Acentos [en´´esimo post referido a esto..me temo]

**DAVIDCEJ** · 31/05/12, 07:38:22

Hola,
mi primer mensaje en el foro..gracias a todos/as los que soporta´´is nuestras dudas, ruegos. s´´uplicas, etc...
el tema es (novedad: gol de Señor): no soy capaz de escribir los acentos, como pode´´is ver en este mensaje.
He tratado de responder en uno de los muchos hilos con este tema [Al pulsar la tilde y luna vocal me sale ´´a, pero me sale mensaje indicando que no puedo hacerlo por no estar registrado, no tener autorizaciones, etc.. tal vez est´´e haciendo algo mal, o tal vez tenga que esperar m´´as tiempo a que se activen todas las opciones de mi usuario ..???..

Resumiento, tengo descargado el OLT.EXE, por si son necesarios los fich. OLT.TXT Y EXTRA.TXT

He probado CCleaner, SpyBot, Malwarebyte's..avg antivirus...y nada de nada.
Tengo tambi´´en el HiJackThis, por si fuera necesario :)

Muchas, muchas y sinceras gracias por vuestra ayuda y paciencia :)

**Leosolari** · 31/05/12, 08:41:03

Hola DAVIDCEJ

Pasá por este link y hacé lo que allí está explicado:

Eliminar virus "Doble Tilde (´´)" con DT-Kill.exe

Volves con los reportes generados y nos comentas como sigue.

Saludos

**DAVIDCEJ** · 31/05/12, 09:53:25

Hola de nuevo
gracias por la ayuda..
lamentablemente, sigue igual: cami´´on.
He pasado el R_TKill (no me pidi´´o reinicio) y luego el MBAM (solo encontr´´o una infecci´´on). Pego los reportes:
* Microsoft Windows XP [v 5.1.2600] - Service Pack 3
* Doble Tilde Kill (V 2.0 ) - Infospyware.com
* IE: 8.0.6001.18702
* Inicio: 15:17
* Opción empleada: Busca y desinfectar

------------------------------( Archivo/s detecado/s )----------------------------

------------------------------( Carpeta/s detecada/s )----------------------------

ECHO is off.
ECHO is off.

-------------------------( Claves de registro detectadas )------------------------

-------------------------( Valor del registro detectado )-------------------------

-----------------------------------( Listing )------------------------------------

## Carpeta a listar: C:\Documents and Settings\Administrator\Application Data

Lotus
vlc

## Archivos .exe a listar:

## Valores a listar:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
stgclean REG_SZ c:\sdwork\w32maing.exe /cleanup
C4EBReg REG_SZ "C:\Program Files\C4ebreg\c4ebreg.exe" /q
Isamtray REG_SZ "C:\Program Files\C4ebreg\isamtray.exe"
IgfxTray REG_SZ C:\WINDOWS\system32\igfxtray.exe
HotKeysCmds REG_SZ C:\WINDOWS\system32\hkcmd.exe
Persistence REG_SZ C:\WINDOWS\system32\igfxpers.exe
TpShocks REG_SZ TpShocks.exe
PWRMGRTR REG_SZ rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
SynTPEnh REG_EXPAND_SZ %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
TPFNF7 REG_SZ C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r
LenovoAutoScrollUtility REG_SZ C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
TPKMAPHELPER REG_SZ C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
ISSI Service REG_SZ "c:\sdwork\issimsvc.exe"
Run StartupMonitor REG_SZ StartupMonitor.exe
ccApp REG_SZ "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
NetSP - restore settings on power failure REG_SZ "C:\Program Files\AT&T Network Client\NetSP.exe" -show
ATnotes.exe REG_SZ C:\Program Files\ATnotes\ATnotes.exe
ccleaner REG_SZ "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
Copernic Desktop Search - Home REG_SZ "C:\Program Files\Copernic Desktop Search - Home\DesktopSearchService.exe" /tray

----------------------------( ! Reporte finalizado ! )----------------------------

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.31.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
ASY009 :: WORK [administrator]

31/05/2012 15:19:20
mbam-log-2012-05-31 (15-19-20).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 201658
Time elapsed: 5 minute(s), 56 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
===
ha ocurrido algo raro tras hacer un reinicio: todos los iconos de acceso directo que ten´´ia en la barra de escritorio, abajo, han desparecido (es m´´as, el icono de ´´Opera tampoco est´´a, pero es que NO localizo el .exe, buscando por todo el pc)..???..en resumen y, por desgracia, sigo con el problema de los acentos y agravado adem´´as con esto ´´ultimo.

Muchas gracias :)

**Leosolari** · 31/05/12, 10:31:04

Hola

Descargá la herramienta ComboFix.exe a Tu escritorio.

Desactivá temporalmente el Antivirus y/o Antispyware. Cómo deshabilitar temporalmente su Antivirus
Cerrá todas las ventanas abiertas.
Hacá doble clic en el archivo ComboFix.exe y seguí las instrucciones.
Cuando termine, generará un registro en C:\ComboFix.txt.

Notas Importantes:

Mientras CF este trabajando, no debes mover el mouse ya que pararía su proceso.
ComboFix Puede Reiniciar automáticamente el PC para completar el proceso de eliminación.
Una vez Terminado el Trabajo de ComboFix, podes activar Tu antivirus.
No Pongas los Reportes Dentro de Etiquetas Code ni HTML.

Atención!! No use ComboFix a menos que se le haya indicado específicamente en su mensaje por un integrante de nuestro Staff. Es una herramienta de gran alcance destinada por su creador a ser usada bajo la orientación y supervisión de un experto, no para uso privado. El uso de ComboFix incorrectamente podría generar problemas en su sistema. Por favor, lea las "Negaciones de la Garantía" de ComboFix.

El reporte generado, se encuentra en C:\ComboFix.txt . Abrilo, seleccionas Todo y lo copias y pegas en Tu próxima respuesta.

Saludos

**DAVIDCEJ** · 31/05/12, 11:36:26

Hola de nuevo:
he pasado Combo.Fix y este es el reporte generado (el problema contin´´ua)

