{A7E0E2DE-7D63-44BA-A539-6F110DC3A785}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{811F4B93-1AB8-43D8-A3CE-4D02ED214331}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{1F09C927-5FFD-4769-ADEC-44E500525903}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{32042B74-28C1-4636-893A-17D5D97349A7}"= Disabled:UDP:51615:Emule reinstalado
"TCP Query User{17A9C86A-E1EA-4F37-A221-161136759364}c:\\program files\\duke nukem 3d\\eduke32.exe"= UDP:c:\program files\duke nukem 3d\eduke32.exe:eduke32
"UDP Query User{B1A0F44E-FBDF-4B2B-9B4F-84D0F0C99352}c:\\program files\\duke nukem 3d\\eduke32.exe"= TCP:c:\program files\duke nukem 3d\eduke32.exe:eduke32
"TCP Query User{9039EBB1-C5E6-4D73-88A4-23A03180C9CB}c:\\program files\\frostwire\\frostwire.exe"= UDP:c:\program files\frostwire\frostwire.exe:FrostWire
"UDP Query User{050D2598-54AC-4D1E-9570-7A2A08E3FD48}c:\\program files\\frostwire\\frostwire.exe"= TCP:c:\program files\frostwire\frostwire.exe:FrostWire
"TCP Query User{DA7602F2-5E4D-49DE-A0E3-4CBD0BA38678}c:\\program files\\frostwire\\frostwire.exe"= UDP:c:\program files\frostwire\frostwire.exe:FrostWire
"UDP Query User{6934C7FC-3CDF-48E6-86FD-2B9ABD6E4746}c:\\program files\\frostwire\\frostwire.exe"= TCP:c:\program files\frostwire\frostwire.exe:FrostWire
"TCP Query User{CCF4156B-4FA3-49BF-AA2D-F647A77EF0C5}c:\\program files\\steam\\steamapps\\noeljar13\\day of defeat\\hl.exe"= UDP:c:\program files\steam\steamapps\noeljar13\day of defeat\hl.exe:Half-Life Launcher
"UDP Query User{669B051C-3820-4B29-AAB1-64A42BA5BF5F}c:\\program files\\steam\\steamapps\\noeljar13\\day of defeat\\hl.exe"= TCP:c:\program files\steam\steamapps\noeljar13\day of defeat\hl.exe:Half-Life Launcher
"{289054C6-9FFF-46A9-8A57-A886163C6995}"= UDP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{A29A3B52-6CB6-4F71-AE7F-7A85C241B9CF}"= TCP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{F32AA86D-7CBF-4E59-9584-9CC65939FD53}"= UDP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{C80DDEF6-FA03-46E3-9721-1E60FB7C00F8}"= TCP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{C85188F2-E182-4570-B4F9-7A1B34286350}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{1AF40D74-0DAE-492E-8143-26E954CDAFEE}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{F32E615D-BE34-47A7-AAC5-F4E7E0998D9E}"= UDP:10881:EglWebPort
"{241058CC-8E30-4551-B6B8-47784995992B}"= UDP:10881:EglWebPort

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
"c:\\Program Files\\FlashFXP\\FlashFXP.exe"= c:\program files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3

R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [05/08/2009 09:37 a.m. 64160]
R0 pavboot;Panda boot driver;c:\windows\System32\drivers\pavboot.sys [26/07/2009 03:54 p.m. 28544]
R0 pxscan;pxscan;c:\windows\System32\drivers\pxscan.s ys [30/04/2009 03:49 a.m. 22024]
R0 pxsec;pxsec;c:\windows\System32\drivers\pxsec.sys [30/04/2009 03:49 a.m. 27656]
R1 APPFLT;App Filter Plugin;c:\windows\System32\drivers\APPFLT.SYS [26/07/2009 03:57 p.m. 73728]
R1 DSAFLT;DSA Filter Plugin;c:\windows\System32\drivers\dsaflt.sys [26/07/2009 03:58 p.m. 52992]
R1 ElRawDisk;ElRawDisk;c:\windows\System32\drivers\el rawdsk.sys [03/07/2009 02:17 a.m. 20392]
R1 FNETMON;NetMon Filter Plugin;c:\windows\System32\drivers\fnetmon.sys [26/07/2009 03:57 p.m. 22072]
R1 IDSFLT;Ids Filter Plugin;c:\windows\System32\drivers\idsflt.sys [26/07/2009 03:58 p.m. 193792]
R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\System32\drivers\NETFLTDI.SYS [26/07/2009 03:57 p.m. 158848]
R1 pctfw2;pctfw2;c:\windows\System32\drivers\pctfw2.s ys [12/07/2008 01:53 p.m. 160648]
R1 ShldDrv;Panda File Shield Driver;c:\windows\System32\drivers\ShlDrv51.sys [26/07/2009 03:54 p.m. 41144]
R1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\System32\drivers\wnmflt.sys [26/07/2009 03:58 p.m. 46720]
R2 AmFSM;AmFSM;c:\windows\System32\drivers\amm8660.sy s [26/07/2009 03:56 p.m. 49208]
R2 ComFiltr;Panda Anti-Dialer;c:\windows\System32\drivers\COMFiltr.sys [26/07/2009 03:59 p.m. 13880]
R2 Gwmsrv;Panda Goodware Cache Manager;c:\windows\system32\svchost -k Panda --> c:\windows\system32\svchost -k Panda [?]
R2 IS360service;IS360service;c:\program files\IObit Security 360\is360srv.exe [21/08/2009 11:41 a.m. 305936]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [03/07/2009 08:49 a.m. 1029456]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [08/07/2008 01:29 a.m. 232720]
R2 PavProc;Panda Process Protection Driver;c:\windows\System32\drivers\PavProc.sys [26/07/2009 03:54 p.m. 177416]
R2 PskSvcRetail;Panda PSK service;c:\program files\Panda Security\Panda Global Protection 2010\psksvc.exe [26/07/2009 03:57 p.m. 28928]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [21/04/2009 12:46 p.m. 1153368]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [21/11/2008 12:40 a.m. 603904]
R2 USBSafelyRemoveService;USB Safely Remove Assistant;c:\program files\USB Safely Remove\USBSRService.exe [24/12/2008 06:57 a.m. 213776]
R2 WMDrive;WMDrive;c:\windows\System32\drivers\WMDriv e.sys [28/06/2009 12:39 p.m. 37376]
R3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\System32\drivers\gHidPnp.sys [10/12/2008 04:53 p.m. 17408]
R3 gMouUsb;USB Mouse Device Drv;c:\windows\System32\drivers\gMouUsb.sys [10/12/2008 04:53 p.m. 9856]
R3 MBAMProtector;MBAMProtector;c:\windows\System32\dr ivers\mbam.sys [08/07/2008 01:29 a.m. 19096]
R3 NETIMFLT01060034;PANDA NDIS IM Filter Miniport v1.6.0.34;c:\windows\System32\drivers\neti1634.sys [26/07/2009 03:56 p.m. 197888]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [17/11/2008 03:40 p.m. 3668480]
S3 QXUKX;QXUKX;c:\users\NFRJ\AppData\Local\Temp\QXUKX .exe --> c:\users\NFRJ\AppData\Local\Temp\QXUKX.exe [?]
S3 XCNLMMTJ;XCNLMMTJ;c:\users\NFRJ\AppData\Local\Temp \XCNLMMTJ.exe --> c:\users\NFRJ\AppData\Local\Temp\XCNLMMTJ.exe [?]
S3 ZGRQSY;ZGRQSY;c:\users\NFRJ\AppData\Local\Temp\ZGR QSY.exe --> c:\users\NFRJ\AppData\Local\Temp\ZGRQSY.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
panda REG_MULTI_SZ Gwmsrv

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSe tup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-08-22 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-11-20 22:28]

2009-08-19 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:49]

2009-07-25 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-16 15:49]

2009-07-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-689258981-1310437436-3758755735-1000Core.job
- c:\users\NFRJ\AppData\Local\Google\Update\GoogleUp date.exe [2009-07-07 03:59]

2009-07-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-689258981-1310437436-3758755735-1000UA.job
- c:\users\NFRJ\AppData\Local\Google\Update\GoogleUp date.exe [2009-07-07 03:59]

2009-07-27 c:\windows\Tasks\SmartDefrag.job
- c:\program files\SmartDefrag\IObit SmartDefrag.exe [2009-07-07 15:22]

2009-08-22 c:\windows\Tasks\User_Feed_Synchronization-{62A6A34D-7EE0-44C4-81F3-8F4D098530E0}.job
- c:\windows\system32\msfeedssync.exe [2009-07-29 20:13]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)


