Blog Registrarse Manuales Programas Glosario

Regresar   Foro de Spyware » Spyware - Adware - Hijackers - Malwares » Temas Solucionados
Actualizar Problemas son winupgro.exe y hacktool.rootkit (Solucionado)
 

Para evitar Virus, Spyware y otros Malwares, te recomendamos mantenerte informado en: InfoSpyware Blog


Temas Solucionados Casos de HijackThis y Malwares resueltos.
(Solo lectura)

Respuesta
Página 1 de 3 1 23
 
Enviar a: Herramientas
  post #1  
Antiguo 27/10/09, 09:05:55
Usuario
  
Registrado: ene 2008
Ubicación: España
Mensajes: 19
Problemas son winupgro.exe y hacktool.rootkit (Solucionado)
Hola,

Ayer estaba intentando instalar emule y abri por error un archivo que me está dando problemas.
En el administrador de tareas me aparece el proceso winupgro.exe y por mas que lo detengo y borro de la carpeta, siempre vuelve.
Al mismo tiempo el Norton me detecta esto continuamente hacktool.rootkit.
He estado leyendo por el foro y he seguido algunos pasos.

1º He pasado el malwarebytes.
2º He pasado del Dr. webit
3º He pasado el ccleaner
4º Ahora estoy pasando el Kaspersky online en modo a prueba de errores.

Malwarebytes' Anti-Malware 1.41
Database version: 3037
Windows 6.0.6002 Service Pack 2 (Safe Mode)

27/10/2009 12:57:56
mbam-log-2009-10-27 (12-57-56).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 223842
Time elapsed: 35 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\sK9Ou0s (Worm.Bagle) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\srosa (Worm.Bagle) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


-----------------------------------------------------------------------------
Estadística del chequeo
-----------------------------------------------------------------------------
Objetos chequeados: 693873
Infectados: 6
Infectados con modificaciones: 0
Sospechosos: 0
Programas Adware: 0
Programas Dialer: 0
Programas - bromas: 0
Programas Riskware: 0
Programas Hacktool: 0
Objetos curados: 0
Objetos eliminados: 0
Objetos renombrados: 0
Objetos movidos: 6
Objetos ignorados: 0
Velocidad del chequeo: 4 Kb/s
Tiempo del chequeo: 06:19:22
-----------------------------------------------------------------------------

Espero que alguien me pueda ayudar.
Gracias
Responder Con Cita
InfoSpyware

  post #2  
Antiguo 27/10/09, 09:58:07
Avatar de Fugazi27
Warrior
  
Registrado: may 2008
Ubicación: BCN/Catalonia/Spain
Mensajes: 4.995
Re: Problemas son winupgro.exe y hacktool.rootkit
Hola, sigue estos pasos:

Apaga "Restaurar Sistema"

Descarga las siguientes herramientas pero no las ejecutes aún:Inicia tu ordenador en modo a prueba de fallos(modo seguro) ( si no puedes intenta reparar el modo seguro como pone aquí)

Ejecuta FS-FixBagle
  1. Desactiva temporalmente el Antivirus y/o Antispyware.
  2. Descomprime FS-FixBagle.zip en el Escritorio.
  3. Abre la Carpeta FS-Fix
  4. Ejecute FS-FixBagle.exe
  5. Eliga la opción "1", para iniciar la busqueda del Bagle
  6. Al termino del Analisis, FS-FixBagle, preguntara si desea reiniciar el ordenador. Acepta,
  7. Se genera un reporte, quel se encuentra generalmente en C:\BagleReport.txt.
*Nota* Si FS-FixBagle, encuentra el Driver/Rootkit, srosa.sys, sera necesario reiniciar el odenador, por lo que debe permitir que FS-FixBagle, reinicie el ordenador.
Ejecuta Malwarebytes: Selecciona hacer un "scan completo", una vez finalice si te detecta algo haz clic en "quitar lo seleccionado",si te pide reiniciar lo haces y después vas a la pestaña de "registros" para copiar el reporte en este tema.

Descarga instala y/o ejecuta Ccleaner+manual primero en su opción de limpiador y luego en la de registro (haciendo copia de seguridad)

Haz un scan online en Panda ActiveScan 2.0 y guardas el reporte para pegarlo en este tema ( lo envuelves con la etiqueta code )

Haz todos los pasos, reactivas restaurar sistema y regresas con los reportes de FS-FixBagle , Malwarebytes y Panda (este último lo envuelves con la etiqueta CODE ) Recuerda comentar los resultados.

saludos
(¯`·._.·´`·. ℓα ςυαятα ςαєяα єи єℓ вєяиαвєυ .·´`·._.·´¯)
Novedades del Foro | Antivirus Online | Eliminar Malwares | Políticas del Foro | Blog
* Ayúdanos haciendo una DONACIÓN para poder seguir Ayudando.
* Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
* No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.
Responder Con Cita
  post #3  
Antiguo 27/10/09, 16:19:35
Usuario
  
Registrado: ene 2008
Ubicación: España
Mensajes: 19
Re: Problemas son winupgro.exe y hacktool.rootkit
Hola,

Muchas gracias por tu rapida respuesta.

Tengo un probleama al ejecutar FS-FixBagle.exe. Me dice "NO SE ENCONTRARON LOS ELEMENTOS NECESARIOS PARA CONTINUAR. PRESIONAR UNA TECLA PARA CONTINUAR".

El CCleaner en modo normal, cuando lo abro se cierra de inmediato.

Antes de esto había pasado Panda ActiveScan 2.0 con este resultado:

No sé exactamente que quieres decir con eso de "Etiqueta CODE", pego el resultado tal cual.

Reitero las gracias
Jacobo

;************************************************* ************************************************** ************************************************** ******************************
ANALYSIS: 2009-10-27 20:22:30
PROTECTIONS: 1
MALWARE: 7
SUSPECTS: 2
;************************************************* ************************************************** ************************************************** ******************************
PROTECTIONS
Description Version Active Updated
;================================================= ================================================== ================================================== ==============================
ESET NOD32 Antivirus 3.0 3.0 Yes Yes
;================================================= ================================================== ================================================== ==============================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;================================================= ================================================== ================================================== ==============================
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\windows\system32\config\systemprofile\appdata\r oaming\microsoft\windows\cookies\jacobo@doubleclic k[1].txt
00954094 Rootkit/Bagle.UV Virus/Worm Yes 2 Yes No c:\windows\system32\srosa2.sys
02441996 Exploit/SWF.B Virus/Trojan No 0 No No c:\acer\preload\autorun\app\adobe photoshop\data1.cab[_f32fd4b491344d2e90c5d69c64fba40b]
02441996 Exploit/SWF.B Virus/Trojan No 0 Yes No c:\program files\hp\digital imaging\bin\scmain.swf
02441996 Exploit/SWF.B Virus/Trojan No 0 No No c:\acer\preload\autorun\app\adobe photoshop\data1.cab[_c4fd80a81fc141e69d6bcb1b15caf753]
02898934 W32/Bagle.RC.worm Virus/Worm No 0 Yes No c:\users\jacobo\appdata\local\microsoft\windows\te mporary internet files\content.ie5\hbie1a3e\b64[1].jpg
02898934 W32/Bagle.RC.worm Virus/Worm No 0 Yes No c:\windows\system32\mdelk.exe
02898934 W32/Bagle.RC.worm Virus/Worm No 0 Yes No c:\users\jacobo\appdata\roaming\m\flec006.exe
02898934 W32/Bagle.RC.worm Virus/Worm No 0 Yes No c:\users\jacobo\appdata\roaming\drivers\downld\726 730.exe
02898934 W32/Bagle.RC.worm Virus/Worm No 0 Yes No c:\users\jacobo\appdata\local\microsoft\windows\te mporary internet files\content.ie5\whz8ady5\b64[1].jpg
02898934 W32/Bagle.RC.worm Virus/Worm No 0 Yes No c:\users\jacobo\appdata\local\microsoft\windows\te mporary internet files\content.ie5\whz8ady5\b64_3[1].jpg
02898934 W32/Bagle.RC.worm Virus/Worm No 0 Yes No c:\users\jacobo\appdata\roaming\drivers\downld\130 994.exe
02898934 W32/Bagle.RC.worm Virus/Worm No 0 Yes No c:\users\jacobo\appdata\roaming\drivers\downld\705 810.exe
02898934 W32/Bagle.RC.worm Virus/Worm No 0 Yes No c:\users\jacobo\appdata\roaming\drivers\downld\192 380.exe
02898934 W32/Bagle.RC.worm Virus/Worm No 0 Yes No c:\windows\system32\wintems.exe
02898935 W32/Bagle.RC.worm Virus/Worm Yes 1 Yes No c:\windows\system32\wfsintwq.sys
04569440 W32/Bagle.KV.worm Virus No 1 Yes No c:\users\jacobo\appdata\local\microsoft\windows\te mporary internet files\content.ie5\shujk181\b64_4[1].jpg
04569440 W32/Bagle.KV.worm Virus No 1 Yes No c:\users\jacobo\appdata\roaming\drivers\downld\204 548.exe
05536499 W32/Bagle.KV.worm Virus No 1 Yes No c:\users\jacobo\appdata\local\microsoft\windows\te mporary internet files\content.ie5\hbie1a3e\b64_5[1].jpg
05536499 W32/Bagle.KV.worm Virus No 1 Yes No c:\users\jacobo\appdata\local\microsoft\windows\te mporary internet files\content.ie5\m4lry9lv\b64_5[1].jpg
05536499 W32/Bagle.KV.worm Virus No 1 Yes No c:\users\jacobo\appdata\roaming\drivers\downld\708 852.exe
05536499 W32/Bagle.KV.worm Virus No 1 Yes No c:\users\jacobo\appdata\roaming\drivers\downld\134 706.exe
;================================================= ================================================== ================================================== ==============================
SUSPECTS
Sent Location
;================================================= ================================================== ================================================== ==============================
No c:\program files\google\googletoolbarnotifier\googletoolbarno tifier.exe
No c:\users\jacobo\appdata\roaming\drivers\winupgro.e xe
;================================================= ================================================== ================================================== ==============================
VULNERABILITIES
Id Severity Description
;================================================= ================================================== ================================================== ==============================
;================================================= ================================================== ================================================== ==============================
Responder Con Cita
  post #4  
Antiguo 27/10/09, 18:29:04
Usuario
  
Registrado: ene 2008
Ubicación: España
Mensajes: 19
Re: Problemas son winupgro.exe y hacktool.rootkit
Hola de nuevo,

Pego los resultados de malwarebytes.