ComboFix 12-05-30.04 - ASY009 31/05/2012 17:15:37.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.34.1033.18.1944.1337 [GMT 2:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
.
ADS - system32: deleted 12 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Local Settings\Application Data\bloson.bmp
c:\documents and settings\Administrator\Local Settings\Application Data\dealply.bmp
c:\documents and settings\Administrator\Local Settings\Application Data\facemoods.bmp
c:\documents and settings\Administrator\Local Settings\Application Data\facemoods.exe
c:\documents and settings\Administrator\Local Settings\Application Data\lateral1.bmp
c:\documents and settings\Administrator\Local Settings\Application Data\lateral2.bmp
c:\documents and settings\Administrator\Local Settings\Application Data\lateral3.bmp
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\All Users\Application Data\TEMP
c:\windows\iun6002.exe
c:\windows\system32\avisynth.dll
c:\windows\system32\devil.dll
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\drivers\etc\lmhosts
c:\windows\system32\NeW
c:\windows\system32\operaprefs_fixed.ini
c:\windows\SYSTEM32\RtlGina\RtlGina.DLL
.
.
((((((((((((((((((((((((( Files Created from 2012-04-28 to 2012-05-31 )))))))))))))))))))))))))))))))
.
.
2012-05-31 14:41 . 2012-05-31 14:41 -------- d-----w- c:\documents and settings\Administrator\Application Data\lang
2012-05-31 14:20 . 2012-05-31 14:20 -------- d-----w- c:\documents and settings\Administrator\Application Data\smkits
2012-05-31 13:40 . 2012-05-31 13:40 -------- d-----w- c:\documents and settings\Administrator\Application Data\Songbird2
2012-05-31 13:32 . 2012-05-31 13:32 -------- d-----w- c:\documents and settings\Administrator\Application Data\Copernic
2012-05-31 13:31 . 2012-05-31 13:31 -------- d-----w- c:\documents and settings\Administrator\Application Data\Intel
2012-05-31 13:21 . 2012-05-31 13:30 -------- d-----w- c:\documents and settings\Administrator\Application Data\IBM
2012-05-31 13:17 . 2012-05-31 13:17 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2012-05-31 13:15 . 2012-05-31 13:15 -------- d-----w- c:\documents and settings\Administrator\Application Data\vlc
2012-05-31 13:10 . 2012-05-31 13:17 -------- d-----w- C:\DTRToll
2012-05-31 07:05 . 2012-05-31 07:05 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2012-05-30 15:36 . 2012-05-30 15:36 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\BigFix
2012-05-30 14:16 . 2012-01-31 12:44 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-05-30 07:01 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2012-05-30 06:51 . 2009-08-06 17:23 274288 ------w- c:\windows\system32\mucltui.dll
2012-05-30 06:49 . 2012-05-30 06:49 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Roxio
2012-05-30 06:48 . 2012-05-30 06:48 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Roxio Log Files
2012-05-29 14:42 . 2012-05-29 14:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-05-29 14:42 . 2012-05-29 14:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-29 14:42 . 2012-04-04 13:56 22344 ------w- c:\windows\system32\drivers\mbam.sys
2012-05-29 14:33 . 2012-05-29 14:33 -------- d-----w- c:\program files\Trend Micro
2012-05-25 08:41 . 2012-05-25 08:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Macrovision
2012-05-23 14:43 . 2012-05-23 14:43 -------- d-----w- C:\Utilities
2012-05-23 14:38 . 2012-05-23 14:45 -------- d-----w- C:\ibmdocs
2012-05-17 13:33 . 2012-05-17 13:33 -------- d-----w- c:\program files\Disk Magic
2012-05-17 10:53 . 2012-04-21 00:57 134072 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2012-05-17 10:53 . 2011-03-27 02:13 327168 ----a-w- c:\program files\Mozilla Firefox\distribution\extensions\[email protected]\plugins\npCoralIETab.dll
2012-05-16 07:46 . 2012-05-16 07:46 -------- d-----w- c:\documents and settings\Administrator\dwhelper
2012-05-14 08:20 . 2012-05-14 08:20 -------- d-----w- c:\program files\Opera Next
2012-05-11 11:18 . 2012-04-13 13:45 83808 ------w- c:\windows\system32\javacplIBM60.cpl
2012-05-09 07:19 . 2012-05-09 07:19 56320 ------w- c:\windows\system32\hteryh.exe
2012-05-06 02:40 . 2012-05-06 02:40 -------- d-----w- c:\windows\OPTIONS
2012-05-06 02:40 . 2009-04-02 08:27 188416 ----a-w- c:\windows\RTLExtUI.dll
2012-05-06 02:40 . 2009-03-31 12:31 380928 ----a-w- c:\windows\RtlUI2.exe
2012-05-06 02:40 . 2009-03-31 12:31 380928 ------w- c:\windows\system32\RtlUI2.exe
2012-05-06 02:40 . 2008-07-01 10:31 614400 ----a-w- c:\windows\Rtlihvs.dll
2012-05-06 02:40 . 2009-04-02 08:27 188416 ------w- c:\windows\system32\RTLExtUI.dll
2012-05-06 02:40 . 2009-02-05 00:49 451072 ------w- c:\windows\system32\ISSRemoveSP.exe
2012-05-06 02:40 . 2008-07-01 10:31 614400 ------w- c:\windows\system32\Rtlihvs.dll
2012-05-06 02:40 . 2012-05-31 15:23 -------- d-----w- c:\windows\system32\RtlGina
2012-05-04 14:18 . 2012-05-04 14:18 -------- d-----w- c:\program files\Password Memory 4
2012-05-03 14:12 . 2006-05-31 00:31 127 ------w- c:\windows\ESScli_win_reg_entry.reg
2012-05-03 14:12 . 2004-04-19 23:30 111 ------w- c:\windows\ESScli_win_reg_entry_uninst.reg
2012-05-03 08:01 . 2012-01-18 12:06 43 ----a-w- c:\windows\aperc.cmd
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-14 09:10 . 2012-04-19 01:24 419488 ------w- c:\windows\system32\FlashPlayerApp.exe
2012-05-14 09:10 . 2011-09-21 04:14 70304 ------w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-06 02:47 . 2012-03-08 17:10 21361 ------w- c:\windows\system32\drivers\AegisP.sys
2012-04-16 16:05 . 2005-07-29 18:05 68888 ----a-w- c:\windows\isamunin.exe
2012-04-16 14:19 . 2008-11-14 20:27 7012 ------w- c:\windows\system32\drivers\PMEMNT.SYS
2012-04-13 13:44 . 2011-01-18 23:56 563040 ------w- c:\windows\system32\deployJava1.dll
2012-04-12 13:50 . 2011-09-21 07:50 9600 ------w- c:\windows\system32\drivers\isamfilter.sys
2012-04-11 13:14 . 2004-08-04 05:00 2148352 ------w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12 . 2004-08-04 05:00 1862272 ------w- c:\windows\system32\win32k.sys
2012-04-11 12:35 . 2004-08-03 22:59 2026496 ------w- c:\windows\system32\ntkrnlpa.exe
2012-04-09 05:53 . 2012-04-09 05:54 73728 ------w- c:\windows\system32\javacpl.cpl
2012-04-03 12:53 . 2009-06-10 00:50 358780 ------w- c:\windows\system32\launchmyhelp.exe
2012-04-03 12:53 . 2006-01-08 21:23 516173 ------w- c:\windows\system32\MSVCP60D.DLL
2012-04-03 12:53 . 2006-01-08 21:23 434252 ------w- c:\windows\system32\MSVCRTD.DLL
2012-04-21 00:57 . 2012-05-17 10:53 134072 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2005-05-13 16:12 217073 --sha-r- c:\windows\meta4.exe
2005-10-24 10:13 66560 --sha-r- c:\windows\MOTA113.exe
2005-10-13 20:27 422400 --sha-r- c:\windows\x2.64.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B7CF5C23-CA56-440B-8E87-8E2D05BE2113}]
2011-07-18 16:12 3688960 ----a-w- c:\program files\Media Pimp Toolbar\MediaPimp.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{283B4AA3-1B7A-46E6-B56D-90EF4743FB2C}"= "c:\program files\Media Pimp Toolbar\MediaPimp.dll" [2011-07-18 3688960]
.
[HKEY_CLASSES_ROOT\clsid\{283b4aa3-1b7a-46e6-b56d-90ef4743fb2c}]
[HKEY_CLASSES_ROOT\VideoDownloader.VideoDownloaderBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{1EA80D6E-79D4-483F-AF7C-52851C945761}]
[HKEY_CLASSES_ROOT\VideoDownloader.VideoDownloaderBand]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlayHandlerAccessible]
@="{3DBF5F01-3287-46EB-82CF-45AA5C241162}"
[HKEY_CLASSES_ROOT\CLSID\{3DBF5F01-3287-46EB-82CF-45AA5C241162}]
2010-03-02 16:40 613496 ------w- c:\windows\system32\PGPfsshl.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NetSP - restore settings on power failure"="c:\program files\AT&T Network Client\NetSP.exe" [2009-10-07 87392]
"ATnotes.exe"="c:\program files\ATnotes\ATnotes.exe" [2005-01-05 1015808]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2012-05-23 3029344]
"Copernic Desktop Search - Home"="c:\program files\Copernic Desktop Search - Home\DesktopSearchService.exe" [2011-11-22 1648600]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"stgclean"="c:\sdwork\w32maing.exe" [2012-04-27 291840]
"C4EBReg"="c:\program files\C4ebreg\c4ebreg.exe" [2012-04-16 498968]
"Isamtray"="c:\program files\C4ebreg\isamtray.exe" [2012-04-16 314648]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-12-27 141336]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-12-27 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-12-27 142872]
"TpShocks"="TpShocks.exe" [2009-12-11 337256]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2011-12-27 759144]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-12-27 2262312]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2011-12-27 62240]
"LenovoAutoScrollUtility"="c:\program files\Lenovo\VIRTSCRL\virtscrl.exe" [2010-04-01 43960]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2007-01-09 868352]
"ISSI Service"="c:\sdwork\issimsvc.exe" [2011-09-20 184048]
"Run StartupMonitor"="StartupMonitor.exe" [2000-05-20 86016]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
SunClock5.lnk - c:\documents and settings\Administrator\Application Data\Map Maker\MMManager.exe [N/A]
WinBar.lnk - c:\program files\WinBar\WinBar.exe [2009-9-29 188928]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
REALTEK RTL8187 Wireless LAN Utility.lnk - c:\program files\REALTEK\RTL8187 Wireless LAN Utility\RtWLan.exe [2012-5-6 942080]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli PGPpwflt
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 12:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"IBMconfig"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Administrator\\Application Data\\OPERA\\opera.exe"=
"c:\\Program Files\\DroidCam\\DroidCamApp.exe"=
"c:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"c:\\Program Files\\BigFix Enterprise\\BES Client\\BESClient.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\REALTEK\\RTL8187 Wireless LAN Utility\\RtWLan.exe"=
"c:\\Program Files\\Opera Next\\pluginwrapper\\opera_plugin_wrapper.exe"=
"c:\\Program Files\\Opera Next\\opera.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1542:TCP"= 1542:TCP:WPS TCP Prot
"1542:UDP"= 1542:UDP:WPS UDP Prot
"53:UDP"= 53:UDP:AP UDP Prot
.
R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [11/01/2012 14:53 25968]
R0 Pgpwdefs;Pgpwdefs;c:\windows\system32\drivers\PGPwdefs.sys [02/03/2010 18:40 13432]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [09/10/2009 14:10 20520]
R0 vmscsi;vmscsi;c:\windows\system32\drivers\vmscsi.sys [10/11/2009 6:22 17968]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [11/01/2012 14:56 13680]
R2 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [11/01/2012 14:53 292200]
R2 ldlcserv6;IBM Enterprise Extender (IPv6);c:\windows\system32\drivers\ldlcserv6.exe [02/02/2011 13:01 40960]
R2 Lotus Notes Diagnostics;Lotus Notes Diagnostics;c:\notes\nsd.exe -svcinvoke -ini "c:\notes\notes.ini" --> c:\notes\nsd.exe -svcinvoke -ini c:\notes\notes.ini [?]
R2 NetBalancer Windows Service;NetBalancer Windows Service;c:\program files\NetBalancer\SeriousBit.NetBalancer.Service.exe [14/01/2012 13:50 10240]
R2 NetClientSvc;AT&T Global Network Client Service;c:\program files\AT&T Network Client\NetClientSvc.exe [07/10/2009 14:36 263520]
R2 pdlndldl6;IBM Enterprise Extender (HPR/IPv6);c:\windows\system32\drivers\pdlndldl6.sys [02/02/2011 13:01 72704]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [11/01/2012 14:53 69632]
R2 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files\ThinkPad\Utilities\PWMEWSVC.exe [11/01/2012 14:53 148840]
R2 TGRAB;IBM Tivoli Endpoint Manager for Remote Control - Text Screen Capture Driver;c:\windows\system32\tgrab.sys [09/02/2012 16:27 8288]
R2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\Lenovo\HOTKEY\tphkload.exe [11/01/2012 14:56 99328]
R2 TPHKSVC;On Screen Display;c:\program files\Lenovo\HOTKEY\TPHKSVC.exe [11/01/2012 14:56 64440]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [11/01/2012 15:09 243856]
R3 IsamFilter;IsamFilter;c:\windows\system32\drivers\isamfilter.sys [21/09/2011 9:50 9600]
R3 Nbdrv;NetBalancer Service;c:\windows\system32\drivers\nbdrv.sys [14/01/2012 13:50 31016]
R3 NETwNx32;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwNx32.sys [11/01/2012 15:00 6913920]
S0 ahcix86;ATI AHCI Compatible RAID Controller;c:\windows\system32\drivers\ahcix86.sys [20/05/2010 1:06 187960]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 15:16 130384]
S2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\DRIVERS\EAPPkt.sys --> c:\windows\system32\DRIVERS\EAPPkt.sys [?]
S2 gupdate;Servicio de Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [16/03/2012 15:02 136176]
S2 hteryh;Advanced Micro Devices Service;c:\windows\system32\hteryh.exe [09/05/2012 9:19 56320]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\Lenovo\HOTKEY\micmute.exe [11/01/2012 14:56 45496]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [15/02/2012 14:30 158856]
S3 csrcmds;csrcmds;c:\program files\IBM\Personal Communications\csrcmds.exe [02/02/2011 13:01 49152]
S3 cstrcser;IBM Command Line Trace;c:\windows\system32\drivers\cstrcser.exe [02/02/2011 13:01 36864]
S3 CTUPnPSv;Creative Centrale Media Server;c:\program files\Creative\Creative Centrale\CTUPnPSv.exe [21/05/2008 13:42 64000]
S3 CV2K1;CommView Network Monitor;c:\windows\system32\DRIVERS\cv2k1.sys --> c:\windows\system32\DRIVERS\cv2k1.sys [?]
S3 gupdatem;Servicio de Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [16/03/2012 15:02 136176]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [06/03/2012 13:54 332928]
S3 TRCTARGET;IBM Tivoli Endpoint Manager for Remote Control - Target;c:\program files\IBM\Tivoli\Remote Control\Target\trc_base.exe [09/02/2012 16:30 745472]
S3 vmci;VMware VMCI Bus Driver;c:\windows\system32\drivers\vmci.sys [18/01/2011 2:58 61488]
S3 vmx_svga;vmx_svga;c:\windows\system32\drivers\vmx_svga.sys [18/01/2011 2:58 28080]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 15:16 753504]
S4 vmdebug;VMware Replay Debugging Helper;c:\windows\system32\drivers\vmdebug.sys [11/11/2010 13:02 23152]
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-31 c:\windows\Tasks\At1.job
- c:\program files\IBM\IPM Client Migration Utility\ipmcmu.exe [2012-01-16 09:16]
.
2012-05-30 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-224692178-3335544166-1811469460-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2012-02-05 20:12]
.
2012-05-31 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-224692178-3335544166-1811469460-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2012-02-05 20:12]
.
2012-05-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-16 13:02]
.
2012-05-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-16 13:02]
.
2012-05-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-224692178-3335544166-1811469460-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-18 20:07]
.
2012-05-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-224692178-3335544166-1811469460-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-18 20:07]
.
2012-05-31 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 15:07]
.
2012-05-31 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2012-01-11 05:15]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.ess1.de.smi.ibm.com/maximo/public/login.jsp
uInternet Connection Wizard,ShellNext = hxxp://w3.ibm.com/
uInternet Settings,ProxyOverride = <local>;<local>
IE: Descargar con Mipony - file://c:\program files\MiPony\Browser\IEContext.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a}
LSP: c:\windows\system32\Hummingbird\Connectivity\7.00\Socks\\hclsock5.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {1ACECAFE-0016-0000-0000-ABCDEFFEDCBA} - hxxp://
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6bg61iev.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Notify-NavLogon - (no file)
MSConfigStartUp-Babylon Client - c:\program files\Babylon\Babylon-Pro\Babylon.exe
AddRemove-Juniper_Setup_Client - c:\documents and settings\Administrator\Application Data\Juniper Networks\Setup Client\uninstall.exe
AddRemove-Neoteris_Host_Checker - c:\documents and settings\Administrator\Application Data\Juniper Networks\Host Checker\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-31 17:27
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-224692178-3335544166-1811469460-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
@SACL=
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c4,4a,2a,64,fe,1c,ea,4b,ba,b4,18,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c4,4a,2a,64,fe,1c,ea,4b,ba,b4,18,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(1304)
c:\windows\system32\wininet.dll
c:\windows\system32\Hummingbird\Connectivity\7.00\Socks\hclsock5.dll
.
- - - - - - - > 'explorer.exe'(4780)
c:\windows\system32\WININET.dll
c:\windows\system32\PGPfsshl.dll
c:\windows\system32\ieframe.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
c:\program files\Common Files\Microsoft Shared\OFFICE11\MSOXEV.DLL
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
- - - - - - - > 'csrss.exe'(1224)
c:\windows\system32\wininet.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\windows\system32\Drivers\trcboot.exe
c:\program files\IBM\Personal Communications\tpam.exe
c:\program files\IBM\Personal Communications\PCS_AGNT.EXE
c:\program files\LENOVO\HOTKEY\tposdsvc.exe
c:\program files\BigFix Enterprise\BES Client\BESClient.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\program files\Creative\Shared Files\CTDevSrv.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\IBM\Java60\jre\bin\jqs.exe
c:\program files\BigFix Enterprise\BES Client\BESClientUI.exe
c:\notes\nsd.exe
c:\windows\system32\TpShocks.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\rundll32.exe
c:\windows\StartupMonitor.exe
c:\progra~1\AT&TNE~2\netcfgsvr.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\PGPserv.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Synaptics\SynTP\SynTPLpr.exe
c:\progra~1\ThinkPad\UTILIT~1\SCHTASK.exe
c:\windows\system32\TpKmpSVC.exe
c:\windows\system32\Drivers\ldlcserv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2012-05-31 17:32:31 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-31 15:32
.
Pre-Run: 49.786.998.784 bytes free
Post-Run: 50.212.343.808 bytes free
.
- - End Of File - - C04F381FA122D25F04EF4EA98EFA63B9