.
Responder Con Cita
  post #5  
Antiguo 21/08/09, 23:20:50
Usuario
  
Registrado: ene 2007
Ubicación: nicaragua
Mensajes: 107
Atención Re: lentitud de respuesta de máquina despues de que mi madre vio su correo
Aquí pego la parte que no me alcanzó en el otro post:

------- Supplementary Scan -------
.
uStart Page = hxxp://funnylogo.info/engines/Google/Red/Noeljarod.aspx
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ni&c=81&bd=Pavilion &pf=laptop
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Descargar con IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Descargar con IDM el contenido de video FLV - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Descargar con IDM todos los enlaces - c:\program files\Internet Download Manager\IEGetAll.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
IE: {{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
LSP: c:\program files\Common Files\PC Tools\LSP\PCTLsp.dll
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
FF - ProfilePath - c:\users\NFRJ\AppData\Roaming\Mozilla\Firefox\Prof iles\z42n0fpb.default\
FF - prefs.js: browser.startup.homepage - hxxp://es-AR.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:es-AR:official
FF - component: c:\users\NFRJ\AppData\Roaming\IDM\idmmzcc3\compone nts\idmmzcc.dll
FF - component: c:\users\NFRJ\AppData\Roaming\Mozilla\Firefox\Prof iles\z42n0fpb.default\extensions\piclens@cooliris. com\components\coolirisstub.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Photosynth\npPhotosynthMozilla.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\users\NFRJ\AppData\Local\Google\Update\1.2.183. 7\npGoogleOneClick8.dll
FF - plugin: c:\users\NFRJ\AppData\Roaming\Mozilla\Firefox\Prof iles\z42n0fpb.default\extensions\piclens@cooliris. com\plugins\npcoolirisplugin.dll
FF - plugin: c:\users\NFRJ\AppData\Roaming\Mozilla\plugins\npco olirisplugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 3
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_sett ing", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-21 19:20
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\M EMSWEEP2]
"ImagePath"="\??\c:\windows\system32\42BA.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:0 1,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,25,b1,62 ,b8,a5,6a,e4,42,81,0e,b2,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:0 1,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,25,b1,62 ,b8,a5,6a,e4,42,81,0e,b2,\

[HKEY_USERS\S-1-5-21-689258981-1310437436-3758755735-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.032"

[HKEY_USERS\S-1-5-21-689258981-1310437436-3758755735-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.abr"

[HKEY_USERS\S-1-5-21-689258981-1310437436-3758755735-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.amr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.amr"

[HKEY_USERS\S-1-5-21-689258981-1310437436-3758755735-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ani"

[HKEY_USERS\S-1-5-21-689258981-1310437436-3758755735-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.arw"

[HKEY_USERS\S-1-5-21-689258981-1310437436-3758755735-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.bay"

[HKEY_USERS\S-1-5-21-689258981-1310437436-3758755735-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.bmp\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-689258981-1310437436-3758755735-1000)
"Progid"="ACDSee Photo Manager 2009.bmp"

[HKEY_USERS\S-1-5-21-689258981-1310437436-3758755735-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.bw"

[HKEY_USERS\S-1-5-21-689258981-1310437436-3758755735-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.bwf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.bwf"

[HKEY_USERS\S-1-5-21-689258981-1310437436-3758755735-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.cel\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.cel"

[HKEY_USERS\S-1-5-21-689258981-1310437436-3758755735-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.cr2\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-689258981-1310437436-3758755735-1000)
"Progid"="ACDSee Photo Manager 2009.cr2"

[HKEY_USERS\S-1-5-21-689258981-1310437436-3758755735-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-689258981-1310437436-3758755735-1000)
"Progid"="ACDSee Photo Manager 2009.crw"

[HKEY_USERS\S-1-5-21-689258981-1310437436-3758755735-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.cs1"

[HKEY_USERS\S-1-5-21-689258981-1310437436-3758755735-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.cur"

[HKEY_USERS\S-1-5-21-689258981-1310437436-3758755735-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-689258981-1310437436-3758755735-1000)
"Progid"="ACDSee Photo Manager 2009.dcr"

[HKEY_USERS\S-1-5-21-689258981-1310437436-3758755735-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.dcx"

[HKEY_USERS\S-1-5-21-689258981-1310437436-3758755735-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.dib"

[HKEY_USERS\S-1-5-21-689258981-1310437436-3758755735-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.djv"

[HKEY_USERS\S-1-5-21-689258981-1310437436-3758755735-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.djvu"

[HKEY_USERS\S-1-5-21-689258981-1310437436-3758755735-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-689258981-1310437436-3758755735-1000)
"Progid"="ACDSee Photo Manager 2009.dng"

[HKEY_USERS\S-1-5-21-689258981-1310437436-3758755735-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.emf"

[HKEY_USERS\S-1-5-21-689258981-1310437436-3758755735-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.eps"

[HKEY_USERS\S-1-5-21-689258981-1310437436-3758755735-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.erf"

[HKEY_USERS\S-1-5-21-689258981-1310437436-3758755735-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.fff"

[HKEY_USERS\S-1-5-21-689258981-1310437436-3758755735-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.flc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.flc"

[HKEY_USERS\S-1-5-21-689258981-1310437436-3758755735-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.fli\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.fli"

[HKEY_USERS\S-1-5-21-689258981-1310437436-3758755735-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.fpx"

[HKEY_USERS\S-1-5-21-689258981-1310437436-3758755735-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-689258981-1310437436-3758755735-1000)
"Progid"="ACDSee Photo Manager 2009.gif"

[HKEY_USERS\S-1-5-21-689258981-1310437436-3758755735-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.hdr"

[HKEY_USERS\S-1-5-21-689258981-1310437436-3758755735-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.icl"

[HKEY_USERS\S-1-5-21-689258981-1310437436-3758755735-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.icn"

[HKEY_USERS\S-1-5-21-689258981-1310437436-3758755735-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.iff"

[HKEY_USERS\S-1-5-21-689258981-1310437436-3758755735-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ilbm"

[HKEY_USERS\S-1-5-21-689258981-1310437436-3758755735-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.int"

[HKEY_USERS\S-1-5-21-689258981-1310437436-3758755735-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.inta"

[HKEY_USERS\S-1-5-21-689258981-1310437436-3758755735-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.iw4"

[HKEY_USERS\S-1-5-21-689258981-1310437436-3758755735-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.j2c"

[HKEY_USERS\S-1-5-21-689258981-1310437436-3758755735-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.j2k"

[HKEY_USERS\S-1-5-21-689258981-1310437436-3758755735-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jbr"

[HKEY_USERS\S-1-5-21-689258981-1310437436-3758755735-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jfif"

[HKEY_USERS\S-1-5-21-689258981-1310437436-3758755735-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jif"

[HKEY_USERS\S-1-5-21-689258981-1310437436-3758755735-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jp2"

[HKEY_USERS\S-1-5-21-689258981-1310437436-3758755735-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpc"

[HKEY_USERS\S-1-5-21-689258981-1310437436-3758755735-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-689258981-1310437436-3758755735-1000)
"Progid"="ACDSee Photo Manager 2009.jpe"

[HKEY_USERS\S-1-5-21-689258981-1310437436-3758755735-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-689258981-1310437436-3758755735-1000)
"Progid"="ACDSee Photo Manager 2009.jpeg"

[HKEY_USERS\S-1-5-21-689258981-1310437436-3758755735-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.jpg\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-689258981-1310437436-3758755735-1000)
"Progid"="ACDSee Photo Manager 2009.jpg"

[HKEY_USERS\S-1-5-21-689258981-1310437436-3758755735-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpk"

[HKEY_USERS\S-1-5-21-689258981-1310437436-3758755735-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpx"

[HKEY_USERS\S-1-5-21-689258981-1310437436-3758755735-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.kar\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.kar"

[HKEY_USERS\S-1-5-21-689258981-1310437436-3758755735-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.kdc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.kdc"

[HKEY_USERS\S-1-5-21-689258981-1310437436-3758755735-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.lbm"

[HKEY_USERS\S-1-5-21-689258981-1310437436-3758755735-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.m15\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.m15"

[HKEY_USERS\S-1-5-21-689258981-1310437436-3758755735-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.m1a\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.m1a"

[HKEY_USERS\S-1-5-21-689258981-1310437436-3758755735-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.m2a\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.m2a"

[HKEY_USERS\S-1-5-21-689258981-1310437436-3758755735-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.m75\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.m75"

[HKEY_USERS\S-1-5-21-689258981-1310437436-3758755735-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.mef"

[HKEY_USERS\S-1-5-21-689258981-1310437436-3758755735-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.mos"

[HKEY_USERS\S-1-5-21-689258981-1310437436-3758755735-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.mpv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.mpv"

[HKEY_USERS\S-1-5-21-689258981-1310437436-3758755735-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-689258981-1310437436-3758755735-1000)
"Progid"="ACDSee Photo Manager 2009.mrw"