Malwarebytes' Anti-Malware 1.41
Versión de la Base de Datos: 3043
Windows 6.0.6002 Service Pack 2 (Safe Mode)

27/10/2009 22:29:24
mbam-log-2009-10-27 (22-29-24).txt

Tipo de examen : Examen Completo (C:\|D:\|)
Objetos examinados: 224140
Tiempo transcurrido: 35 minute(s), 30 second(s)

Procesos en Memoria Infectados: 0
Módulos en Memoria Infectados: 0
Claves del Registro Infectadas: 2
Valores del Registro Infectados: 0
Elementos de Datos del Registro Infectados: 0
Carpetas Infectadas: 0
Ficheros Infectados: 25

Procesos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Módulos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Claves del Registro Infectadas:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\sK9Ou0s (Worm.Bagle) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\srosa (Worm.Bagle) -> Quarantined and deleted successfully.

Valores del Registro Infectados:
(No se han detectado elementos maliciosos)

Elementos de Datos del Registro Infectados:
(No se han detectado elementos maliciosos)

Carpetas Infectadas:
(No se han detectado elementos maliciosos)

Ficheros Infectados:
C:\$RECYCLE.BIN\S-1-5-21-1010603109-3914943522-2019868794-1000\$R40H9JQ\downld\119278.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\$RECYCLE.BIN\S-1-5-21-1010603109-3914943522-2019868794-1000\$R40H9JQ\downld\196857.exe (Email.Worm) -> Quarantined and deleted successfully.
C:\$RECYCLE.BIN\S-1-5-21-1010603109-3914943522-2019868794-1000\$RV11EW2\downld\130994.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\$RECYCLE.BIN\S-1-5-21-1010603109-3914943522-2019868794-1000\$RV11EW2\downld\133926.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\$RECYCLE.BIN\S-1-5-21-1010603109-3914943522-2019868794-1000\$RV11EW2\downld\135159.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\$RECYCLE.BIN\S-1-5-21-1010603109-3914943522-2019868794-1000\$RV11EW2\downld\192380.exe (Email.Worm) -> Quarantined and deleted successfully.
C:\$RECYCLE.BIN\S-1-5-21-1010603109-3914943522-2019868794-1000\$RV11EW2\downld\204548.exe (Email.Worm) -> Quarantined and deleted successfully.
C:\$RECYCLE.BIN\S-1-5-21-1010603109-3914943522-2019868794-1000\$RV11EW2\downld\217044.exe (Email.Worm) -> Quarantined and deleted successfully.
C:\$RECYCLE.BIN\S-1-5-21-1010603109-3914943522-2019868794-1000\$RV11EW2\downld\226560.exe (Email.Worm) -> Quarantined and deleted successfully.
C:\$RECYCLE.BIN\S-1-5-21-1010603109-3914943522-2019868794-1000\$RV11EW2\downld\705810.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\$RECYCLE.BIN\S-1-5-21-1010603109-3914943522-2019868794-1000\$RV11EW2\downld\726730.exe (Email.Worm) -> Quarantined and deleted successfully.
C:\Users\Jacobo\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\HBIE1A3E\b64[1].jpg (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Users\Jacobo\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\SHUJK181\b64_3[1].jpg (Email.Worm) -> Quarantined and deleted successfully.
C:\Users\Jacobo\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\SHUJK181\b64_4[1].jpg (Email.Worm) -> Quarantined and deleted successfully.
C:\Users\Jacobo\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\WHZ8ADY5\b64[1].jpg (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Users\Jacobo\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\WHZ8ADY5\b64[2].jpg (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Users\Jacobo\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\WHZ8ADY5\b64_3[1].jpg (Email.Worm) -> Quarantined and deleted successfully.
C:\Users\Jacobo\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\WHZ8ADY5\b64_3[2].jpg (Email.Worm) -> Quarantined and deleted successfully.
C:\Users\Jacobo\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\WHZ8ADY5\b64_4[1].jpg (Email.Worm) -> Quarantined and deleted successfully.
C:\Users\Jacobo\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\ZQY912NC\b64[1].jpg (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Users\Jacobo\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\ZQY912NC\b64[2].jpg (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Users\Jacobo\AppData\Roaming\hidires\flec003.ex e (Email.Worm) -> Quarantined and deleted successfully.
C:\Users\Jacobo\AppData\Roaming\m\flec006.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\Windows\System32\mdelk.exe (Email.Worm) -> Quarantined and deleted successfully.
C:\Windows\System32\wintems.exe (Email.Worm) -> Quarantined and deleted successfully.
Responder Con Cita
  post #5  
Antiguo 28/10/09, 15:47:15
Avatar de Fugazi27
Warrior
  
Registrado: may 2008
Ubicación: BCN/Catalonia/Spain
Mensajes: 4.995
Re: Problemas son winupgro.exe y hacktool.rootkit
Hola, demos una pasada con Combofix para eliminar toda la infección (recuerda que en Win Vista estas herramientas debes ejecutarlas haciendole clic derecho, y seleccionado ejecutar como administrador).

Realiza lo siguiente:

- Descarga ComboFix.exe
  • Dadas tus infecciones debes de cambiar el nombre antes de guardarlo en tu escritorio por Combo-Fix


  • Desactiva temporalmente el Antivirus y/o Antispyware.
  • Cierra todas las ventanas abiertas.
  • Da doble clic al archivo ComboFix.exe y sigue las instrucciones.
  • Cuando termine, generara un registro en C:\ComboFix.txt.
    • *Nota* Mientras CF este trabajando no mover el mouse ya que pararía su proceso.
    • *Nota* ComboFix puede reiniciar automáticamente el PC para completar el proceso de eliminación.
Cita:
Atención!! No use ComboFix a menos que se le haya indicado específicamente en su mensaje por un integrante de nuestro Staff. Es una herramienta de gran alcance destinada por su creador a ser usada bajo la orientación y supervisión de un experto, no para uso privado. El uso de ComboFix incorrectamente podría generar problemas en su sistema. Por favor, lea las "Negaciones de la Garantía" de ComboFix.
  • Reinicia, pega el reporte de C:\ComboFix.txt y nos comentas los resultados.

saludos
(¯`·._.·´`·. ℓα ςυαятα ςαєяα єи єℓ вєяиαвєυ .·´`·._.·´¯)
Novedades del Foro | Antivirus Online | Eliminar Malwares | Políticas del Foro | Blog
* Ayúdanos haciendo una DONACIÓN para poder seguir Ayudando.
* Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
* No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.
Responder Con Cita
  post #6  
Antiguo 28/10/09, 18:39:01
Usuario
  
Registrado: ene 2008
Ubicación: España
Mensajes: 19
Re: Problemas son winupgro.exe y hacktool.rootkit
Hola,

Estos son los resultados:

