• Registrarse
  • Iniciar sesión


  • Página 1 de 2 12 ÚltimoÚltimo
    Resultados 1 al 10 de 19

    tengo un spyware (Solucionado)

    Resumen del tema: tengo un spyware (Solucionado) - Hace una semana al bajar un archivo mi laptop cambio totalmente primero la pantalla se puso negra, asi que repare windows, luego apareceieron ventanas que decian: msfeedssync.exe, Microsoft feeds synchronization, Generic Host Process, svchost.exe, trato ...

      
    1. #1
      Usuario Avatar de charlypin
      Registrado
      ene 2007
      Ubicación
      USA
      Mensajes
      16

      Triste tengo un spyware (Solucionado)

      Hace una semana al bajar un archivo mi laptop cambio totalmente primero la pantalla se puso negra, asi que repare windows, luego apareceieron ventanas que decian: msfeedssync.exe, Microsoft feeds synchronization, Generic Host Process, svchost.exe, trato de actualizar windows y no entra la pagina ni por el link directo del windows ni por la web de microsoft. he tratado de todo y no se como hacer, aqui esta el hijjackthis tomado en safe mode. espero alguien pueda ayudarme muchas Gracias.

      Logfile of Trend Micro HijackThis v2.0.4
      Scan saved at 8:17:47 PM, on 10/25/2010
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v8.00 (8.00.6001.18702)
      Boot mode: Safe mode with network support

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\ZoneLabs\vsmon.exe
      C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Documents and Settings\Carlos Pinzon\My Documents\Downloads\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

      http://www.yahoo.com/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

      http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

      http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =

      http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/

      search/search.html
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

      http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

      http://go.microsoft.com/fwlink/?LinkId=69157
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
      R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =

      http://ie.redirect.hp.com/svs/rdr?

      TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=laptop
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

      Settings,ProxyOverride = *.local
      R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -

      C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
      O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} -

      C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
      O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} -

      C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
      O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program

      Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
      O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} -

      C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
      O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-

      4E65E497C8C0} - (no file)
      O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} -

      C:\Program Files\Yahoo!\Common\yiesrvc.dll
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
      O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -

      C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
      O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-

      5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows

      Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -

      C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
      O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-

      0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -

      C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
      O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program

      Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9}

      - C:\Program Files\Java\jre6\bin\jp2ssv.dll
      O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -

      C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
      O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} -

      C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
      O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -

      C:\Program Files\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll
      O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -

      C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
      O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -

      C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
      O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} -

      C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
      O3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll,-

      100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN

      Toolbar\Platform\5.0.1449.0\npwinext.dll
      O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program

      Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
      O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -

      C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
      O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
      O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog

      Devices\SoundMAX\SMax4PNP.exe
      O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

      /tray
      O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE

      /SYNC
      O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE

      /IMEName
      O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
      O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil

      /RemAdvDef /Migration32
      O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
      O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless

      Assistant\HP Wireless Assistant.exe
      O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
      O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12

      \GrooveMonitor.exe"
      O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick

      Search Box\GoogleQuickSearchBox.exe" /autorun
      O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch

      Buttons\EabServr.exe /Start
      O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile

      Device Support\AppleSyncNotifier.exe
      O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
      O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe"

      /min
      O4 - HKLM\..\Run: [Bing Bar] "C:\Program Files\MSN Toolbar\Platform\5.0.1449.0

      \mswinext.exe"
      O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone

      Labs\ZoneAlarm\zlclient.exe"
      O4 - HKLM\..\Run: [accrdsub] "C:\Program

      Files\ActivIdentity\ActivClient\accrdsub.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java

      Update\jusched.exe"
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software

      Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -

      atboottime
      O4 - HKLM\..\Run: [Mobile Connectivity Suite] "C:\Program Files\HTC\HTC

      Sync\Application Launcher\Application Launcher.exe" /startoptions
      O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
      O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
      O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
      O4 - HKLM\..\Run: [PSUNMain] "C:\Program Files\Panda Security\Panda Cloud

      Antivirus\PSUNMain.exe" /Traybar
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader

      9.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0

      \AdobeARM.exe"
      O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
      O4 - HKCU\..\Run: [swg] "C:\Program

      Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
      O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Carlos Pinzon\Local

      Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Carlos

      Pinzon\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
      O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common

      Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
      O4 - HKCU\..\Run: [EPSON Stylus Photo R280 Series] C:\WINDOWS\System32

      \spool\DRIVERS\W32X86\3\E_FATICKA.EXE /FU "C:\WINDOWS\TEMP\E_S1B4.tmp" /EF

      "HKCU"
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User

      'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User

      'Default user')
      O4 - Startup: PdaNet Desktop.lnk = C:\Program Files\PdaNet for

      Android\PdaNetPC.exe
      O4 - Global Startup: ActivClient Agent.lnk = C:\Program

      Files\ActivIdentity\ActivClient\acsagent.exe
      O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD

      Check\DVDCheck.exe
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program

      Files\Hp\Digital Imaging\bin\hpqtra08.exe
      O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common

      Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
      O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy

      Package\dapcleanerie.htm
      O8 - Extra context menu item: &Download with &DAP - C:\Program

      Files\DAP\dapextie.htm
      O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!

      \Common/ycsrch.htm
      O8 - Extra context menu item: Append to existing PDF - res://C:\Program

      Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
      O8 - Extra context menu item: Convert link target to Adobe PDF -

      res://C:\Program Files\Adobe\Acrobat 8.0

      \Acrobat\AcroIEFavClient.dll/AcroIECapture.html
      O8 - Extra context menu item: Convert link target to existing PDF -

      res://C:\Program Files\Adobe\Acrobat 8.0

      \Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
      O8 - Extra context menu item: Convert selected links to Adobe PDF -

      res://C:\Program Files\Adobe\Acrobat 8.0

      \Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
      O8 - Extra context menu item: Convert selected links to existing PDF -

      res://C:\Program Files\Adobe\Acrobat 8.0

      \Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
      O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program

      Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
      O8 - Extra context menu item: Convert selection to existing PDF -

      res://C:\Program Files\Adobe\Acrobat 8.0

      \Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
      O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program

      Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
      O8 - Extra context menu item: Download &all with DAP - C:\Program

      Files\DAP\dapextie2.htm
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1

      \MICROS~2\Office12\EXCEL.EXE/3000
      O8 - Extra context menu item: Google Sidewiki... - res://C:\Program

      Files\Google\Google

      Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.ht

      ml
      O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program

      Files\Yahoo!\Common/ycdict.htm
      O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!

      \Common/ycmap.htm
      O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!

      \Common/ycsms.htm
      O9 - Extra button: MktBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} -

      C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy (file missing)
      O9 - Extra 'Tools' menuitem: MarketBrowser - {17A27031-71FC-11d4-815C-

      005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy

      (file missing)
      O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} -

      C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
      O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-

      5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
      O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} -

      C:\Program Files\Yahoo!\Common\yiesrvc.dll
      O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program

      Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

      C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
      O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-

      8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web

      Printing\hpswp_BHO.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

      C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-

      f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

      C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-

      00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -

      http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
      O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class)

      - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

      https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) -

      http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
      O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} -

      C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -

      C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
      O20 - AppInit_DLLs:
      O20 - Winlogon Notify: ackpbsc - C:\WINDOWS\system32\ackpbsc.dll
      O20 - Winlogon Notify: acunlock - C:\Program

      Files\ActivIdentity\ActivClient\acunlock.dll
      O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-

      00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
      O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-

      11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
      O23 - Service: ActivClient Middleware Service (accoca) - ActivIdentity -

      C:\Program Files\ActivIdentity\ActivClient\accoca.exe
      O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH -

      C:\Program Files\Avira\AntiVir Desktop\sched.exe
      O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program

      Files\Avira\AntiVir Desktop\avguard.exe
      O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common

      Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
      O23 - Service: Ares Chatroom server (AresChatServer) - Unknown owner -

      C:\Program Files\Ares\chatServer.exe (file missing)
      O23 - Service: BackupService - ArcSoft, Inc. - C:\Documents and Settings\Carlos

      Pinzon\Application Data\HP SimpleSave Application\uUACTokenSvc.exe
      O23 - Service: Bonjour Service - Apple Inc. - C:\Program

      Files\Bonjour\mDNSResponder.exe
      O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program

      Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
      O23 - Service: Google Update Service (gupdate1c999d46323f66c)

      (gupdate1c999d46323f66c) - Google Inc. - C:\Program

      Files\Google\Update\GoogleUpdate.exe
      O23 - Service: Google Software Updater (gusvc) - Google - C:\Program

      Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company,

      L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation

      - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
      O23 - Service: iPod Service - Apple Inc. - C:\Program

      Files\iPod\bin\iPodService.exe
      O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems,

      Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
      O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program

      Files\Lavasoft\Ad-Aware\AAWService.exe
      O23 - Service: LightScribeService Direct Disc Labeling Service

      (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common

      Files\LightScribe\LSSrvc.exe
      O23 - Service: Panda Cloud Antivirus Service (NanoServiceMain) - Panda Security,

      S.L. - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
      O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner -

      C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file

      missing)
      O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) -

      Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
      O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software

      Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
      O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program

      Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

      --
      End of file - 17352 bytes

    2. #2
      Moderador Gral.
      Avatar de Leosolari
      Registrado
      jun 2007
      Ubicación
      Argentina
      Mensajes
      54.383

      Re: tengo un spyware o malware o trojan o virus

      Hola charlypin


      Por favor, seguí este procedimiento:



      PASO 1: Descargá estas herramientas a Tu escritorio:


      º CCleaner. Lo instalas según Su Manual

      º Malwarebytes. Lo instalas y actualizas según su manual.

      º ComboFix.exe y guárdalo en el escritorio.


      PASO 2: Ejecutá Malwarebytes.
      Hacé un "escaneo completo". Una vez finalizado, si te detecta algo eliges " Quitar lo Seleccionado " como lo indica Esta Imagen
      Si te pide reiniciar, lo haces.



      PASO 3: Ejecutá CCleaner usando sus opciones "Limpiador" y "Registro".



      PASO 4: Ejecutar ComboFix

      • Desactiva temporalmente el Antivirus y/o Antispyware.
      • Cierra todas las ventanas abiertas.
      • Hacele doble clic al archivo ComboFix.exe y seguí las instrucciones.
      • Cuando termine, generara un registro en C:\ComboFix.txt.
        • *Nota* Mientras CF este trabajando no mover el mouse ya que pararía su proceso.
        • *Nota* ComboFix puede reiniciar automáticamente el PC para completar el proceso de eliminación.
      Atención!! No use ComboFix a menos que se le haya indicado específicamente en su mensaje por un integrante de nuestro Staff. Es una herramienta de gran alcance destinada por su creador a ser usada bajo la orientación y supervisión de un experto, no para uso privado. El uso de ComboFix incorrectamente podría generar problemas en su sistema. Por favor, lea las "Negaciones de la Garantía" de ComboFix.
      • Reinicia y pega el reporte de C:\ComboFix.txt en este mismo mensaje.




      En tu próxima respuesta, debes poner lo siguiente:

      º El reporte de Malwarebytes, que se encuentra en su pestaña REGISTROS
      º El reporte de ComboFix
      º Como funciona tu pc ahora


      Saludos


      PD: No vuelvas a ejecutar ComboFix ni ningún otro programa antivirus hasta que vuelva con una respuesta, ya que puedes hacer cambiar las cosas.

      `·.¸¸.·´´¯`··._.· ·.¸¸.·´´¯`··._.· No Desesperes.....Seguí Luchando `·.¸¸.·´´¯`··._.· ·.¸¸.·´´¯`··._.·

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    3. #3
      Usuario Avatar de charlypin
      Registrado
      ene 2007
      Ubicación
      USA
      Mensajes
      16

      Re: tengo un spyware o malware o trojan o virus

      Hola, aca envio el Combofixt.txt Gracias

      ComboFix 10-10-25.01 - Carlos Pinzon 10/26/2010 20:16:59.1.1 - x86
      Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1461 [GMT -7:00]
      Running from: c:\documents and settings\Carlos Pinzon\Desktop\ComboFix.exe
      AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
      FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
      .

      ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      c:\documents and settings\Carlos Pinzon\g2mdlhlpx.exe
      C:\Install.exe
      C:\VDM119.tmp
      C:\VDM11A.tmp
      C:\VDM11B.tmp
      C:\VDM11C.tmp
      C:\VDM11D.tmp
      C:\VDM11E.tmp
      C:\VDM11F.tmp
      C:\VDM120.tmp
      C:\VDM121.tmp
      C:\VDM122.tmp
      C:\VDM123.tmp
      C:\VDM124.tmp
      C:\VDM125.tmp
      C:\VDM126.tmp
      C:\VDM127.tmp
      C:\VDM128.tmp
      C:\VDM129.tmp
      C:\VDM12A.tmp
      C:\VDM12B.tmp
      C:\VDM12C.tmp
      C:\VDM12D.tmp
      C:\VDM12F.tmp
      C:\VDM130.tmp
      C:\VDM131.tmp
      C:\VDM132.tmp
      C:\VDM133.tmp
      C:\VDM134.tmp
      c:\windows\system32\_000110_.tmp.dll
      c:\windows\system32\_000912_.tmp.dll
      c:\windows\system32\bszip.dll
      c:\windows\system32\mi2.exe
      c:\windows\system32\spool\prtprocs\w32x86\CNMPD83.DLL
      c:\windows\system32\spool\prtprocs\w32x86\CNMPP83.DLL

      .
      ((((((((((((((((((((((((( Files Created from 2010-09-27 to 2010-10-27 )))))))))))))))))))))))))))))))
      .