[HKEY_USERS\S-1-5-21-689258981-1310437436-3758755735-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-689258981-1310437436-3758755735-1000)
"Progid"="ACDSee Photo Manager 2009.nef"

[HKEY_USERS\S-1-5-21-689258981-1310437436-3758755735-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-689258981-1310437436-3758755735-1000)
"Progid"="ACDSee Photo Manager 2009.orf"

[HKEY_USERS\S-1-5-21-689258981-1310437436-3758755735-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pbm"

[HKEY_USERS\S-1-5-21-689258981-1310437436-3758755735-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pbr"

[HKEY_USERS\S-1-5-21-689258981-1310437436-3758755735-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pcd"

[HKEY_USERS\S-1-5-21-689258981-1310437436-3758755735-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pct"

[HKEY_USERS\S-1-5-21-689258981-1310437436-3758755735-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pcx"

[HKEY_USERS\S-1-5-21-689258981-1310437436-3758755735-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-689258981-1310437436-3758755735-1000)
"Progid"="ACDSee Photo Manager 2009.pef"

[HKEY_USERS\S-1-5-21-689258981-1310437436-3758755735-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pgm"

[HKEY_USERS\S-1-5-21-689258981-1310437436-3758755735-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pic"

[HKEY_USERS\S-1-5-21-689258981-1310437436-3758755735-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.pics\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pics"

[HKEY_USERS\S-1-5-21-689258981-1310437436-3758755735-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pict"

[HKEY_USERS\S-1-5-21-689258981-1310437436-3758755735-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pix"

[HKEY_USERS\S-1-5-21-689258981-1310437436-3758755735-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-689258981-1310437436-3758755735-1000)
"Progid"="ACDSee Photo Manager 2009.png"

[HKEY_USERS\S-1-5-21-689258981-1310437436-3758755735-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ppm"

[HKEY_USERS\S-1-5-21-689258981-1310437436-3758755735-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.psd"

[HKEY_USERS\S-1-5-21-689258981-1310437436-3758755735-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.psp"

[HKEY_USERS\S-1-5-21-689258981-1310437436-3758755735-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pspbrush"

[HKEY_USERS\S-1-5-21-689258981-1310437436-3758755735-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pspimage"

[HKEY_USERS\S-1-5-21-689258981-1310437436-3758755735-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.qcp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.qcp"

[HKEY_USERS\S-1-5-21-689258981-1310437436-3758755735-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.qtpf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.qtpf"

[HKEY_USERS\S-1-5-21-689258981-1310437436-3758755735-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-689258981-1310437436-3758755735-1000)
"Progid"="ACDSee Photo Manager 2009.raf"

[HKEY_USERS\S-1-5-21-689258981-1310437436-3758755735-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ras"

[HKEY_USERS\S-1-5-21-689258981-1310437436-3758755735-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.raw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.raw"

[HKEY_USERS\S-1-5-21-689258981-1310437436-3758755735-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rgb"

[HKEY_USERS\S-1-5-21-689258981-1310437436-3758755735-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rgba"

[HKEY_USERS\S-1-5-21-689258981-1310437436-3758755735-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rle"

[HKEY_USERS\S-1-5-21-689258981-1310437436-3758755735-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rsb"

[HKEY_USERS\S-1-5-21-689258981-1310437436-3758755735-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.rw2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rw2"

[HKEY_USERS\S-1-5-21-689258981-1310437436-3758755735-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.sdv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.sdv"

[HKEY_USERS\S-1-5-21-689258981-1310437436-3758755735-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.sfil\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.sfil"

[HKEY_USERS\S-1-5-21-689258981-1310437436-3758755735-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.sgi"

[HKEY_USERS\S-1-5-21-689258981-1310437436-3758755735-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.smf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.smf"

[HKEY_USERS\S-1-5-21-689258981-1310437436-3758755735-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.sml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.sml"

[HKEY_USERS\S-1-5-21-689258981-1310437436-3758755735-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.sr2"

[HKEY_USERS\S-1-5-21-689258981-1310437436-3758755735-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-689258981-1310437436-3758755735-1000)
"Progid"="ACDSee Photo Manager 2009.srf"

[HKEY_USERS\S-1-5-21-689258981-1310437436-3758755735-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.swa\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.swa"

[HKEY_USERS\S-1-5-21-689258981-1310437436-3758755735-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.tga"

[HKEY_USERS\S-1-5-21-689258981-1310437436-3758755735-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.thm"

[HKEY_USERS\S-1-5-21-689258981-1310437436-3758755735-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-689258981-1310437436-3758755735-1000)
"Progid"="ACDSee Photo Manager 2009.tif"

[HKEY_USERS\S-1-5-21-689258981-1310437436-3758755735-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-689258981-1310437436-3758755735-1000)
"Progid"="ACDSee Photo Manager 2009.tiff"

[HKEY_USERS\S-1-5-21-689258981-1310437436-3758755735-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ttc"

[HKEY_USERS\S-1-5-21-689258981-1310437436-3758755735-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ttf"

[HKEY_USERS\S-1-5-21-689258981-1310437436-3758755735-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.ulw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ulw"

[HKEY_USERS\S-1-5-21-689258981-1310437436-3758755735-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.vfw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.vfw"

[HKEY_USERS\S-1-5-21-689258981-1310437436-3758755735-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.wbm"

[HKEY_USERS\S-1-5-21-689258981-1310437436-3758755735-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.wbmp"

[HKEY_USERS\S-1-5-21-689258981-1310437436-3758755735-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.wmf"

[HKEY_USERS\S-1-5-21-689258981-1310437436-3758755735-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xbm"

[HKEY_USERS\S-1-5-21-689258981-1310437436-3758755735-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xif"

[HKEY_USERS\S-1-5-21-689258981-1310437436-3758755735-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xpm"

[HKEY_USERS\S-1-5-21-689258981-1310437436-3758755735-1000\Software\SecuROM\License information*]
"datasecu"=hex:4a,06,f2,90,e6,9f,21,cb,df,82,1c,70 ,73,c3,b4,55,87,bd,3a,14,8b,
d9,2c,17,b7,86,bf,52,11,e4,da,1c,b0,9a,5b,9b,e9,53 ,b7,68,21,de,c9,46,c5,f3,\
"rkeysecu"=hex:38,49,8a,db,5a,7c,6a,12,73,39,57,1b ,28,e4,39,0c

[HKEY_USERS\S-1-5-21-689258981-1310437436-3758755735-1000_Classes\CLSID\{4735f00a-97c0-4ec8-bffc-4b81f0e14c05}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000132
"Therad"=dword:00000015

[HKEY_USERS\S-1-5-21-689258981-1310437436-3758755735-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):17,1d,57,90,ed,08,7d,d2,ca,a5,86,6 9,86,d1,ca,97,e9,9a,71,89,5c,
d0,7f,86,04,b1,4e,52,aa,dc,f5,29,01,f9,28,3c,d4,5b ,cf,31,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\program files\Panda Security\Panda Global Protection 2010\TPSrv.exe
c:\program files\Panda Security\Panda Global Protection 2010\WebProxy.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Panda Security\Panda Global Protection 2010\PsCtrlS.exe
c:\program files\Panda Security\Panda Global Protection 2010\PavFnSvr.exe
c:\program files\Common Files\Panda Security\PavShld\PavPrSrv.exe
c:\program files\Panda Security\Panda Global Protection 2010\pavsrvx86.exe
c:\windows\System32\PnkBstrA.exe
c:\program files\Panda Security\Panda Global Protection 2010\FIREWALL\PSHost.exe
c:\program files\Panda Security\Panda Global Protection 2010\PsImSvc.exe
c:\program files\Panda Security\Panda Global Protection 2010\AVENGINE.EXE
c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\windows\System32\wbem\unsecapp.exe
c:\windows\System32\conime.exe
.
************************************************** ************************
.
Completion time: 2009-08-22 19:31 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-22 01:30

Pre-Run: 51,510,063,104 bytes free
Post-Run: 51,084,697,600 bytes free

1034

PD: Deshabilite el residente de spybot SD y el Panda así como adware, cuando combofix termino habilité denuevo el spybot SD y el Panda Global protection 2010, el spybot me reportó cambios en el registro los cuales no me quedó de otra que aceptarlos ya que supuse que son cambios hechos por el combofix...pero me parecia raro porque decían algunas Disable CMD y cosas por el estilo . Favor aclararme este punto porfavor.





