• Registrarse
  • Iniciar sesión


  • Página 2 de 3 PrimeroPrimero 123 ÚltimoÚltimo
    Resultados 11 al 20 de 26

    Mi Sistema esta mandando ERRORES MUY RAROS ¿TENGO VIRUS?

    Hola Como estamos ??? Perdón pero llegamos y no teníamos energía eléctrica, y llego hace un momento. Pues termino el Combofix, y me dejo un reporte. Ccleaner, completo Glary Utilities Mantenimiento, ver resultados y reparado ...

    1. #11
      Usuario Avatar de oscarmora_2000
      Registrado
      may 2008
      Ubicación
      Mexico
      Mensajes
      80

      Re: Mi Sistema esta mandando ERRORES MUY RAROS ¿TENGO VIRUS?

      Hola Como estamos ???
      Perdón pero llegamos y no teníamos energía eléctrica, y llego hace un momento.

      Pues termino el Combofix, y me dejo un reporte.
      Ccleaner, completo
      Glary Utilities Mantenimiento, ver resultados y reparado

      Voy a estar checando para ver como funciona y en el próximo te comento

      Son 6 maquinas mas, y no no compartimos USB, pero estamos en red compartiendo archivos, impresoras e Internet

      GRACIAS.
      Espero tus comentarios.
      SALUDOS

    2. #12
      Ex-Colaboradora Avatar de @SanMar
      Registrado
      jun 2008
      Ubicación
      Argentina
      Mensajes
      22.290

      Re: Mi Sistema esta mandando ERRORES MUY RAROS ¿TENGO VIRUS?

      Hola:


      Falta el reporte de Combofix.


      Si las maquinas están en Red, deberás desconectar una a una para limpiarlas, y recien con todas limpias conectarlas nuevamente en Red, terminemos con esta y luego seguimos con las demás.


      Salu2.

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    3. #13
      Usuario Avatar de oscarmora_2000
      Registrado
      may 2008
      Ubicación
      Mexico
      Mensajes
      80

      Re: Mi Sistema esta mandando ERRORES MUY RAROS ¿TENGO VIRUS?