      2010-10-26 17:15 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
      2010-10-26 17:15 . 2010-10-26 17:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
      2010-10-26 17:15 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
      2010-10-25 02:05 . 2010-09-23 07:46 15880 ----a-w- c:\windows\system32\lsdelete.exe
      2010-10-25 00:13 . 2010-10-25 00:13 -------- d-----w- c:\documents and settings\Carlos Pinzon\Local Settings\Application Data\Sunbelt Software
      2010-10-25 00:11 . 2010-10-25 00:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
      2010-10-25 00:11 . 2010-10-25 00:11 -------- d-----w- c:\program files\Lavasoft
      2010-10-21 23:47 . 2010-09-06 09:26 189520 ----a-w- c:\windows\system32\drivers\tmcomm.sys
      2010-10-21 17:37 . 2010-10-23 18:45 -------- d-----w- C:\8b66b64bf918ca2f915a3ca8
      2010-10-21 05:11 . 2005-02-08 10:31 163840 ----a-r- c:\windows\system32\igfxres.dll
      2010-10-21 04:58 . 2004-08-04 12:00 41600 -c--a-w- c:\windows\system32\dllcache\weitekp9.dll
      2010-10-21 04:58 . 2004-08-04 12:00 31232 -c--a-w- c:\windows\system32\dllcache\weitekp9.sys
      2010-10-21 04:58 . 2004-08-04 12:00 9216 -c--a-w- c:\windows\system32\dllcache\wamps51.dll
      2010-10-21 04:58 . 2004-08-04 12:00 76800 -c--a-w- c:\windows\system32\dllcache\wam51.dll
      2010-10-21 04:58 . 2004-08-04 12:00 5632 -c--a-w- c:\windows\system32\dllcache\w3svapi.dll
      2010-10-21 04:58 . 2004-08-04 12:00 53248 -c--a-w- c:\windows\system32\dllcache\wamreg51.dll
      2010-10-21 04:58 . 2004-08-04 12:00 363520 -c--a-w- c:\windows\system32\dllcache\w3svc.dll
      2010-10-21 04:58 . 2004-08-04 12:00 73728 -c--a-w- c:\windows\system32\dllcache\w3ext.dll
      2010-10-21 04:58 . 2004-08-04 12:00 48256 -c--a-w- c:\windows\system32\dllcache\w32.dll
      2010-10-21 04:58 . 2004-08-04 12:00 4608 -c--a-w- c:\windows\system32\dllcache\w3ctrs51.dll
      2010-10-21 04:56 . 2004-08-04 12:00 92416 -c--a-w- c:\windows\system32\dllcache\mga.sys
      2010-10-21 04:55 . 2004-08-04 12:00 108544 -c--a-w- c:\windows\system32\dllcache\appconf.dll
      2010-10-21 04:38 . 2004-08-04 12:00 97792 -c--a-w- c:\windows\system32\dllcache\chtmbx.dll
      2010-10-21 04:37 . 2004-08-04 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
      2010-10-21 04:37 . 2004-08-04 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
      2010-10-21 04:37 . 2004-08-04 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
      2010-10-21 04:37 . 2004-08-04 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
      2010-10-21 04:37 . 2004-08-04 12:00 13753 ----a-r- c:\windows\SET84.tmp
      2010-10-21 04:37 . 2004-08-04 12:00 1086058 ----a-r- c:\windows\SET78.tmp
      2010-10-21 04:37 . 2004-08-04 12:00 1042903 ----a-r- c:\windows\SET75.tmp
      2010-10-20 08:01 . 2010-10-20 18:54 -------- d-----w- C:\ae034ea01f526bb81679bf53092042
      2010-10-20 07:07 . 2010-10-20 07:07 -------- d-----w- c:\program files\Common Files\Adobe AIR
      2010-10-20 07:03 . 2010-09-01 22:51 35136 ----a-w- c:\program files\Mozilla Firefox\plugins\np_gp.dll
      2010-10-20 07:03 . 2010-10-20 07:03 -------- d-----w- c:\program files\NOS
      2010-10-20 06:48 . 2010-10-20 06:48 -------- d-----w- c:\documents and settings\Carlos Pinzon\Application Data\Panda Security
      2010-10-20 06:47 . 2010-10-20 06:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Panda Security
      2010-10-20 06:32 . 2010-10-25 00:06 -------- d-----w- c:\documents and settings\Carlos Pinzon\Local Settings\Application Data\Temp
      2010-10-20 02:03 . 2010-10-20 02:04 -------- d-----w- c:\program files\FileASSASSIN
      2010-10-19 22:46 . 2010-10-19 22:47 -------- d-----w- c:\documents and settings\Administrator
      2010-10-19 21:37 . 2010-10-19 21:37 -------- d-----w- c:\documents and settings\Carlos Pinzon\Local Settings\Application Data\Ashampoo
      2010-10-19 08:42 . 2010-10-19 08:42 -------- d-----w- c:\documents and settings\Carlos Pinzon\DoctorWeb
      2010-10-19 07:52 . 2010-10-19 07:52 -------- d-----w- c:\program files\CCleaner
      2010-10-19 06:48 . 2010-10-19 06:48 -------- d-----w- c:\program files\ESET
      2010-10-19 02:16 . 2010-10-19 02:16 -------- d-----w- c:\windows\system32\SeaPort
      2010-10-19 02:05 . 2010-10-25 00:11 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{E961CE1B-C3EA-4882-9F67-F859B555D097}
      2010-10-19 01:37 . 2010-10-20 05:54 -------- d-----w- c:\program files\Spybot - Search & Destroy
      2010-10-19 01:37 . 2010-10-20 05:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
      2010-10-19 01:05 . 2010-10-19 01:05 -------- d-----w- c:\documents and settings\Carlos Pinzon\Application Data\Malwarebytes
      2010-10-19 01:05 . 2010-10-19 01:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
      2010-10-18 23:41 . 2010-10-18 23:41 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
      2010-10-18 23:23 . 2009-06-30 17:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
      2010-10-18 07:02 . 2004-08-04 12:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
      2010-10-18 07:02 . 2004-08-04 12:00 16384 ----a-w- c:\program files\Internet Explorer\Connection Wizard\isignup.exe
      2010-10-18 07:01 . 2004-08-04 12:00 32768 -c--a-w- c:\windows\system32\dllcache\icwdl.dll
      2010-10-18 07:01 . 2004-08-04 12:00 32768 ----a-w- c:\program files\Internet Explorer\Connection Wizard\icwdl.dll
      2010-10-18 06:42 . 2004-08-04 12:00 13753 ----a-r- c:\windows\SET133.tmp
      2010-10-18 06:42 . 2004-08-04 12:00 1086058 ----a-r- c:\windows\SET127.tmp
      2010-10-18 06:42 . 2004-08-04 12:00 1042903 ----a-r- c:\windows\SET124.tmp
      2010-10-14 22:49 . 2010-10-14 22:49 -------- d-----w- c:\documents and settings\Carlos Pinzon\Application Data\gtk-2.0
      2010-10-14 22:49 . 2010-10-14 22:49 -------- d-----w- c:\documents and settings\Carlos Pinzon\.thumbnails
      2010-10-14 22:46 . 2010-10-14 22:51 -------- d-----w- c:\documents and settings\Carlos Pinzon\.gimp-2.6
      2010-10-14 22:46 . 2010-10-14 22:46 -------- d-----w- c:\documents and settings\Carlos Pinzon\.gegl-0.0
      2010-10-14 22:44 . 2010-10-14 22:44 -------- d-----w- c:\program files\Gimp-2.0
      2010-10-14 22:43 . 2010-10-14 22:43 -------- d-----w- c:\program files\W3i
      2010-10-14 22:43 . 2010-10-14 22:43 -------- d-----w- c:\documents and settings\All Users\Application Data\W3i
      2010-10-13 07:38 . 2010-10-13 07:38 -------- d-----w- c:\program files\FreeZ Online TV
      2010-10-13 07:35 . 2010-10-13 07:35 -------- d-----w- c:\program files\YouTube Downloader

      .
      (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2009-05-01 21:02 . 2009-05-01 21:02 1044480 -c--a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
      2009-05-01 21:02 . 2009-05-01 21:02 200704 -c--a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
      .

      ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown
      REGEDIT4

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Malware Icon]
      @="{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}"
      [HKEY_CLASSES_ROOT\CLSID\{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}]
      2010-05-14 22:04 320832 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Suspect Icon]
      @="{9AE343CB-BA45-4618-AF6A-0230EE6FC793}"
      [HKEY_CLASSES_ROOT\CLSID\{9AE343CB-BA45-4618-AF6A-0230EE6FC793}]
      2010-05-14 22:04 320832 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-10 68856]
      "Google Update"="c:\documents and settings\Carlos Pinzon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-12-27 133104]
      "cdloader"="c:\documents and settings\Carlos Pinzon\Application Data\mjusbsp\cdloader2.exe" [2010-10-08 50592]
      "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2005-07-05 184320]
      "SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
      "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
      "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
      "LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
      "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
      "IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-02-08 155648]
      "hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-05-04 794624]
      "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-02-08 126976]
      "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
      "Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-06-20 68592]
      "eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 290816]
      "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-07-13 47904]
      "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2005-02-08 159744]
      "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
      "Bing Bar"="c:\program files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe" [2010-04-27 243544]
      "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-06-23 1043968]
      "accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2007-05-15 293168]
      "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
      "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
      "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
      "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-08-10 421888]
      "Mobile Connectivity Suite"="c:\program files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" [2009-11-20 598016]
      "AGRSMMSG"="AGRSMMSG.exe" [2005-04-13 88209]
      "Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-03-29 233534]
      "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
      "PSUNMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2010-05-14 406848]
      "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
      "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
      "IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 44032]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

      c:\documents and settings\Carlos Pinzon\Start Menu\Programs\Startup\
      PdaNet Desktop.lnk - c:\program files\PdaNet for Android\PdaNetPC.exe [2010-8-28 465424]

      c:\documents and settings\All Users\Start Menu\Programs\Startup\
      ActivClient Agent.lnk - c:\program files\ActivIdentity\ActivClient\acsagent.exe [2007-5-15 130864]
      DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2008-3-7 184320]
      HP Digital Imaging Monitor.lnk - c:\program files\Hp\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
      QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2007-1-22 815104]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ackpbsc]
      2007-05-15 23:08 112640 ----a-w- c:\windows\system32\ackpbsc.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock]
      2007-05-15 23:08 281088 ----a-w- c:\program files\ActivIdentity\ActivClient\acunlock.dll

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
      @="Service"

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
      @="Driver"

      [HKEY_LOCAL_MACHINE\software\microsoft\security center]
      "AntiVirusOverride"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
      "DisableMonitoring"=dword:00000001

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
      "EnableFirewall"= 0 (0x0)

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
      "c:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe"=
      "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
      "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
      "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
      "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
      "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqtra08.exe"=
      "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
      "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
      "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqste08.exe"=
      "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpofxm08.exe"=
      "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hposfx08.exe"=
      "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hposid01.exe"=
      "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqkygrp.exe"=
      "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpzwiz01.exe"=
      "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpoews01.exe"=
      "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpiscnapp.exe"=
      "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
      "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqsudi.exe"=
      "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqpsapp.exe"=
      "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpofxs08.exe"=
      "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqfxt08.exe"=
      "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqpse.exe"=
      "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
      "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqgpc01.exe"=
      "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqusgm.exe"=
      "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqusgh.exe"=
      "c:\\Program Files\\Hp\\HP Software Update\\hpwucli.exe"=
      "c:\\Program Files\\Hp\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=
      "c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=
      "c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe"=
      "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
      "c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
      "c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
      "c:\\Program Files\\iTunes\\iTunes.exe"=
      "c:\\Documents and Settings\\Carlos Pinzon\\Application Data\\mjusbsp\\magicJack.exe"=

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
      "17474:TCP"= 17474:TCP:BitComet 17474 TCP
      "17474:UDP"= 17474:UDP:BitComet 17474 UDP
      "4100:UDP"= 4100:UDP:uPNP Router Control Port
      "89:TCP"= 89:TCP:FlexiServer Web Server
      "98:TCP"= 98:TCP:Express Accounts Web Server