.
Última edición por noeljarod fecha: 22/08/09 a las 13:54:07. Razón: ACLARACION USO SPYBOT SD
Responder Con Cita
  post #6  
Antiguo 24/08/09, 17:42:29
Avatar de GPastor
FS-Admin
  
Registrado: mar 2005
Ubicación: Lima - Perú
Mensajes: 22.848
Re: lentitud de respuesta de máquina despues de que mi madre vio su correo
ComboFix detectó y eliminó ya algunos Malwares, pero todavía quedaron algunas cosas para sacar, sigue estos pasos:

1.-Abrir el Notepad
  • Clic en INICIO > EJECUTAR >
  • Y ahí pones notepad.exe y ACEPTAR

2.- Ahora copia y pega este código dentro del Notepad

Código HTML:
KillAll::

File::
c:\users\NFRJ\AppData\Local\Temp\QXUKX.exe
c:\users\NFRJ\AppData\Local\Temp\XCNLMMTJ.exe
c:\users\NFRJ\AppData\Local\Temp\ZGRQSY.exe
c:\windows\system32\42BA.tmp

Driver::
QXUKX
XCNLMMTJ
ZGRQSY

NetSvcs::
QXUKX
XCNLMMTJ
ZGRQSY

Registry::
[-HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MEMSWEEP2]
3.- Graba este archivo en el Escritorio con el nombre CFScript.txt

4.- Arrastrar y soltar el archivo CFScript.txt dentro del archivo ComboFix.exe como lo muestra la animación de abajo. Esto activara ComboFix nuevamente.



Reinicia y nos cuentas los resultados. junto con un nuevo reporte de ComboFix y uno de Hijackthis.

Saludos

Novedades del Foro | Antivirus Online | Eliminar Malwares | Políticas del Foro | Blog

* Ayúdanos haciendo una DONACIÓN para poder seguir Ayudando.
* Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
* No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.
Responder Con Cita
  post #7  
Antiguo 25/08/09, 22:42:22
Usuario
  
Registrado: ene 2007
Ubicación: nicaragua
Mensajes: 107
Pregunta Re: lentitud de respuesta de máquina despues de que mi madre vio su correo
Cita:
Originalmente publicado por GPastor Ver Mensaje
ComboFix detectó y eliminó ya algunos Malwares, pero todavía quedaron algunas cosas para sacar, sigue estos pasos:

1.-Abrir el Notepad
  • Clic en INICIO > EJECUTAR >
  • Y ahí pones notepad.exe y ACEPTAR

2.- Ahora copia y pega este código dentro del Notepad

Código HTML:
KillAll::

File::
c:\users\NFRJ\AppData\Local\Temp\QXUKX.exe
c:\users\NFRJ\AppData\Local\Temp\XCNLMMTJ.exe
c:\users\NFRJ\AppData\Local\Temp\ZGRQSY.exe
c:\windows\system32\42BA.tmp

Driver::
QXUKX
XCNLMMTJ
ZGRQSY

NetSvcs::
QXUKX
XCNLMMTJ
ZGRQSY

Registry::
[-HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MEMSWEEP2]
3.- Graba este archivo en el Escritorio con el nombre CFScript.txt

4.- Arrastrar y soltar el archivo CFScript.txt dentro del archivo ComboFix.exe como lo muestra la animación de abajo. Esto activara ComboFix nuevamente.



Reinicia y nos cuentas los resultados. junto con un nuevo reporte de ComboFix y uno de Hijackthis.

Saludos

Bueno intenté hacer el proceso pero te comento los pasos que seguí:

1. Desactivé panda y quite el residente de spybot SD.

2. Al combofix.exe del escritorio le di click derecho propiedades y le puse marcada
la casilla de correr como administrador.

3. Le di click derecho al combofix.exe y le di ejecutar como administrador por si las
dudas, luego justo despues de darle permiso al mensaje del UAC, dejé
inmediatamente de mover el mouse porque ya habia intentado una vez y por
moverlo se me pegó la maquina.

4. Empezó todo normal, se tardo algún tiempito y me preguntó si quería
actualizar combofix a lo que le di que NO, inicio el proceso y esperé....

5. Se tardo casi 45 minutos y se quedó pegado en Stage_2 o algo así, como me
urgía estudiar tuve que forzar el apagado sin que supiera si hacía falta algo o
si estaba pegado el proceso del combofix...

6. Inicie la maquina y me dispuse a buscar los archivos
c:\users\NFRJ\AppData\Local\Temp\QXUKX.exe
c:\users\NFRJ\AppData\Local\Temp\XCNLMMTJ.exe
c:\users\NFRJ\AppData\Local\Temp\ZGRQSY.exe
con la herramienta Everithing http://www.voidtools.com/ la cual no recuerdo
como di con ella por el momento, pero lo interesante es que es tan potente
que me permitia tener acceso a los archivos KBIW......etc que eran imposibles
verlos por medio del explorador, ni siquiera usando ExplorerXp tampoco. Y por
más que los busco parecen haber desaparecido.

Ahora que lo recuerdo me parece que yo los traté de agregar al FILEASSASIN para borrarse al reiniciar mucho antes de que me respondieras aquí en el post, y no se si será que fileassasin los borró? Ahora no se que me planteas tú que debo hacer? No será que el combofix se pegó al no encontrar los archivos que el Script le ordenaba???

No se estoy perdido......bueno ojalá me ayudes...y Gracias de nuevo.

PD: Como mecioné antes creo que posiblemente la infección se inició con un paquete para instalar dreamscene en Vista no ultimate, lo he revisado y copié el código del reg que ejecuta el Install.bat que trae dentro este paquete en .RAR. el código de Dreamscene.reg es:

ÿþW i n d o w s R e g i s t r y E d i t o r V e r s i o n 5 . 0 0



[ H K E Y _ C L A S S E S _ R O O T \ C L S I D \ { E 3 1 0 0 4 D 1 - A 4 3 1 - 4 1 B 8 - 8 2 6 F - E 9 0 2 F 9 D 9 5 C 8 1 } ]

@ = " W i n d o w s D r e a m S c e n e "



[ H K E Y _ C L A S S E S _ R O O T \ C L S I D \ { E 3 1 0 0 4 D 1 - A 4 3 1 - 4 1 B 8 - 8 2 6 F - E 9 0 2 F 9 D 9 5 C 8 1 } \ I n p r o c S e r v e r 3 2 ]

@ = h e x ( 2 ) : 2 5 , 0 0 , 5 3 , 0 0 , 7 9 , 0 0 , 7 3 , 0 0 , 7 4 , 0 0 , 6 5 , 0 0 , 6 d , 0 0 , 5 2 , 0 0 , 6 f , 0 0 , 6 f , 0 0 , 7 4 , 0 0 , \

2 5 , 0 0 , 5 c , 0 0 , 5 3 , 0 0 , 7 9 , 0 0 , 7 3 , 0 0 , 7 4 , 0 0 , 6 5 , 0 0 , 6 d , 0 0 , 3 3 , 0 0 , 3 2 , 0 0 , 5 c , 0 0 , 4 4 , 0 0 , 7 2 , \

0 0 , 6 5 , 0 0 , 6 1 , 0 0 , 6 d , 0 0 , 5 3 , 0 0 , 6 3 , 0 0 , 6 5 , 0 0 , 6 e , 0 0 , 6 5 , 0 0 , 2 e , 0 0 , 6 4 , 0 0 , 6 c , 0 0 , 6 c , 0 0 , \

0 0 , 0 0

" T h r e a d i n g M o d e l " = " A p a r t m e n t "



[ H K E Y _ L O C A L _ M A C H I N E \ S O F T W A R E \ M i c r o s o f t \ W i n d o w s \ C u r r e n t V e r s i o n \ e x p l o r e r \ S h a r e d T a s k S c h e d u l e r ]

" { E 3 1 0 0 4 D 1 - A 4 3 1 - 4 1 B 8 - 8 2 6 F - E 9 0 2 F 9 D 9 5 C 8 1 } " = " W i n d o w s D r e a m S c e n e "



[ H K E Y _ C L A S S E S _ R O O T \ C L S I D \ { B E 8 0 0 A E B - A 4 4 0 - 4 B 6 3 - 9 4 C D - A A 6 B 4 3 6 4 7 D F 9 } ]

@ = " W i n d o w s D r e a m S c e n e S h e l l E x t e n s i o n "



[ H K E Y _ C L A S S E S _ R O O T \ C L S I D \ { B E 8 0 0 A E B - A 4 4 0 - 4 B 6 3 - 9 4 C D - A A 6 B 4 3 6 4 7 D F 9 } \ I n P r o c S e r v e r 3 2 ]

@ = h e x ( 2 ) : 2 5 , 0 0 , 5 3 , 0 0 , 7 9 , 0 0 , 7 3 , 0 0 , 7 4 , 0 0 , 6 5 , 0 0 , 6 d , 0 0 , 5 2 , 0 0 , 6 f , 0 0 , 6 f , 0 0 , 7 4 , 0 0 , \