ComboFix 09-10-27.08 - Jacobo 28-10-2009 22:46.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.34.3082.18.3066.2167 [GMT 1:00]
Running from: c:\users\Jacobo\Desktop\Combo-Fix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Jacobo\AppData\Roaming\drivers\downld
c:\users\Jacobo\AppData\Roaming\m\data.oct
c:\users\Jacobo\AppData\Roaming\m\list.oct
c:\users\Jacobo\AppData\Roaming\m\shared
c:\users\Jacobo\AppData\Roaming\m\shared\A-one Video to WMV Converter 6.2.5.zip
c:\users\Jacobo\AppData\Roaming\m\shared\A_Haunted _Halloween_ScreenSaver_1.00.zip
c:\users\Jacobo\AppData\Roaming\m\shared\Aakarda_4 .1.zip
c:\users\Jacobo\AppData\Roaming\m\shared\ABC eStore 3.7.zip
c:\users\Jacobo\AppData\Roaming\m\shared\Active_Bu siness_Intelligence_Portal_3.1.9.zip
c:\users\Jacobo\AppData\Roaming\m\shared\AL-Search 2.00.zip
c:\users\Jacobo\AppData\Roaming\m\shared\Alcon 3.0.0 Build 1470.zip
c:\users\Jacobo\AppData\Roaming\m\shared\Allure_Li nes_1.zip
c:\users\Jacobo\AppData\Roaming\m\shared\AnyToGif_ 1.3.6_(Patch).zip
c:\users\Jacobo\AppData\Roaming\m\shared\APS_Accou nting_and_stock_control_2.7.0.8.zip
c:\users\Jacobo\AppData\Roaming\m\shared\Atomic Clock 1.0.zip
c:\users\Jacobo\AppData\Roaming\m\shared\Auction Monitor 3.0.2.zip
c:\users\Jacobo\AppData\Roaming\m\shared\Auto Dialer Pro 3.8.zip
c:\users\Jacobo\AppData\Roaming\m\shared\AWS_Docke t_3_(6.2.15.1).zip
c:\users\Jacobo\AppData\Roaming\m\shared\BareTail_ 3.50a.zip
c:\users\Jacobo\AppData\Roaming\m\shared\BeesWees_ Imaging_Suite_1.0_[Key].zip
c:\users\Jacobo\AppData\Roaming\m\shared\Blaiz_Ent erprises_Image_Viewer_1.00.165.zip
c:\users\Jacobo\AppData\Roaming\m\shared\Bleezer 0.9.8.2.zip
c:\users\Jacobo\AppData\Roaming\m\shared\BMP2000_4 .00.28.zip
c:\users\Jacobo\AppData\Roaming\m\shared\BmpToRaw_ 3.0.zip
c:\users\Jacobo\AppData\Roaming\m\shared\Chat_Watc h_5.0.0.5.zip
c:\users\Jacobo\AppData\Roaming\m\shared\ClubCross Photo Crush 1.0 Key.zip
c:\users\Jacobo\AppData\Roaming\m\shared\CodeWarri or_Compiler_and_MSL_Update_2.2.1.zip
c:\users\Jacobo\AppData\Roaming\m\shared\Console_C apture_1.0.zip
c:\users\Jacobo\AppData\Roaming\m\shared\Cool_Ball s_for_PocketPC_1.zip
c:\users\Jacobo\AppData\Roaming\m\shared\Core FTP Pro 2.1 Build 1565.zip
c:\users\Jacobo\AppData\Roaming\m\shared\DailyStri ps_1.3b.zip
c:\users\Jacobo\AppData\Roaming\m\shared\DbView 2.4.1.zip
c:\users\Jacobo\AppData\Roaming\m\shared\Dejobaan_ BeBop_1.9.zip
c:\users\Jacobo\AppData\Roaming\m\shared\dtSearch_ Text_Retrieval_Engine_7.40.7360.zip
c:\users\Jacobo\AppData\Roaming\m\shared\Dwyco Video Conferencing System (CDC32) 2.97.zip
c:\users\Jacobo\AppData\Roaming\m\shared\EBook Maestro FREE 1.80.zip
c:\users\Jacobo\AppData\Roaming\m\shared\Epson Stylus Color 1520 Driver 5.6AE.zip
c:\users\Jacobo\AppData\Roaming\m\shared\ErrMess Remote Computer 4.1.0.3.zip
c:\users\Jacobo\AppData\Roaming\m\shared\Essential PIM 2.02.zip
c:\users\Jacobo\AppData\Roaming\m\shared\Excel-to-Oracle 1.0.zip
c:\users\Jacobo\AppData\Roaming\m\shared\FabulousM P3 2.00.04.zip
c:\users\Jacobo\AppData\Roaming\m\shared\File4ward .exe_3.1.1.zip
c:\users\Jacobo\AppData\Roaming\m\shared\FlexWindo w_Enterprise_Server_1.0.1.zip
c:\users\Jacobo\AppData\Roaming\m\shared\FlyGrid.N et_1.4.5.2.zip
c:\users\Jacobo\AppData\Roaming\m\shared\FosiX_Pro _1.3.zip
c:\users\Jacobo\AppData\Roaming\m\shared\Fox DVD Ripper Pro 8.0.8.10.zip
c:\users\Jacobo\AppData\Roaming\m\shared\Ghost Keylogger 3.73.zip
c:\users\Jacobo\AppData\Roaming\m\shared\GoFla.us 1.4.zip
c:\users\Jacobo\AppData\Roaming\m\shared\GSA_Image _Analyser_2.8.9_Crack.zip
c:\users\Jacobo\AppData\Roaming\m\shared\Guitar Chord Legend 1.0.zip
c:\users\Jacobo\AppData\Roaming\m\shared\Hide-A-File_1.0.0_Patch.zip
c:\users\Jacobo\AppData\Roaming\m\shared\HiveLoade r 1.0.zip
c:\users\Jacobo\AppData\Roaming\m\shared\Hotties_S creensaver_1.0.zip
c:\users\Jacobo\AppData\Roaming\m\shared\HydroPIPE 2.2.zip
c:\users\Jacobo\AppData\Roaming\m\shared\Icon_New_ FolderPack.zip
c:\users\Jacobo\AppData\Roaming\m\shared\Import Utility from TO3000 to Projetex 1.0.zip
c:\users\Jacobo\AppData\Roaming\m\shared\Infraluti on Licensing System 4.0.zip
c:\users\Jacobo\AppData\Roaming\m\shared\IT Outsourcing Toolkit 3.1.zip
c:\users\Jacobo\AppData\Roaming\m\shared\Janitor Dan the Spaceman 1.6.zip
c:\users\Jacobo\AppData\Roaming\m\shared\KeepNI 3.0.1.zip
c:\users\Jacobo\AppData\Roaming\m\shared\Keyboard_ Express_3.3.zip
c:\users\Jacobo\AppData\Roaming\m\shared\Kundo 0.9.zip
c:\users\Jacobo\AppData\Roaming\m\shared\Leithause r Research EBook Reader - The Five Senses Do Not A Nickel Make 1.0.zip
c:\users\Jacobo\AppData\Roaming\m\shared\Licenza.2 007.Kaspersky.zip
c:\users\Jacobo\AppData\Roaming\m\shared\LottoPick er_2.0.6.zip
c:\users\Jacobo\AppData\Roaming\m\shared\Mail Access Monitor for MS Exchange Server 3.9.zip
c:\users\Jacobo\AppData\Roaming\m\shared\Mangle Screensaver 2.0.zip
c:\users\Jacobo\AppData\Roaming\m\shared\MB Financial Astrology 1.0.zip
c:\users\Jacobo\AppData\Roaming\m\shared\MIDI Cycle 1.01.zip
c:\users\Jacobo\AppData\Roaming\m\shared\MIDI Tracker 1.2.7.zip
c:\users\Jacobo\AppData\Roaming\m\shared\Mini Album 1.0.zip
c:\users\Jacobo\AppData\Roaming\m\shared\Modbus_Po ll_4.1.3_build_170.zip
c:\users\Jacobo\AppData\Roaming\m\shared\Moog Modular V 2 2.2.zip
c:\users\Jacobo\AppData\Roaming\m\shared\Motherboa rds.org Forums Navigator 1.5.0.2.zip
c:\users\Jacobo\AppData\Roaming\m\shared\MSN_Winks _Magic_2.0.zip
c:\users\Jacobo\AppData\Roaming\m\shared\My_Passwo rd_Manager_2.1.zip
c:\users\Jacobo\AppData\Roaming\m\shared\NBC Today Show 1.0208.zip
c:\users\Jacobo\AppData\Roaming\m\shared\Nstrument Snmp Library for .Net 2.4.4.2.zip
c:\users\Jacobo\AppData\Roaming\m\shared\NutriGeni e_Wrinkle_Cure_Diet_7.0.zip
c:\users\Jacobo\AppData\Roaming\m\shared\PacketTra p Perspective Studio 3.0.9953.zip
c:\users\Jacobo\AppData\Roaming\m\shared\Paradigm_ PiDataCtl200_2.4.zip
c:\users\Jacobo\AppData\Roaming\m\shared\Parnian for QuarkXPress 3.1 (KeyGen).zip
c:\users\Jacobo\AppData\Roaming\m\shared\PCMark05_ Basic_1.1.0_[With_Crack].zip
c:\users\Jacobo\AppData\Roaming\m\shared\PDF-XChange Pro 3.6 build 1081.zip
c:\users\Jacobo\AppData\Roaming\m\shared\PixPatrol 0.90 Beta.zip
c:\users\Jacobo\AppData\Roaming\m\shared\PMG Connect 1.4.0.109.zip
c:\users\Jacobo\AppData\Roaming\m\shared\Portable Text Image Generator 1.0.zip
c:\users\Jacobo\AppData\Roaming\m\shared\PSOMgr 1.00.00.zip
c:\users\Jacobo\AppData\Roaming\m\shared\QuickColo r 1.5.0 Key+Serial.zip
c:\users\Jacobo\AppData\Roaming\m\shared\Quickmark s 0.5.1.zip
c:\users\Jacobo\AppData\Roaming\m\shared\QuoteIT 1.107.zip
c:\users\Jacobo\AppData\Roaming\m\shared\Related Posts 1.0.zip
c:\users\Jacobo\AppData\Roaming\m\shared\Remote_Sy stem_Information_3.0.zip
c:\users\Jacobo\AppData\Roaming\m\shared\Resize! 1.4.2.zip
c:\users\Jacobo\AppData\Roaming\m\shared\RICOlmer 2.5.zip
c:\users\Jacobo\AppData\Roaming\m\shared\RSE Tools 0.26.zip
c:\users\Jacobo\AppData\Roaming\m\shared\RunIt_2.z ip
c:\users\Jacobo\AppData\Roaming\m\shared\ScreenFla sh_1.7_build_0021.zip
c:\users\Jacobo\AppData\Roaming\m\shared\Seamless_ Texture_Generator_1.361_[Cracked].zip
c:\users\Jacobo\AppData\Roaming\m\shared\SecureWor d_Mobile_1.5.zip
c:\users\Jacobo\AppData\Roaming\m\shared\Sendkeys_ Replacement_for_Visual_Basic_2.2_(KeyGen).zip
c:\users\Jacobo\AppData\Roaming\m\shared\SfbDns 1.2.zip
c:\users\Jacobo\AppData\Roaming\m\shared\Shutdown-alt 1.0.zip
c:\users\Jacobo\AppData\Roaming\m\shared\SL-Message_1.05.0080.zip
c:\users\Jacobo\AppData\Roaming\m\shared\Softcode Analog Clock 1.3b.zip
c:\users\Jacobo\AppData\Roaming\m\shared\Spesoft Free Video To DVD 1.00.zip
c:\users\Jacobo\AppData\Roaming\m\shared\SpiraPain t! 1.81.zip
c:\users\Jacobo\AppData\Roaming\m\shared\SplitNow! 2.0.zip
c:\users\Jacobo\AppData\Roaming\m\shared\SWFKit_Pr o_3.01_(Key).zip
c:\users\Jacobo\AppData\Roaming\m\shared\Symantec. Norton.Antivirus.2005.日本語版(Iso).Keygen(説 明書付)(Rr3%).zip
c:\users\Jacobo\AppData\Roaming\m\shared\System Monitor 1.5.zip
c:\users\Jacobo\AppData\Roaming\m\shared\Test_Gene rator_II_2.4.13.zip
c:\users\Jacobo\AppData\Roaming\m\shared\The Filter 3.1.zip
c:\users\Jacobo\AppData\Roaming\m\shared\The Gamer 1.1.zip
c:\users\Jacobo\AppData\Roaming\m\shared\THE_Renam e_2.1.6.zip
c:\users\Jacobo\AppData\Roaming\m\shared\Time_Watc her_2.1_Key.zip
c:\users\Jacobo\AppData\Roaming\m\shared\Travel_Ma te_1.0.zip
c:\users\Jacobo\AppData\Roaming\m\shared\Ultimate Calculator for DOS 3.2.zip
c:\users\Jacobo\AppData\Roaming\m\shared\Ultimate Fractal 1.1.zip
c:\users\Jacobo\AppData\Roaming\m\shared\Visual_Co ver_++_2.zip
c:\users\Jacobo\AppData\Roaming\m\shared\VPOP3_Sta ndard_2.4.7_Beta_[Cracked].zip
c:\users\Jacobo\AppData\Roaming\m\shared\VRQ Threat Remediation Tool Build 3.5.0.9.zip
c:\users\Jacobo\AppData\Roaming\m\shared\What Is Transferring 1.0.zip
c:\users\Jacobo\AppData\Roaming\m\shared\Whizlabs_ CCNA_640-801_Exam_Simulator_6.0.1.zip
c:\users\Jacobo\AppData\Roaming\m\shared\Wincrypt_ 2.2.zip
c:\users\Jacobo\AppData\Roaming\m\shared\Windows_P assword_6.0.1509.zip
c:\users\Jacobo\AppData\Roaming\m\shared\WinNetSys Utils 1.0.zip
c:\users\Jacobo\AppData\Roaming\m\shared\WM Recorder 12.5.zip
c:\users\Jacobo\AppData\Roaming\m\shared\World_of_ Warcraft_v1.2.3_German_patch.zip
c:\users\Jacobo\AppData\Roaming\m\shared\wxForms_1 .0.3.zip
c:\users\Jacobo\AppData\Roaming\m\shared\XTea Encoder for Delphi 1.0.0.zip
c:\users\Jacobo\AppData\Roaming\m\srvlist.oct
c:\windows\system32\ban_list.txt
c:\users\Jacobo\AppData\Roaming\drivers\winupgro.e xe . . . . failed to delete
c:\users\Jacobo\AppData\Roaming\m . . . . failed to delete
c:\windows\system32\mdelk.exe . . . . failed to delete
c:\windows\system32\wintems.exe . . . . failed to delete