      R2 gupdate1c999d46323f66c;Google Update Service (gupdate1c999d46323f66c);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-28 133104]
      R3 akbus;ActivCard Virtual Reader Enumerator;c:\windows\system32\DRIVERS\akbus.sys [2008-11-13 13619]
      R3 akpcsc;ActivCard Virtual PC/SC Device Driver;c:\windows\system32\DRIVERS\akpcsc.sys [2008-11-13 9493]
      R3 aksbus;ActivIdentity Virtual Reader Enumerator;c:\windows\system32\DRIVERS\aksbus.sys [2008-11-13 14639]
      R3 akspcsc;ActivIdentity Virtual PC/SC Device Driver;c:\windows\system32\DRIVERS\akspcsc.sys [2008-11-13 10193]
      R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-06-10 24576]
      R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-09-23 1355928]
      R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [2004-08-04 14336]
      R3 RkPavproc1;RkPavproc1;c:\windows\system32\drivers\RkPavproc1.sys [x]
      R3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\DRIVERS\SCR3XX2K.sys [2008-11-13 56448]
      S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-06-30 28552]
      S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys [2010-05-04 129928]
      S2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [2007-05-15 182576]
      S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-06-09 108289]
      S2 BackupService;BackupService;c:\documents and settings\Carlos Pinzon\Application Data\HP SimpleSave Application\uUACTokenSvc.exe [2010-07-01 83512]
      S2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2010-04-30 136448]
      S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys [2010-05-28 141384]
      S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys [2010-04-30 97032]
      S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys [2010-04-30 111624]
      S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys [2010-05-12 110920]
      S3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys [2010-08-16 13184]


      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
      HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
      hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
      HPService REG_MULTI_SZ HPSLPSVC
      nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper

      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
      2009-03-08 11:32 128512 ----a-w- c:\windows\system32\advpack.dll
      .
      Contents of the 'Scheduled Tasks' folder

      2010-10-26 c:\windows\Tasks\Ad-Aware Update (Weekly).job
      - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-09-23 07:46]

      2010-10-14 c:\windows\Tasks\AppleSoftwareUpdate.job
      - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-12 19:34]

      2010-10-27 c:\windows\Tasks\Google Software Updater.job
      - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-03-01 17:19]

      2010-10-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
      - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-28 18:42]

      2010-10-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
      - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-28 18:42]

      2010-10-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-1677128483-725345543-1003Core.job
      - c:\documents and settings\Carlos Pinzon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-27 20:44]

      2010-10-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-1677128483-725345543-1003UA.job
      - c:\documents and settings\Carlos Pinzon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-27 20:44]

      2010-10-27 c:\windows\Tasks\Norton Security Scan for Carlos Pinzon.job
      - c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.0.52\Nss.exe [2010-08-23 13:32]

      2010-10-27 c:\windows\Tasks\OGALogon.job
      - c:\windows\system32\OGAEXEC.exe [2009-08-03 23:07]
      .
      .
      ------- Supplementary Scan -------
      .
      uStart Page = hxxp://www.yahoo.com/
      mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
      uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=laptop
      uInternet Settings,ProxyOverride = *.local
      uSearchAssistant = hxxp://www.google.com/ie
      uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
      IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
      IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
      IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
      IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
      IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
      IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
      IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
      IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
      IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
      IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
      IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
      IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
      IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
      IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
      IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
      IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
      IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
      IE: {{17A27031-71FC-11d4-815C-005004D0F1FA} - c:\program files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
      FF - ProfilePath - c:\documents and settings\Carlos Pinzon\Application Data\Mozilla\Firefox\Profiles\zksdrjut.default\
      FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
      FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

      ---- FIREFOX POLICIES ----
      FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
      .
      - - - - ORPHANS REMOVED - - - -

      ShellIconOverlayIdentifiers-{02696AD5-FF96-454b-9E00-81DA8B79B678} - (no file)



      **************************************************************************

      catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2010-10-26 20:45
      Windows 5.1.2600 Service Pack 2 NTFS

      scanning hidden processes ...

      scanning hidden autostart entries ...

      HKLM\Software\Microsoft\Windows\CurrentVersion\Run
      Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????1?2?8?4??`???? ???B?????????????hLC? ??????

      scanning hidden files ...

      scan completed successfully
      hidden files: 0

      **************************************************************************

      Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.0 by Gmer, http://www.gmer.net
      Windows 5.1.2600

      device: opened successfully
      user: MBR read successfully
      called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A6A0446]<<
      1 ntkrnlpa!IofCallDriver[0x804EDE00] -> \Device\Harddisk0\DR0[0x8A6C1AB8]
      2 ntkrnlpa[0x804EDE00] -> CLASSPNP.SYS[0xF74E805B] -> \Device\Harddisk0\DR0[0x8A6C1AB8]
      3 CLASSPNP[0xF74E805B] -> ntkrnlpa!IofCallDriver[0x804EDE00] -> \Device\00000083[0x8A6889E8]
      4 ntkrnlpa[0x804EDE00] -> ACPI.sys[0xF735E620] -> \Device\00000083[0x8A6889E8]
      5 ACPI[0xF735E620] -> ntkrnlpa!IofCallDriver[0x804EDE00] -> [0x8A679D98]
      \Driver\atapi[0x8A72D938] -> IRP_MJ_CREATE -> 0x8A6A0446
      6 ntkrnlpa[0x804EDE00] -> UNKNOWN[0x8A6A0449] -> [0x8A679D98]
      kernel: MBR read successfully
      detected hooks:
      \Device\Ide\IdeDeviceP0T0L0-4 -> \??\IDE#DiskTOSHIBA_MK1031GAS_______________________AA204C__#5&3549d1d7&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
      \Driver\Disk -> CLASSPNP.SYS @ 0xf74ebfc3
      \Driver\ACPI -> ACPI.sys @ 0xf735ecb8
      \Driver\atapi DriverStartIo -> 0x8A6A0292
      \Driver\atapi -> atapi.sys @ 0xf72d27b4
      IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80577d44
      SecurityProcedure -> ntkrnlpa.exe @ 0x80577f2a
      \Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80577d44
      SecurityProcedure -> ntkrnlpa.exe @ 0x80577f2a
      user != kernel MBR !!!
      sectors 195371312 (+255): user != kernel

      **************************************************************************
      .
      --------------------- LOCKED REGISTRY KEYS ---------------------

      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
      @Denied: (A 2) (Everyone)
      @="FlashBroker"
      "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
      "Enabled"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
      @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

      [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
      @Denied: (A 2) (Everyone)
      @="IFlashBroker4"

      [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
      @="{00020424-0000-0000-C000-000000000046}"

      [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      "Version"="1.0"
      .
      --------------------- DLLs Loaded Under Running Processes ---------------------

      - - - - - - - > 'winlogon.exe'(1072)
      c:\windows\system32\ackpbsc.dll
      c:\windows\system32\aclog.dll
      c:\windows\system32\ACLIBEAY.dll
      c:\windows\system32\acevtsub.dll
      c:\windows\system32\asphat32.dll
      c:\windows\system32\acerrmes.dll
      c:\windows\system32\aspcom.dll
      c:\program files\ActivIdentity\ActivClient\Resources\Merged\acerrmrc.dll
      c:\program files\ActivIdentity\ActivClient\Resources\Merged\asphatrc.dll
      c:\program files\ActivIdentity\ActivClient\acunlock.dll
      c:\windows\system32\aipingui.dll
      c:\program files\ActivIdentity\ActivClient\Resources\Merged\aipinguirc.dll
      c:\program files\ActivIdentity\ActivClient\resources\acCobAPIrc.dll
      c:\program files\ActivIdentity\ActivClient\Resources\Merged\acunlockrc.dll
      .
      Completion time: 2010-10-26 20:54:10
      ComboFix-quarantined-files.txt 2010-10-27 03:53

      Pre-Run: 70,026,260,480 bytes free
      Post-Run: 70,050,635,776 bytes free

      WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
      [boot loader]
      timeout=2
      default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
      [operating systems]
      c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
      UnsupportedDebug="do not select this" /debug
      multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

      - - End Of File - - F8C2A14736C1BE949AB9D6EBEC8A2903

    4. #4
      Moderador Gral.
      Avatar de Leosolari
      Registrado
      jun 2007
      Ubicación
      Argentina
      Mensajes
      54.383

      Re: tengo un spyware o malware o trojan o virus

      Cita Originalmente publicado por Leosolari Ver Mensaje
      Hola charlypin


      En tu próxima respuesta, debes poner lo siguiente:

      º El reporte de Malwarebytes, que se encuentra en su pestaña REGISTROS
      º El reporte de ComboFix
      º Como funciona tu pc ahora


      Saludos


      PD: No vuelvas a ejecutar ComboFix ni ningún otro programa antivirus hasta que vuelva con una respuesta, ya que puedes hacer cambiar las cosas.


      Me parece que faltan algunas cosas

      `·.¸¸.·´´¯`··._.· ·.¸¸.·´´¯`··._.· No Desesperes.....Seguí Luchando `·.¸¸.·´´¯`··._.· ·.¸¸.·´´¯`··._.·

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    5. #5
      Usuario Avatar de charlypin
      Registrado
      ene 2007
      Ubicación
      USA
      Mensajes
      16

      Re: tengo un spyware o malware o trojan o virus

      Hola si lo siento aca va la info:
      Reporte de Malware Bytes:

      Malwarebytes' Anti-Malware 1.46
      www.malwarebytes.org

      Database version: 4953

      Windows 5.1.2600 Service Pack 2
      Internet Explorer 8.0.6001.18702

      10/26/2010 5:50:23 PM
      mbam-log-2010-10-26 (17-50-23).txt

      Scan type: Full scan (C:\|)
      Objects scanned: 353245
      Time elapsed: 3 hour(s), 34 minute(s), 1 second(s)

      Memory Processes Infected: 0
      Memory Modules Infected: 0
      Registry Keys Infected: 0
      Registry Values Infected: 0
      Registry Data Items Infected: 0
      Folders Infected: 0
      Files Infected: 1

      Memory Processes Infected:
      (No malicious items detected)

      Memory Modules Infected:
      (No malicious items detected)

      Registry Keys Infected:
      (No malicious items detected)

      Registry Values Infected:
      (No malicious items detected)

      Registry Data Items Infected:
      (No malicious items detected)

      Folders Infected:
      (No malicious items detected)

      Files Infected:
      C:\Documents and Settings\Carlos Pinzon\Local Settings\Application Data\Mozilla\Firefox\Profiles\zksdrjut.default\Cache\489D756Ed01 (Worm.KoobFace) -> Quarantined and deleted successfully.

      REPORTE COMBOFIX

      ComboFix 10-10-25.01 - Carlos Pinzon 10/26/2010 20:16:59.1.1 - x86
      Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1461 [GMT -7:00]
      Running from: c:\documents and settings\Carlos Pinzon\Desktop\ComboFix.exe
      AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
      FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
      .

      ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      c:\documents and settings\Carlos Pinzon\g2mdlhlpx.exe
      C:\Install.exe
      C:\VDM119.tmp
      C:\VDM11A.tmp
      C:\VDM11B.tmp
      C:\VDM11C.tmp
      C:\VDM11D.tmp
      C:\VDM11E.tmp
      C:\VDM11F.tmp
      C:\VDM120.tmp
      C:\VDM121.tmp
      C:\VDM122.tmp
      C:\VDM123.tmp
      C:\VDM124.tmp
      C:\VDM125.tmp
      C:\VDM126.tmp
      C:\VDM127.tmp
      C:\VDM128.tmp
      C:\VDM129.tmp
      C:\VDM12A.tmp
      C:\VDM12B.tmp
      C:\VDM12C.tmp
      C:\VDM12D.tmp
      C:\VDM12F.tmp
      C:\VDM130.tmp
      C:\VDM131.tmp
      C:\VDM132.tmp
      C:\VDM133.tmp
      C:\VDM134.tmp
      c:\windows\system32\_000110_.tmp.dll
      c:\windows\system32\_000912_.tmp.dll
      c:\windows\system32\bszip.dll
      c:\windows\system32\mi2.exe
      c:\windows\system32\spool\prtprocs\w32x86\CNMPD83.DLL
      c:\windows\system32\spool\prtprocs\w32x86\CNMPP83.DLL

      .
      ((((((((((((((((((((((((( Files Created from 2010-09-27 to 2010-10-27 )))))))))))))))))))))))))))))))
      .