Muchas gracias

**Leosolari** · 31/05/12, 14:42:47

Hola de nuevo

Realiza lo siguiente :

Clic en INICIO > EJECUTAR >
- Y ahí pones notepad.exe y ACEPTAR
- Ahora copia y pega el texto del cuadro de mas abajo dentro del Notepad

Código:

KillAll::
ClearJavaCache::
File::
c:\windows\system32\hteryh.exe
c:\program files\Media Pimp Toolbar\MediaPimp.dll
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-224692178-3335544166-1811469460-500Core.job
c:\documents and settings\Administrator\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-224692178-3335544166-1811469460-500UA.job
c:\windows\Tasks\PMTask.job
c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B7CF5C23-CA56-440B-8E87-8E2D05BE2113}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{283B4AA3-1B7A-46E6-B56D-90EF4743FB2C}"=-
[-HKEY_CLASSES_ROOT\clsid\{283b4aa3-1b7a-46e6-b56d-90ef4743fb2c}]
[-HKEY_CLASSES_ROOT\VideoDownloader.VideoDownloaderBand.1]
[-HKEY_CLASSES_ROOT\TypeLib\{1EA80D6E-79D4-483F-AF7C-52851C945761}]
[-HKEY_CLASSES_ROOT\VideoDownloader.VideoDownloaderBand]

Guarda este archivo con el nombre CFScript.txt
Arrastra y suelta el archivo CFScript.txt dentro del archivo ComboFix.exe como lo muestra el screenshot de abajo.
ComboFix comenzará otra vez a ejecutarse. Cuando termine generara un nuevo reporte que tendras que pegar en este mismo tema.

Después de reiniciar, comprobas en funcionamiento y nos comentás.

saludos

**DAVIDCEJ** · 01/06/12, 02:51:12

Hola de nuevo

seguimos con el mismo problema: cami´´on..