2 5 , 0 0 , 5 c , 0 0 , 5 3 , 0 0 , 7 9 , 0 0 , 7 3 , 0 0 , 7 4 , 0 0 , 6 5 , 0 0 , 6 d , 0 0 , 3 3 , 0 0 , 3 2 , 0 0 , 5 c , 0 0 , 4 4 , 0 0 , 7 2 , \

0 0 , 6 5 , 0 0 , 6 1 , 0 0 , 6 d , 0 0 , 5 3 , 0 0 , 6 3 , 0 0 , 6 5 , 0 0 , 6 e , 0 0 , 6 5 , 0 0 , 2 e , 0 0 , 6 4 , 0 0 , 6 c , 0 0 , 6 c , 0 0 , \

0 0 , 0 0

" T h r e a d i n g M o d e l " = " A p a r t m e n t "



[ H K E Y _ C L A S S E S _ R O O T \ D i r e c t o r y \ B a c k g r o u n d \ S h e l l E x \ C o n t e x t M e n u H a n d l e r s \ D r e a m S c e n e ]

@ = " { B E 8 0 0 A E B - A 4 4 0 - 4 B 6 3 - 9 4 C D - A A 6 B 4 3 6 4 7 D F 9 } "



[ H K E Y _ C L A S S E S _ R O O T \ S y s t e m F i l e A s s o c i a t i o n s \ v i d e o \ S h e l l E x \ C o n t e x t M e n u H a n d l e r s \ D r e a m S c e n e ]

@ = " { B E 8 0 0 A E B - A 4 4 0 - 4 B 6 3 - 9 4 C D - A A 6 B 4 3 6 4 7 D F 9 } "



[ H K E Y _ C L A S S E S _ R O O T \ C L S I D \ { F F F E A F A 1 - 7 5 A 5 - 4 0 D 5 - 9 2 3 A - 3 7 8 2 D F 4 B 9 8 1 D } ]

@ = " P S F a c t o r y B u f f e r "



[ H K E Y _ C L A S S E S _ R O O T \ C L S I D \ { F F F E A F A 1 - 7 5 A 5 - 4 0 D 5 - 9 2 3 A - 3 7 8 2 D F 4 B 9 8 1 D } \ I n p r o c S e r v e r 3 2 ]

@ = h e x ( 2 ) : 2 5 , 0 0 , 5 3 , 0 0 , 7 9 , 0 0 , 7 3 , 0 0 , 7 4 , 0 0 , 6 5 , 0 0 , 6 d , 0 0 , 5 2 , 0 0 , 6 f , 0 0 , 6 f , 0 0 , 7 4 , 0 0 , \

2 5 , 0 0 , 5 c , 0 0 , 5 3 , 0 0 , 7 9 , 0 0 , 7 3 , 0 0 , 7 4 , 0 0 , 6 5 , 0 0 , 6 d , 0 0 , 3 3 , 0 0 , 3 2 , 0 0 , 5 c , 0 0 , 4 4 , 0 0 , 7 2 , \

0 0 , 6 5 , 0 0 , 6 1 , 0 0 , 6 d , 0 0 , 5 3 , 0 0 , 6 3 , 0 0 , 6 5 , 0 0 , 6 e , 0 0 , 6 5 , 0 0 , 2 e , 0 0 , 6 4 , 0 0 , 6 c , 0 0 , 6 c , 0 0 , \

0 0 , 0 0

" T h r e a d i n g M o d e l " = " A p a r t m e n t "



[ " H K E Y _ C L A S S E S _ R O O T \ I n t e r f a c e \ { F F F E A F A 1 - 7 5 A 5 - 4 0 D 5 - 9 2 3 A - 3 7 8 2 D F 4 B 9 8 1 D } ]

@ = " I D r e a m S c e n e "



[ H K E Y _ C L A S S E S _ R O O T \ I n t e r f a c e \ { F F F E A F A 1 - 7 5 A 5 - 4 0 D 5 - 9 2 3 A - 3 7 8 2 D F 4 B 9 8 1 D } \ P r o x y S t u b C l s i d 3 2 ]

@ = " { F F F E A F A 1 - 7 5 A 5 - 4 0 D 5 - 9 2 3 A - 3 7 8 2 D F 4 B 9 8 1 D } "



[ H K E Y _ C L A S S E S _ R O O T \ I n t e r f a c e \ { F F F E A F A 1 - 7 5 A 5 - 4 0 D 5 - 9 2 3 A - 3 7 8 2 D F 4 B 9 8 1 D } \ N u m M e t h o d s ]

@ = " 1 2 "



[ H K E Y _ L O C A L _ M A C H I N E \ S Y S T E M \ C u r r e n t C o n t r o l S e t \ C o n t r o l \ P o w e r \ P o w e r S e t t i n g s \ 9 4 1 4 a 4 8 6 - a 5 9 e - 4 1 5 9 - 9 4 7 1 - 3 3 a e f e 5 4 2 5 3 f ]

" F r i e n d l y N a m e " = h e x ( 2 ) : 4 0 , 0 0 , 2 5 , 0 0 , 5 3 , 0 0 , 7 9 , 0 0 , 7 3 , 0 0 , 7 4 , 0 0 , 6 5 , 0 0 , 6 d , 0 0 , 5 2 , 0 0 , 6 f , 0 0 , 6 f , 0 0 , \

7 4 , 0 0 , 2 5 , 0 0 , 5 c , 0 0 , 5 3 , 0 0 , 7 9 , 0 0 , 7 3 , 0 0 , 7 4 , 0 0 , 6 5 , 0 0 , 6 d , 0 0 , 3 3 , 0 0 , 3 2 , 0 0 , 5 c , 0 0 , 4 4 , \

0 0 , 7 2 , 0 0 , 6 5 , 0 0 , 6 1 , 0 0 , 6 d , 0 0 , 5 3 , 0 0 , 6 3 , 0 0 , 6 5 , 0 0 , 6 e , 0 0 , 6 5 , 0 0 , 2 e , 0 0 , 6 4 , 0 0 , 6 c , 0 0 , \

6 c , 0 0 , 2 c , 0 0 , 2 d , 0 0 , 3 1 , 0 0 , 3 0 , 0 0 , 2 c , 0 0 , 5 7 , 0 0 , 6 9 , 0 0 , 6 e , 0 0 , 6 4 , 0 0 , 6 f , 0 0 , 7 7 , 0 0 , 7 3 , \

0 0 , 2 0 , 0 0 , 4 4 , 0 0 , 7 2 , 0 0 , 6 5 , 0 0 , 6 1 , 0 0 , 6 d , 0 0 , 5 3 , 0 0 , 6 3 , 0 0 , 6 5 , 0 0 , 6 e , 0 0 , 6 5 , 0 0 , 2 0 , 0 0 , \

7 3 , 0 0 , 6 5 , 0 0 , 7 4 , 0 0 , 7 4 , 0 0 , 6 9 , 0 0 , 6 e , 0 0 , 6 7 , 0 0 , 7 3 , 0 0 , 0 0 , 0 0

" D e s c r i p t i o n " = h e x ( 2 ) : 4 0 , 0 0 , 2 5 , 0 0 , 5 3 , 0 0 , 7 9 , 0 0 , 7 3 , 0 0 , 7 4 , 0 0 , 6 5 , 0 0 , 6 d , 0 0 , 5 2 , 0 0 , 6 f , 0 0 , 6 f , 0 0 , \

7 4 , 0 0 , 2 5 , 0 0 , 5 c , 0 0 , 5 3 , 0 0 , 7 9 , 0 0 , 7 3 , 0 0 , 7 4 , 0 0 , 6 5 , 0 0 , 6 d , 0 0 , 3 3 , 0 0 , 3 2 , 0 0 , 5 c , 0 0 , 4 4 , \

0 0 , 7 2 , 0 0 , 6 5 , 0 0 , 6 1 , 0 0 , 6 d , 0 0 , 5 3 , 0 0 , 6 3 , 0 0 , 6 5 , 0 0 , 6 e , 0 0 , 6 5 , 0 0 , 2 e , 0 0 , 6 4 , 0 0 , 6 c , 0 0 , \

6 c , 0 0 , 2 c , 0 0 , 2 d , 0 0 , 3 1 , 0 0 , 3 1 , 0 0 , 2 c , 0 0 , 4 3 , 0 0 , 6 f , 0 0 , 6 e , 0 0 , 6 6 , 0 0 , 6 9 , 0 0 , 6 7 , 0 0 , 7 5 , \

0 0 , 7 2 , 0 0 , 6 5 , 0 0 , 2 0 , 0 0 , 7 0 , 0 0 , 6 f , 0 0 , 7 7 , 0 0 , 6 5 , 0 0 , 7 2 , 0 0 , 2 0 , 0 0 , 7 3 , 0 0 , 6 5 , 0 0 , 7 4 , 0 0 , \