      2010-10-26 17:15 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
      2010-10-26 17:15 . 2010-10-26 17:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
      2010-10-26 17:15 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
      2010-10-25 02:05 . 2010-09-23 07:46 15880 ----a-w- c:\windows\system32\lsdelete.exe
      2010-10-25 00:13 . 2010-10-25 00:13 -------- d-----w- c:\documents and settings\Carlos Pinzon\Local Settings\Application Data\Sunbelt Software
      2010-10-25 00:11 . 2010-10-25 00:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
      2010-10-25 00:11 . 2010-10-25 00:11 -------- d-----w- c:\program files\Lavasoft
      2010-10-21 23:47 . 2010-09-06 09:26 189520 ----a-w- c:\windows\system32\drivers\tmcomm.sys
      2010-10-21 17:37 . 2010-10-23 18:45 -------- d-----w- C:\8b66b64bf918ca2f915a3ca8
      2010-10-21 05:11 . 2005-02-08 10:31 163840 ----a-r- c:\windows\system32\igfxres.dll
      2010-10-21 04:58 . 2004-08-04 12:00 41600 -c--a-w- c:\windows\system32\dllcache\weitekp9.dll
      2010-10-21 04:58 . 2004-08-04 12:00 31232 -c--a-w- c:\windows\system32\dllcache\weitekp9.sys
      2010-10-21 04:58 . 2004-08-04 12:00 9216 -c--a-w- c:\windows\system32\dllcache\wamps51.dll
      2010-10-21 04:58 . 2004-08-04 12:00 76800 -c--a-w- c:\windows\system32\dllcache\wam51.dll
      2010-10-21 04:58 . 2004-08-04 12:00 5632 -c--a-w- c:\windows\system32\dllcache\w3svapi.dll
      2010-10-21 04:58 . 2004-08-04 12:00 53248 -c--a-w- c:\windows\system32\dllcache\wamreg51.dll
      2010-10-21 04:58 . 2004-08-04 12:00 363520 -c--a-w- c:\windows\system32\dllcache\w3svc.dll
      2010-10-21 04:58 . 2004-08-04 12:00 73728 -c--a-w- c:\windows\system32\dllcache\w3ext.dll
      2010-10-21 04:58 . 2004-08-04 12:00 48256 -c--a-w- c:\windows\system32\dllcache\w32.dll
      2010-10-21 04:58 . 2004-08-04 12:00 4608 -c--a-w- c:\windows\system32\dllcache\w3ctrs51.dll
      2010-10-21 04:56 . 2004-08-04 12:00 92416 -c--a-w- c:\windows\system32\dllcache\mga.sys
      2010-10-21 04:55 . 2004-08-04 12:00 108544 -c--a-w- c:\windows\system32\dllcache\appconf.dll
      2010-10-21 04:38 . 2004-08-04 12:00 97792 -c--a-w- c:\windows\system32\dllcache\chtmbx.dll
      2010-10-21 04:37 . 2004-08-04 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
      2010-10-21 04:37 . 2004-08-04 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
      2010-10-21 04:37 . 2004-08-04 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
      2010-10-21 04:37 . 2004-08-04 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
      2010-10-21 04:37 . 2004-08-04 12:00 13753 ----a-r- c:\windows\SET84.tmp
      2010-10-21 04:37 . 2004-08-04 12:00 1086058 ----a-r- c:\windows\SET78.tmp
      2010-10-21 04:37 . 2004-08-04 12:00 1042903 ----a-r- c:\windows\SET75.tmp
      2010-10-20 08:01 . 2010-10-20 18:54 -------- d-----w- C:\ae034ea01f526bb81679bf53092042
      2010-10-20 07:07 . 2010-10-20 07:07 -------- d-----w- c:\program files\Common Files\Adobe AIR
      2010-10-20 07:03 . 2010-09-01 22:51 35136 ----a-w- c:\program files\Mozilla Firefox\plugins\np_gp.dll
      2010-10-20 07:03 . 2010-10-20 07:03 -------- d-----w- c:\program files\NOS
      2010-10-20 06:48 . 2010-10-20 06:48 -------- d-----w- c:\documents and settings\Carlos Pinzon\Application Data\Panda Security
      2010-10-20 06:47 . 2010-10-20 06:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Panda Security
      2010-10-20 06:32 . 2010-10-25 00:06 -------- d-----w- c:\documents and settings\Carlos Pinzon\Local Settings\Application Data\Temp
      2010-10-20 02:03 . 2010-10-20 02:04 -------- d-----w- c:\program files\FileASSASSIN
      2010-10-19 22:46 . 2010-10-19 22:47 -------- d-----w- c:\documents and settings\Administrator
      2010-10-19 21:37 . 2010-10-19 21:37 -------- d-----w- c:\documents and settings\Carlos Pinzon\Local Settings\Application Data\Ashampoo
      2010-10-19 08:42 . 2010-10-19 08:42 -------- d-----w- c:\documents and settings\Carlos Pinzon\DoctorWeb
      2010-10-19 07:52 . 2010-10-19 07:52 -------- d-----w- c:\program files\CCleaner
      2010-10-19 06:48 . 2010-10-19 06:48 -------- d-----w- c:\program files\ESET
      2010-10-19 02:16 . 2010-10-19 02:16 -------- d-----w- c:\windows\system32\SeaPort
      2010-10-19 02:05 . 2010-10-25 00:11 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{E961CE1B-C3EA-4882-9F67-F859B555D097}
      2010-10-19 01:37 . 2010-10-20 05:54 -------- d-----w- c:\program files\Spybot - Search & Destroy
      2010-10-19 01:37 . 2010-10-20 05:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
      2010-10-19 01:05 . 2010-10-19 01:05 -------- d-----w- c:\documents and settings\Carlos Pinzon\Application Data\Malwarebytes
      2010-10-19 01:05 . 2010-10-19 01:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
      2010-10-18 23:41 . 2010-10-18 23:41 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
      2010-10-18 23:23 . 2009-06-30 17:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
      2010-10-18 07:02 . 2004-08-04 12:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
      2010-10-18 07:02 . 2004-08-04 12:00 16384 ----a-w- c:\program files\Internet Explorer\Connection Wizard\isignup.exe
      2010-10-18 07:01 . 2004-08-04 12:00 32768 -c--a-w- c:\windows\system32\dllcache\icwdl.dll
      2010-10-18 07:01 . 2004-08-04 12:00 32768 ----a-w- c:\program files\Internet Explorer\Connection Wizard\icwdl.dll
      2010-10-18 06:42 . 2004-08-04 12:00 13753 ----a-r- c:\windows\SET133.tmp
      2010-10-18 06:42 . 2004-08-04 12:00 1086058 ----a-r- c:\windows\SET127.tmp
      2010-10-18 06:42 . 2004-08-04 12:00 1042903 ----a-r- c:\windows\SET124.tmp
      2010-10-14 22:49 . 2010-10-14 22:49 -------- d-----w- c:\documents and settings\Carlos Pinzon\Application Data\gtk-2.0
      2010-10-14 22:49 . 2010-10-14 22:49 -------- d-----w- c:\documents and settings\Carlos Pinzon\.thumbnails
      2010-10-14 22:46 . 2010-10-14 22:51 -------- d-----w- c:\documents and settings\Carlos Pinzon\.gimp-2.6
      2010-10-14 22:46 . 2010-10-14 22:46 -------- d-----w- c:\documents and settings\Carlos Pinzon\.gegl-0.0
      2010-10-14 22:44 . 2010-10-14 22:44 -------- d-----w- c:\program files\Gimp-2.0
      2010-10-14 22:43 . 2010-10-14 22:43 -------- d-----w- c:\program files\W3i
      2010-10-14 22:43 . 2010-10-14 22:43 -------- d-----w- c:\documents and settings\All Users\Application Data\W3i
      2010-10-13 07:38 . 2010-10-13 07:38 -------- d-----w- c:\program files\FreeZ Online TV
      2010-10-13 07:35 . 2010-10-13 07:35 -------- d-----w- c:\program files\YouTube Downloader

      .
      (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2009-05-01 21:02 . 2009-05-01 21:02 1044480 -c--a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
      2009-05-01 21:02 . 2009-05-01 21:02 200704 -c--a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
      .

      ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown
      REGEDIT4

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Malware Icon]
      @="{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}"
      [HKEY_CLASSES_ROOT\CLSID\{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}]
      2010-05-14 22:04 320832 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Suspect Icon]
      @="{9AE343CB-BA45-4618-AF6A-0230EE6FC793}"
      [HKEY_CLASSES_ROOT\CLSID\{9AE343CB-BA45-4618-AF6A-0230EE6FC793}]
      2010-05-14 22:04 320832 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-10 68856]
      "Google Update"="c:\documents and settings\Carlos Pinzon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-12-27 133104]
      "cdloader"="c:\documents and settings\Carlos Pinzon\Application Data\mjusbsp\cdloader2.exe" [2010-10-08 50592]
      "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2005-07-05 184320]
      "SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
      "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
      "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
      "LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
      "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
      "IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-02-08 155648]
      "hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-05-04 794624]
      "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-02-08 126976]
      "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
      "Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-06-20 68592]
      "eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 290816]
      "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-07-13 47904]
      "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2005-02-08 159744]
      "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
      "Bing Bar"="c:\program files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe" [2010-04-27 243544]
      "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-06-23 1043968]
      "accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2007-05-15 293168]
      "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
      "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
      "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
      "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-08-10 421888]
      "Mobile Connectivity Suite"="c:\program files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" [2009-11-20 598016]
      "AGRSMMSG"="AGRSMMSG.exe" [2005-04-13 88209]
      "Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-03-29 233534]
      "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
      "PSUNMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2010-05-14 406848]
      "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
      "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
      "IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 44032]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

      c:\documents and settings\Carlos Pinzon\Start Menu\Programs\Startup\
      PdaNet Desktop.lnk - c:\program files\PdaNet for Android\PdaNetPC.exe [2010-8-28 465424]

      c:\documents and settings\All Users\Start Menu\Programs\Startup\
      ActivClient Agent.lnk - c:\program files\ActivIdentity\ActivClient\acsagent.exe [2007-5-15 130864]
      DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2008-3-7 184320]
      HP Digital Imaging Monitor.lnk - c:\program files\Hp\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
      QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2007-1-22 815104]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ackpbsc]
      2007-05-15 23:08 112640 ----a-w- c:\windows\system32\ackpbsc.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock]
      2007-05-15 23:08 281088 ----a-w- c:\program files\ActivIdentity\ActivClient\acunlock.dll

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
      @="Service"

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
      @="Driver"

      [HKEY_LOCAL_MACHINE\software\microsoft\security center]
      "AntiVirusOverride"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
      "DisableMonitoring"=dword:00000001

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
      "EnableFirewall"= 0 (0x0)

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
      "c:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe"=
      "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
      "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
      "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
      "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
      "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqtra08.exe"=
      "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
      "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
      "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqste08.exe"=
      "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpofxm08.exe"=
      "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hposfx08.exe"=
      "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hposid01.exe"=
      "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqkygrp.exe"=
      "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpzwiz01.exe"=
      "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpoews01.exe"=
      "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpiscnapp.exe"=
      "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
      "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqsudi.exe"=
      "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqpsapp.exe"=
      "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpofxs08.exe"=
      "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqfxt08.exe"=
      "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqpse.exe"=
      "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
      "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqgpc01.exe"=
      "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqusgm.exe"=
      "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqusgh.exe"=
      "c:\\Program Files\\Hp\\HP Software Update\\hpwucli.exe"=
      "c:\\Program Files\\Hp\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=
      "c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=
      "c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe"=
      "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
      "c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
      "c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
      "c:\\Program Files\\iTunes\\iTunes.exe"=
      "c:\\Documents and Settings\\Carlos Pinzon\\Application Data\\mjusbsp\\magicJack.exe"=

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
      "17474:TCP"= 17474:TCP:BitComet 17474 TCP
      "17474:UDP"= 17474:UDP:BitComet 17474 UDP
      "4100:UDP"= 4100:UDP:uPNP Router Control Port
      "89:TCP"= 89:TCP:FlexiServer Web Server
      "98:TCP"= 98:TCP:Express Accounts Web Server


      R2 gupdate1c999d46323f66c;Google Update Service (gupdate1c999d46323f66c);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-28 133104]
      R3 akbus;ActivCard Virtual Reader Enumerator;c:\windows\system32\DRIVERS\akbus.sys [2008-11-13 13619]
      R3 akpcsc;ActivCard Virtual PC/SC Device Driver;c:\windows\system32\DRIVERS\akpcsc.sys [2008-11-13 9493]
      R3 aksbus;ActivIdentity Virtual Reader Enumerator;c:\windows\system32\DRIVERS\aksbus.sys [2008-11-13 14639]
      R3 akspcsc;ActivIdentity Virtual PC/SC Device Driver;c:\windows\system32\DRIVERS\akspcsc.sys [2008-11-13 10193]
      R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-06-10 24576]
      R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-09-23 1355928]
      R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [2004-08-04 14336]
      R3 RkPavproc1;RkPavproc1;c:\windows\system32\drivers\RkPavproc1.sys [x]
      R3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\DRIVERS\SCR3XX2K.sys [2008-11-13 56448]
      S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-06-30 28552]
      S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys [2010-05-04 129928]
      S2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [2007-05-15 182576]
      S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-06-09 108289]
      S2 BackupService;BackupService;c:\documents and settings\Carlos Pinzon\Application Data\HP SimpleSave Application\uUACTokenSvc.exe [2010-07-01 83512]
      S2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2010-04-30 136448]
      S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys [2010-05-28 141384]
      S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys [2010-04-30 97032]
      S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys [2010-04-30 111624]
      S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys [2010-05-12 110920]
      S3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys [2010-08-16 13184]