Pego el nuevo reporte -->
ComboFix 12-05-30.04 - ASY009 01/06/2012 8:17.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.34.1033.18.1944.1281 [GMT 2:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
.
FILE ::
"c:\documents and settings\Administrator\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe"
"c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE"
"c:\program files\Media Pimp Toolbar\MediaPimp.dll"
"c:\windows\system32\hteryh.exe"
"c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-224692178-3335544166-1811469460-500Core.job"
"c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-224692178-3335544166-1811469460-500UA.job"
"c:\windows\Tasks\PMTask.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe
c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE
c:\program files\Media Pimp Toolbar\MediaPimp.dll
c:\windows\system32\hteryh.exe
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-224692178-3335544166-1811469460-500Core.job
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-224692178-3335544166-1811469460-500UA.job
c:\windows\Tasks\PMTask.job
.
Infected copy of c:\windows\system32\kernel32.dll was found and disinfected
Restored copy from - c:\windows\$NtServicePackUninstall$\kernel32.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_hteryh
-------\Service_hteryh
.
.
((((((((((((((((((((((((( Files Created from 2012-05-01 to 2012-06-01 )))))))))))))))))))))))))))))))
.
.
2012-06-01 06:25 . 2012-06-01 06:25 56320 ----a-w- c:\windows\system32\jwinz.exe
2012-05-31 14:41 . 2012-05-31 14:41 -------- d-----w- c:\documents and settings\Administrator\Application Data\lang
2012-05-31 14:20 . 2012-05-31 14:20 -------- d-----w- c:\documents and settings\Administrator\Application Data\smkits
2012-05-31 13:40 . 2012-05-31 13:40 -------- d-----w- c:\documents and settings\Administrator\Application Data\Songbird2
2012-05-31 13:32 . 2012-05-31 13:32 -------- d-----w- c:\documents and settings\Administrator\Application Data\Copernic
2012-05-31 13:31 . 2012-05-31 13:31 -------- d-----w- c:\documents and settings\Administrator\Application Data\Intel
2012-05-31 13:21 . 2012-05-31 13:30 -------- d-----w- c:\documents and settings\Administrator\Application Data\IBM
2012-05-31 13:17 . 2012-05-31 13:17 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2012-05-31 13:15 . 2012-05-31 13:15 -------- d-----w- c:\documents and settings\Administrator\Application Data\vlc
2012-05-31 13:10 . 2012-05-31 13:17 -------- d-----w- C:\DTRToll
2012-05-31 07:05 . 2012-05-31 07:05 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2012-05-30 15:36 . 2012-05-30 15:36 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\BigFix
2012-05-30 14:16 . 2012-01-31 12:44 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-05-30 07:01 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2012-05-30 06:51 . 2009-08-06 17:23 274288 ------w- c:\windows\system32\mucltui.dll
2012-05-30 06:49 . 2012-05-30 06:49 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Roxio
2012-05-30 06:48 . 2012-05-30 06:48 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Roxio Log Files
2012-05-29 14:42 . 2012-05-29 14:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-05-29 14:42 . 2012-05-29 14:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-29 14:42 . 2012-04-04 13:56 22344 ------w- c:\windows\system32\drivers\mbam.sys
2012-05-29 14:33 . 2012-05-29 14:33 -------- d-----w- c:\program files\Trend Micro
2012-05-25 08:41 . 2012-05-25 08:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Macrovision
2012-05-23 14:43 . 2012-05-23 14:43 -------- d-----w- C:\Utilities
2012-05-23 14:38 . 2012-05-23 14:45 -------- d-----w- C:\ibmdocs
2012-05-17 13:33 . 2012-05-17 13:33 -------- d-----w- c:\program files\Disk Magic
2012-05-17 10:53 . 2012-04-21 00:57 134072 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2012-05-17 10:53 . 2011-03-27 02:13 327168 ----a-w- c:\program files\Mozilla Firefox\distribution\extensions\[email protected]\plugins\npCoralIETab.dll
2012-05-16 07:46 . 2012-05-16 07:46 -------- d-----w- c:\documents and settings\Administrator\dwhelper
2012-05-14 08:20 . 2012-05-14 08:20 -------- d-----w- c:\program files\Opera Next
2012-05-11 11:18 . 2012-04-13 13:45 83808 ------w- c:\windows\system32\javacplIBM60.cpl
2012-05-06 02:40 . 2012-05-06 02:40 -------- d-----w- c:\windows\OPTIONS
2012-05-06 02:40 . 2009-04-02 08:27 188416 ----a-w- c:\windows\RTLExtUI.dll
2012-05-06 02:40 . 2009-03-31 12:31 380928 ----a-w- c:\windows\RtlUI2.exe
2012-05-06 02:40 . 2009-03-31 12:31 380928 ------w- c:\windows\system32\RtlUI2.exe
2012-05-06 02:40 . 2008-07-01 10:31 614400 ----a-w- c:\windows\Rtlihvs.dll
2012-05-06 02:40 . 2009-04-02 08:27 188416 ------w- c:\windows\system32\RTLExtUI.dll
2012-05-06 02:40 . 2009-02-05 00:49 451072 ------w- c:\windows\system32\ISSRemoveSP.exe
2012-05-06 02:40 . 2008-07-01 10:31 614400 ------w- c:\windows\system32\Rtlihvs.dll
2012-05-06 02:40 . 2012-05-31 15:23 -------- d-----w- c:\windows\system32\RtlGina
2012-05-04 14:18 . 2012-05-04 14:18 -------- d-----w- c:\program files\Password Memory 4
2012-05-03 14:12 . 2006-05-31 00:31 127 ------w- c:\windows\ESScli_win_reg_entry.reg
2012-05-03 14:12 . 2004-04-19 23:30 111 ------w- c:\windows\ESScli_win_reg_entry_uninst.reg
2012-05-03 08:01 . 2012-01-18 12:06 43 ----a-w- c:\windows\aperc.cmd
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-14 09:10 . 2012-04-19 01:24 419488 ------w- c:\windows\system32\FlashPlayerApp.exe
2012-05-14 09:10 . 2011-09-21 04:14 70304 ------w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-06 02:47 . 2012-03-08 17:10 21361 ------w- c:\windows\system32\drivers\AegisP.sys
2012-04-16 16:05 . 2005-07-29 18:05 68888 ----a-w- c:\windows\isamunin.exe
2012-04-16 14:19 . 2008-11-14 20:27 7012 ------w- c:\windows\system32\drivers\PMEMNT.SYS
2012-04-13 13:44 . 2011-01-18 23:56 563040 ------w- c:\windows\system32\deployJava1.dll
2012-04-12 13:50 . 2011-09-21 07:50 9600 ------w- c:\windows\system32\drivers\isamfilter.sys
2012-04-11 13:14 . 2004-08-04 05:00 2148352 ------w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12 . 2004-08-04 05:00 1862272 ------w- c:\windows\system32\win32k.sys
2012-04-11 12:35 . 2004-08-03 22:59 2026496 ------w- c:\windows\system32\ntkrnlpa.exe
2012-04-09 05:53 . 2012-04-09 05:54 73728 ------w- c:\windows\system32\javacpl.cpl
2012-04-03 12:53 . 2009-06-10 00:50 358780 ------w- c:\windows\system32\launchmyhelp.exe
2012-04-03 12:53 . 2006-01-08 21:23 516173 ------w- c:\windows\system32\MSVCP60D.DLL
2012-04-03 12:53 . 2006-01-08 21:23 434252 ------w- c:\windows\system32\MSVCRTD.DLL
2012-04-21 00:57 . 2012-05-17 10:53 134072 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2005-05-13 16:12 217073 --sha-r- c:\windows\meta4.exe
2005-10-24 10:13 66560 --sha-r- c:\windows\MOTA113.exe
2005-10-13 20:27 422400 --sha-r- c:\windows\x2.64.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-31_15.27.05 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-06-01 06:28 . 2012-06-01 06:28 16384 c:\windows\temp\Perflib_Perfdata_e68.dat
+ 2012-06-01 06:29 . 2012-06-01 06:29 16384 c:\windows\temp\Perflib_Perfdata_cdc.dat
- 2005-04-04 17:46 . 2012-05-31 15:26 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2005-04-04 17:46 . 2012-06-01 06:28 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2005-04-04 17:46 . 2012-05-31 15:26 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2005-04-04 17:46 . 2012-06-01 06:28 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2005-04-04 17:46 . 2012-06-01 06:28 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2005-04-04 17:46 . 2012-05-31 15:26 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2004-08-04 05:00 . 2009-03-21 14:18 986112 c:\windows\system32\kernel32.dll
+ 2011-09-20 10:52 . 2012-06-01 06:28 262144 c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2011-09-20 10:52 . 2012-05-31 15:26 262144 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2011-01-14 05:10 . 2011-01-14 05:10 155520 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKWORD6.DLL
+ 2011-01-14 05:10 . 2011-01-14 05:10 140160 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKEXCEL2.DLL
+ 2011-07-21 10:34 . 2011-07-21 10:34 3456000 c:\windows\Installer\20dedbb.msp
+ 2011-01-14 05:10 . 2011-01-14 05:10 2395008 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKWORD.DLL
+ 2011-01-14 05:10 . 2011-01-14 05:10 2180992 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKPOWERPOINT.DLL
+ 2011-01-14 05:10 . 2011-01-14 05:10 3443072 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKEXCEL.DLL
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlayHandlerAccessible]
@="{3DBF5F01-3287-46EB-82CF-45AA5C241162}"
[HKEY_CLASSES_ROOT\CLSID\{3DBF5F01-3287-46EB-82CF-45AA5C241162}]
2010-03-02 16:40 613496 ------w- c:\windows\system32\PGPfsshl.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NetSP - restore settings on power failure"="c:\program files\AT&T Network Client\NetSP.exe" [2009-10-07 87392]
"ATnotes.exe"="c:\program files\ATnotes\ATnotes.exe" [2005-01-05 1015808]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2012-05-23 3029344]
"Copernic Desktop Search - Home"="c:\program files\Copernic Desktop Search - Home\DesktopSearchService.exe" [2011-11-22 1648600]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"stgclean"="c:\sdwork\w32maing.exe" [2012-04-27 291840]
"C4EBReg"="c:\program files\C4ebreg\c4ebreg.exe" [2012-04-16 498968]
"Isamtray"="c:\program files\C4ebreg\isamtray.exe" [2012-04-16 314648]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-12-27 141336]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-12-27 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-12-27 142872]
"TpShocks"="TpShocks.exe" [2009-12-11 337256]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2011-12-27 759144]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-12-27 2262312]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2011-12-27 62240]
"LenovoAutoScrollUtility"="c:\program files\Lenovo\VIRTSCRL\virtscrl.exe" [2010-04-01 43960]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2007-01-09 868352]
"ISSI Service"="c:\sdwork\issimsvc.exe" [2011-09-20 184048]
"Run StartupMonitor"="StartupMonitor.exe" [2000-05-20 86016]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
SunClock5.lnk - c:\documents and settings\Administrator\Application Data\Map Maker\MMManager.exe [N/A]
WinBar.lnk - c:\program files\WinBar\WinBar.exe [2009-9-29 188928]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
REALTEK RTL8187 Wireless LAN Utility.lnk - c:\program files\REALTEK\RTL8187 Wireless LAN Utility\RtWLan.exe [2012-5-6 942080]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli PGPpwflt
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 12:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"IBMconfig"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Administrator\\Application Data\\OPERA\\opera.exe"=
"c:\\Program Files\\DroidCam\\DroidCamApp.exe"=
"c:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"c:\\Program Files\\BigFix Enterprise\\BES Client\\BESClient.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\REALTEK\\RTL8187 Wireless LAN Utility\\RtWLan.exe"=
"c:\\Program Files\\Opera Next\\pluginwrapper\\opera_plugin_wrapper.exe"=
"c:\\Program Files\\Opera Next\\opera.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1542:TCP"= 1542:TCP:WPS TCP Prot
"1542:UDP"= 1542:UDP:WPS UDP Prot
"53:UDP"= 53:UDP:AP UDP Prot
.
R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [11/01/2012 14:53 25968]
R0 Pgpwdefs;Pgpwdefs;c:\windows\system32\drivers\PGPwdefs.sys [02/03/2010 18:40 13432]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [09/10/2009 14:10 20520]
R0 vmscsi;vmscsi;c:\windows\system32\drivers\vmscsi.sys [10/11/2009 6:22 17968]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [11/01/2012 14:56 13680]
R2 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [11/01/2012 14:53 292200]
R2 ldlcserv6;IBM Enterprise Extender (IPv6);c:\windows\system32\drivers\ldlcserv6.exe [02/02/2011 13:01 40960]
R2 Lotus Notes Diagnostics;Lotus Notes Diagnostics;c:\notes\nsd.exe -svcinvoke -ini "c:\notes\notes.ini" --> c:\notes\nsd.exe -svcinvoke -ini c:\notes\notes.ini [?]
R2 NetBalancer Windows Service;NetBalancer Windows Service;c:\program files\NetBalancer\SeriousBit.NetBalancer.Service.exe [14/01/2012 13:50 10240]
R2 NetClientSvc;AT&T Global Network Client Service;c:\program files\AT&T Network Client\NetClientSvc.exe [07/10/2009 14:36 263520]
R2 pdlndldl6;IBM Enterprise Extender (HPR/IPv6);c:\windows\system32\drivers\pdlndldl6.sys [02/02/2011 13:01 72704]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [11/01/2012 14:53 69632]
R2 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files\ThinkPad\Utilities\PWMEWSVC.exe [11/01/2012 14:53 148840]
R2 TGRAB;IBM Tivoli Endpoint Manager for Remote Control - Text Screen Capture Driver;c:\windows\system32\tgrab.sys [09/02/2012 16:27 8288]
R2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\Lenovo\HOTKEY\tphkload.exe [11/01/2012 14:56 99328]
R2 TPHKSVC;On Screen Display;c:\program files\Lenovo\HOTKEY\TPHKSVC.exe [11/01/2012 14:56 64440]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [11/01/2012 15:09 243856]
R3 IsamFilter;IsamFilter;c:\windows\system32\drivers\isamfilter.sys [21/09/2011 9:50 9600]
R3 Nbdrv;NetBalancer Service;c:\windows\system32\drivers\nbdrv.sys [14/01/2012 13:50 31016]
R3 NETwNx32;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwNx32.sys [11/01/2012 15:00 6913920]
S0 ahcix86;ATI AHCI Compatible RAID Controller;c:\windows\system32\drivers\ahcix86.sys [20/05/2010 1:06 187960]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 15:16 130384]
S2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\DRIVERS\EAPPkt.sys --> c:\windows\system32\DRIVERS\EAPPkt.sys [?]
S2 gupdate;Servicio de Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [16/03/2012 15:02 136176]
S2 jwinz;Windows Print Provider;c:\windows\system32\jwinz.exe [01/06/2012 8:25 56320]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\Lenovo\HOTKEY\micmute.exe [11/01/2012 14:56 45496]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [15/02/2012 14:30 158856]
S3 csrcmds;csrcmds;c:\program files\IBM\Personal Communications\csrcmds.exe [02/02/2011 13:01 49152]
S3 cstrcser;IBM Command Line Trace;c:\windows\system32\drivers\cstrcser.exe [02/02/2011 13:01 36864]
S3 CTUPnPSv;Creative Centrale Media Server;c:\program files\Creative\Creative Centrale\CTUPnPSv.exe [21/05/2008 13:42 64000]
S3 CV2K1;CommView Network Monitor;c:\windows\system32\DRIVERS\cv2k1.sys --> c:\windows\system32\DRIVERS\cv2k1.sys [?]
S3 gupdatem;Servicio de Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [16/03/2012 15:02 136176]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [06/03/2012 13:54 332928]
S3 TRCTARGET;IBM Tivoli Endpoint Manager for Remote Control - Target;c:\program files\IBM\Tivoli\Remote Control\Target\trc_base.exe [09/02/2012 16:30 745472]
S3 vmci;VMware VMCI Bus Driver;c:\windows\system32\drivers\vmci.sys [18/01/2011 2:58 61488]
S3 vmx_svga;vmx_svga;c:\windows\system32\drivers\vmx_svga.sys [18/01/2011 2:58 28080]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 15:16 753504]
S4 vmdebug;VMware Replay Debugging Helper;c:\windows\system32\drivers\vmdebug.sys [11/11/2010 13:02 23152]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - JWINZ
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-31 c:\windows\Tasks\At1.job
- c:\program files\IBM\IPM Client Migration Utility\ipmcmu.exe [2012-01-16 09:16]
.
2012-06-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-16 13:02]
.
2012-06-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-16 13:02]
.
2012-05-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-224692178-3335544166-1811469460-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-18 20:07]
.
2012-06-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-224692178-3335544166-1811469460-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-18 20:07]
.
2012-06-01 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 15:07]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.ess1.de.smi.ibm.com/maximo/public/login.jsp
uInternet Connection Wizard,ShellNext = hxxp://w3.ibm.com/
uInternet Settings,ProxyOverride = <local>;<local>
IE: Descargar con Mipony - file://c:\program files\MiPony\Browser\IEContext.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a}
LSP: c:\windows\system32\Hummingbird\Connectivity\7.00\Socks\\hclsock5.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {1ACECAFE-0016-0000-0000-ABCDEFFEDCBA} - hxxp://
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6bg61iev.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-01 08:29
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-224692178-3335544166-1811469460-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
@SACL=
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c4,4a,2a,64,fe,1c,ea,4b,ba,b4,18,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c4,4a,2a,64,fe,1c,ea,4b,ba,b4,18,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(1316)
c:\windows\system32\wininet.dll
c:\windows\system32\Hummingbird\Connectivity\7.00\Socks\hclsock5.dll
.
- - - - - - - > 'explorer.exe'(5648)
c:\windows\system32\WININET.dll
c:\windows\system32\PGPfsshl.dll
c:\windows\system32\ieframe.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
c:\program files\Common Files\Microsoft Shared\OFFICE11\MSOXEV.DLL
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
- - - - - - - > 'csrss.exe'(1236)
c:\windows\system32\wininet.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\windows\system32\Drivers\trcboot.exe
c:\program files\IBM\Personal Communications\tpam.exe
c:\program files\IBM\Personal Communications\PCS_AGNT.EXE
c:\program files\LENOVO\HOTKEY\tposdsvc.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\program files\BigFix Enterprise\BES Client\BESClient.exe
c:\program files\Creative\Shared Files\CTDevSrv.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\IBM\Java60\jre\bin\jqs.exe
c:\notes\nsd.exe
c:\program files\BigFix Enterprise\BES Client\BESClientUI.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\TpShocks.exe
c:\windows\system32\rundll32.exe
c:\windows\StartupMonitor.exe
c:\progra~1\AT&TNE~2\netcfgsvr.exe
c:\windows\system32\igfxext.exe
c:\program files\Synaptics\SynTP\SynTPLpr.exe
c:\windows\system32\PGPserv.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\progra~1\ThinkPad\UTILIT~1\SCHTASK.exe
c:\windows\system32\TpKmpSVC.exe
c:\windows\system32\Drivers\ldlcserv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2012-06-01 08:34:17 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-01 06:34
ComboFix2.txt 2012-05-31 15:32
.
Pre-Run: 50.269.511.680 bytes free
Post-Run: 50.240.929.792 bytes free
.
- - End Of File - - 8A23DDBFDB1997FCE70682C6D0FFD52B
-----
Muchas gracias

**Leosolari** · 01/06/12, 09:41:49

Hola

Descargá OTL By OldTimer

>>> Ejecutá OTL

Cerrá todos programas que tengas abiertos y Hacé doble click en el ícono de OTL para ejecutarlo.
Dejalo correr sin interrumpirlo asta que termine el Análisis.
Cuando la interfaz aparesca, solo debes cambiar Abajo de: "Tipo de Análisis" poniendo Resultado Minimo.
Marcá las opciones: Buscar LOP y Buscar Purity.
Marcá las Opciones Omitir Archivos De Microsoft y Usar Listado de Compañias Reconocidas.
Pegá el siguiente script bajo la casilla Análisis Personalizados/Codigo de Reparación:

NOTA: No copiar la palabra Cita.

netsvcs
msconfig
%SYSTEMDRIVE%\*.*
CREATERESTOREPOINT
Por favor No cambies el resto de la configuración a menos que te lo solicitemos.

Presioná el boton .
Una vez que termine, se abrirán dos (2) archivos, OTL.Txt y Extras.Txt. Éstos aparecerán grabados en el mismo lugar OTL.exe fue descargado.
Copiá y pegá el contenido del archivo OTL.txt en tu próxima respuesta.