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SK9OU0S
-------\Legacy_SROSA


((((((((((((((((((((((((( Files Created from 2009-09-28 to 2009-10-28 )))))))))))))))))))))))))))))))
.

2009-10-28 07:09 . 2009-10-28 22:18 -------- d--h--w- c:\users\Jacobo\AppData\Roaming\drivers
2009-10-27 19:29 . 2009-10-27 19:30 6632299 ----a-w- c:\users\Jacobo\balance.zip
2009-10-27 19:27 . 2009-10-27 19:27 -------- d-----w- c:\windows\system32\config\systemprofile\Tracing
2009-10-27 13:58 . 2009-10-27 13:58 -------- d-----w- c:\program files\Panda Security
2009-10-27 13:47 . 2009-10-28 22:19 -------- d--h--w- c:\users\Jacobo\AppData\Roaming\m
2009-10-26 19:28 . 2009-10-26 19:28 -------- d-----w- c:\users\Jacobo\AppData\Roaming\Malwarebytes
2009-10-26 19:28 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-26 19:28 . 2009-10-26 19:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-26 19:28 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-26 17:31 . 2009-10-26 21:47 -------- d-----w- c:\users\Jacobo\DoctorWeb
2009-10-26 17:28 . 2009-10-26 17:28 -------- d-----w- c:\programdata\Malwarebytes
2009-10-26 16:35 . 2009-10-28 20:39 7168 ----a-w- c:\windows\system32\srosa2.sys
2009-10-22 00:27 . 2009-10-25 20:40 -------- d-----w- c:\users\Jacobo\Tracing
2009-10-20 10:40 . 2007-03-23 02:05 29272 ----a-r- c:\windows\system32\AdobePDF.dll
2009-10-18 17:39 . 2009-10-18 17:39 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-10-18 12:26 . 2009-10-18 12:26 -------- d-----w- c:\program files\Microsoft Silverlight
2009-10-16 18:50 . 2009-09-10 16:48 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-16 18:50 . 2009-08-04 12:34 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-10-16 18:49 . 2009-08-04 12:34 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-10-16 18:43 . 2009-09-04 11:41 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-10-16 18:42 . 2009-09-14 09:29 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-16 18:42 . 2009-05-08 12:53 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-10-11 21:50 . 2009-10-11 21:50 -------- d-----w- c:\users\Jacobo\AppData\Roaming\Titanium Gears
2009-10-07 11:05 . 2009-10-14 07:23 -------- d-----w- c:\users\Jacobo\AppData\Local\Microsoft Games
2009-10-02 23:59 . 2009-10-01 08:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-02 04:25 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-10-02 04:25 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-10-02 04:25 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-10-02 04:25 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-02 04:25 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-10-02 04:25 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-10-02 04:25 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-02 04:24 . 2009-08-06 17:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-02 04:24 . 2009-08-06 16:44 33792 ----a-w- c:\windows\system32\wuapp.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-10-28 22:18 . 2009-08-21 00:49 31966 ----a-w- c:\programdata\nvModes.dat
2009-10-28 20:43 . 2009-03-27 06:51 688810 ----a-w- c:\windows\system32\perfh00A.dat
2009-10-28 20:43 . 2009-03-27 06:51 138424 ----a-w- c:\windows\system32\perfc00A.dat
2009-10-27 13:34 . 2009-03-26 22:53 -------- d-----w- c:\programdata\Norton
2009-10-26 17:53 . 2009-08-22 19:08 -------- d-----w- c:\users\Jacobo\AppData\Roaming\vlc
2009-10-19 23:11 . 2009-03-26 23:10 -------- d-----w- c:\programdata\Microsoft Help
2009-10-18 19:52 . 2009-08-21 00:35 105752 ----a-w- c:\users\Jacobo\AppData\Local\GDIPFONTCACHEV1.DAT
2009-10-18 17:44 . 2009-03-26 23:13 -------- d-----w- c:\program files\Microsoft Works
2009-10-16 23:28 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-10-11 19:31 . 2009-09-13 00:54 256 ----a-w- c:\windows\system32\pool.bin
2009-09-27 01:45 . 2009-08-21 00:33 -------- d-----w- c:\programdata\NVIDIA
2009-09-27 01:37 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-09-27 01:37 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-09-27 01:37 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-09-27 01:37 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-09-27 01:37 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-09-27 01:37 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-09-23 21:05 . 2009-09-21 11:55 -------- d-----w- c:\users\Jacobo\AppData\Roaming\Skype
2009-09-23 20:45 . 2009-09-21 11:58 -------- d-----w- c:\users\Jacobo\AppData\Roaming\skypePM
2009-09-21 11:58 . 2009-09-21 11:58 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-09-21 11:54 . 2009-09-21 11:54 -------- d-----r- c:\program files\Skype
2009-09-21 11:54 . 2009-09-21 11:54 -------- d-----w- c:\program files\Common Files\Skype
2009-09-21 11:54 . 2009-09-21 11:54 -------- d-----w- c:\programdata\Skype
2009-09-20 00:54 . 2009-09-20 00:54 -------- d-----w- c:\programdata\FLEXnet
2009-09-20 00:48 . 2009-03-26 23:23 -------- d-----w- c:\program files\Common Files\Adobe
2009-09-13 00:54 . 2009-09-13 00:54 -------- d-----w- c:\users\Jacobo\AppData\Roaming\Research In Motion
2009-09-13 00:53 . 2009-09-13 00:53 -------- d-----w- c:\program files\Common Files\Research In Motion
2009-09-08 23:13 . 2009-08-26 22:54 -------- d-----w- c:\users\Jacobo\AppData\Roaming\dvdcss
2009-09-06 22:45 . 2009-09-06 22:45 -------- d-----w- c:\users\Jacobo\AppData\Roaming\Windows Live Writer
2009-09-05 22:38 . 2009-08-23 22:06 -------- d-----w- c:\program files\PokerStars
2009-08-29 00:27 . 2009-09-04 15:01 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14 . 2009-09-04 15:01 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-27 05:22 . 2009-10-16 23:19 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:17 . 2009-10-16 23:19 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 05:17 . 2009-10-16 23:19 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 03:42 . 2009-10-16 23:19 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-21 02:36 . 2009-08-21 02:25 177986 ----a-w- c:\windows\hpoins29.dat
2009-08-21 01:37 . 2009-08-21 01:37 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-21 00:49 . 2009-03-26 23:26 16 ----a-w- c:\windows\SetLang.bat
2009-08-21 00:44 . 2009-08-21 00:45 505128 ----a-w- c:\windows\system32\msvcp71.dll
2009-08-21 00:44 . 2009-08-21 00:45 353576 ----a-w- c:\windows\system32\msvcr71.dll
2009-08-21 00:44 . 2009-08-21 00:45 29480 ----a-w- c:\windows\system32\msxml3a.dll
2009-08-17 21:33 . 2009-08-17 21:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-14 16:27 . 2009-09-10 06:03 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 15:53 . 2009-09-10 06:03 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49 . 2009-09-10 06:03 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49 . 2009-09-10 06:03 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49 . 2009-09-10 06:03 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49 . 2009-09-10 06:03 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49 . 2009-09-10 06:03 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49 . 2009-09-10 06:03 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49 . 2009-09-10 06:03 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48 . 2009-09-10 06:03 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-08-14 13:48 . 2009-09-10 06:03 105984 ----a-w- c:\windows\system32\netiohlp.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2006-07-05 847872]
"Google Update"="c:\users\Jacobo\AppData\Local\Google\Upda te\GoogleUpdate.exe" [2009-08-31 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-10 13605408]
"NvMediaCenter"="c:\windows\system32\NvMcTray. dll" [2009-02-10 92704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-06 1430824]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-02-19 866824]
"Acer ePower Management"="c:\program files\Packard Bell\Packard Bell PowerSave Solution\ePowerTrayLauncher.exe" [2009-04-15 440864]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-02 3882312]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]
SQL Server.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\scm.exe [2002-12-17 90680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):42,16,33,32,14,3f,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1010603109-3914943522-2019868794-1000]
"EnableNotificationsRef"=dword:00000004