7 4 , 0 0 , 6 9 , 0 0 , 6 e , 0 0 , 6 7 , 0 0 , 7 3 , 0 0 , 2 0 , 0 0 , 6 6 , 0 0 , 6 f , 0 0 , 7 2 , 0 0 , 2 0 , 0 0 , 5 7 , 0 0 , 6 9 , 0 0 , 6 e , \

0 0 , 6 4 , 0 0 , 6 f , 0 0 , 7 7 , 0 0 , 7 3 , 0 0 , 2 0 , 0 0 , 4 4 , 0 0 , 7 2 , 0 0 , 6 5 , 0 0 , 6 1 , 0 0 , 6 d , 0 0 , 5 3 , 0 0 , 6 3 , 0 0 , \

6 5 , 0 0 , 6 e , 0 0 , 6 5 , 0 0 , 2 e , 0 0 , 0 0 , 0 0



[ H K E Y _ L O C A L _ M A C H I N E \ S Y S T E M \ C u r r e n t C o n t r o l S e t \ C o n t r o l \ P o w e r \ P o w e r S e t t i n g s \ 9 4 1 4 a 4 8 6 - a 5 9 e - 4 1 5 9 - 9 4 7 1 - 3 3 a e f e 5 4 2 5 3 f \ 6 e d 1 a b e 7 - 7 5 8 4 - 4 a 7 d - 8 3 4 5 - 2 0 d b 1 0 9 1 8 d 2 9 ]

" F r i e n d l y N a m e " = h e x ( 2 ) : 4 0 , 0 0 , 2 5 , 0 0 , 5 3 , 0 0 , 7 9 , 0 0 , 7 3 , 0 0 , 7 4 , 0 0 , 6 5 , 0 0 , 6 d , 0 0 , 5 2 , 0 0 , 6 f , 0 0 , 6 f , 0 0 , \

7 4 , 0 0 , 2 5 , 0 0 , 5 c , 0 0 , 5 3 , 0 0 , 7 9 , 0 0 , 7 3 , 0 0 , 7 4 , 0 0 , 6 5 , 0 0 , 6 d , 0 0 , 3 3 , 0 0 , 3 2 , 0 0 , 5 c , 0 0 , 4 4 , \

0 0 , 7 2 , 0 0 , 6 5 , 0 0 , 6 1 , 0 0 , 6 d , 0 0 , 5 3 , 0 0 , 6 3 , 0 0 , 6 5 , 0 0 , 6 e , 0 0 , 6 5 , 0 0 , 2 e , 0 0 , 6 4 , 0 0 , 6 c , 0 0 , \

6 c , 0 0 , 2 c , 0 0 , 2 d , 0 0 , 3 1 , 0 0 , 3 2 , 0 0 , 2 c , 0 0 , 5 0 , 0 0 , 6 f , 0 0 , 7 7 , 0 0 , 6 5 , 0 0 , 7 2 , 0 0 , 2 0 , 0 0 , 5 3 , \

0 0 , 6 1 , 0 0 , 7 6 , 0 0 , 6 9 , 0 0 , 6 e , 0 0 , 6 7 , 0 0 , 2 0 , 0 0 , 4 d , 0 0 , 6 f , 0 0 , 6 4 , 0 0 , 6 5 , 0 0 , 0 0 , 0 0

" D e s c r i p t i o n " = h e x ( 2 ) : 4 0 , 0 0 , 2 5 , 0 0 , 5 3 , 0 0 , 7 9 , 0 0 , 7 3 , 0 0 , 7 4 , 0 0 , 6 5 , 0 0 , 6 d , 0 0 , 5 2 , 0 0 , 6 f , 0 0 , 6 f , \

0 0 , 7 4 , 0 0 , 2 5 , 0 0 , 5 c , 0 0 , 5 3 , 0 0 , 7 9 , 0 0 , 7 3 , 0 0 , 7 4 , 0 0 , 6 5 , 0 0 , 6 d , 0 0 , 3 3 , 0 0 , 3 2 , 0 0 , 5 c , 0 0 , \

4 4 , 0 0 , 7 2 , 0 0 , 6 5 , 0 0 , 6 1 , 0 0 , 6 d , 0 0 , 5 3 , 0 0 , 6 3 , 0 0 , 6 5 , 0 0 , 6 e , 0 0 , 6 5 , 0 0 , 2 e , 0 0 , 6 4 , 0 0 , 6 c , \

0 0 , 6 c , 0 0 , 2 c , 0 0 , 2 d , 0 0 , 3 1 , 0 0 , 3 3 , 0 0 , 2 c , 0 0 , 5 3 , 0 0 , 7 0 , 0 0 , 6 5 , 0 0 , 6 3 , 0 0 , 6 9 , 0 0 , 6 6 , 0 0 , \

7 9 , 0 0 , 2 0 , 0 0 , 7 7 , 0 0 , 6 8 , 0 0 , 6 1 , 0 0 , 7 4 , 0 0 , 2 0 , 0 0 , 7 9 , 0 0 , 6 f , 0 0 , 7 5 , 0 0 , 7 2 , 0 0 , 2 0 , 0 0 , 6 3 , \

0 0 , 6 f , 0 0 , 6 d , 0 0 , 7 0 , 0 0 , 7 5 , 0 0 , 7 4 , 0 0 , 6 5 , 0 0 , 7 2 , 0 0 , 2 0 , 0 0 , 6 4 , 0 0 , 6 f , 0 0 , 6 5 , 0 0 , 7 3 , 0 0 , \

2 0 , 0 0 , 7 7 , 0 0 , 6 8 , 0 0 , 6 5 , 0 0 , 6 e , 0 0 , 2 0 , 0 0 , 5 7 , 0 0 , 6 9 , 0 0 , 6 e , 0 0 , 6 4 , 0 0 , 6 f , 0 0 , 7 7 , 0 0 , 7 3 , \

0 0 , 2 0 , 0 0 , 4 4 , 0 0 , 7 2 , 0 0 , 6 5 , 0 0 , 6 1 , 0 0 , 6 d , 0 0 , 5 3 , 0 0 , 6 3 , 0 0 , 6 5 , 0 0 , 6 e , 0 0 , 6 5 , 0 0 , 2 0 , 0 0 , \

6 9 , 0 0 , 7 3 , 0 0 , 2 0 , 0 0 , 6 f , 0 0 , 6 e , 0 0 , 2 c , 0 0 , 2 0 , 0 0 , 6 1 , 0 0 , 6 e , 0 0 , 6 4 , 0 0 , 2 0 , 0 0 , 7 0 , 0 0 , 6 f , \

0 0 , 7 7 , 0 0 , 6 5 , 0 0 , 7 2 , 0 0 , 2 0 , 0 0 , 7 3 , 0 0 , 7 4 , 0 0 , 6 1 , 0 0 , 7 4 , 0 0 , 7 5 , 0 0 , 7 3 , 0 0 , 2 0 , 0 0 , 6 3 , 0 0 , \

6 8 , 0 0 , 6 1 , 0 0 , 6 e , 0 0 , 6 7 , 0 0 , 6 5 , 0 0 , 7 3 , 0 0 , 2 e , 0 0 , 0 0 , 0 0



[ H K E Y _ L O C A L _ M A C H I N E \ S Y S T E M \ C u r r e n t C o n t r o l S e t \ C o n t r o l \ P o w e r \ P o w e r S e t t i n g s \ 9 4 1 4 a 4 8 6 - a 5 9 e - 4 1 5 9 - 9 4 7 1 - 3 3 a e f e 5 4 2 5 3 f \ 6 e d 1 a b e 7 - 7 5 8 4 - 4 a 7 d - 8 3 4 5 - 2 0 d b 1 0 9 1 8 d 2 9 \ 0 ]

" F r i e n d l y N a m e " = h e x ( 2 ) : 4 0 , 0 0 , 2 5 , 0 0 , 5 3 , 0 0 , 7 9 , 0 0 , 7 3 , 0 0 , 7 4 , 0 0 , 6 5 , 0 0 , 6 d , 0 0 , 5 2 , 0 0 , 6 f , \

0 0 , 6 f , 0 0 , 7 4 , 0 0 , 2 5 , 0 0 , 5 c , 0 0 , 5 3 , 0 0 , 7 9 , 0 0 , 7 3 , 0 0 , 7 4 , 0 0 , 6 5 , 0 0 , 6 d , 0 0 , 3 3 , 0 0 , 3 2 , 0 0 , \