Saludos

**DAVIDCEJ** · 01/06/12, 10:16:45

Hola de nuevo..
al final, volvemos al principio (OTL)

*** no me deja pegar todo en un post, as´´i que lo posteo en dos partes**
pego el reporte PARTE 1-->

OTL logfile created on: 01/06/2012 16:04:53 - Run 3
OTL by OldTimer - Version 3.2.45.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C0A | Country: Spain | Language: ESN | Date Format: dd/MM/yyyy

1,90 Gb Total Physical Memory | 0,90 Gb Available Physical Memory | 47,46% Memory free
3,75 Gb Paging File | 2,83 Gb Available in Paging File | 75,49% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 47,28 Gb Free Space | 31,72% Space Free | Partition Type: NTFS
Drive F: | 490,39 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive G: | 298,09 Gb Total Space | 17,08 Gb Free Space | 5,73% Space Free | Partition Type: NTFS

Computer Name: WORK | User Name: ASY009 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: Off | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\Administrator\Application Data\Opera\opera.exe (Opera Software)
PRC - C:\Program Files\C4ebreg\isamtray.exe (IBM Corp.)
PRC - C:\Program Files\C4ebreg\c4ebreg.exe (IBM Corp.)
PRC - C:\Program Files\IBM\Java60\jre\bin\jqs.exe (IBM)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\WinBar\WinBar.exe (JDM)
PRC - C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE (Lenovo.)
PRC - C:\Program Files\ThinkPad\Utilities\PWMEWSVC.exe (Lenovo Group Limited)
PRC - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe ()
PRC - C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe (Lenovo Group Limited)
PRC - C:\Program Files\ThinkPad\Utilities\SCHTASK.EXE (Lenovo Group Limited)
PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics Incorporated)
PRC - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (Intel(R) Corporation)
PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
PRC - C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe (IBM Corp.)
PRC - C:\Program Files\BigFix Enterprise\BES Client\BESClientUI.exe (IBM Corp.)
PRC - C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Service.exe (SeriousBit)
PRC - c:\sdwork\issimsvc.exe (IBM Corp.)
PRC - C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Limited)
PRC - C:\WINDOWS\system32\drivers\ldlcserv6.exe (IBM Corporation)
PRC - C:\Program Files\IBM\Personal Communications\PCS_AGNT.EXE (IBM Corporation)
PRC - C:\WINDOWS\system32\drivers\trcboot.exe (IBM Corporation)
PRC - C:\WINDOWS\system32\drivers\ldlcserv.exe (IBM Corporation)
PRC - C:\Program Files\IBM\Personal Communications\tpam.exe ()
PRC - C:\Program Files\Lenovo\HOTKEY\tphkload.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
PRC - c:\notes\nsd.exe (IBM Corp)
PRC - C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe (Lenovo Group Limited)
PRC - C:\WINDOWS\system32\PGPserv.exe (PGP Corporation)
PRC - C:\Program Files\AT&T Network Client\NetClientSvc.exe (AT&T)
PRC - C:\Program Files\AT&T Network Client\netcfgsvr.exe (AT&T)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Creative\Shared Files\CTDevSrv.exe (Creative Technology Ltd)
PRC - C:\WINDOWS\system32\TpKmpSvc.exe ()
PRC - C:\WINDOWS\StartupMonitor.exe ()

========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SeriousBit.NetBalan#\ac2ba428b40c4a5f6c5660e45eb5981e\SeriousBit.NetBalancer.Service.ni.exe ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\b49dd780ba8e3501b0adcf108b431e7b\Microsoft.VisualBasic.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SeriousBit.Licensing\0aed8566a5963793de708e544647e71d\SeriousBit.Licensing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\9080c8e8e7b6dfb502c1328673d636f8\System.Management.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SeriousBit.NetBalan#\9fe5c2f18d0130d9e4a48c14913edd2a\SeriousBit.NetBalancer.Core.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\LinqBridge\feba112d25bb709f3b5ff32b06e88609\LinqBridge.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Localizator\83a34878bc203331f1cdae76e118cdd9\Localizator.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\BugReporting\02319de9f6f926f62cbeaa06c22fbf1e\BugReporting.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8b873631a0855fb6aa0ad25f1d9de7fe\PresentationFramework.Luna.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7416fe825e6e49a87fa8ff60c8971813\PresentationFramework.Classic.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\92d58f840f549f9bd880783d43db7e3c\System.Runtime.Remoting.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\f121ccced1aa14badb316d8d9be5154d\UIAutomationProvider.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\4eb3cd1f1d5a83617524a9dfb96a657d\PresentationCore.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\6d8bef0d008389874e55c0308f0c18e5\WindowsBase.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\8ca00132a08c69697adf1cda32ebd835\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8dc4a28c456f81ee7399da21bd9d55aa\System.ServiceProcess.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll ()
MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
MOD - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe ()
MOD - C:\Program Files\ThinkPad\Utilities\US\PWRMGRRO.DLL ()
MOD - C:\Program Files\ThinkPad\Utilities\US\PWRMGRRT.DLL ()
MOD - C:\Program Files\Synaptics\SynTP\SynTPEnhPS.dll ()
MOD - C:\Program Files\IBM\Personal Communications\OOCSVCS2.DLL ()
MOD - C:\Program Files\IBM\Personal Communications\tpam.exe ()
MOD - C:\WINDOWS\system32\pdresrc.dll ()
MOD - C:\WINDOWS\system32\selpms.dll ()
MOD - C:\WINDOWS\system32\pdclntif.dll ()
MOD - C:\WINDOWS\system32\Primomonnt.dll ()
MOD - C:\Program Files\Unlocker\UnlockerCOM.dll ()
MOD - C:\WINDOWS\system32\TpKmpSvc.exe ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\WINDOWS\StartupMonitor.exe ()

========== Win32 Services (SafeList) ==========

SRV - (jwinz) -- C:\WINDOWS\system32\jwinz.exe ()
SRV - (ISAMSvc) -- C:\Program Files\C4ebreg\c4ebreg.exe (IBM Corp.)
SRV - (JavaQuickStarterService) -- C:\Program Files\IBM\Java60\jre\bin\jqs.exe (IBM)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (TRCTARGET) -- C:\Program Files\IBM\Tivoli\Remote Control\Target\trc_base.exe (IBM Corporation)
SRV - (DozeSvc) -- C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE (Lenovo.)
SRV - (PwmEWSvc) -- C:\Program Files\ThinkPad\Utilities\PWMEWSVC.exe (Lenovo Group Limited)
SRV - (Power Manager DBC Service) -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe ()
SRV - (S24EventMonitor) Intel(R) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (Intel(R) Corporation)
SRV - (EvtEng) Intel(R) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) Intel(R) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (BESClient) -- C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe (IBM Corp.)
SRV - (NetBalancer Windows Service) -- C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Service.exe (SeriousBit)
SRV - (ISSIMon) -- c:\sdwork\issimsvc.exe (IBM Corp.)
SRV - (cstrcser) -- C:\WINDOWS\system32\drivers\cstrcser.exe (IBM Corporation)
SRV - (csrcmds) -- C:\Program Files\IBM\Personal Communications\csrcmds.exe (IBM Corporation)
SRV - (ldlcserv6) IBM Enterprise Extender (IPv6) -- C:\WINDOWS\system32\drivers\ldlcserv6.exe (IBM Corporation)
SRV - (TrcBoot) -- C:\WINDOWS\system32\drivers\trcboot.exe (IBM Corporation)
SRV - (AppnNode) -- C:\WINDOWS\system32\drivers\appnnode.exe (IBM Corporation)
SRV - (ldlcserv) IBM Enterprise Extender (IPv4) -- C:\WINDOWS\system32\drivers\ldlcserv.exe (IBM Corporation)
SRV - (TPHKLOAD) -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe (Lenovo Group Limited)
SRV - (TPHKSVC) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
SRV - (LENOVO.MICMUTE) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited)
SRV - (Lotus Notes Diagnostics) -- c:\notes\nsd.exe (IBM Corp)
SRV - (PGPserv) -- C:\WINDOWS\system32\PGPserv.exe (PGP Corporation)
SRV - (btwdins) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
SRV - (NetClientSvc) -- C:\Program Files\AT&T Network Client\NetClientSvc.exe (AT&T)
SRV - (NetCfgSvr) -- C:\Program Files\AT&T Network Client\netcfgsvr.exe (AT&T)
SRV - (NetTcpPortSharing) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (CTUPnPSv) -- C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe (Creative Technology Ltd)
SRV - (SCardSvr) -- C:\WINDOWS\system32\scardsvr.exe (Microsoft Corporation)
SRV - (NetDDEdsdm) -- C:\WINDOWS\system32\netdde.exe (Microsoft Corporation)
SRV - (NetDDE) -- C:\WINDOWS\system32\netdde.exe (Microsoft Corporation)
SRV - (upnphost) -- C:\WINDOWS\system32\upnphost.dll (Microsoft Corporation)
SRV - (SSDPSRV) -- C:\WINDOWS\system32\ssdpsrv.dll (Microsoft Corporation)
SRV - (RasAuto) -- C:\WINDOWS\system32\rasauto.dll (Microsoft Corporation)
SRV - (Messenger) -- C:\WINDOWS\system32\msgsvc.dll (Microsoft Corporation)
SRV - (RemoteAccess) -- C:\WINDOWS\system32\mprdim.dll (Microsoft Corporation)
SRV - (BthServ) -- C:\WINDOWS\system32\bthserv.dll (Microsoft Corporation)
SRV - (Alerter) -- C:\WINDOWS\system32\alrsvc.dll (Microsoft Corporation)
SRV - (CTDevice_Srv) -- C:\Program Files\Creative\Shared Files\CTDevSrv.exe (Creative Technology Ltd)
SRV - (TpKmpSVC) -- C:\WINDOWS\system32\TpKmpSvc.exe ()