      Aquí esta el reporte ===>

      ComboFix 12-11-14.01 - Administrador_ 14/11/2012 17:15:52.5.2 - x86
      Microsoft Windows XP Professional 5.1.2600.3.1252.52.3082.18.2815.2068 [GMT -6:00]
      Running from: c:\documents and settings\Lic. Oscar Mora\Escritorio\ComboFix.exe
      Command switches used :: c:\documents and settings\Lic. Oscar Mora\Escritorio\CFScript.txt
      AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
      .
      FILE ::
      "c:\windows\system32\SophosMEMSWEEP.SYS"
      .
      .
      ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      c:\documents and settings\All Users.WINDOWS\Datos de programa\TEMP
      .
      .
      ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      -------\Legacy_MEMSWEEP2
      -------\Service_MEMSWEEP2
      .
      .
      ((((((((((((((((((((((((( Files Created from 2012-10-15 to 2012-11-15 )))))))))))))))))))))))))))))))
      .
      .
      2012-11-14 21:38 . 2012-11-14 21:38 -------- d-----w- c:\archivos de programa\VS Revo Group
      2012-11-14 21:36 . 2012-11-14 21:36 -------- d-----w- c:\archivos de programa\Glary Utilities
      2012-11-12 15:33 . 2012-09-30 01:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
      2012-11-09 01:00 . 2012-11-09 01:00 -------- d-----w- c:\documents and settings\NetworkService\Configuración local\Datos de programa\Avg2013
      2012-11-09 01:00 . 2012-11-09 01:00 -------- d-----w- c:\documents and settings\Default User.WINDOWS\Datos de programa\TuneUp Software
      2012-11-09 01:00 . 2012-11-09 01:00 -------- d-----w- c:\documents and settings\Default User.WINDOWS\Configuración local\Datos de programa\Avg2013
      2012-11-05 14:56 . 2012-11-05 14:56 -------- d-----w- c:\documents and settings\Lic. Oscar Mora\Datos de programa\AVG2013
      2012-11-05 14:54 . 2012-11-05 14:54 -------- d-----w- c:\windows\system32\config\systemprofile\Datos de programa\AVG2013
      2012-11-05 14:54 . 2012-11-05 14:54 -------- d-----w- c:\documents and settings\LocalService\Configuración local\Datos de programa\Avg2013
      2012-11-05 14:54 . 2012-11-05 14:54 -------- d-----w- c:\documents and settings\Lic. Oscar Mora\Datos de programa\TuneUp Software
      2012-11-05 14:52 . 2012-11-05 14:54 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Datos de programa\AVG2013
      2012-11-05 14:52 . 2012-11-05 19:52 -------- d-----w- c:\windows\system32\config\systemprofile\Configuración local\Datos de programa\Avg2013
      2012-11-05 14:51 . 2012-11-05 16:13 -------- d-----w- c:\documents and settings\Lic. Oscar Mora\Configuración local\Datos de programa\Avg2013
      2012-11-05 14:51 . 2012-11-05 14:51 -------- d-----w- c:\documents and settings\Lic. Oscar Mora\Configuración local\Datos de programa\MFAData
      2012-10-30 20:27 . 2012-11-14 15:11 -------- d-----w- c:\documents and settings\Lic. Oscar Mora\Datos de programa\QuickScan
      2012-10-30 15:47 . 2012-10-30 15:47 -------- d-----w- c:\documents and settings\Lic. Oscar Mora\Configuración local\Datos de programa\{3248F0A6-6813-11D6-A77B-00B0D0150040}
      2012-10-25 17:10 . 2004-08-11 06:39 41984 ------w- c:\windows\system32\drivers\Dgivecp.sys
      2012-10-17 14:11 . 2012-10-17 14:11 -------- d-----w- C:\Xerox Companion Suite
      .
      .
      .
      (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2012-11-08 14:45 . 2012-08-08 15:09 26984 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
      2012-10-22 19:02 . 2011-12-23 18:32 179936 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
      2012-10-15 09:48 . 2012-04-19 09:50 55776 ----a-w- c:\windows\system32\drivers\avgidshx.sys
      2012-10-09 15:25 . 2012-08-28 13:22 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
      2012-10-09 15:25 . 2011-05-16 17:10 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
      2012-10-05 09:32 . 2011-12-23 18:32 93536 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
      2012-10-02 09:30 . 2012-02-22 10:25 159712 ----a-w- c:\windows\system32\drivers\avgldx86.sys
      2012-09-24 20:32 . 2012-06-18 15:36 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
      2012-09-24 20:32 . 2011-04-29 13:21 473072 ----a-w- c:\windows\system32\deployJava1.dll
      2012-09-24 18:51 . 2012-06-18 15:36 73728 ----a-w- c:\windows\system32\javacpl.cpl
      2012-09-21 09:46 . 2012-03-19 10:17 164832 ----a-w- c:\windows\system32\drivers\avgtdix.sys
      2012-09-21 09:46 . 2012-09-21 09:46 177376 ----a-w- c:\windows\system32\drivers\avglogx.sys
      2012-09-21 09:45 . 2011-12-23 18:32 19936 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
      2012-09-14 09:05 . 2012-01-31 09:46 35552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
      2012-08-28 15:18 . 2008-04-14 09:48 916992 ----a-w- c:\windows\system32\wininet.dll
      2012-08-28 15:18 . 2008-04-14 09:48 43520 ----a-w- c:\windows\system32\licmgr10.dll