R2 ePowerSvc;Acer ePower Service;c:\program files\Packard Bell\Packard Bell PowerSave Solution\ePowerSvc.exe [21-08-2009 01:46 703008]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\k57nd60x.sys [04-09-2008 05:12 223232]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [21-08-2009 11:11 3715072]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [26-06-2009 21:55 66080]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [21-01-2008 03:23 179712]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - SROSA
*Deregistered* - mbr
*Deregistered* - srosa

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2009-10-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1010603109-3914943522-2019868794-1000Core.job
- c:\users\Jacobo\AppData\Local\Google\Update\Google Update.exe [2009-08-31 19:10]

2009-10-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1010603109-3914943522-2019868794-1000UA.job
- c:\users\Jacobo\AppData\Local\Google\Update\Google Update.exe [2009-08-31 19:10]

2009-10-28 c:\windows\Tasks\User_Feed_Synchronization-{D754D6D7-9EC8-4CE6-861A-0F35EA1D7C7C}.job
- c:\windows\system32\msfeedssync.exe [2009-10-16 03:41]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.es/
mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0c0a&s=2&o=vp32&d=0809&m=easynot e_tj66
IE: Anexar a PDF existente - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir a Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir destino de vínculo a PDF existente - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir destino de vínculo en archivo Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir selección a Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir selección a archivo PDF existente - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir vínculos seleccionados a Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convertir vínculos seleccionados a PDF existente - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xportar a Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-28 23:18
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

c:\users\Jacobo\AppData\Roaming\m\flec006.exe [3848] 0x89B3F2D8
c:\users\Jacobo\AppData\Roaming\hidires\flec003.ex e [3868] 0x89BBB418
scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\system32\mdelk.exe 71684 bytes executable
c:\windows\system32\wfsintwq.sys 119188 bytes executable
c:\windows\system32\wintems.exe 71684 bytes executable
c:\users\Jacobo\AppData\Local\Temp\~DF82FC.tmp 311296 bytes
c:\users\Jacobo\AppData\Roaming\drivers\downld
c:\users\Jacobo\AppData\Roaming\drivers\winupgro.e xe 847872 bytes executable
c:\users\Jacobo\AppData\Roaming\hidires
c:\users\Jacobo\AppData\Roaming\hidires\config
c:\users\Jacobo\AppData\Roaming\hidires\config\pre ferences.ini 26 bytes
c:\users\Jacobo\AppData\Roaming\hidires\flec003.ex e 2557956 bytes executable
c:\users\Jacobo\AppData\Roaming\hidires\Incoming
c:\users\Jacobo\AppData\Roaming\hidires\lang
c:\users\Jacobo\AppData\Roaming\hidires\names.txt 3895 bytes
c:\users\Jacobo\AppData\Roaming\hidires\skins
c:\users\Jacobo\AppData\Roaming\hidires\Temp
c:\users\Jacobo\AppData\Roaming\hidires\WDIR
c:\users\Jacobo\AppData\Roaming\hidires\webserver
c:\users\Jacobo\AppData\Roaming\m\flec006.exe 99332 bytes executable

scan completed successfully
hidden files: 18

************************************************** ************************

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"drvsyskit"="c:\\Users\\Jacobo\\AppData\\Roaming\\ drivers\\winupgro.exe"
"mule_st_key"="c:\\Users\\Jacobo\\AppData\\Roaming \\m\\flec006.exe"
"german.exe"="c:\\Windows\\system32\\wintems.e xe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\s rosa]
"ImagePath"="\??\c:\windows\system32\wfsintwq. sys"
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\IoctlSvc.exe
c:\combo-fix\CF15704.exe
c:\windows\System32\rundll32.exe
c:\program files\Packard Bell\Packard Bell PowerSave Solution\ePowerTray.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\windows\servicing\TrustedInstaller.exe
c:\combo-fix\PEV.cfxxe
.
************************************************** ************************
.
Completion time: 2009-10-28 23:24 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-28 22:24

Pre-Run: 242.191.798.272 bytes libres
Post-Run: 242.730.364.928 bytes libres

- - End Of File - - D3D1FB3F7A5A6C1EB69F65370280B681


Un saludo
Jacobo
Responder Con Cita
  post #7  
Antiguo 28/10/09, 19:48:48
Usuario
  
Registrado: ene 2008
Ubicación: España
Mensajes: 19
Re: Problemas son winupgro.exe y hacktool.rootkit
Hola Fugazi27

Estoy intentando instalar el Nod32 y no me deja. Estoy desesperado!!!

Que puedo hacer?

Gracias
Jacobo
Responder Con Cita
  post #8  
Antiguo 29/10/09, 15:07:58
Avatar de Fugazi27
Warrior
  
Registrado: may 2008
Ubicación: BCN/Catalonia/Spain
Mensajes: 4.995
Re: Problemas son winupgro.exe y hacktool.rootkit
Realiza lo siguiente :
  • Clic en INICIO > EJECUTAR >
    • Y ahí pones notepad.exe y ACEPTAR
    • Ahora copia y pega el texto del cuadro de mas abajo dentro del Notepad

Código:
KillAll::

File::
c:\windows\system32\ezsidmv.dat

Folder::
c:\users\Jacobo\AppData\Roaming\m
c:\users\Jacobo\AppData\Roaming\drivers\downld
c:\users\Jacobo\AppData\Roaming\hidires 

Rootkit::
c:\windows\system32\srosa2.sys
c:\windows\system32\mdelk.exe
c:\windows\system32\wfsintwq.sys
c:\windows\system32\wintems.exe
c:\users\Jacobo\AppData\Local\Temp\~DF82FC.tmp
c:\users\Jacobo\AppData\Roaming\drivers\winupgro.exe
c:\users\Jacobo\AppData\Roaming\hidires\config\preferences.ini
c:\users\Jacobo\AppData\Roaming\hidires\flec003.exe
c:\users\Jacobo\AppData\Roaming\hidires\names.txt
c:\users\Jacobo\AppData\Roaming\m\flec006.exe

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"drvsyskit"=-
"mule_st_key"=-
"german.exe"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa]
"ImagePath"=-

Driver::
srosa2
winupgro
  • Guarda este archivo con el nombre CFScript.txt en tu escritorio.

Antes de usar el CFScript....
  • Desactiva temporalmente el Antivirus y/o Antispyware.
  • Cierra todas las ventanas abiertas..
  • A continuación arrastra y suelta el archivo CFScript.txt dentro del archivo ComboFix.exe como lo muestra la animación de abajo. Esto activara ComboFix.
  • *Nota* Mientras CF este trabajando no mover el mouse ya que pararía su proceso.
  • *Nota* ComboFix puede reiniciar automáticamente el PC para completar el proceso de eliminación.
  • Cuando termine, generará un reporte en C:\ComboFix.txt.