5 c , 0 0 , 4 4 , 0 0 , 7 2 , 0 0 , 6 5 , 0 0 , 6 1 , 0 0 , 6 d , 0 0 , 5 3 , 0 0 , 6 3 , 0 0 , 6 5 , 0 0 , 6 e , 0 0 , 6 5 , 0 0 , 2 e , 0 0 , 6 4 , \

0 0 , 6 c , 0 0 , 6 c , 0 0 , 2 c , 0 0 , 2 d , 0 0 , 3 1 , 0 0 , 3 4 , 0 0 , 2 c , 0 0 , 4 8 , 0 0 , 6 9 , 0 0 , 6 7 , 0 0 , 6 8 , 0 0 , 2 0 , 0 0 , \

5 0 , 0 0 , 6 5 , 0 0 , 7 2 , 0 0 , 6 6 , 0 0 , 6 f , 0 0 , 7 2 , 0 0 , 6 d , 0 0 , 6 1 , 0 0 , 6 e , 0 0 , 6 3 , 0 0 , 6 5 , 0 0 , 0 0 , 0 0

" D e s c r i p t i o n " = h e x ( 2 ) : 4 0 , 0 0 , 2 5 , 0 0 , 5 3 , 0 0 , 7 9 , 0 0 , 7 3 , 0 0 , 7 4 , 0 0 , 6 5 , 0 0 , 6 d , 0 0 , 5 2 , 0 0 , 6 f , \

0 0 , 6 f , 0 0 , 7 4 , 0 0 , 2 5 , 0 0 , 5 c , 0 0 , 5 3 , 0 0 , 7 9 , 0 0 , 7 3 , 0 0 , 7 4 , 0 0 , 6 5 , 0 0 , 6 d , 0 0 , 3 3 , 0 0 , 3 2 , 0 0 , \

5 c , 0 0 , 4 4 , 0 0 , 7 2 , 0 0 , 6 5 , 0 0 , 6 1 , 0 0 , 6 d , 0 0 , 5 3 , 0 0 , 6 3 , 0 0 , 6 5 , 0 0 , 6 e , 0 0 , 6 5 , 0 0 , 2 e , 0 0 , 6 4 , \

0 0 , 6 c , 0 0 , 6 c , 0 0 , 2 c , 0 0 , 2 d , 0 0 , 3 1 , 0 0 , 3 5 , 0 0 , 2 c , 0 0 , 5 7 , 0 0 , 6 9 , 0 0 , 6 e , 0 0 , 6 4 , 0 0 , 6 f , 0 0 , \

7 7 , 0 0 , 7 3 , 0 0 , 2 0 , 0 0 , 4 4 , 0 0 , 7 2 , 0 0 , 6 5 , 0 0 , 6 1 , 0 0 , 6 d , 0 0 , 5 3 , 0 0 , 6 3 , 0 0 , 6 5 , 0 0 , 6 e , 0 0 , 6 5 , \

0 0 , 2 0 , 0 0 , 7 7 , 0 0 , 6 9 , 0 0 , 6 c , 0 0 , 6 c , 0 0 , 2 0 , 0 0 , 6 3 , 0 0 , 6 f , 0 0 , 6 e , 0 0 , 7 4 , 0 0 , 6 9 , 0 0 , 6 e , 0 0 , \

7 5 , 0 0 , 6 5 , 0 0 , 2 0 , 0 0 , 7 4 , 0 0 , 6 f , 0 0 , 2 0 , 0 0 , 7 0 , 0 0 , 6 c , 0 0 , 6 1 , 0 0 , 7 9 , 0 0 , 2 e , 0 0 , 0 0 , 0 0

" S e t t i n g V a l u e " = d w o r d : 0 0 0 0 0 0 0 0



[ H K E Y _ L O C A L _ M A C H I N E \ S Y S T E M \ C u r r e n t C o n t r o l S e t \ C o n t r o l \ P o w e r \ P o w e r S e t t i n g s \ 9 4 1 4 a 4 8 6 - a 5 9 e - 4 1 5 9 - 9 4 7 1 - 3 3 a e f e 5 4 2 5 3 f \ 6 e d 1 a b e 7 - 7 5 8 4 - 4 a 7 d - 8 3 4 5 - 2 0 d b 1 0 9 1 8 d 2 9 \ 1 ]

" F r i e n d l y N a m e " = h e x ( 2 ) : 4 0 , 0 0 , 2 5 , 0 0 , 5 3 , 0 0 , 7 9 , 0 0 , 7 3 , 0 0 , 7 4 , 0 0 , 6 5 , 0 0 , 6 d , 0 0 , 5 2 , 0 0 , 6 f , 0 0 , 6 f , 0 0 , \

7 4 , 0 0 , 2 5 , 0 0 , 5 c , 0 0 , 5 3 , 0 0 , 7 9 , 0 0 , 7 3 , 0 0 , 7 4 , 0 0 , 6 5 , 0 0 , 6 d , 0 0 , 3 3 , 0 0 , 3 2 , 0 0 , 5 c , 0 0 , 4 4 , \

0 0 , 7 2 , 0 0 , 6 5 , 0 0 , 6 1 , 0 0 , 6 d , 0 0 , 5 3 , 0 0 , 6 3 , 0 0 , 6 5 , 0 0 , 6 e , 0 0 , 6 5 , 0 0 , 2 e , 0 0 , 6 4 , 0 0 , 6 c , 0 0 , \

6 c , 0 0 , 2 c , 0 0 , 2 d , 0 0 , 3 1 , 0 0 , 3 6 , 0 0 , 2 c , 0 0 , 5 0 , 0 0 , 6 f , 0 0 , 7 7 , 0 0 , 6 5 , 0 0 , 7 2 , 0 0 , 2 0 , 0 0 , 5 3 , \

0 0 , 6 1 , 0 0 , 7 6 , 0 0 , 6 5 , 0 0 , 7 2 , 0 0 , 0 0 , 0 0

" D e s c r i p t i o n " = h e x ( 2 ) : 4 0 , 0 0 , 2 5 , 0 0 , 5 3 , 0 0 , 7 9 , 0 0 , 7 3 , 0 0 , 7 4 , 0 0 , 6 5 , 0 0 , 6 d , 0 0 , 5 2 , 0 0 , 6 f , 0 0 , 6 f , \

0 0 , 7 4 , 0 0 , 2 5 , 0 0 , 5 c , 0 0 , 5 3 , 0 0 , 7 9 , 0 0 , 7 3 , 0 0 , 7 4 , 0 0 , 6 5 , 0 0 , 6 d , 0 0 , 3 3 , 0 0 , 3 2 , 0 0 , 5 c , 0 0 , \

4 4 , 0 0 , 7 2 , 0 0 , 6 5 , 0 0 , 6 1 , 0 0 , 6 d , 0 0 , 5 3 , 0 0 , 6 3 , 0 0 , 6 5 , 0 0 , 6 e , 0 0 , 6 5 , 0 0 , 2 e , 0 0 , 6 4 , 0 0 , 6 c , \

0 0 , 6 c , 0 0 , 2 c , 0 0 , 2 d , 0 0 , 3 1 , 0 0 , 3 7 , 0 0 , 2 c , 0 0 , 5 7 , 0 0 , 6 9 , 0 0 , 6 e , 0 0 , 6 4 , 0 0 , 6 f , 0 0 , 7 7 , 0 0 , \

7 3 , 0 0 , 2 0 , 0 0 , 4 4 , 0 0 , 7 2 , 0 0 , 6 5 , 0 0 , 6 1 , 0 0 , 6 d , 0 0 , 5 3 , 0 0 , 6 3 , 0 0 , 6 5 , 0 0 , 6 e , 0 0 , 6 5 , 0 0 , 2 0 , \

0 0 , 7 7 , 0 0 , 6 9 , 0 0 , 6 c , 0 0 , 6 c , 0 0 , 2 0 , 0 0 , 7 0 , 0 0 , 6 1 , 0 0 , 7 5 , 0 0 , 7 3 , 0 0 , 6 5 , 0 0 , 2 0 , 0 0 , 7 4 , 0 0 , \

6 f , 0 0 , 2 0 , 0 0 , 6 3 , 0 0 , 6 f , 0 0 , 6 e , 0 0 , 7 3 , 0 0 , 6 5 , 0 0 , 7 2 , 0 0 , 7 6 , 0 0 , 6 5 , 0 0 , 2 0 , 0 0 , 7 0 , 0 0 , 6 f , \