      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
      HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
      hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
      HPService REG_MULTI_SZ HPSLPSVC
      nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper

      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
      2009-03-08 11:32 128512 ----a-w- c:\windows\system32\advpack.dll
      .
      Contents of the 'Scheduled Tasks' folder

      2010-10-26 c:\windows\Tasks\Ad-Aware Update (Weekly).job
      - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-09-23 07:46]

      2010-10-14 c:\windows\Tasks\AppleSoftwareUpdate.job
      - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-12 19:34]

      2010-10-27 c:\windows\Tasks\Google Software Updater.job
      - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-03-01 17:19]

      2010-10-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
      - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-28 18:42]

      2010-10-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
      - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-28 18:42]

      2010-10-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-1677128483-725345543-1003Core.job
      - c:\documents and settings\Carlos Pinzon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-27 20:44]

      2010-10-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-1677128483-725345543-1003UA.job
      - c:\documents and settings\Carlos Pinzon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-27 20:44]

      2010-10-27 c:\windows\Tasks\Norton Security Scan for Carlos Pinzon.job
      - c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.0.52\Nss.exe [2010-08-23 13:32]

      2010-10-27 c:\windows\Tasks\OGALogon.job
      - c:\windows\system32\OGAEXEC.exe [2009-08-03 23:07]
      .
      .
      ------- Supplementary Scan -------
      .
      uStart Page = hxxp://www.yahoo.com/
      mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
      uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=laptop
      uInternet Settings,ProxyOverride = *.local
      uSearchAssistant = hxxp://www.google.com/ie
      uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
      IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
      IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
      IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
      IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
      IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
      IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
      IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
      IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
      IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
      IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
      IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
      IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
      IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
      IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
      IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
      IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
      IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
      IE: {{17A27031-71FC-11d4-815C-005004D0F1FA} - c:\program files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
      FF - ProfilePath - c:\documents and settings\Carlos Pinzon\Application Data\Mozilla\Firefox\Profiles\zksdrjut.default\
      FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
      FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

      ---- FIREFOX POLICIES ----
      FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
      .
      - - - - ORPHANS REMOVED - - - -

      ShellIconOverlayIdentifiers-{02696AD5-FF96-454b-9E00-81DA8B79B678} - (no file)



      **************************************************************************

      catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2010-10-26 20:45
      Windows 5.1.2600 Service Pack 2 NTFS

      scanning hidden processes ...

      scanning hidden autostart entries ...

      HKLM\Software\Microsoft\Windows\CurrentVersion\Run
      Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????1?2?8?4??`???? ???B?????????????hLC? ??????

      scanning hidden files ...

      scan completed successfully
      hidden files: 0

      **************************************************************************

      Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.0 by Gmer, http://www.gmer.net
      Windows 5.1.2600

      device: opened successfully
      user: MBR read successfully
      called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A6A0446]<<
      1 ntkrnlpa!IofCallDriver[0x804EDE00] -> \Device\Harddisk0\DR0[0x8A6C1AB8]
      2 ntkrnlpa[0x804EDE00] -> CLASSPNP.SYS[0xF74E805B] -> \Device\Harddisk0\DR0[0x8A6C1AB8]
      3 CLASSPNP[0xF74E805B] -> ntkrnlpa!IofCallDriver[0x804EDE00] -> \Device\00000083[0x8A6889E8]
      4 ntkrnlpa[0x804EDE00] -> ACPI.sys[0xF735E620] -> \Device\00000083[0x8A6889E8]
      5 ACPI[0xF735E620] -> ntkrnlpa!IofCallDriver[0x804EDE00] -> [0x8A679D98]
      \Driver\atapi[0x8A72D938] -> IRP_MJ_CREATE -> 0x8A6A0446
      6 ntkrnlpa[0x804EDE00] -> UNKNOWN[0x8A6A0449] -> [0x8A679D98]
      kernel: MBR read successfully
      detected hooks:
      \Device\Ide\IdeDeviceP0T0L0-4 -> \??\IDE#DiskTOSHIBA_MK1031GAS_______________________AA204C__#5&3549d1d7&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
      \Driver\Disk -> CLASSPNP.SYS @ 0xf74ebfc3
      \Driver\ACPI -> ACPI.sys @ 0xf735ecb8
      \Driver\atapi DriverStartIo -> 0x8A6A0292
      \Driver\atapi -> atapi.sys @ 0xf72d27b4
      IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80577d44
      SecurityProcedure -> ntkrnlpa.exe @ 0x80577f2a
      \Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80577d44
      SecurityProcedure -> ntkrnlpa.exe @ 0x80577f2a
      user != kernel MBR !!!
      sectors 195371312 (+255): user != kernel

      **************************************************************************
      .
      --------------------- LOCKED REGISTRY KEYS ---------------------

      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
      @Denied: (A 2) (Everyone)
      @="FlashBroker"
      "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
      "Enabled"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
      @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

      [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
      @Denied: (A 2) (Everyone)
      @="IFlashBroker4"

      [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
      @="{00020424-0000-0000-C000-000000000046}"

      [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      "Version"="1.0"
      .
      --------------------- DLLs Loaded Under Running Processes ---------------------

      - - - - - - - > 'winlogon.exe'(1072)
      c:\windows\system32\ackpbsc.dll
      c:\windows\system32\aclog.dll
      c:\windows\system32\ACLIBEAY.dll
      c:\windows\system32\acevtsub.dll
      c:\windows\system32\asphat32.dll
      c:\windows\system32\acerrmes.dll
      c:\windows\system32\aspcom.dll
      c:\program files\ActivIdentity\ActivClient\Resources\Merged\acerrmrc.dll
      c:\program files\ActivIdentity\ActivClient\Resources\Merged\asphatrc.dll
      c:\program files\ActivIdentity\ActivClient\acunlock.dll
      c:\windows\system32\aipingui.dll
      c:\program files\ActivIdentity\ActivClient\Resources\Merged\aipinguirc.dll
      c:\program files\ActivIdentity\ActivClient\resources\acCobAPIrc.dll
      c:\program files\ActivIdentity\ActivClient\Resources\Merged\acunlockrc.dll
      .
      Completion time: 2010-10-26 20:54:10
      ComboFix-quarantined-files.txt 2010-10-27 03:53

      Pre-Run: 70,026,260,480 bytes free
      Post-Run: 70,050,635,776 bytes free

      WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
      [boot loader]
      timeout=2
      default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
      [operating systems]
      c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
      UnsupportedDebug="do not select this" /debug
      multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

      - - End Of File - - F8C2A14736C1BE949AB9D6EBEC8A2903

      Mi Laptop funciona asi, no me salen ventanas de las que mencione anteriormente, pero aparece lo siguiente:

      VENTANA STATUS : como buscando unarchivo status para la instalacion de algo
      luego
      ABRO PAGINA DE INTERNET ESCRIBO ALGO EN EL BUSCADOR Y LO ENCUENTRA PERO ME ABRE OTRA VENTANA CON UNA PAGINA RARA DE PUBLICIDAD Y AVECES NO ABRE LO QUE BUSCO SINO OTRA COSA.

      Por Ultimo: le di click a windows update y me aparece como si no tuviera coneccion a internet (http://windowsupdate.microsoft.com/) cuando si tengo internet, y me abrio una ventana GENERIC HOST PROCESS FOR WIN32 SERVICES

      ahora abrio una ventana SVCHOST.EXE (instruction at "0x7c921260)

      y no me deja enviar emails

      Gracias

    6. #6
      Moderador Gral.
      Avatar de Leosolari
      Registrado
      jun 2007
      Ubicación
      Argentina
      Mensajes
      54.383

      Re: tengo un spyware o malware o trojan o virus

      1.- Descargue a su escritorio la herramienta TDSSKiller.

      2.- Descomprima el archivo.

      3.- Ejecute TDSSKiller.exe.

      Se abrirá la interfaz de la aplicación :



      Presione "Start Scan"

      Le mostrará el proceso del análisis:


      Al finalizar se abrirá la ventana "Sistem Scan Complete" con lo detectado. Presione "Close".


      Volverá a la primera ventana, donde debe presionar "Report", se abrirá un documento de texto.

      Copie y pegue el contenido de ese informe en su próximo post.








      Hola de nuevo

      Realiza lo siguiente :

      • Clic en INICIO > EJECUTAR >
        • Y ahí pones notepad.exe y ACEPTAR
        • Ahora copia y pega el texto del cuadro de mas abajo dentro del Notepad


      Código:
      File::
      c:\windows\SET84.tmp
      c:\windows\SET78.tmp
      c:\windows\SET75.tmp
      c:\program files\Mozilla Firefox\plugins\np_gp.dll
      c:\windows\SET133.tmp
      c:\windows\SET127.tmp
      c:\windows\SET124.tmp
      c:\windows\system32\drivers\RkPavproc1.sys
      
      Driver::
      RkPavproc1


      • Guarda este archivo con el nombre CFScript.txt
      • Arrastra y suelta el archivo CFScript.txt dentro del archivo ComboFix.exe como lo muestra el screenshot de abajo.



      • ComboFix comenzará otra vez a ejecutarse. Cuando termine generara un nuevo reporte que tendras que pegar en este mismo tema.




      Después de reiniciar, comprobas en funcionamiento y nos comentás.



      saludos

      `·.¸¸.·´´¯`··._.· ·.¸¸.·´´¯`··._.· No Desesperes.....Seguí Luchando `·.¸¸.·´´¯`··._.· ·.¸¸.·´´¯`··._.·

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    7. #7
      Usuario Avatar de charlypin
      Registrado
      ene 2007
      Ubicación
      USA
      Mensajes
      16