Me dejas ese reporte, intentas reinstalar tu antivirus, y me comentas los resultados.

saludos
(¯`·._.·´`·. ℓα ςυαятα ςαєяα єи єℓ вєяиαвєυ .·´`·._.·´¯)
Novedades del Foro | Antivirus Online | Eliminar Malwares | Políticas del Foro | Blog
* Ayúdanos haciendo una DONACIÓN para poder seguir Ayudando.
* Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
* No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.
Responder Con Cita
  post #9  
Antiguo 29/10/09, 19:41:13
Usuario
  
Registrado: ene 2008
Ubicación: España
Mensajes: 19
Re: Problemas son winupgro.exe y hacktool.rootkit
Hola,

Aqui tienes el reporte:

ComboFix 09-10-28.08 - Jacobo 29-10-2009 23:27.2.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.34.3082.18.3066.2276 [GMT 1:00]
Running from: c:\users\Jacobo\Desktop\Combo-Fix.exe
Command switches used :: c:\users\Jacobo\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point

FILE ::
"c:\windows\system32\ezsidmv.dat"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Jacobo\AppData\Roaming\drivers\downld
c:\users\Jacobo\AppData\Roaming\hidires\config\pre ferences.ini
c:\users\Jacobo\AppData\Roaming\hidires\names.txt
c:\windows\system32\ezsidmv.dat
c:\users\Jacobo\AppData\Roaming\hidires . . . . failed to delete
c:\windows\system32\mdelk.exe . . . . failed to delete
c:\windows\system32\wintems.exe . . . . failed to delete

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SROSA


((((((((((((((((((((((((( Files Created from 2009-09-28 to 2009-10-29 )))))))))))))))))))))))))))))))
.