========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (EAPPkt) -- system32\DRIVERS\EAPPkt.sys File not found
DRV - (CV2K1) -- system32\DRIVERS\cv2k1.sys File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (IsamFilter) -- C:\WINDOWS\system32\drivers\isamfilter.sys (IBM Corp.)
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (TGRAB) -- C:\WINDOWS\system32\tgrab.sys ()
DRV - (HECI) Intel(R) -- C:\WINDOWS\system32\drivers\HECI.sys (Intel Corporation)
DRV - (tpm) -- C:\WINDOWS\system32\drivers\tpm.sys (Intel Corporation)
DRV - (e1yexpress) Intel(R) -- C:\WINDOWS\system32\drivers\e1y5132.sys (Intel Corporation)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (CnxtHdAudService) -- C:\WINDOWS\system32\drivers\CHDAU32.sys (Conexant Systems Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (DozeHDD) -- C:\WINDOWS\system32\drivers\DOZEHDD.SYS (Lenovo.)
DRV - (TPPWRIF) -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS (Lenovo Group Limited)
DRV - (TSMAPIP) -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS ()
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (NETwNx32) ___ Controlador del adaptador Intel(R) -- C:\WINDOWS\system32\drivers\NETwNx32.sys (Intel Corporation)
DRV - (Nbdrv) -- C:\WINDOWS\system32\drivers\nbdrv.sys (SeriousBit)
DRV - (NsTrcNT) -- C:\WINDOWS\system32\drivers\nstrcnt.sys (IBM Corporation)
DRV - (Appn) -- C:\WINDOWS\system32\drivers\appn.sys (IBM Corporation)
DRV - (AppnBase) -- C:\WINDOWS\system32\drivers\appnbase.sys (IBM Corporation)
DRV - (pdlncfwk) -- C:\WINDOWS\system32\drivers\pdlncfwk.sys (IBM Corporation)
DRV - (AppnApi) -- C:\WINDOWS\system32\drivers\appnapi.sys (IBM Corporation)
DRV - (IBM_LLC2) -- C:\WINDOWS\system32\drivers\llc2.sys (IBM Corporation)
DRV - (pdlnacom) -- C:\WINDOWS\system32\drivers\pdlnacom.sys (IBM Corporation)
DRV - (pdlndldl6) IBM Enterprise Extender (HPR/IPv6) -- C:\WINDOWS\system32\drivers\pdlndldl6.sys (IBM Corporation)
DRV - (pdlndlpb) -- C:\WINDOWS\system32\drivers\pdlndlpb.sys (IBM Corporation)
DRV - (pdlnemap) -- C:\WINDOWS\system32\drivers\pdlnemap.sys (IBM Corporation)
DRV - (pdlndsdl) -- C:\WINDOWS\system32\drivers\pdlndsdl.sys (IBM Corporation)
DRV - (pdlndldl) IBM Enterprise Extender (HPR/IPv4) -- C:\WINDOWS\system32\drivers\pdlndldl.sys (IBM Corporation)
DRV - (pdlnshay) -- C:\WINDOWS\system32\drivers\pdlnshay.sys (IBM Corporation)
DRV - (pdlnsx25) -- C:\WINDOWS\system32\drivers\pdlnsx25.sys (IBM Corporation)
DRV - (pdlnsv25) -- C:\WINDOWS\system32\drivers\pdlnsv25.sys (IBM Corporation)
DRV - (pdlndqll) -- C:\WINDOWS\system32\drivers\pdlndqll.sys (IBM Corporation)
DRV - (pdlnecfg) -- C:\WINDOWS\system32\drivers\pdlnecfg.sys (IBM Corporation)
DRV - (Anydlc) -- C:\WINDOWS\system32\drivers\anydlc.sys (IBM Corporation)
DRV - (pdlnafac) -- C:\WINDOWS\system32\drivers\pdlnafac.sys (IBM Corporation)
DRV - (KLOGNT) -- C:\WINDOWS\system32\drivers\klognt.sys (IBM Corporation)
DRV - (pdlnslea) -- C:\WINDOWS\system32\drivers\pdlnslea.sys (IBM Corporation)
DRV - (pdlnepkt) -- C:\WINDOWS\system32\drivers\pdlnepkt.sys (IBM Corporation)
DRV - (pdlndoem) -- C:\WINDOWS\system32\drivers\pdlndoem.sys (IBM Corporation)
DRV - (pdlndint) -- C:\WINDOWS\system32\drivers\pdlndint.sys (IBM Corporation)
DRV - (pdlnemsg) -- C:\WINDOWS\system32\drivers\pdlnemsg.sys (IBM Corporation)
DRV - (pdlnebas) -- C:\WINDOWS\system32\drivers\pdlnebas.sys (IBM Corporation)
DRV - (pdlncbas) -- C:\WINDOWS\system32\drivers\pdlncbas.sys (IBM Corporation)
DRV - (vmdebug) -- C:\WINDOWS\system32\drivers\vmdebug.sys (VMware, Inc.)
DRV - (vmx_svga) -- C:\WINDOWS\system32\drivers\vmx_svga.sys (VMware, Inc.)
DRV - (vmci) -- C:\WINDOWS\system32\drivers\vmci.sys (VMware, Inc.)
DRV - (lenovo.smi) -- C:\WINDOWS\system32\drivers\smiif32.sys (Lenovo Group Limited)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (PGPdisk) -- C:\WINDOWS\System32\drivers\PGPdisk.sys (PGP Corporation)
DRV - (PGPsdkDriver) -- C:\WINDOWS\system32\drivers\PGPsdk.sys (PGP Corporation)
DRV - (PGPwded) -- C:\WINDOWS\System32\drivers\PGPwded.sys (PGP Corporation)
DRV - (Pgpwdefs) -- C:\WINDOWS\system32\drivers\PGPwdefs.sys (PGP Corporation)
DRV - (ISODrive) -- C:\Program Files\UltraISO\drivers\ISODrive.sys (EZB Systems, Inc.)
DRV - (Shockprf) -- C:\WINDOWS\system32\drivers\ApsX86.sys (Lenovo.)
DRV - (TPDIGIMN) -- C:\WINDOWS\system32\drivers\ApsHM86.sys (Lenovo.)
DRV - (agnwifi) -- C:\WINDOWS\system32\drivers\agnwifi.sys (AT&T)
DRV - (avpnnic) -- C:\WINDOWS\system32\drivers\avpnnic.sys (AT&T)
DRV - (agnfilt) -- C:\WINDOWS\system32\drivers\agnfilt.sys (AT&T)
DRV - (ahcix86) -- C:\WINDOWS\system32\drivers\ahcix86.sys (Advanced Micro Devices, Inc)
DRV - (vmscsi) -- C:\WINDOWS\system32\drivers\vmscsi.sys (VMware, Inc.)
DRV - (RTLWUSB) -- C:\WINDOWS\system32\drivers\RTL8187.sys (Realtek Semiconductor Corporation )
DRV - (Fastfat) -- C:\WINDOWS\System32\drivers\fastfat.sys (Microsoft Corporation)
DRV - (dmboot) -- C:\WINDOWS\system32\drivers\dmboot.sys (Microsoft Corp., Veritas Software)
DRV - (i2omp) -- C:\WINDOWS\system32\drivers\i2omp.sys (Microsoft Corporation)
DRV - (ViaIde) -- C:\WINDOWS\system32\drivers\viaide.sys (Microsoft Corporation)
DRV - (agpCPQ) -- C:\WINDOWS\system32\drivers\AGPCPQ.SYS (Microsoft Corporation)
DRV - (amdagp) -- C:\WINDOWS\system32\drivers\AMDAGP.SYS (Advanced Micro Devices, Inc.)
DRV - (viaagp) -- C:\WINDOWS\system32\drivers\VIAAGP.SYS (Microsoft Corporation)
DRV - (sisagp) -- C:\WINDOWS\system32\drivers\SISAGP.SYS (Silicon Integrated Systems Corporation)
DRV - (alim1541) -- C:\WINDOWS\system32\drivers\ALIM1541.SYS (Microsoft Corporation)
DRV - (Udfs) -- C:\WINDOWS\System32\drivers\udfs.sys (Microsoft Corporation)
DRV - (psadd) -- C:\WINDOWS\system32\drivers\psadd.sys (Lenovo (United States) Inc.)
DRV - (Symmpi) -- C:\WINDOWS\system32\drivers\symmpi.sys (LSI Logic)
DRV - (ParVdm) -- C:\WINDOWS\System32\drivers\parvdm.sys (Microsoft Corporation)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (hpn) -- C:\WINDOWS\system32\drivers\hpn.sys (Microsoft Corporation)
DRV - (dpti2o) -- C:\WINDOWS\system32\drivers\dpti2o.sys (Microsoft Corporation)
DRV - (Sparrow) -- C:\WINDOWS\system32\drivers\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (perc2hib) -- C:\WINDOWS\system32\drivers\perc2hib.sys (Microsoft Corporation)
DRV - (sym_hi) -- C:\WINDOWS\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (perc2) -- C:\WINDOWS\system32\drivers\perc2.sys (Microsoft Corporation)
DRV - (aic78xx) -- C:\WINDOWS\system32\drivers\aic78xx.sys (Microsoft Corporation)
DRV - (aic78u2) -- C:\WINDOWS\system32\drivers\aic78u2.sys (Microsoft Corporation)
DRV - (symc8xx) -- C:\WINDOWS\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\drivers\symc810.sys (Symbios Logic Inc.)
DRV - (adpu160m) -- C:\WINDOWS\system32\drivers\adpu160m.sys (Microsoft Corporation)
DRV - (ultra) -- C:\WINDOWS\system32\drivers\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\drivers\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\drivers\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\drivers\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\drivers\dac2w2k.sys (Mylex Corporation)
DRV - (ql1240) -- C:\WINDOWS\system32\drivers\ql1240.sys (Microsoft Corporation)
DRV - (Ql10wnt) -- C:\WINDOWS\system32\drivers\ql10wnt.sys (Microsoft Corporation)
DRV - (dac960nt) -- C:\WINDOWS\system32\drivers\dac960nt.sys (Microsoft Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\drivers\mraid35x.sys (American Megatrends Inc.)
DRV - (ini910u) -- C:\WINDOWS\system32\drivers\ini910u.sys (Microsoft Corporation)
DRV - (cbidf2k) -- C:\WINDOWS\System32\drivers\cbidf2k.sys (Microsoft Corporation)
DRV - (cbidf) -- C:\WINDOWS\system32\drivers\cbidf2k.sys (Microsoft Corporation)
DRV - (Cpqarray) -- C:\WINDOWS\system32\drivers\cpqarray.sys (Microsoft Corporation)
DRV - (cd20xrnt) -- C:\WINDOWS\system32\drivers\cd20xrnt.sys (Microsoft Corporation)
DRV - (asc3350p) -- C:\WINDOWS\system32\drivers\asc3350p.sys (Microsoft Corporation)
DRV - (amsint) -- C:\WINDOWS\system32\drivers\amsint.sys (Microsoft Corporation)
DRV - (Aha154x) -- C:\WINDOWS\system32\drivers\aha154x.sys (Microsoft Corporation)
DRV - (asc) -- C:\WINDOWS\system32\drivers\asc.sys (Advanced System Products, Inc.)
DRV - (abp480n5) -- C:\WINDOWS\system32\drivers\ABP480N5.SYS (Microsoft Corporation)
DRV - (asc3550) -- C:\WINDOWS\system32\drivers\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (TosIde) -- C:\WINDOWS\system32\drivers\toside.sys (Microsoft Corporation)
DRV - (CmdIde) -- C:\WINDOWS\system32\drivers\cmdide.sys (CMD Technology, Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.ess1.de.smi.ibm.com/maximo/public/login.jsp
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{2AF837CC-5902-46AA-8EBA-314FDD9A3C82}: "URL" = http://w3.ibm.com/bluepages/simpleSearch.wss?searchFor={searchTerms}&searchBy=name&sourceid=Mozilla-search
IE - HKCU\..\SearchScopes\{394F826E-8EE4-4003-B0E2-9A41A9CA35E9}: "URL" = http://w3.ibm.com/search/do/search?queryType=simple&qt={searchTerms}&w3scope=w3General&sourceid=Mozilla-search
IE - HKCU\..\SearchScopes\{604F81A2-E107-423F-8C28-BA6418C0B7EB}: "URL" = https://w3.ibm.com/connections/search/web/search?query={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;<local>

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@IBM.com/Java,version=1.6.0: C:\Program Files\IBM\Java60\jre\bin\new_plugin\npjp2.dll (IBM)
FF - HKLM\Software\MozillaPlugins\@IBM.com/JavaPlugin: C:\Program Files\IBM\Java60\jre\bin\new_plugin\npjp2.dll (IBM)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\Administrator\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\IBM\Java60\jre\lib\deploy\jqs\ff [2012/05/11 13:18:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/17 12:53:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/19 00:52:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{df340737-4d2d-473e-a376-cc713ef560ba}: C:\Program Files\Copernic Desktop Search - Home\Firefox70Connector [2012/06/01 12:15:08 | 000,000,000 | ---D | M]

[2012/05/31 15:40:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2012/05/31 15:40:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\[email protected]
[2012/05/31 15:38:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6bg61iev.default\extensions
[2012/05/31 15:38:35 | 000,000,000 | ---D | M] (IBM Add To Notes Address Book BluePages Plugin) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6bg61iev.default\extensions\[email protected]
[2012/05/31 15:38:34 | 000,000,000 | ---D | M] (IBM CCK) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6bg61iev.default\extensions\[email protected]
[2012/05/31 15:38:24 | 000,000,000 | ---D | M] (IE Tab + (IBM Edition)) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6bg61iev.default\extensions\[email protected]
[2012/05/31 15:38:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6bg61iev.default\extensions\[email protected]\defaults
[2012/05/31 15:38:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6bg61iev.default\extensions\[email protected]\plugins
[2012/05/31 15:38:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6bg61iev.default\extensions\[email protected]\chrome
[2012/05/31 15:38:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6bg61iev.default\extensions\[email protected]\components
[2012/05/31 15:38:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6bg61iev.default\extensions\[email protected]\defaults
[2012/05/31 15:38:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6bg61iev.default\extensions\[email protected]\modules
[2012/05/31 15:38:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6bg61iev.default\extensions\[email protected]\searchplugins
[2012/06/01 12:29:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/05/17 12:53:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2012/05/17 12:53:48 | 000,000,000 | ---D | M] (IBM CCK) -- C:\Program Files\Mozilla Firefox\distribution\extensions\[email protected]
[2012/05/17 12:53:46 | 000,000,000 | ---D | M] (IE Tab + (IBM Edition)) -- C:\Program Files\Mozilla Firefox\distribution\extensions\[email protected]
[2012/05/17 12:53:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions\[email protected]\chrome
[2012/05/17 12:53:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions\[email protected]\components
[2012/05/17 12:53:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions\[email protected]\defaults
[2012/05/17 12:53:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions\[email protected]\modules
[2012/05/17 12:53:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions\[email protected]\searchplugins
[2012/04/21 02:57:45 | 000,134,072 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/08/02 16:01:32 | 000,122,880 | ---- | M] (IBM ) -- C:\Program Files\mozilla firefox\plugins\npcpsweb.dll
[2012/04/13 15:46:28 | 000,567,136 | ---- | M] (IBM) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/07/11 23:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012/04/21 02:56:40 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/04/21 02:56:40 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll
CHR - plugin: Babylon Chrome Plugin (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.4_0\BabylonChromePI.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: IBM GLOBAL PRINT (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npcpsweb.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: IBM Developer Kit for Windows,Java,1.6.0 (Enabled) = C:\Program Files\IBM\Java60\jre\bin\new_plugin\npjp2.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: B\u00FAsqueda de Google = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Torrent Finder = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jkkbhdkimaolhkdepilfgpmbhdjbncbj\1.0.2_0\
CHR - Extension: Gmail = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

* por cierto, desde que le he pasado los prog. que me indica´´is, me hace "cosas raras" el ordenador: desparecen links de acceso directo, debo reinstalar progr. porque no los abre (o los abre y los cierra inmediatamente): Copernic Desktop, Skype...no s´´e si estoy dejando el ordenador "peor" de como estaba (solo tengo el problema de los acentos, aunque puede ser s´´intoma de algo m´´as grave,).
** Por cierto (2): desde hace un tiempo (no s´´e si al mismo tiempo que el porblema de los acentos, pero creo que s´´i), la conex, WiFi conecta y desconecta constantemente..antes no pasaba.. tiene algo que ver con esto? es debido al mismo malware?..es otro "problema m´´as" y distinto de las tildes?