      Re: tengo un spyware o malware o trojan o virus

      TDSSkiller

      2010/10/27 12:05:01.0906 TDSS rootkit removing tool 2.4.5.1 Oct 26 2010 11:28:49
      2010/10/27 12:05:01.0906 ================================================================================
      2010/10/27 12:05:01.0906 SystemInfo:
      2010/10/27 12:05:01.0906
      2010/10/27 12:05:01.0906 OS Version: 5.1.2600 ServicePack: 2.0
      2010/10/27 12:05:01.0906 Product type: Workstation
      2010/10/27 12:05:01.0906 ComputerName: CARLOS-CA1894B7
      2010/10/27 12:05:01.0906 UserName: Carlos Pinzon
      2010/10/27 12:05:01.0906 Windows directory: C:\WINDOWS
      2010/10/27 12:05:01.0906 System windows directory: C:\WINDOWS
      2010/10/27 12:05:01.0906 Processor architecture: Intel x86
      2010/10/27 12:05:01.0906 Number of processors: 1
      2010/10/27 12:05:01.0906 Page size: 0x1000
      2010/10/27 12:05:01.0906 Boot type: Normal boot
      2010/10/27 12:05:01.0906 ================================================================================
      2010/10/27 12:05:02.0312 Initialize success
      2010/10/27 12:05:12.0859 ================================================================================
      2010/10/27 12:05:12.0859 Scan started
      2010/10/27 12:05:12.0859 Mode: Manual;
      2010/10/27 12:05:12.0859 ================================================================================
      2010/10/27 12:05:15.0421 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
      2010/10/27 12:05:16.0140 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
      2010/10/27 12:05:16.0390 aeaudio (f13d8e7e1faa31019c25eb17b5fb2662) C:\WINDOWS\system32\drivers\aeaudio.sys
      2010/10/27 12:05:16.0546 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
      2010/10/27 12:05:16.0984 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
      2010/10/27 12:05:17.0281 AgereSoftModem (029e01cb2938bec5af31bf47b6af0159) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
      2010/10/27 12:05:17.0875 akbus (cabd827dc83a3f973787787329b7a3f2) C:\WINDOWS\system32\DRIVERS\akbus.sys
      2010/10/27 12:05:17.0984 akbus - detected Unsigned file (1)
      2010/10/27 12:05:18.0046 akpcsc (ad26519941b17242379af9ba2ea15ebd) C:\WINDOWS\system32\DRIVERS\akpcsc.sys
      2010/10/27 12:05:18.0093 akpcsc - detected Unsigned file (1)
      2010/10/27 12:05:18.0125 aksbus (e2a0f989fb8ff405bae42e05200f957a) C:\WINDOWS\system32\DRIVERS\aksbus.sys
      2010/10/27 12:05:18.0156 aksbus - detected Unsigned file (1)
      2010/10/27 12:05:18.0218 akspcsc (71f54ceb96d8a0cecafb008008618962) C:\WINDOWS\system32\DRIVERS\akspcsc.sys
      2010/10/27 12:05:18.0234 akspcsc - detected Unsigned file (1)
      2010/10/27 12:05:18.0437 ApfiltrService (285b803bfa147716b6fe7545586450cd) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
      2010/10/27 12:05:18.0562 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
      2010/10/27 12:05:18.0906 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
      2010/10/27 12:05:19.0156 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
      2010/10/27 12:05:19.0531 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
      2010/10/27 12:05:19.0765 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
      2010/10/27 12:05:20.0031 avgio (6a646c46b9415e13095aa9b352040a7a) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
      2010/10/27 12:05:20.0187 avgntflt (14fe36d8f2c6a2435275338d061a0b66) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
      2010/10/27 12:05:20.0375 avipbb (452e382340bb0c5e694ed9d3625356d0) C:\WINDOWS\system32\DRIVERS\avipbb.sys
      2010/10/27 12:05:20.0453 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
      2010/10/27 12:05:20.0859 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
      2010/10/27 12:05:21.0093 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
      2010/10/27 12:05:21.0296 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
      2010/10/27 12:05:21.0609 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
      2010/10/27 12:05:21.0937 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
      2010/10/27 12:05:22.0296 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
      2010/10/27 12:05:22.0546 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
      2010/10/27 12:05:22.0843 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
      2010/10/27 12:05:24.0093 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
      2010/10/27 12:05:24.0437 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\DRIVERS\dmio.sys
      2010/10/27 12:05:24.0718 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
      2010/10/27 12:05:24.0953 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
      2010/10/27 12:05:25.0265 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
      2010/10/27 12:05:25.0562 eabfiltr (81b7808d3b5892388f33273119c2dc31) C:\WINDOWS\system32\drivers\EABFiltr.sys
      2010/10/27 12:05:25.0796 eabusb (1ba14da377b66278335d4b9e8824cd42) C:\WINDOWS\system32\drivers\eabusb.sys
      2010/10/27 12:05:25.0921 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
      2010/10/27 12:05:26.0234 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
      2010/10/27 12:05:26.0546 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
      2010/10/27 12:05:26.0796 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
      2010/10/27 12:05:27.0093 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\drivers\fltmgr.sys
      2010/10/27 12:05:27.0312 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
      2010/10/27 12:05:27.0609 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
      2010/10/27 12:05:27.0937 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
      2010/10/27 12:05:28.0046 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
      2010/10/27 12:05:28.0296 hidusb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
      2010/10/27 12:05:28.0546 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
      2010/10/27 12:05:29.0171 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
      2010/10/27 12:05:29.0296 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
      2010/10/27 12:05:29.0484 HTCAND32 (cbd09ed9cf6822177ee85aea4d8816a2) C:\WINDOWS\system32\Drivers\ANDROIDUSB.sys
      2010/10/27 12:05:29.0812 HTTP (c19b522a9ae0bbc3293397f3055e80a1) C:\WINDOWS\system32\Drivers\HTTP.sys
      2010/10/27 12:05:30.0156 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
      2010/10/27 12:05:30.0515 ialm (afbf1b43cc830bdc03b582003da439c2) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
      2010/10/27 12:05:30.0812 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
      2010/10/27 12:05:31.0140 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
      2010/10/27 12:05:31.0328 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
      2010/10/27 12:05:31.0531 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys
      2010/10/27 12:05:31.0796 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
      2010/10/27 12:05:32.0062 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
      2010/10/27 12:05:32.0250 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
      2010/10/27 12:05:32.0453 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
      2010/10/27 12:05:32.0656 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
      2010/10/27 12:05:32.0796 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
      2010/10/27 12:05:33.0109 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
      2010/10/27 12:05:33.0312 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
      2010/10/27 12:05:33.0546 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
      2010/10/27 12:05:33.0828 MidiSyn (63c34814492aa65fc517b002de77b191) C:\WINDOWS\system32\drivers\MidiSyn.sys
      2010/10/27 12:05:33.0968 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
      2010/10/27 12:05:34.0171 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
      2010/10/27 12:05:34.0406 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
      2010/10/27 12:05:34.0640 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
      2010/10/27 12:05:34.0968 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
      2010/10/27 12:05:35.0265 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
      2010/10/27 12:05:35.0546 MRxSmb (1fd607fc67f7f7c633c3da65bfc53d18) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
      2010/10/27 12:05:35.0968 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
      2010/10/27 12:05:36.0218 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
      2010/10/27 12:05:36.0484 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
      2010/10/27 12:05:36.0734 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
      2010/10/27 12:05:37.0046 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
      2010/10/27 12:05:37.0343 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
      2010/10/27 12:05:37.0703 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
      2010/10/27 12:05:37.0921 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
      2010/10/27 12:05:39.0062 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
      2010/10/27 12:05:39.0359 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
      2010/10/27 12:05:39.0656 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
      2010/10/27 12:05:39.0875 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
      2010/10/27 12:05:40.0078 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
      2010/10/27 12:05:40.0343 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
      2010/10/27 12:05:40.0718 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
      2010/10/27 12:05:40.0984 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
      2010/10/27 12:05:41.0250 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
      2010/10/27 12:05:41.0546 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
      2010/10/27 12:05:41.0796 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
      2010/10/27 12:05:42.0250 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
      2010/10/27 12:05:42.0375 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
      2010/10/27 12:05:42.0687 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
      2010/10/27 12:05:43.0000 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
      2010/10/27 12:05:43.0296 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
      2010/10/27 12:05:43.0531 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\drivers\Parport.sys
      2010/10/27 12:05:43.0890 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
      2010/10/27 12:05:44.0078 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
      2010/10/27 12:05:44.0296 pavboot (3adb8bd6154a3ef87496e8fce9c22493) C:\WINDOWS\system32\drivers\pavboot.sys
      2010/10/27 12:05:44.0390 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
      2010/10/27 12:05:44.0828 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
      2010/10/27 12:05:45.0031 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
      2010/10/27 12:05:45.0265 pcouffin (02aaafb7ba137ce5ddabcdf8090954d9) C:\WINDOWS\system32\Drivers\pcouffin.sys
      2010/10/27 12:05:45.0296 pcouffin - detected Unsigned file (1)
      2010/10/27 12:05:45.0593 pneteth (f31dfc4872de0fcf8687e6b308f4abb1) C:\WINDOWS\system32\DRIVERS\pneteth.sys
      2010/10/27 12:05:45.0625 pneteth - detected Unsigned file (1)
      2010/10/27 12:05:45.0703 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
      2010/10/27 12:05:45.0921 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
      2010/10/27 12:05:46.0109 PSINAflt (469943fb4398df5662dd5d06193c0bb0) C:\WINDOWS\system32\DRIVERS\PSINAflt.sys
      2010/10/27 12:05:46.0234 PSINFile (b573f1ee01046612576907bb08ad8e6f) C:\WINDOWS\system32\DRIVERS\PSINFile.sys
      2010/10/27 12:05:46.0281 PSINKNC (51b0bab73ec899399e5d6034105d6f21) C:\WINDOWS\system32\DRIVERS\psinknc.sys
      2010/10/27 12:05:46.0375 PSINProc (d3730032f61fca2d2ae6a2daf90347b1) C:\WINDOWS\system32\DRIVERS\PSINProc.sys
      2010/10/27 12:05:46.0453 PSINProt (47345c84b45003d4b5975cda5f026787) C:\WINDOWS\system32\DRIVERS\PSINProt.sys
      2010/10/27 12:05:46.0593 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
      2010/10/27 12:05:46.0859 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
      2010/10/27 12:05:47.0031 QCDonner (fddd1aeb9f81ef1e6e48ae1edc2a97d6) C:\WINDOWS\system32\DRIVERS\OVCD.sys
      2010/10/27 12:05:47.0375 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
      2010/10/27 12:05:47.0640 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
      2010/10/27 12:05:47.0843 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
      2010/10/27 12:05:48.0078 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
      2010/10/27 12:05:48.0609 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
      2010/10/27 12:05:48.0953 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
      2010/10/27 12:05:49.0203 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
      2010/10/27 12:05:49.0421 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
      2010/10/27 12:05:49.0718 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
      2010/10/27 12:05:49.0984 RimUsb (f17713d108aca124a139fde877eef68a) C:\WINDOWS\system32\Drivers\RimUsb.sys
      2010/10/27 12:05:50.0140 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
      2010/10/27 12:05:50.0281 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
      2010/10/27 12:05:50.0515 RTL8023xp (7f0413bdd7d53eb4c7a371e7f6f84df1) C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
      2010/10/27 12:05:50.0718 SCR3XX2K (b442a2470197b3feb38beddae9de9268) C:\WINDOWS\system32\DRIVERS\SCR3XX2K.sys
      2010/10/27 12:05:50.0750 SCR3XX2K - detected Unsigned file (1)
      2010/10/27 12:05:50.0812 sdbus (02fc71b020ec8700ee8a46c58bc6f276) C:\WINDOWS\system32\DRIVERS\sdbus.sys
      2010/10/27 12:05:51.0015 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
      2010/10/27 12:05:51.0203 senfilt (9a4c4a4b191200f12085d188be70e4e3) C:\WINDOWS\system32\drivers\senfilt.sys
      2010/10/27 12:05:51.0343 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\drivers\Serial.sys
      2010/10/27 12:05:51.0609 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
      2010/10/27 12:05:51.0906 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
      2010/10/27 12:05:52.0125 smwdm (014ab093e6452ea88031bb6e22919bb5) C:\WINDOWS\system32\drivers\smwdm.sys
      2010/10/27 12:05:52.0250 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
      2010/10/27 12:05:52.0593 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
      2010/10/27 12:05:52.0937 Srv (20b7e396720353e4117d64d9dcb926ca) C:\WINDOWS\system32\DRIVERS\srv.sys
      2010/10/27 12:05:53.0156 ssmdrv (654dfea96bc82b4acda4f37e5e4a3bbf) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
      2010/10/27 12:05:53.0296 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
      2010/10/27 12:05:53.0671 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
      2010/10/27 12:05:53.0890 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
      2010/10/27 12:05:54.0187 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
      2010/10/27 12:05:54.0546 Tcpip (9f4b36614a0fc234525ba224957de55c) C:\WINDOWS\system32\DRIVERS\tcpip.sys
      2010/10/27 12:05:54.0796 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
      2010/10/27 12:05:55.0046 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
      2010/10/27 12:05:55.0296 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
      2010/10/27 12:05:55.0671 tifm21 (f779ba4cd37963ab4600c9871b7752a3) C:\WINDOWS\system32\drivers\tifm21.sys
      2010/10/27 12:05:55.0718 tifm21 - detected Unsigned file (1)
      2010/10/27 12:05:55.0859 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
      2010/10/27 12:05:56.0234 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
      2010/10/27 12:05:56.0546 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
      2010/10/27 12:05:56.0781 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
      2010/10/27 12:05:57.0031 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
      2010/10/27 12:05:57.0343 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
      2010/10/27 12:05:57.0531 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
      2010/10/27 12:05:57.0843 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
      2010/10/27 12:05:58.0125 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
      2010/10/27 12:05:58.0484 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
      2010/10/27 12:05:58.0781 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
      2010/10/27 12:05:59.0000 usb_rndisx (ee37e5c79d6c788711296075b2bc95f4) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
      2010/10/27 12:05:59.0187 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
      2010/10/27 12:05:59.0484 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
      2010/10/27 12:05:59.0906 vsdatant (050c38ebb22512122e54b47dc278bccd) C:\WINDOWS\system32\vsdatant.sys
      2010/10/27 12:06:00.0828 w29n51 (67caa926ef06e07f2d31056b39f51c54) C:\WINDOWS\system32\DRIVERS\w29n51.sys
      2010/10/27 12:06:01.0984 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
      2010/10/27 12:06:02.0421 Wdf01000 (4769596d7cc0f5fa447d2babc239672a) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
      2010/10/27 12:06:03.0015 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
      2010/10/27 12:06:03.0609 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
      2010/10/27 12:06:03.0828 WmiAcpi (ae2c8544e747c20062db27456ea2d67a) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
      2010/10/27 12:06:04.0093 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
      2010/10/27 12:06:04.0109 WpdUsb - detected Unsigned file (1)
      2010/10/27 12:06:04.0203 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
      2010/10/27 12:06:04.0531 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
      2010/10/27 12:06:04.0796 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
      2010/10/27 12:06:04.0921 \HardDisk0\MBR - detected Rootkit.Win32.TDSS.tdl4 (0)
      2010/10/27 12:06:04.0921 ================================================================================
      2010/10/27 12:06:04.0921 Scan finished
      2010/10/27 12:06:04.0921 ================================================================================
      2010/10/27 12:06:05.0031 Detected object count: 10
      2010/10/27 12:07:13.0156 Unsigned file(akbus) - User select action: Skip
      2010/10/27 12:07:13.0156 Unsigned file(akpcsc) - User select action: Skip
      2010/10/27 12:07:13.0156 Unsigned file(aksbus) - User select action: Skip
      2010/10/27 12:07:13.0156 Unsigned file(akspcsc) - User select action: Skip
      2010/10/27 12:07:13.0156 Unsigned file(pcouffin) - User select action: Skip
      2010/10/27 12:07:13.0156 Unsigned file(pneteth) - User select action: Skip
      2010/10/27 12:07:13.0171 Unsigned file(SCR3XX2K) - User select action: Skip
      2010/10/27 12:07:13.0171 Unsigned file(tifm21) - User select action: Skip
      2010/10/27 12:07:13.0171 Unsigned file(WpdUsb) - User select action: Skip
      2010/10/27 12:07:13.0250 \HardDisk0\MBR - will be cured after reboot
      2010/10/27 12:07:13.0250 Rootkit.Win32.TDSS.tdl4(\HardDisk0\MBR) - User select action: Cure

      COMBOFIX

      ComboFix 10-10-25.01 - Carlos Pinzon 10/27/2010 12:27:08.2.1 - x86
      Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1476 [GMT -7:00]
      Running from: c:\documents and settings\Carlos Pinzon\Desktop\ComboFix.exe
      Command switches used :: c:\documents and settings\Carlos Pinzon\Desktop\CFScript.txt
      AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
      FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

      FILE ::
      "c:\program files\Mozilla Firefox\plugins\np_gp.dll"
      "c:\windows\SET124.tmp"
      "c:\windows\SET127.tmp"
      "c:\windows\SET133.tmp"
      "c:\windows\SET75.tmp"
      "c:\windows\SET78.tmp"
      "c:\windows\SET84.tmp"
      "c:\windows\system32\drivers\RkPavproc1.sys"
      .

      ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      c:\program files\Mozilla Firefox\plugins\np_gp.dll
      c:\windows\SET124.tmp
      c:\windows\SET127.tmp
      c:\windows\SET133.tmp
      c:\windows\SET75.tmp
      c:\windows\SET78.tmp
      c:\windows\SET84.tmp

      .
      ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      -------\Service_RkPavproc1


      ((((((((((((((((((((((((( Files Created from 2010-09-27 to 2010-10-27 )))))))))))))))))))))))))))))))
      .

      2010-10-26 17:15 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
      2010-10-26 17:15 . 2010-10-26 17:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
      2010-10-26 17:15 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
      2010-10-25 02:05 . 2010-09-23 07:46 15880 ----a-w- c:\windows\system32\lsdelete.exe
      2010-10-25 00:13 . 2010-10-25 00:13 -------- d-----w- c:\documents and settings\Carlos Pinzon\Local Settings\Application Data\Sunbelt Software
      2010-10-25 00:11 . 2010-10-25 00:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
      2010-10-25 00:11 . 2010-10-25 00:11 -------- d-----w- c:\program files\Lavasoft
      2010-10-21 23:47 . 2010-09-06 09:26 189520 ----a-w- c:\windows\system32\drivers\tmcomm.sys
      2010-10-21 17:37 . 2010-10-23 18:45 -------- d-----w- C:\8b66b64bf918ca2f915a3ca8
      2010-10-21 05:11 . 2005-02-08 10:31 163840 ----a-r- c:\windows\system32\igfxres.dll
      2010-10-21 04:57 . 2001-08-18 05:36 7168 -c--a-w- c:\windows\system32\dllcache\EXCH_snprfdll.dll
      2010-10-21 04:57 . 2001-08-18 05:36 12288 -c--a-w- c:\windows\system32\dllcache\EXCH_smtpctrs.dll
      2010-10-21 04:57 . 2001-08-18 05:36 26112 -c--a-w- c:\windows\system32\dllcache\EXCH_seos.dll
      2010-10-21 04:57 . 2001-08-18 05:36 57856 -c--a-w- c:\windows\system32\dllcache\EXCH_scripto.dll
      2010-10-21 04:57 . 2001-08-18 05:36 23040 -c--a-w- c:\windows\system32\dllcache\EXCH_regtrace.exe
      2010-10-21 04:57 . 2001-08-18 05:36 38912 -c--a-w- c:\windows\system32\dllcache\EXCH_ntfsdrv.dll
      2010-10-21 04:55 . 2004-08-04 12:00 108544 -c--a-w- c:\windows\system32\dllcache\appconf.dll
      2010-10-21 04:38 . 2004-08-04 12:00 97792 -c--a-w- c:\windows\system32\dllcache\chtmbx.dll
      2010-10-21 04:38 . 2004-08-04 12:00 56320 -c--a-w- c:\windows\system32\dllcache\chtskdic.dll
      2010-10-21 04:38 . 2004-08-04 12:00 480256 -c--a-w- c:\windows\system32\dllcache\cintsetp.exe
      2010-10-21 04:38 . 2004-08-04 12:00 21504 ----a-w- c:\windows\system32\CINTLGNT.IME
      2010-10-21 04:38 . 2004-08-04 12:00 198656 -c--a-w- c:\windows\system32\dllcache\cintime.dll
      2010-10-21 04:38 . 2004-08-04 12:00 173568 -c--a-w- c:\windows\system32\dllcache\chtskf.dll
      2010-10-21 04:38 . 2004-08-04 12:00 571392 ----a-w- c:\windows\system32\TINTLGNT.IME
      2010-10-21 04:38 . 2004-08-04 12:00 482304 ----a-w- c:\windows\system32\PINTLGNT.IME
      2010-10-21 04:37 . 2004-08-04 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
      2010-10-21 04:37 . 2004-08-04 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
      2010-10-20 08:01 . 2010-10-20 18:54 -------- d-----w- C:\ae034ea01f526bb81679bf53092042
      2010-10-20 07:07 . 2010-10-20 07:07 -------- d-----w- c:\program files\Common Files\Adobe AIR
      2010-10-20 07:03 . 2010-10-20 07:03 -------- d-----w- c:\program files\NOS
      2010-10-20 06:48 . 2010-10-20 06:48 -------- d-----w- c:\documents and settings\Carlos Pinzon\Application Data\Panda Security
      2010-10-20 06:47 . 2010-10-20 06:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Panda Security
      2010-10-20 06:32 . 2010-10-25 00:06 -------- d-----w- c:\documents and settings\Carlos Pinzon\Local Settings\Application Data\Temp
      2010-10-20 02:03 . 2010-10-20 02:04 -------- d-----w- c:\program files\FileASSASSIN
      2010-10-19 22:46 . 2010-10-19 22:47 -------- d-----w- c:\documents and settings\Administrator
      2010-10-19 21:37 . 2010-10-19 21:37 -------- d-----w- c:\documents and settings\Carlos Pinzon\Local Settings\Application Data\Ashampoo
      2010-10-19 08:42 . 2010-10-19 08:42 -------- d-----w- c:\documents and settings\Carlos Pinzon\DoctorWeb
      2010-10-19 07:52 . 2010-10-19 07:52 -------- d-----w- c:\program files\CCleaner
      2010-10-19 06:48 . 2010-10-19 06:48 -------- d-----w- c:\program files\ESET
      2010-10-19 02:16 . 2010-10-19 02:16 -------- d-----w- c:\windows\system32\SeaPort
      2010-10-19 02:05 . 2010-10-25 00:11 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{E961CE1B-C3EA-4882-9F67-F859B555D097}
      2010-10-19 01:37 . 2010-10-20 05:54 -------- d-----w- c:\program files\Spybot - Search & Destroy
      2010-10-19 01:37 . 2010-10-20 05:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
      2010-10-19 01:05 . 2010-10-19 01:05 -------- d-----w- c:\documents and settings\Carlos Pinzon\Application Data\Malwarebytes
      2010-10-19 01:05 . 2010-10-19 01:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
      2010-10-18 23:41 . 2010-10-18 23:41 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
      2010-10-18 23:23 . 2009-06-30 17:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
      2010-10-18 07:02 . 2004-08-04 12:00 16384 ----a-w- c:\program files\Internet Explorer\Connection Wizard\isignup.exe
      2010-10-18 07:01 . 2004-08-04 12:00 32768 ----a-w- c:\program files\Internet Explorer\Connection Wizard\icwdl.dll
      2010-10-14 22:49 . 2010-10-14 22:49 -------- d-----w- c:\documents and settings\Carlos Pinzon\Application Data\gtk-2.0
      2010-10-14 22:49 . 2010-10-14 22:49 -------- d-----w- c:\documents and settings\Carlos Pinzon\.thumbnails
      2010-10-14 22:46 . 2010-10-14 22:51 -------- d-----w- c:\documents and settings\Carlos Pinzon\.gimp-2.6
      2010-10-14 22:46 . 2010-10-14 22:46 -------- d-----w- c:\documents and settings\Carlos Pinzon\.gegl-0.0
      2010-10-14 22:44 . 2010-10-14 22:44 -------- d-----w- c:\program files\Gimp-2.0
      2010-10-14 22:43 . 2010-10-14 22:43 -------- d-----w- c:\program files\W3i
      2010-10-14 22:43 . 2010-10-14 22:43 -------- d-----w- c:\documents and settings\All Users\Application Data\W3i
      2010-10-13 07:38 . 2010-10-13 07:38 -------- d-----w- c:\program files\FreeZ Online TV
      2010-10-13 07:35 . 2010-10-13 07:35 -------- d-----w- c:\program files\YouTube Downloader

      .
      (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2010-08-26 12:52 . 2009-04-20 16:57 5120 -c--a-w- c:\windows\system32\xpsp4res.dll
      2010-08-16 21:52 . 2010-08-26 01:50 13184 -c--a-w- c:\windows\system32\drivers\pneteth.sys
      2010-08-10 12:15 . 2010-08-10 12:15 94208 -c--a-w- c:\windows\system32\QuickTimeVR.qtx
      2010-08-10 12:15 . 2010-08-10 12:15 69632 -c--a-w- c:\windows\system32\QuickTime.qts
      2009-05-01 21:02 . 2009-05-01 21:02 1044480 -c--a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
      2009-05-01 21:02 . 2009-05-01 21:02 200704 -c--a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
      .

      ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown
      REGEDIT4

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Malware Icon]
      @="{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}"
      [HKEY_CLASSES_ROOT\CLSID\{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}]
      2010-05-14 22:04 320832 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Suspect Icon]
      @="{9AE343CB-BA45-4618-AF6A-0230EE6FC793}"
      [HKEY_CLASSES_ROOT\CLSID\{9AE343CB-BA45-4618-AF6A-0230EE6FC793}]
      2010-05-14 22:04 320832 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-10 68856]
      "Google Update"="c:\documents and settings\Carlos Pinzon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-12-27 133104]
      "cdloader"="c:\documents and settings\Carlos Pinzon\Application Data\mjusbsp\cdloader2.exe" [2010-10-08 50592]
      "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]
      "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2005-07-05 184320]
      "SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
      "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
      "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
      "LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
      "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
      "IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-02-08 155648]
      "hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-05-04 794624]
      "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-02-08 126976]
      "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
      "Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-06-20 68592]
      "eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 290816]
      "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-07-13 47904]
      "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2005-02-08 159744]
      "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
      "Bing Bar"="c:\program files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe" [2010-04-27 243544]
      "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-06-23 1043968]
      "accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2007-05-15 293168]
      "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
      "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
      "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
      "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-08-10 421888]
      "Mobile Connectivity Suite"="c:\program files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" [2009-11-20 598016]
      "AGRSMMSG"="AGRSMMSG.exe" [2005-04-13 88209]
      "Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-03-29 233534]
      "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
      "PSUNMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2010-05-14 406848]
      "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
      "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
      "IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 44032]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

      c:\documents and settings\Carlos Pinzon\Start Menu\Programs\Startup\
      PdaNet Desktop.lnk - c:\program files\PdaNet for Android\PdaNetPC.exe [2010-8-28 465424]

      c:\documents and settings\All Users\Start Menu\Programs\Startup\
      ActivClient Agent.lnk - c:\program files\ActivIdentity\ActivClient\acsagent.exe [2007-5-15 130864]
      DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2008-3-7 184320]
      HP Digital Imaging Monitor.lnk - c:\program files\Hp\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
      QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2007-1-22 815104]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ackpbsc]
      2007-05-15 23:08 112640 ----a-w- c:\windows\system32\ackpbsc.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock]
      2007-05-15 23:08 281088 ----a-w- c:\program files\ActivIdentity\ActivClient\acunlock.dll

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
      @="Service"

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
      @="Driver"

      [HKEY_LOCAL_MACHINE\software\microsoft\security center]
      "AntiVirusOverride"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
      "DisableMonitoring"=dword:00000001

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
      "EnableFirewall"= 0 (0x0)