2009-10-29 22:42 . 2009-10-29 22:44 -------- d-----w- c:\users\Jacobo\AppData\Local\temp
2009-10-29 22:42 . 2009-10-29 22:42 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-10-29 22:42 . 2009-10-29 22:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-10-29 22:26 . 2009-04-11 06:32 19944 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-10-29 22:26 . 2009-02-12 16:11 329752 ----a-w- c:\windows\system32\drivers\iaStor.sys
2009-10-29 22:26 . 2008-03-12 06:38 28728 ----a-w- c:\windows\system32\drivers\msahci.sys
2009-10-29 21:48 . 2009-10-29 21:52 -------- d-----w- C:\Combo-Fix24246C
2009-10-29 08:21 . 2009-10-29 22:44 -------- d--h--w- c:\users\Jacobo\AppData\Roaming\drivers
2009-10-29 01:14 . 2009-10-29 01:14 -------- d-----w- c:\program files\eMule
2009-10-29 01:05 . 2009-10-29 01:05 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2009-10-28 22:56 . 2009-10-28 22:56 -------- d-----w- c:\program files\CCleaner
2009-10-28 22:25 . 2009-09-10 14:58 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-28 22:25 . 2009-09-10 14:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-28 21:43 . 2009-10-28 22:24 -------- d-----w- C:\Combo-Fix
2009-10-27 19:27 . 2009-10-27 19:27 -------- d-----w- c:\windows\system32\config\systemprofile\Tracing
2009-10-27 13:58 . 2009-10-27 13:58 -------- d-----w- c:\program files\Panda Security
2009-10-26 19:28 . 2009-10-26 19:28 -------- d-----w- c:\users\Jacobo\AppData\Roaming\Malwarebytes
2009-10-26 19:28 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-26 19:28 . 2009-10-26 19:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-26 19:28 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-26 17:31 . 2009-10-26 21:47 -------- d-----w- c:\users\Jacobo\DoctorWeb
2009-10-26 17:28 . 2009-10-26 17:28 -------- d-----w- c:\programdata\Malwarebytes
2009-10-26 16:35 . 2009-10-28 20:39 7168 ----a-w- c:\windows\system32\srosa2.sys
2009-10-22 00:27 . 2009-10-25 20:40 -------- d-----w- c:\users\Jacobo\Tracing
2009-10-20 10:40 . 2007-03-23 02:05 29272 ----a-r- c:\windows\system32\AdobePDF.dll
2009-10-18 17:39 . 2009-10-18 17:39 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-10-18 12:26 . 2009-10-18 12:26 -------- d-----w- c:\program files\Microsoft Silverlight
2009-10-16 18:50 . 2009-09-10 16:48 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-16 18:50 . 2009-08-04 12:34 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-10-16 18:49 . 2009-08-04 12:34 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-10-16 18:43 . 2009-09-04 11:41 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-10-16 18:42 . 2009-09-14 09:29 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-16 18:42 . 2009-05-08 12:53 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-10-11 21:50 . 2009-10-11 21:50 -------- d-----w- c:\users\Jacobo\AppData\Roaming\Titanium Gears
2009-10-07 11:05 . 2009-10-14 07:23 -------- d-----w- c:\users\Jacobo\AppData\Local\Microsoft Games
2009-10-02 23:59 . 2009-10-01 08:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-02 04:25 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-10-02 04:25 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-10-02 04:25 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-10-02 04:25 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-02 04:25 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-10-02 04:25 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-10-02 04:25 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-02 04:24 . 2009-08-06 17:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-02 04:24 . 2009-08-06 16:44 33792 ----a-w- c:\windows\system32\wuapp.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-10-29 22:44 . 2009-08-21 00:49 31966 ----a-w- c:\programdata\nvModes.dat
2009-10-29 22:14 . 2009-03-27 06:51 688810 ----a-w- c:\windows\system32\perfh00A.dat
2009-10-29 22:14 . 2009-03-27 06:51 138424 ----a-w- c:\windows\system32\perfc00A.dat
2009-10-29 00:35 . 2009-08-22 19:08 -------- d-----w- c:\users\Jacobo\AppData\Roaming\vlc
2009-10-27 13:34 . 2009-03-26 22:53 -------- d-----w- c:\programdata\Norton
2009-10-19 23:11 . 2009-03-26 23:10 -------- d-----w- c:\programdata\Microsoft Help
2009-10-18 19:52 . 2009-08-21 00:35 105752 ----a-w- c:\users\Jacobo\AppData\Local\GDIPFONTCACHEV1.DAT
2009-10-18 17:44 . 2009-03-26 23:13 -------- d-----w- c:\program files\Microsoft Works
2009-10-16 23:28 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-10-11 19:31 . 2009-09-13 00:54 256 ----a-w- c:\windows\system32\pool.bin
2009-09-27 01:45 . 2009-08-21 00:33 -------- d-----w- c:\programdata\NVIDIA
2009-09-27 01:37 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-09-27 01:37 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-09-27 01:37 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-09-27 01:37 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-09-27 01:37 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-09-27 01:37 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-09-23 21:05 . 2009-09-21 11:55 -------- d-----w- c:\users\Jacobo\AppData\Roaming\Skype
2009-09-23 20:45 . 2009-09-21 11:58 -------- d-----w- c:\users\Jacobo\AppData\Roaming\skypePM
2009-09-21 11:54 . 2009-09-21 11:54 -------- d-----r- c:\program files\Skype
2009-09-21 11:54 . 2009-09-21 11:54 -------- d-----w- c:\program files\Common Files\Skype
2009-09-21 11:54 . 2009-09-21 11:54 -------- d-----w- c:\programdata\Skype
2009-09-20 00:54 . 2009-09-20 00:54 -------- d-----w- c:\programdata\FLEXnet
2009-09-20 00:48 . 2009-03-26 23:23 -------- d-----w- c:\program files\Common Files\Adobe
2009-09-13 00:54 . 2009-09-13 00:54 -------- d-----w- c:\users\Jacobo\AppData\Roaming\Research In Motion
2009-09-08 23:13 . 2009-08-26 22:54 -------- d-----w- c:\users\Jacobo\AppData\Roaming\dvdcss
2009-09-06 22:45 . 2009-09-06 22:45 -------- d-----w- c:\users\Jacobo\AppData\Roaming\Windows Live Writer
2009-09-05 22:38 . 2009-08-23 22:06 -------- d-----w- c:\program files\PokerStars
2009-08-29 00:27 . 2009-09-04 15:01 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14 . 2009-09-04 15:01 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-27 05:22 . 2009-10-16 23:19 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:17 . 2009-10-16 23:19 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 05:17 . 2009-10-16 23:19 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 03:42 . 2009-10-16 23:19 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-21 02:36 . 2009-08-21 02:25 177986 ----a-w- c:\windows\hpoins29.dat
2009-08-21 01:37 . 2009-08-21 01:37 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-21 00:49 . 2009-03-26 23:26 16 ----a-w- c:\windows\SetLang.bat
2009-08-21 00:44 . 2009-08-21 00:45 505128 ----a-w- c:\windows\system32\msvcp71.dll
2009-08-21 00:44 . 2009-08-21 00:45 353576 ----a-w- c:\windows\system32\msvcr71.dll
2009-08-21 00:44 . 2009-08-21 00:45 29480 ----a-w- c:\windows\system32\msxml3a.dll
2009-08-17 21:33 . 2009-08-17 21:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-14 16:27 . 2009-09-10 06:03 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 15:53 . 2009-09-10 06:03 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49 . 2009-09-10 06:03 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49 . 2009-09-10 06:03 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49 . 2009-09-10 06:03 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49 . 2009-09-10 06:03 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49 . 2009-09-10 06:03 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49 . 2009-09-10 06:03 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49 . 2009-09-10 06:03 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48 . 2009-09-10 06:03 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-08-14 13:48 . 2009-09-10 06:03 105984 ----a-w- c:\windows\system32\netiohlp.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-10-28_22.18.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-28 22:26 . 2009-10-01 11:55 92160 c:\windows\winsxs\x86_microsoft-windows-ie-iecompat_31bf3856ad364e35_8.0.6001.22933_none_8444 da075fea9e51\iecompat.dll
+ 2009-10-28 22:26 . 2009-10-01 03:59 92160 c:\windows\winsxs\x86_microsoft-windows-ie-iecompat_31bf3856ad364e35_8.0.6001.18842_none_83af 6d0646d60121\iecompat.dll
+ 2008-01-21 01:58 . 2009-10-29 22:13 53222 c:\windows\System32\WDI\ShutdownPerformanceDiagnos tics_SystemData.bin
+ 2006-11-02 13:05 . 2009-10-29 22:13 95390 c:\windows\System32\WDI\BootPerformanceDiagnostics _SystemData.bin
+ 2009-08-21 00:34 . 2009-10-29 22:13 10882 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1010603109-3914943522-2019868794-1000_UserData.bin
- 2009-10-28 13:16 . 2009-10-28 13:15 16384 c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
+ 2009-10-29 08:26 . 2009-10-29 22:34 16384 c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
- 2009-10-28 13:15 . 2009-10-28 13:15 32768 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-10-29 08:26 . 2009-10-29 22:34 32768 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-10-29 08:26 . 2009-10-29 22:34 16384 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
- 2009-10-28 13:16 . 2009-10-28 13:15 16384 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
- 2006-11-02 10:25 . 2009-10-27 13:33 86016 c:\windows\inf\infstor.dat
+ 2006-11-02 10:25 . 2009-10-28 22:58 86016 c:\windows\inf\infstor.dat
- 2006-11-02 10:25 . 2009-10-27 13:33 51200 c:\windows\inf\infpub.dat
+ 2006-11-02 10:25 . 2009-10-28 22:58 51200 c:\windows\inf\infpub.dat
+ 2009-10-28 22:25 . 2009-09-10 15:10 7680 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22223_none_0dc73a70 656b2706\spwmp.dll
+ 2009-10-28 22:25 . 2009-09-10 15:10 4096 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22223_none_0dc73a70 656b2706\dxmasf.dll
+ 2009-08-21 01:22 . 2009-07-15 12:39 7680 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18111_none_0d466cfd 4c47389d\spwmp.dll
+ 2009-08-21 01:22 . 2009-07-15 12:39 4096 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18111_none_0d466cfd 4c47389d\dxmasf.dll
+ 2009-10-28 22:25 . 2009-09-10 20:45 7680 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22520_none_0bddc7aa 684785dd\spwmp.dll
+ 2009-10-28 22:25 . 2009-09-10 20:45 4096 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22520_none_0bddc7aa 684785dd\dxmasf.dll
+ 2009-08-21 01:22 . 2009-07-14 12:58 7680 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18330_none_0b49590d 4f3204dd\spwmp.dll
+ 2009-08-21 01:22 . 2009-07-14 12:59 4096 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18330_none_0b49590d 4f3204dd\dxmasf.dll
+ 2009-10-28 22:25 . 2009-09-10 17:30 7680 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21125_none_09fc60b2 6b1ca9ba\spwmp.dll
+ 2009-10-28 22:25 . 2009-09-10 17:31 4096 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21125_none_09fc60b2 6b1ca9ba\dxmasf.dll
+ 2009-10-28 22:25 . 2009-09-10 17:39 7680 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16926_none_0973ec0f 51fdf005\spwmp.dll
+ 2009-10-28 22:25 . 2009-09-10 17:40 4096 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16926_none_0973ec0f 51fdf005\dxmasf.dll
- 2009-10-28 22:17 . 2009-10-28 22:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive1.dat
+ 2009-10-29 22:43 . 2009-10-29 22:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive1.dat
+ 2009-10-29 22:43 . 2009-10-29 22:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive0.dat
- 2009-10-28 22:17 . 2009-10-28 22:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive0.dat
+ 2009-10-28 22:25 . 2009-09-10 15:10 310784 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_6.0.6002.22223_none_b05140d 2ecdc475e\unregmp2.exe
+ 2009-10-28 22:25 . 2009-09-10 14:58 310784 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_6.0.6002.18111_none_afd0735 fd3b858f5\unregmp2.exe
+ 2009-10-28 22:25 . 2009-09-10 15:23 310784 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_6.0.6001.22520_none_ae67ce0 cefb8a635\unregmp2.exe
+ 2009-10-28 22:25 . 2009-09-10 15:21 310784 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_6.0.6001.18330_none_add35f6 fd6a32535\unregmp2.exe
+ 2009-10-28 22:25 . 2009-09-10 15:14 311296 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_6.0.6000.21125_none_ac86671 4f28dca12\unregmp2.exe
+ 2009-10-28 22:25 . 2009-09-10 15:29 311296 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_6.0.6000.16926_none_abfdf27 1d96f105d\unregmp2.exe
+ 2009-10-28 22:25 . 2009-09-10 15:10 107520 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22223_none_0dc73a70 656b2706\wmpshare.exe
+ 2009-10-28 22:25 . 2009-09-10 15:10 168960 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22223_none_0dc73a70 656b2706\wmplayer.exe
+ 2009-10-28 22:25 . 2009-09-10 15:10 107520 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22223_none_0dc73a70 656b2706\wmpconfig.exe
+ 2009-08-21 01:22 . 2009-07-15 12:39 107520 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18111_none_0d466cfd 4c47389d\wmpshare.exe
+ 2009-10-28 22:25 . 2009-09-10 14:58 168960 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18111_none_0d466cfd 4c47389d\wmplayer.exe
+ 2009-08-21 01:22 . 2009-07-15 12:39 107520 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18111_none_0d466cfd 4c47389d\wmpconfig.exe
+ 2009-10-28 22:25 . 2009-09-10 15:23 107520 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22520_none_0bddc7aa 684785dd\wmpshare.exe
+ 2009-10-28 22:25 . 2009-09-10 15:23 168960 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22520_none_0bddc7aa 684785dd\wmplayer.exe
+ 2009-10-28 22:25 . 2009-09-10 15:23 107520 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22520_none_0bddc7aa 684785dd\wmpconfig.exe
+ 2009-08-21 01:22 . 2009-07-14 10:58 107520 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18330_none_0b49590d 4f3204dd\wmpshare.exe
+ 2009-10-28 22:25 . 2009-09-10 15:21 168960 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18330_none_0b49590d 4f3204dd\wmplayer.exe
+ 2009-08-21 01:22 . 2009-07-14 10:59 107520 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18330_none_0b49590d 4f3204dd\wmpconfig.exe
+ 2009-10-28 22:25 . 2009-09-10 15:14 107520 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21125_none_09fc60b2 6b1ca9ba\wmpshare.exe
+ 2009-10-28 22:25 . 2009-09-10 15:14 168960 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21125_none_09fc60b2 6b1ca9ba\wmplayer.exe
+ 2009-10-28 22:25 . 2009-09-10 15:14 107520 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21125_none_09fc60b2 6b1ca9ba\wmpconfig.exe
+ 2009-10-28 22:25 . 2009-09-10 15:29 107520 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16926_none_0973ec0f 51fdf005\wmpshare.exe
+ 2009-10-28 22:25 . 2009-09-10 15:29 168960 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16926_none_0973ec0f 51fdf005\wmplayer.exe
+ 2009-10-28 22:25 . 2009-09-10 15:29 107520 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16926_none_0973ec0f 51fdf005\wmpconfig.exe
+ 2006-11-02 10:33 . 2009-10-29 22:14 607912 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-10-28 20:43 607912 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-10-29 22:14 109438 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2009-10-28 20:43 109438 c:\windows\System32\perfc009.dat
- 2006-11-02 10:25 . 2009-10-27 13:33 143360 c:\windows\inf\infstrng.dat
+ 2006-11-02 10:25 . 2009-10-28 22:58 143360 c:\windows\inf\infstrng.dat
+ 2009-10-28 22:25 . 2009-09-10 15:10 1418752 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_6.0.6002.22223_none_b05140d 2ecdc475e\setup_wm.exe
+ 2009-10-28 22:25 . 2009-09-10 14:58 1418752 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_6.0.6002.18111_none_afd0735 fd3b858f5\setup_wm.exe
+ 2009-10-28 22:25 . 2009-09-10 15:23 1418752 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_6.0.6001.22520_none_ae67ce0 cefb8a635\setup_wm.exe
+ 2009-10-28 22:25 . 2009-09-10 15:21 1418752 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_6.0.6001.18330_none_add35f6 fd6a32535\setup_wm.exe
+ 2009-10-28 22:25 . 2009-09-10 15:14 1418240 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_6.0.6000.21125_none_ac86671 4f28dca12\setup_wm.exe
+ 2009-10-28 22:25 . 2009-09-10 15:29 1418240 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_6.0.6000.16926_none_abfdf27 1d96f105d\setup_wm.exe
+ 2009-10-28 22:25 . 2009-09-10 15:11 8147456 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22223_none_0dc73a70 656b2706\wmploc.DLL
+ 2009-10-28 22:25 . 2009-09-10 14:59 8147456 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18111_none_0d466cfd 4c47389d\wmploc.DLL
+ 2009-10-28 22:25 . 2009-09-10 15:24 8147456 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22520_none_0bddc7aa 684785dd\wmploc.DLL
+ 2009-10-28 22:25 . 2009-09-10 15:21 8147456 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18330_none_0b49590d 4f3204dd\wmploc.DLL
+ 2009-10-28 22:25 . 2009-09-10 15:14 8147968 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21125_none_09fc60b2 6b1ca9ba\wmploc.DLL
+ 2009-10-28 22:25 . 2009-09-10 15:29 8147968 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16926_none_0973ec0f 51fdf005\wmploc.DLL
+ 2006-11-02 10:22 . 2009-10-29 08:34 6553600 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2006-11-02 10:22 . 2009-10-18 18:01 6553600 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2006-11-02 12:47 . 2009-10-29 12:58 4295883 c:\windows\ServiceProfiles\NetworkService\AppData\ Roaming\Microsoft\SoftwareLicensing\tokens.dat
- 2006-11-02 12:47 . 2009-09-27 01:44 4295883 c:\windows\ServiceProfiles\NetworkService\AppData\ Roaming\Microsoft\SoftwareLicensing\tokens.dat
+ 2009-10-28 22:25 . 2009-09-10 17:10 10627584 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22223_none_0dc73a70 656b2706\wmp.dll
+ 2009-10-28 22:25 . 2009-09-10 16:49 10627584 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18111_none_0d466cfd 4c47389d\wmp.dll
+ 2009-10-28 22:25 . 2009-09-10 20:46 10627584 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22520_none_0bddc7aa 684785dd\wmp.dll
+ 2009-10-28 22:25 . 2009-09-10 17:33 10626048 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18330_none_0b49590d 4f3204dd\wmp.dll
+ 2009-10-28 22:25 . 2009-09-10 17:31 10622464 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21125_none_09fc60b2 6b1ca9ba\wmp.dll
+ 2009-10-28 22:25 . 2009-09-10 17:40 10622464 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16926_none_0973ec0f 51fdf005\wmp.dll
+ 2009-10-28 22:25 . 2009-09-10 16:49 10627584 c:\windows\System32\wmp.dll
+ 2009-08-21 21:20 . 2009-10-28 22:25 189671644 c:\windows\winsxs\ManifestCache\6.0.6002.18005_001 c11ba_blobs.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2006-07-05 847872]
"Google Update"="c:\users\Jacobo\AppData\Local\Google\Upda te\GoogleUpdate.exe" [2009-08-31 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-10 13605408]
"NvMediaCenter"="c:\windows\system32\NvMcTray. dll" [2009-02-10 92704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-06 1430824]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-02-19 866824]
"Acer ePower Management"="c:\program files\Packard Bell\Packard Bell PowerSave Solution\ePowerTrayLauncher.exe" [2009-04-15 440864]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]
SQL Server.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\scm.exe [2002-12-17 90680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):42,16,33,32,14,3f,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1010603109-3914943522-2019868794-1000]
"EnableNotificationsRef"=dword:0000002e