---
Much´´isimas gracias por vuestar ayuda

**DAVIDCEJ** · 01/06/12, 10:18:15

Hola,
aqu´´i va la parte 2 -_>

O1 HOSTS File: ([2012/06/01 08:28:37 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\IBM\Java60\jre\bin\ssv.dll (IBM)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\IBM\Java60\jre\bin\jp2ssv.dll (IBM)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\IBM\Java60\jre\lib\deploy\jqs\ie\jqs_plugin.dll (IBM)
O4 - HKLM..\Run: [C4EBReg] C:\Program Files\C4ebreg\c4ebreg.exe (IBM Corp.)
O4 - HKLM..\Run: [Isamtray] C:\Program Files\C4ebreg\isamtray.exe (IBM Corp.)
O4 - HKLM..\Run: [ISSI Service] c:\sdwork\issimsvc.exe (IBM Corp.)
O4 - HKLM..\Run: [LenovoAutoScrollUtility] C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [Run StartupMonitor] C:\WINDOWS\StartupMonitor.exe ()
O4 - HKLM..\Run: [stgclean] c:\sdwork\w32maing.exe (IBM Corp.)
O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe (Lenovo)
O4 - HKCU..\Run: [ATnotes.exe] C:\Program Files\ATnotes\ATnotes.exe (Thomas Ascher)
O4 - HKCU..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
O4 - HKCU..\Run: [Copernic Desktop Search - Home] C:\Program Files\Copernic Desktop Search - Home\DesktopSearchService.exe (Copernic Inc.)
O4 - HKCU..\Run: [NetSP - restore settings on power failure] C:\Program Files\AT&T Network Client\NetSP.exe (AT&T)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\SunClock5.lnk = File not found
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\WinBar.lnk = C:\Program Files\WinBar\WinBar.exe (JDM)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\REALTEK RTL8187 Wireless LAN Utility.lnk = C:\Program Files\REALTEK\RTL8187 Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMSAppLogo5ChannelNotify = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Persistence present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Home = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Fullscreen = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Tools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Print = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Edit = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Cut = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Copy = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Paste = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Encoding = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Descargar con Mipony - C:\Program Files\MiPony\Browser\IEContext.htm ()
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\System32\Hummingbird\Connectivity\7.00\Socks\\hclsock5.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\Hummingbird\Connectivity\7.00\Socks\hclsock5.dll (Hummingbird Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\Hummingbird\Connectivity\7.00\Socks\hclsock5.dll (Hummingbird Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\Hummingbird\Connectivity\7.00\Socks\hclsock5.dll (Hummingbird Ltd.)
O16 - DPF: {1ACECAFE-0016-0000-0000-ABCDEFFEDCBA} http:// (Java Plug-in 1.6.0)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1265740432187 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1257306949125 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http:// (Java Plug-in 1.6.0)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://webcamera2.vaasa.fi:82//AxisCamControl.cab (CamImage Class)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http:// (Java Plug-in)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http:// (Java Plug-in 1.6.0)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://mi.insags.com/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{52BB8BA2-77A1-47EA-8D70-9B8461C7A34D}: Domain = mad.es.ibm.com
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/04/04 19:44:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe - (Broadcom Corporation.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/06/01 15:53:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2012/06/01 15:42:44 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2012/06/01 15:39:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Intel
[2012/06/01 15:39:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Intel
[2012/06/01 15:39:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Intel
[2012/06/01 15:39:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Intel
[2012/06/01 15:39:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel
[2012/06/01 13:43:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\skypePM
[2012/06/01 13:39:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2012/06/01 13:39:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/06/01 13:39:49 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2012/06/01 13:26:44 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/06/01 13:25:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2012/06/01 13:05:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Skype
[2012/06/01 13:02:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Revo Uninstaller
[2012/06/01 13:02:24 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2012/06/01 12:28:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mipony
[2012/06/01 10:19:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\IBM System Planning Tool
[2012/06/01 10:18:27 | 000,000,000 | -H-D | C] -- C:\Program Files\Zero G Registry
[2012/06/01 09

18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\GOM Player
[2012/06/01 09:06:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\GRETECH
[2012/06/01 09:01:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\roxe
[2012/06/01 08:59:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\PGP Corporation
[2012/06/01 08:29:14 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/06/01 08:26:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/05/31 17:13:34 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/05/31 17:13:34 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/05/31 17:13:34 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/05/31 17:13:34 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/05/31 16:54:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/05/31 16:53:37 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/05/31 16:51:39 | 004,532,250 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2012/05/31 16:42:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Sun
[2012/05/31 16:41:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\lang
[2012/05/31 16:20:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\smkits
[2012/05/31 15:40:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Songbird2
[2012/05/31 15:40:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2012/05/31 15:38:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mozilla
[2012/05/31 15:37:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Opera
[2012/05/31 15:32:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Copernic
[2012/05/31 15:26:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2012/05/31 15:21:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\IBM
[2012/05/31 15:17:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2012/05/31 15:15:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\vlc
[2012/05/31 15