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
      "c:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe"=
      "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
      "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
      "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
      "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
      "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqtra08.exe"=
      "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
      "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
      "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqste08.exe"=
      "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpofxm08.exe"=
      "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hposfx08.exe"=
      "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hposid01.exe"=
      "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqkygrp.exe"=
      "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpzwiz01.exe"=
      "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpoews01.exe"=
      "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpiscnapp.exe"=
      "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
      "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqsudi.exe"=
      "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqpsapp.exe"=
      "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpofxs08.exe"=
      "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqfxt08.exe"=
      "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqpse.exe"=
      "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
      "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqgpc01.exe"=
      "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqusgm.exe"=
      "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqusgh.exe"=
      "c:\\Program Files\\Hp\\HP Software Update\\hpwucli.exe"=
      "c:\\Program Files\\Hp\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=
      "c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=
      "c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe"=
      "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
      "c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
      "c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
      "c:\\Program Files\\iTunes\\iTunes.exe"=
      "c:\\Documents and Settings\\Carlos Pinzon\\Application Data\\mjusbsp\\magicJack.exe"=

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
      "17474:TCP"= 17474:TCP:BitComet 17474 TCP
      "17474:UDP"= 17474:UDP:BitComet 17474 UDP
      "4100:UDP"= 4100:UDP:uPNP Router Control Port
      "89:TCP"= 89:TCP:FlexiServer Web Server
      "98:TCP"= 98:TCP:Express Accounts Web Server

      R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [10/18/2010 4:23 PM 28552]
      R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [5/4/2010 8:36 AM 129928]
      R2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [5/15/2007 4:08 PM 182576]
      R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/5/2009 3:10 PM 108289]
      R2 BackupService;BackupService;c:\documents and settings\Carlos Pinzon\Application Data\HP SimpleSave Application\uUACTokenSvc.exe [8/22/2010 4:28 PM 83512]
      R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [4/30/2010 1:47 PM 136448]
      R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [5/27/2010 6:39 PM 141384]
      R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [4/30/2010 1:46 PM 97032]
      R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [4/30/2010 1:46 PM 111624]
      R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [5/12/2010 10:58 AM 110920]
      R3 pneteth;PdaNet Broadband;c:\windows\system32\drivers\pneteth.sys [8/25/2010 6:50 PM 13184]
      S2 gupdate1c999d46323f66c;Google Update Service (gupdate1c999d46323f66c);c:\program files\Google\Update\GoogleUpdate.exe [2/28/2009 11:42 AM 133104]
      S3 akbus;ActivCard Virtual Reader Enumerator;c:\windows\system32\drivers\akbus.sys [11/12/2008 7:04 PM 13619]
      S3 akpcsc;ActivCard Virtual PC/SC Device Driver;c:\windows\system32\drivers\akpcsc.sys [7/13/2010 2:52 PM 9493]
      S3 aksbus;ActivIdentity Virtual Reader Enumerator;c:\windows\system32\drivers\aksbus.sys [11/12/2008 7:04 PM 14639]
      S3 akspcsc;ActivIdentity Virtual PC/SC Device Driver;c:\windows\system32\drivers\akspcsc.sys [7/13/2010 2:52 PM 10193]
      S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [8/28/2010 3:31 PM 24576]
      S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/23/2010 12:46 AM 1355928]
      S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/4/2004 5:00 AM 14336]
      S3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\drivers\SCR3XX2K.sys [7/13/2010 2:52 PM 56448]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
      HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
      hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
      HPService REG_MULTI_SZ HPSLPSVC
      nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper

      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
      2009-03-08 11:32 128512 ----a-w- c:\windows\system32\advpack.dll
      .
      Contents of the 'Scheduled Tasks' folder

      2010-10-26 c:\windows\Tasks\Ad-Aware Update (Weekly).job
      - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-09-23 07:46]

      2010-10-14 c:\windows\Tasks\AppleSoftwareUpdate.job
      - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-12 19:34]

      2010-10-27 c:\windows\Tasks\Google Software Updater.job
      - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-03-01 17:19]

      2010-10-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
      - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-28 18:42]

      2010-10-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
      - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-28 18:42]

      2010-10-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-1677128483-725345543-1003Core.job
      - c:\documents and settings\Carlos Pinzon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-27 20:44]

      2010-10-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-1677128483-725345543-1003UA.job
      - c:\documents and settings\Carlos Pinzon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-27 20:44]

      2010-10-27 c:\windows\Tasks\Norton Security Scan for Carlos Pinzon.job
      - c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.0.52\Nss.exe [2010-08-23 13:32]

      2010-10-27 c:\windows\Tasks\OGALogon.job
      - c:\windows\system32\OGAEXEC.exe [2009-08-03 23:07]
      .
      .
      ------- Supplementary Scan -------
      .
      uStart Page = hxxp://www.yahoo.com/
      mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
      uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=laptop
      uInternet Settings,ProxyOverride = *.local
      uSearchAssistant = hxxp://www.google.com/ie
      uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
      IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
      IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
      IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
      IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
      IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
      IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
      IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
      IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
      IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
      IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
      IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
      IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
      IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
      IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
      IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
      IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
      IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
      IE: {{17A27031-71FC-11d4-815C-005004D0F1FA} - c:\program files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
      FF - ProfilePath - c:\documents and settings\Carlos Pinzon\Application Data\Mozilla\Firefox\Profiles\zksdrjut.default\
      FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
      FF - component: c:\documents and settings\Carlos Pinzon\Application Data\Mozilla\Firefox\Profiles\zksdrjut.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
      FF - component: c:\program files\DAP\DAPFireFox\components\DAPFireFox.dll
      FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll
      FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll
      FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll
      FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll
      FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll
      FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll
      FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll
      FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll
      FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll
      FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll
      FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll
      FF - plugin: c:\documents and settings\Carlos Pinzon\Application Data\Move Networks\plugins\npqmp071503000010.dll
      FF - plugin: c:\documents and settings\Carlos Pinzon\Application Data\Move Networks\plugins\npqmp071701000002.dll
      FF - plugin: c:\documents and settings\Carlos Pinzon\Application Data\Mozilla\Firefox\Profiles\zksdrjut.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
      FF - plugin: c:\documents and settings\Carlos Pinzon\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
      FF - plugin: c:\documents and settings\Carlos Pinzon\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.2\Plugins\npybrowserplus_2.9.2.dll
      FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
      FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
      FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
      FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
      FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
      FF - plugin: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\plugins\nphpclipbook.dll
      FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
      FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
      FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
      FF - plugin: c:\program files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll
      FF - plugin: c:\program files\NOS\bin\np_gp.dll
      FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

      ---- FIREFOX POLICIES ----
      FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
      .
      - - - - ORPHANS REMOVED - - - -

      AddRemove-HP Imaging Device Functions - c:\program files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe
      AddRemove-{7DCF7BBA-39A9-4e27-9154-F57BCED90CBF} - c:\program files\HP\Digital Imaging\{7DCF7BBA-39A9-4e27-9154-F57BCED90CBF}\setup\hpzscr01.exe



      **************************************************************************

      catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2010-10-27 12:50
      Windows 5.1.2600 Service Pack 2 NTFS

      scanning hidden processes ...

      scanning hidden autostart entries ...

      HKLM\Software\Microsoft\Windows\CurrentVersion\Run
      Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????1?2?8?4??????? ???B?????????????hLC? ??????

      scanning hidden files ...

      scan completed successfully
      hidden files: 0

      **************************************************************************
      .
      --------------------- LOCKED REGISTRY KEYS ---------------------

      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
      @Denied: (A 2) (Everyone)
      @="FlashBroker"
      "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
      "Enabled"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
      @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

      [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
      @Denied: (A 2) (Everyone)
      @="IFlashBroker4"

      [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
      @="{00020424-0000-0000-C000-000000000046}"

      [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      "Version"="1.0"
      .
      --------------------- DLLs Loaded Under Running Processes ---------------------

      - - - - - - - > 'winlogon.exe'(1072)
      c:\windows\system32\ackpbsc.dll
      c:\windows\system32\aclog.dll
      c:\windows\system32\ACLIBEAY.dll
      c:\windows\system32\acevtsub.dll
      c:\windows\system32\asphat32.dll
      c:\windows\system32\acerrmes.dll
      c:\windows\system32\aspcom.dll
      c:\program files\ActivIdentity\ActivClient\Resources\Merged\acerrmrc.dll
      c:\program files\ActivIdentity\ActivClient\Resources\Merged\asphatrc.dll
      c:\program files\ActivIdentity\ActivClient\acunlock.dll
      c:\windows\system32\aipingui.dll
      c:\program files\ActivIdentity\ActivClient\Resources\Merged\aipinguirc.dll
      c:\program files\ActivIdentity\ActivClient\resources\acCobAPIrc.dll
      c:\program files\ActivIdentity\ActivClient\Resources\Merged\acunlockrc.dll

      - - - - - - - > 'explorer.exe'(4540)
      c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.DLL
      c:\program files\Panda Security\Panda Cloud Antivirus\PSNCGP.dll
      c:\program files\Panda Security\Panda Cloud Antivirus\PSNCIPC.dll
      c:\program files\Google\Quick Search Box\bin\1.2.1151.245\qsb.dll
      c:\windows\system32\ieframe.dll
      c:\windows\system32\webcheck.dll
      c:\windows\system32\WPDShServiceObj.dll
      c:\windows\system32\PortableDeviceTypes.dll
      c:\windows\system32\PortableDeviceApi.dll
      .
      ------------------------ Other Running Processes ------------------------
      .
      c:\program files\ActivIdentity\ActivClient\acevents.exe
      c:\windows\System32\SCardSvr.exe
      c:\program files\Avira\AntiVir Desktop\avguard.exe
      c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
      c:\program files\Bonjour\mDNSResponder.exe
      c:\program files\Java\jre6\bin\jqs.exe
      c:\program files\Common Files\LightScribe\LSSrvc.exe
      c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
      c:\program files\Analog Devices\SoundMAX\SMAgent.exe
      c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
      c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
      c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
      c:\program files\HPQ\SHARED\HPQWMI.exe
      c:\program files\Apoint2K\Apntex.exe
      c:\windows\AGRSMMSG.exe
      c:\program files\Common Files\Teleca Shared\CapabilityManager.exe
      c:\program files\ActivIdentity\ActivClient\acevents.exe
      c:\program files\Common Files\Teleca Shared\logger.exe
      c:\windows\system32\msiexec.exe
      c:\program files\Common Files\Teleca Shared\Generic.exe
      c:\program files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
      c:\program files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
      c:\program files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
      c:\program files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
      c:\windows\system32\MsiExec.exe
      .
      **************************************************************************
      .
      Completion time: 2010-10-27 13:03:44 - machine was rebooted
      ComboFix-quarantined-files.txt 2010-10-27 20:03
      ComboFix2.txt 2010-10-27 03:54

      Pre-Run: 69,616,992,256 bytes free
      Post-Run: 69,588,975,616 bytes free

      - - End Of File - - 2F904CDEA212D3A550C0C87DA5EB7876

      Al parecer esta trabajando bien, no han aparecido ventanas, ya me dejo actualizar windows, pero hay una ventana de status que me dice que hace falta un archivo para continuar su instalacionde no se que cosa y aparece que busca un archivo 1.
      Gracias

    8. #8
      Moderador Gral.
      Avatar de Leosolari
      Registrado
      jun 2007
      Ubicación
      Argentina
      Mensajes
      54.383

      Re: tengo un spyware o malware o trojan o virus

      Desinstalá CF de la siguiente manera:
      • Ir a Inicio > Ejecutar
      • Escribir lo siguiente: ComboFix /Uninstall como muestra la imagen debajo:

      • Esto activara el desinstalador de ComboFix abriendo su pantalla principal y luego de unos segundos veras ("ComboFix is uninstalled")



      Nos comentas como sigue Todo ahora



      Saludos

      `·.¸¸.·´´¯`··._.· ·.¸¸.·´´¯`··._.· No Desesperes.....Seguí Luchando `·.¸¸.·´´¯`··._.· ·.¸¸.·´´¯`··._.·

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    9. #9
      Usuario Avatar de charlypin
      Registrado
      ene 2007
      Ubicación
      USA
      Mensajes
      16

      Re: tengo un spyware o malware o trojan o virus

      Ya esta funcionando bien, lo unico es que sigue hay una ventana de status que me dice que hace falta un archivo para continuar su instalacionde no se que cosa y aparece que busca un archivo 1. es lo unico que parece mal.
      Gracias

    10. #10
      Moderador Gral.
      Avatar de Leosolari
      Registrado
      jun 2007
      Ubicación
      Argentina
      Mensajes
      54.383

      Re: tengo un spyware o malware o trojan o virus

      No entiendo bién que queres decir.

      Por favor, explicalo mejor, o bien hacé una captura de pantalla y subí la imagen.


      Como subir una imagen al Foro


      Saludos

      `·.¸¸.·´´¯`··._.· ·.¸¸.·´´¯`··._.· No Desesperes.....Seguí Luchando `·.¸¸.·´´¯`··._.· ·.¸¸.·´´¯`··._.·

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    Página 1 de 2 12 ÚltimoÚltimo