R2 ePowerSvc;Acer ePower Service;c:\program files\Packard Bell\Packard Bell PowerSave Solution\ePowerSvc.exe [21-08-2009 01:46 703008]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\k57nd60x.sys [04-09-2008 05:12 223232]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [21-08-2009 11:11 3715072]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [26-06-2009 21:55 66080]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [21-01-2008 03:23 179712]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - SROSA
*Deregistered* - mbr
*Deregistered* - srosa

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2009-10-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1010603109-3914943522-2019868794-1000Core.job
- c:\users\Jacobo\AppData\Local\Google\Update\Google Update.exe [2009-08-31 19:10]

2009-10-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1010603109-3914943522-2019868794-1000UA.job
- c:\users\Jacobo\AppData\Local\Google\Update\Google Update.exe [2009-08-31 19:10]

2009-10-29 c:\windows\Tasks\User_Feed_Synchronization-{D754D6D7-9EC8-4CE6-861A-0F35EA1D7C7C}.job
- c:\windows\system32\msfeedssync.exe [2009-10-16 03:41]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.es/
mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0c0a&s=2&o=vp32&d=0809&m=easynot e_tj66
IE: Anexar a PDF existente - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir a Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir destino de vínculo a PDF existente - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir destino de vínculo en archivo Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir selección a Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir selección a archivo PDF existente - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir vínculos seleccionados a Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convertir vínculos seleccionados a PDF existente - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xportar a Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-29 23:44
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\system32\mdelk.exe 71684 bytes executable
c:\windows\system32\wfsintwq.sys 119188 bytes executable
c:\windows\system32\wintems.exe 71684 bytes executable
c:\users\Jacobo\AppData\Roaming\drivers\downld
c:\users\Jacobo\AppData\Roaming\hidires
c:\users\Jacobo\AppData\Roaming\hidires\flec003.ex e 2557956 bytes executable

scan completed successfully
hidden files: 6

************************************************** ************************

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"drvsyskit"="c:\\Users\\Jacobo\\AppData\\Roaming\\ drivers\\winupgro.exe"
"mule_st_key"="c:\\Users\\Jacobo\\AppData\\Roaming \\m\\flec006.exe"
"german.exe"="c:\\Windows\\system32\\wintems.e xe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\s rosa]
"ImagePath"="\??\c:\windows\system32\wfsintwq. sys"
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\System32\rundll32.exe
c:\program files\Packard Bell\Packard Bell PowerSave Solution\ePowerTray.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
************************************************** ************************
.
Completion time: 2009-10-29 23:49 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-29 22:49
ComboFix2.txt 2009-10-28 22:24

Pre-Run: 242.447.544.320 bytes libres
Post-Run: 242.557.386.752 bytes libres

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 4468AFA2F04E66E3C60D5A32EF91885A



En cuanto al antivirus no me deja instalar ni en Nod32 ni el Kaspersky. Inicia la instalacion pero en ambos casos me aparece un mensaje de error

Error writing to file: C:\Program Files\ESET\ESET NOD32 Antivirus\Drivers\eamon.sys. Verify that you have access to that directory

Sigo notando lentisimo, especialmente lo que se refiere al explorador de internet.

Espero instrucciones. Gracias
Jacobo
Responder Con Cita
  post #10  
Antiguo 29/10/09, 21:05:06
Avatar de Fugazi27
Warrior
  
Registrado: may 2008
Ubicación: BCN/Catalonia/Spain
Mensajes: 4.995
Re: Problemas son winupgro.exe y hacktool.rootkit
Se está poniendo un poco pesado el bagle, realiza lo siguiente:

Desinstala CF de esta manera:
  • Ve a Inicio > Ejecutar
  • Escribe lo siguiente: ComboFix /u como muestra la imagen debajo:
    o
  • Esto activara el desinstalador de ComboFix abriendo su pantalla principal y luego de unos segundos verás "ComboFix is uninstalled"
Nota: Si no funciona ese método de desinstalación descarga y ejecuta OTC.exe, pulsa en CleanUp!, luego en "Yes", y reinicia tu PC.
Apaga "Restaurar Sistema"

Descarga las siguientes herramientas pero no las ejecutes aún:Inicia tu ordenador en modo a prueba de fallos(modo seguro) ( si no puedes intenta reparar el modo seguro como pone aquí)

Ejecuta FS-FixBagle (en vista haz clic derecho y ejecutar como administrador)
  1. Desactiva temporalmente el Antivirus y/o Antispyware.
  2. Descomprime FS-FixBagle.zip en el Escritorio.
  3. Abre la Carpeta FS-Fix
  4. Ejecute FS-FixBagle.exe
  5. Eliga la opción "1", para iniciar la busqueda del Bagle
  6. Al termino del Analisis, FS-FixBagle, preguntara si desea reiniciar el ordenador. Acepta,
  7. Se genera un reporte, quel se encuentra generalmente en C:\BagleReport.txt.
*Nota* Si FS-FixBagle, encuentra el Driver/Rootkit, srosa.sys, sera necesario reiniciar el odenador, por lo que debe permitir que FS-FixBagle, reinicie el ordenador.
Ejecuta Malwarebytes: Selecciona hacer un "scan completo", una vez finalice si te detecta algo haz clic en "quitar lo seleccionado",si te pide reiniciar lo haces y después vas a la pestaña de "registros" para copiar el reporte en este tema.

Reinicia a modo normal, descargas nuevamente ComboFix.exe y lo ejecutas tal como antes te explique.

Haces todos los pasos, reactivas restaurar sistema y regresa con los 3 reportes generados por las herramientas.


Saludos
(¯`·._.·´`·. ℓα ςυαятα ςαєяα єи єℓ вєяиαвєυ .·´`·._.·´¯)
Novedades del Foro | Antivirus Online | Eliminar Malwares | Políticas del Foro | Blog
* Ayúdanos haciendo una DONACIÓN para poder seguir Ayudando.
* Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
* No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.
Responder Con Cita
Respuesta
Página 1 de 3 1 23

« Tema Anterior | Próximo Tema »
Herramientas

Reglas del foro
No puedes crear nuevos temas
No puedes responder temas
No puedes subir adjuntos
No puedes editar tus mensajes
BB code is activado
Las caritas están activado
Código [IMG] está activado
Código HTML está desactivado
Trackbacks are desactivado
Pingbacks are activado
Refbacks are activado

Temas Similares
Tema Autor Foro Respuestas Último mensaje
muchos problemas en mi pc (Solucionado) mennuz Ayuda General 3 30/03/09 01:06:44
Problemas con los mensajeros (Live, Yahoo y GTalk) (Solucionado) nathassia Temas Solucionados 3 18/03/09 12:10:31
Internet y otros problemas (Solucionado) Aristócles Temas Solucionados 4 23/12/08 19:59:15
pc lenta problemas en el registro.. (Solucionado) axl456 Temas Solucionados 7 01/04/07 09:44:00
Problemas con razespyware y fondo pantalla rojo solucionado a medias (Solucionado) bzambra Temas Solucionados 2 24/10/06 15:14:59




Todas las horas son GMT -4. La hora es 10:39:57.

Sobre Infospyware - Contáctanos - Políticas del Foro - Staff - Archivo - Blog  

Powered by: InfoSpyware, Versión 3.8.4
Copyright © 2004 - 2009, ForoSpyware.com
© Copyright 2005 - 2009 InfoSpyware ® Todos los derechos reservados.
InfoSpyware es miembro de ASAP - Alliance of Security Analysis Professionals

 

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31