38 | 000,000,000 | ---D | C] -- C:\DTRToll
[2012/05/31 13:04:20 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012/05/31 12:54:46 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2012/05/31 09:05:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2012/05/30 17:36:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\BigFix
[2012/05/30 15:47:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2012/05/30 10:01:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\HiJackThis
[2012/05/29 16:42:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/29 16:42:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/05/29 16:42:22 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/05/29 16:42:22 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/05/29 16:33:56 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/05/25 10:41:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Macrovision
[2012/05/23 16:43:41 | 000,000,000 | ---D | C] -- C:\Utilities
[2012/05/23 16:38:03 | 000,000,000 | ---D | C] -- C:\ibmdocs
[2012/05/17 15:34:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\IntelliMagic
[2012/05/17 15:33:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\IntelliMagic
[2012/05/17 15:33:47 | 000,000,000 | ---D | C] -- C:\Program Files\Disk Magic
[2012/05/17 10:04:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TACACS Client
[2012/05/16 09:46:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\dwhelper
[2012/05/14 10:20:06 | 000,000,000 | ---D | C] -- C:\Program Files\Opera Next
[2012/05/11 13:18:40 | 000,157,536 | ---- | C] (IBM) -- C:\WINDOWS\System32\javaws.exe
[2012/05/11 13:18:40 | 000,149,344 | ---- | C] (IBM) -- C:\WINDOWS\System32\javaw.exe
[2012/05/11 13:18:40 | 000,149,344 | ---- | C] (IBM) -- C:\WINDOWS\System32\java.exe
[2012/05/11 13:18:38 | 000,083,808 | ---- | C] (IBM) -- C:\WINDOWS\System32\javacplIBM60.cpl
[2012/05/06 04:41:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\REALTEK RTL8187 Wireless LAN Utility
[2012/05/06 04:40:47 | 000,380,928 | ---- | C] (Realtek) -- C:\WINDOWS\System32\RtlUI2.exe
[2012/05/06 04:40:47 | 000,380,928 | ---- | C] (Realtek) -- C:\WINDOWS\RtlUI2.exe
[2012/05/06 04:40:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\OPTIONS
[2012/05/06 04:40:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\RtlGina
[2012/05/04 16:18:39 | 000,000,000 | ---D | C] -- C:\Program Files\Password Memory 4
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/01 15:54:00 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012/06/01 15:42:14 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/06/01 15:42:13 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/01 15:42:11 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2012/06/01 15:42:09 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2012/06/01 15:41:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/06/01 15:40:44 | 010,485,760 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2012/06/01 15:40:44 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2012/06/01 15:40:43 | 000,563,952 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2012/06/01 15:40:43 | 000,475,730 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/06/01 15:40:43 | 000,077,858 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/06/01 15:40:37 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller.lnk
[2012/06/01 15:32:45 | 000,002,344 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome (2).lnk
[2012/06/01 15:17:00 | 000,001,198 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-224692178-3335544166-1811469460-500UA.job
[2012/06/01 15:12:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/01 13:43:49 | 000,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
[2012/06/01 13:39:52 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012/06/01 13:38:32 | 000,001,504 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Calculator.lnk
[2012/06/01 13:02:25 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Revo Uninstaller.lnk
[2012/06/01 10:26:00 | 000,000,510 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2012/06/01 10:24:22 | 000,000,913 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\System Planning Tool (2).lnk
[2012/06/01 09:20:32 | 000,000,563 | ---- | M] () -- C:\WINDOWS\vpd.properties
[2012/06/01 09:17:00 | 000,001,146 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-224692178-3335544166-1811469460-500Core.job
[2012/06/01 09:06:36 | 000,000,680 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to GOM.exe.lnk
[2012/06/01 09:00:47 | 000,000,763 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to somnifero.exe.lnk
[2012/06/01 08:59:23 | 000,000,598 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to MiPony.exe.lnk
[2012/06/01 08:58:23 | 000,003,702 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\lmhosts
[2012/06/01 08:55:04 | 000,000,665 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to MyHelp.exe.lnk
[2012/06/01 08:54:32 | 000,000,651 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to vlc.exe.lnk
[2012/06/01 08:54:12 | 000,000,476 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to dict.exe.lnk
[2012/06/01 08:29:19 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2012/06/01 08:28:37 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/06/01 08:25:43 | 000,056,320 | ---- | M] () -- C:\WINDOWS\System32\jwinz.exe
[2012/05/31 16:52:50 | 004,532,250 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2012/05/31 16:49:09 | 000,000,839 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to inSSIDer.exe.lnk
[2012/05/31 16:44:48 | 000,000,684 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to ATnotes.exe.lnk
[2012/05/31 16:41:49 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\gd.db
[2012/05/31 16:41:48 | 000,000,423 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\groovedown.settings
[2012/05/31 16:40:28 | 000,001,336 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\ZapNotes.LNK
[2012/05/31 16:39:26 | 000,000,700 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to CCleaner.exe.lnk
[2012/05/31 16:33:53 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to hmc.ws.lnk
[2012/05/31 16:33:31 | 000,000,753 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to retain.ws.lnk
[2012/05/31 16:32:35 | 000,000,844 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to prince.lnk
[2012/05/31 16:25:17 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to NetClient.exe.lnk
[2012/05/31 16:21:28 | 000,001,891 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Lotus Sametime Connect.lnk
[2012/05/31 16:17:56 | 000,000,508 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to nlnotes.exe.lnk
[2012/05/31 16:17:09 | 000,000,757 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to DesktopSearch.exe.lnk
[2012/05/31 16:16:40 | 000,000,733 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to conexion1.bat.lnk
[2012/05/31 16:16:00 | 000,000,598 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to WinBar.exe.lnk
[2012/05/31 16:15:11 | 000,000,625 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to cmd.exe.lnk
[2012/05/31 16:14:10 | 000,000,350 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to $USER.lnk
[2012/05/31 16:06:01 | 000,001,836 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2012/05/31 16:04:24 | 000,000,545 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Show Desktop.lnk
[2012/05/31 16:04:13 | 000,000,086 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Show Desktop.scf
[2012/05/31 15:40:04 | 000,000,763 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to iexplore.exe.lnk
[2012/05/31 15:09:11 | 000,729,986 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\DT-Kill.exe
[2012/05/31 15:06:48 | 000,238,362 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\)_ con DT-Kill.pdf
[2012/05/31 09:40:29 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/05/30 16:45:52 | 000,000,294 | RHS- | M] () -- C:\boot.ini
[2012/05/30 16:45:51 | 000,001,534 | ---- | M] () -- C:\WINDOWS\win.ini
[2012/05/30 13:17:36 | 000,000,435 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2012/05/30 12:23:39 | 000,046,744 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2012/05/30 11:38:37 | 000,218,136 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/05/30 10:01:59 | 000,002,000 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HiJackThis.lnk
[2012/05/29 16:42:24 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/29 13:38:35 | 000,017,945 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2012/05/24 09:24:36 | 000,002,344 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk
[2012/05/23 16:50:44 | 000,000,362 | ---- | M] () -- C:\Shortcut to ibmdocs.lnk
[2012/05/23 16:43:44 | 000,000,931 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120530-132350.backup
[2012/05/17 15:33:52 | 000,000,489 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2012/05/16 09:57:37 | 000,000,704 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Songr.lnk
[2012/05/14 10:20:13 | 000,001,541 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Opera Next.lnk
[2012/05/06 04:41:08 | 000,001,930 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\REALTEK RTL8187 Wireless LAN Utility.lnk
[2012/05/06 04:41:08 | 000,001,912 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\REALTEK RTL8187 Wireless LAN Utility.lnk
[2012/05/03 16:12:24 | 000,000,537 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ESScli.lnk
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/01 15:40:37 | 000,000,917 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller.lnk
[2012/06/01 15:32:45 | 000,002,344 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome (2).lnk
[2012/06/01 13:43:49 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2012/06/01 13:39:52 | 000,001,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012/06/01 13:02:25 | 000,000,917 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Revo Uninstaller.lnk
[2012/06/01 12:15:03 | 000,000,869 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Copernic Desktop Search - Home.lnk
[2012/06/01 10:24:22 | 000,000,913 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\System Planning Tool (2).lnk
[2012/06/01 09:06:36 | 000,000,680 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to GOM.exe.lnk
[2012/06/01 09:00:47 | 000,000,763 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to somnifero.exe.lnk
[2012/06/01 08:59:23 | 000,000,598 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to MiPony.exe.lnk
[2012/06/01 08:55:04 | 000,000,665 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to MyHelp.exe.lnk
[2012/06/01 08:54:32 | 000,000,651 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to vlc.exe.lnk
[2012/06/01 08:54:12 | 000,000,476 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to dict.exe.lnk
[2012/06/01 08:25:43 | 000,056,320 | ---- | C] () -- C:\WINDOWS\System32\jwinz.exe
[2012/05/31 17:13:34 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/05/31 17:13:34 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/05/31 17:13:34 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/05/31 17:13:34 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/05/31 17:13:34 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/05/31 16:49:09 | 000,000,839 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to inSSIDer.exe.lnk
[2012/05/31 16:44:48 | 000,000,684 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to ATnotes.exe.lnk
[2012/05/31 16:41:49 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\gd.db
[2012/05/31 16:41:48 | 000,000,423 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\groovedown.settings
[2012/05/31 16:40:28 | 000,001,336 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\ZapNotes.LNK
[2012/05/31 16:39:26 | 000,000,700 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to CCleaner.exe.lnk
[2012/05/31 16:33:41 | 000,000,961 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to hmc.ws.lnk
[2012/05/31 16:33:30 | 000,000,753 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to retain.ws.lnk
[2012/05/31 16:32:35 | 000,000,844 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to prince.lnk
[2012/05/31 16:25:17 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to NetClient.exe.lnk
[2012/05/31 16:21:28 | 000,001,891 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Lotus Sametime Connect.lnk
[2012/05/31 16:17:55 | 000,000,508 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to nlnotes.exe.lnk
[2012/05/31 16:17:09 | 000,000,757 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to DesktopSearch.exe.lnk
[2012/05/31 16:16:40 | 000,000,733 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to conexion1.bat.lnk
[2012/05/31 16:16:00 | 000,000,598 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to WinBar.exe.lnk
[2012/05/31 16:15:11 | 000,000,625 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to cmd.exe.lnk
[2012/05/31 16:14:10 | 000,000,350 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to $USER.lnk
[2012/05/31 16:06:01 | 000,001,898 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Opera.lnk
[2012/05/31 16:06:01 | 000,001,836 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2012/05/31 16:04:24 | 000,000,545 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Show Desktop.lnk
[2012/05/31 16:04:13 | 000,000,086 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Show Desktop.scf
[2012/05/31 15:40:04 | 000,000,763 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to iexplore.exe.lnk
[2012/05/31 15:09:11 | 000,729,986 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\DT-Kill.exe
[2012/05/31 15:06:47 | 000,238,362 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\)_ con DT-Kill.pdf
[2012/05/30 16:07:19 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2012/05/30 13:17:32 | 000,000,435 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2012/05/30 10:01:59 | 000,002,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HiJackThis.lnk
[2012/05/29 16:42:24 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/29 16:04:09 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20284.nls
[2012/05/29 16:04:09 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20284.nls
[2012/05/29 16:04:09 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1145.nls
[2012/05/29 16:04:09 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_1145.nls
[2012/05/24 10:07:44 | 000,479,720 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/05/23 16:50:44 | 000,000,362 | ---- | C] () -- C:\Shortcut to ibmdocs.lnk
[2012/05/14 10:20:14 | 000,001,547 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Opera Next.lnk
[2012/05/14 10:20:13 | 000,001,541 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Opera Next.lnk
[2012/05/06 04:41:08 | 000,001,930 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\REALTEK RTL8187 Wireless LAN Utility.lnk
[2012/05/06 04:41:08 | 000,001,912 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\REALTEK RTL8187 Wireless LAN Utility.lnk
[2012/05/06 04:40:46 | 000,451,072 | ---- | C] () -- C:\WINDOWS\System32\ISSRemoveSP.exe
[2012/05/03 16:12:24 | 000,000,537 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ESScli.lnk
[2012/05/03 16:12:19 | 000,000,127 | ---- | C] () -- C:\WINDOWS\ESScli_win_reg_entry.reg
[2012/05/03 16:12:19 | 000,000,111 | ---- | C] () -- C:\WINDOWS\ESScli_win_reg_entry_uninst.reg
[2012/05/03 10:01:59 | 000,000,043 | ---- | C] () -- C:\WINDOWS\aperc.cmd
[2012/03/13 14:22:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\operaprefs_fixed.ini.bak
[2012/03/05 14:42:37 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/14 11:28:58 | 000,000,031 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\droidcam-settings
[2012/02/09 16:27:54 | 000,008,288 | ---- | C] () -- C:\WINDOWS\System32\tgrab.sys
[2012/02/06 13:35:29 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/25 16:56:49 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/01/15 20:34:41 | 000,000,489 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2012/01/14 13:54:20 | 000,227,512 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-224692178-3335544166-1811469460-500-0.dat
[2012/01/14 13:54:18 | 000,164,078 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/01/13 14:21:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\netscape.INI
[2012/01/13 14:20:33 | 000,697,920 | ---- | C] () -- C:\WINDOWS\cd32.exe
[2012/01/13 14:18:47 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2012/01/13 10:17:55 | 000,000,073 | ---- | C] () -- C:\WINDOWS\EurekaLog.ini
[2012/01/11 15:11:36 | 000,982,196 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2012/01/11 15:11:12 | 000,417,344 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2012/01/11 14:57:04 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\TpKmpSvc.exe
[2012/01/11 14:55:31 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS
[2011/02/02 13:01:50 | 000,000,251 | ---- | C] () -- C:\WINDOWS\System32\drivers\hlldrvr.com
[2011/01/18 22:57:53 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\selpms.dll
[2011/01/18 22:57:52 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\selpmcui.dll
[2011/01/18 02:58:52 | 002,275,888 | ---- | C] () -- C:\WINDOWS\System32\vmwogl32.dll
[2010/08/12 03:49:41 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2010/06/11 02:19:56 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\lsrunase.exe

========== LOP Check ==========

[2012/06/01 12:14:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Copernic
[2012/06/01 10:07:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\IBM
[2012/05/31 16:41:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\lang
[2009/11/10 03:43:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Lotus
[2012/06/01 12:28:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mipony
[2012/05/31 16:06:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Opera
[2012/06/01 08:59:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PGP Corporation
[2012/06/01 09:01:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\roxe
[2012/05/31 16:20:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\smkits
[2012/05/31 15:40:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Songbird2
[2012/01/11 15:01:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AGNS
[2012/04/19 05:15:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BigFix
[2012/05/04 16:15:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fTalk
[2012/05/03 10:01:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IBM
[2010/05/20 22:35:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IGS
[2012/01/13 09:54:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2009/11/10 03:47:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lotus
[2012/01/16 14:32:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PGP Corporation
[2012/01/14 13:56:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SeriousBit
[2012/01/13 16:42:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinBar
[2012/01/13 13:22:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{615DB4DC-B7C1-4125-9858-78EF460B76D2}
[2012/01/13 13:21:34 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{83F61D74-0DA9-475B-BAF3-D4F153A02B30}
[2008/07/10 23:57:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{ABCF2613-B074-49B8-8A4C-5EA193A250F6}
[2012/06/01 10:26:00 | 000,000,510 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2012/06/01 15:42:11 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2012/01/11 13:24:48 | 000,000,026 | ---- | M] () -- C:\appname
[2005/04/04 19:44:20 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2012/01/11 15:47:22 | 000,000,293 | RHS- | M] () -- C:\BOOT.BAK
[2012/05/30 16:45:52 | 000,000,294 | RHS- | M] () -- C:\boot.ini
[2002/09/18 01:30:03 | 000,000,037 | ---- | M] () -- C:\cebWXP.exe
[2008/04/14 07:00:00 | 000,260,288 | RHS- | M] () -- C:\cmldr
[2012/06/01 08:34:19 | 000,024,568 | ---- | M] () -- C:\ComboFix.txt
[2005/04/04 19:44:20 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2012/04/25 15:08:15 | 000,003,115 | ---- | M] () -- C:\cpsweb.log
[2012/01/11 15:07:22 | 000,014,519 | ---- | M] () -- C:\INSTALL.LOG
[2005/04/04 19:44:20 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2005/04/04 19:44:20 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/04/14 07:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/14 07:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2012/06/01 15:41:48 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2012/01/16 14:38:08 | 001,048,576 | RHS- | M] () -- C:\PGPWDE00
[2012/02/13 20:55:31 | 001,048,576 | RHS- | M] () -- C:\PGPWDE01
[2012/02/13 20:55:31 | 002,097,152 | RHS- | M] () -- C:\PGPWDE02
[2012/05/31 13:22:47 | 000,000,441 | ---- | M] () -- C:\rkill.log
[2012/05/31 15:17:25 | 000,002,431 | ---- | M] () -- C:\R_TKill.txt
[2012/01/11 13:24:48 | 000,000,203 | ---- | M] () -- C:\servers.ini
[2012/04/27 12:30:01 | 000,000,042 | ---- | M] () -- C:\setupisam.log
[2012/05/23 16:50:44 | 000,000,362 | ---- | M] () -- C:\Shortcut to ibmdocs.lnk
[2006/07/18 00:09:54 | 000,001,989 | ---- | M] () -- C:\witoansi.vbs

< End of report >

gracias de nuevo

Acentos [en´´esimo post referido a esto..me temo]

Herramientas

Acentos [en´´esimo post referido a esto..me temo]

Re: Acentos [en´´esimo post referido a esto..me temo]

Re: Acentos [en´´esimo post referido a esto..me temo]

Re: Acentos [en´´esimo post referido a esto..me temo]

Re: Acentos [en´´esimo post referido a esto..me temo]

Re: Acentos [en´´esimo post referido a esto..me temo]

Re: Acentos [en´´esimo post referido a esto..me temo]

Re: Acentos [en´´esimo post referido a esto..me temo]

Re: Acentos [en´´esimo post referido a esto..me temo]

Re: Acentos [en´´esimo post referido a esto..me temo]