0 0 , 7 7 , 0 0 , 6 5 , 0 0 , 7 2 , 0 0 , 2 e , 0 0 , 0 0 , 0 0

" S e t t i n g V a l u e " = d w o r d : 0 0 0 0 0 0 0 1



[ H K E Y _ L O C A L _ M A C H I N E \ S Y S T E M \ C u r r e n t C o n t r o l S e t \ C o n t r o l \ P o w e r \ P o w e r S e t t i n g s \ 9 4 1 4 a 4 8 6 - a 5 9 e - 4 1 5 9 - 9 4 7 1 - 3 3 a e f e 5 4 2 5 3 f \ 6 e d 1 a b e 7 - 7 5 8 4 - 4 a 7 d - 8 3 4 5 - 2 0 d b 1 0 9 1 8 d 2 9 \ D e f a u l t P o w e r S c h e m e V a l u e s ]



[ H K E Y _ L O C A L _ M A C H I N E \ S Y S T E M \ C u r r e n t C o n t r o l S e t \ C o n t r o l \ P o w e r \ P o w e r S e t t i n g s \ 9 4 1 4 a 4 8 6 - a 5 9 e - 4 1 5 9 - 9 4 7 1 - 3 3 a e f e 5 4 2 5 3 f \ 6 e d 1 a b e 7 - 7 5 8 4 - 4 a 7 d - 8 3 4 5 - 2 0 d b 1 0 9 1 8 d 2 9 \ D e f a u l t P o w e r S c h e m e V a l u e s \ 3 8 1 b 4 2 2 2 - f 6 9 4 - 4 1 f 0 - 9 6 8 5 - f f 5 b b 2 6 0 d f 2 e ]

" A C S e t t i n g I n d e x " = d w o r d : 0 0 0 0 0 0 0 0

" D C S e t t i n g I n d e x " = d w o r d : 0 0 0 0 0 0 0 1



[ H K E Y _ L O C A L _ M A C H I N E \ S Y S T E M \ C u r r e n t C o n t r o l S e t \ C o n t r o l \ P o w e r \ P o w e r S e t t i n g s \ 9 4 1 4 a 4 8 6 - a 5 9 e - 4 1 5 9 - 9 4 7 1 - 3 3 a e f e 5 4 2 5 3 f \ 6 e d 1 a b e 7 - 7 5 8 4 - 4 a 7 d - 8 3 4 5 - 2 0 d b 1 0 9 1 8 d 2 9 \ D e f a u l t P o w e r S c h e m e V a l u e s \ 8 c 5 e 7 f d a - e 8 b f - 4 a 9 6 - 9 a 8 5 - a 6 e 2 3 a 8 c 6 3 5 c ]

" A C S e t t i n g I n d e x " = d w o r d : 0 0 0 0 0 0 0 0

" D C S e t t i n g I n d e x " = d w o r d : 0 0 0 0 0 0 0 1



[ H K E Y _ L O C A L _ M A C H I N E \ S Y S T E M \ C u r r e n t C o n t r o l S e t \ C o n t r o l \ P o w e r \ P o w e r S e t t i n g s \ 9 4 1 4 a 4 8 6 - a 5 9 e - 4 1 5 9 - 9 4 7 1 - 3 3 a e f e 5 4 2 5 3 f \ 6 e d 1 a b e 7 - 7 5 8 4 - 4 a 7 d - 8 3 4 5 - 2 0 d b 1 0 9 1 8 d 2 9 \ D e f a u l t P o w e r S c h e m e V a l u e s \ a 1 8 4 1 3 0 8 - 3 5 4 1 - 4 f a b - b c 8 1 - f 7 1 5 5 6 f 2 0 b 4 a ]

" A C S e t t i n g I n d e x " = d w o r d : 0 0 0 0 0 0 0 0

" D C S e t t i n g I n d e x " = d w o r d : 0 0 0 0 0 0 0 1



Y el código del .BAT es este:

@echo off
TITLE Windows DreamScene for non-Ultimate Vista
echo.
echo Windows DreamScene for non-Ultimate Vista v3
echo Razorblade 2008
echo.
echo See Readme.txt for detailed instructions
echo.
echo Confirm to install? (Press Ctrl-C and answer Y to terminate)
pause
echo.
echo.
mkdir "%WinDir%\Web\Windows DreamScene\"
copy "%~dp0\vid\*.mpg" "%WinDir%\Web\Windows DreamScene\" /y
echo.
echo [6] 64 bit (x64)
echo [3] 32 bit (x86)
echo.
choice /C 63 /M "Vista version:"
if ERRORLEVEL 2 goto tre
if ERRORLEVEL 1 goto ses
:ses
copy "%~dp0\x64\DreamScene.dll" %WinDir%\System32\ /y
copy "%~dp0\x64\DreamScene.dll.mui" %WinDir%\System32\en-US\ /y
goto quit
:tre
copy "%~dp0\x86\DreamScene.dll" %WinDir%\System32\ /y
copy "%~dp0\x86\DreamScene.dll.mui" %WinDir%\System32\en-US\ /y
:quit
reg import "%~dp0\DreamScene.reg"
echo.
echo *** Windows DreamScene installation completed. ***
echo.
pause
:end

Revisalos haber si hay algo raro en ellos para así borrar el archivo de ser necesario!
Última edición por noeljarod fecha: 27/08/09 a las 02:01:37. Razón: orden del post
Responder Con Cita
  post #8  
Antiguo 27/08/09, 03:01:58
Avatar de GPastor
FS-Admin
  
Registrado: mar 2005
Ubicación: Lima - Perú
Mensajes: 22.848
Re: lentitud de respuesta de máquina despues de que mi madre vio su correo
Veo que te haz complicado en el proceso. Lo único que debías hacer es arrastrar el CFScript hacia el ComboFix, ya que ya habías corrido el CF anteriormente.

Cuando el CF te dice si deseas actualizar debes aceptarlo o en todo caso descargarlo nuevamente.

Repite los pasos de mi anterior mensaje para tener un nuevo reporte de ComboFix.

Novedades del Foro | Antivirus Online | Eliminar Malwares | Políticas del Foro | Blog

* Ayúdanos haciendo una DONACIÓN para poder seguir Ayudando.
* Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
* No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.
Responder Con Cita
  post #9  
Antiguo 27/08/09, 10:22:07
Usuario
  
Registrado: ene 2007
Ubicación: nicaragua
Mensajes: 107
Re: lentitud de respuesta de máquina despues de que mi madre vio su correo
Cita:
Originalmente publicado por GPastor Ver Mensaje
Veo que te haz complicado en el proceso. Lo único que debías hacer es arrastrar el CFScript hacia el ComboFix, ya que ya habías corrido el CF anteriormente.

Cuando el CF te dice si deseas actualizar debes aceptarlo o en todo caso descargarlo nuevamente.

Repite los pasos de mi anterior mensaje para tener un nuevo reporte de ComboFix.
Pero entonces no se quedó pegado el combofix?? es normal que tarde tanto??? o fue porque hice algo mal?
Responder Con Cita
  post #10  
Antiguo 28/08/09, 17:47:28
Avatar de GPastor
FS-Admin
  
Registrado: mar 2005
Ubicación: Lima - Perú
Mensajes: 22.848
Re: lentitud de respuesta de máquina despues de que mi madre vio su correo
Intenta ejecutar el ComboFix en Modo Seguro, no debería haber problemas ahí.

Novedades del Foro | Antivirus Online | Eliminar Malwares | Políticas del Foro | Blog

* Ayúdanos haciendo una DONACIÓN para poder seguir Ayudando.
* Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
* No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.
Responder Con Cita
Respuesta
Página 1 de 2 1 2

« Tema Anterior | Próximo Tema »
Herramientas

Reglas del foro
No puedes crear nuevos temas
No puedes responder temas
No puedes subir adjuntos
No puedes editar tus mensajes
BB code is activado
Las caritas están activado
Código [IMG] está activado
Código HTML está desactivado
Trackbacks are desactivado
Pingbacks are activado
Refbacks are activado

Temas Similares
Tema Autor Foro Respuestas Último mensaje
lentitud de respuesta de máquina despues de que mi madre vio su correo noeljarod Foro Oficial de HijackThis en español 1 23/07/09 03:31:57
Recibir un correo elctrónico cuando te escriben respuesta en un tema (Solucionado) Toniko Problemas con el foro 3 09/07/09 11:26:43
Virus En Correo Hotmail (Solucionado) teleca Temas Solucionados 7 04/04/09 07:57:10
Posible virus correo (Solucionado) diegomao Temas Solucionados 4 19/03/08 15:51:52
Problema con el correo electronico!! (solucionado) Argente Ayuda General 9 01/04/05 11:07:29




Todas las horas son GMT -4. La hora es 15:07:55.

Sobre Nosotros - Contáctanos - Privacidad - Staff - Archivo - Blog  

Powered by: InfoSpyware, Versión 3.8.4
Copyright © 2005 - 2010,, ForoSpyware.com
© Copyright 2004 - 2010 InfoSpyware ® Todos los derechos reservados.
InfoSpyware es miembro de ASAP - Alliance of Security Analysis Professionals

 

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31