      2012-08-28 15:18 . 2008-04-14 09:49 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
      2012-08-28 12:07 . 2008-04-14 09:22 385024 ----a-w- c:\windows\system32\html.iec
      2012-08-24 13:53 . 2008-04-14 09:48 177664 ----a-w- c:\windows\system32\wintrust.dll
      2012-08-23 06:27 . 2008-04-14 09:27 2151424 ----a-w- c:\windows\system32\ntoskrnl.exe
      2012-08-23 06:27 . 2008-04-14 07:27 2030080 ----a-w- c:\windows\system32\ntkrnlpa.exe
      2012-03-13 04:38 . 2012-04-12 20:07 97208 ----a-w- c:\archivos de programa\mozilla firefox\components\browsercomps.dll
      .
      .
      ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown
      REGEDIT4
      .
      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
      2012-11-08 14:45 1796552 ----a-w- c:\archivos de programa\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
      "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\archivos de programa\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll" [2012-11-08 1796552]
      .
      [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
      [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
      [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
      .
      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "MultiScreen"="c:\archivos de programa\MultiScreen\MultiScreen.exe" [2009-08-11 303104]
      "SUPERAntiSpyware"="c:\archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-05 4763008]
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
      "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
      "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
      "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
      "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-08 13762560]
      "nwiz"="nwiz.exe" [2009-07-08 1657376]
      "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-07-08 86016]
      "RTHDCPL"="RTHDCPL.EXE" [2009-12-15 18789920]
      "CmUCRRun"="c:\windows\system32\CmUCReye.exe" [2006-07-12 237568]
      "lxdomon.exe"="c:\archivos de programa\Lexmark 9500 Series\lxdomon.exe" [2010-02-10 455336]
      "lxdoamon"="c:\archivos de programa\Lexmark 9500 Series\lxdoamon.exe" [2010-02-10 25256]
      "Lexmark 9500 Series Fax Server"="c:\archivos de programa\Lexmark 9500 Series\fm3032.exe" [2010-02-10 311976]
      "Adobe ARM"="c:\archivos de programa\Archivos comunes\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
      "MFFSum_Pro_LL2"="c:\archivos de programa\Xerox Companion Suite\MFFSUM.exe" [2010-02-11 24576]
      "MFPrintServer_Pro_LL2"="c:\archivos de programa\Xerox Companion Suite\MFPrintServer.exe" [2010-02-11 73728]
      "SSBkgdUpdate"="c:\archivos de programa\Archivos comunes\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
      "PaperPort PTD"="c:\archivos de programa\ScanSoft\PaperPort\pptd40nt.exe" [2007-11-13 29984]
      "IndexSearch"="c:\archivos de programa\ScanSoft\PaperPort\IndexSearch.exe" [2007-11-13 46368]
      "vProt"="c:\archivos de programa\AVG Secure Search\vprot.exe" [2012-11-08 997320]
      "TkBellExe"="c:\archivos de programa\real\realplayer\update\realsched.exe" [2012-07-25 296096]
      "ROC_roc_ssl_v12"="c:\archivos de programa\AVG Secure Search\ROC_roc_ssl_v12.exe" [2012-08-08 1020512]
      "ROC_ROC_JULY_P1"="c:\archivos de programa\AVG Secure Search\ROC_ROC_JULY_P1.exe" [2012-08-29 1022048]
      "NeroFilterCheck"="c:\archivos de programa\Archivos comunes\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
      "SecurDisc"="c:\archivos de programa\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-15 1628208]
      "InCD"="c:\archivos de programa\Nero\Nero 7\InCD\InCD.exe" [2007-05-15 1057328]
      "AVG_UI"="c:\archivos de programa\AVG\AVG2013\avgui.exe" [2012-11-07 3143800]
      .
      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
      .
      c:\documents and settings\All Users.WINDOWS\Menú Inicio\Programas\Inicio\
      GammaTray.lnk - c:\archivos de programa\MagicTune Premium\GammaTray.exe [2010-4-14 36864]
      Rainmeter.lnk - c:\archivos de programa\Rainmeter\Rainmeter.exe [2012-1-8 105160]
      .
      [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
      "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\archivos de programa\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
      .
      [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
      BootExecute REG_MULTI_SZ autocheck autochk *\0c:\archiv~1\AVG\AVG2013\avgrsx.exe /sync /restart
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
      @=""
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
      @="Driver"
      .
      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "c:\\Archivos de programa\\Microsoft Office\\Office14\\GROOVE.EXE"=
      "c:\\Archivos de programa\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
      "c:\\RASplus\\RASplus_Runner.exe"=
      "c:\\Archivos de programa\\MagicTune Premium\\MagicTune.exe"=
      "c:\\WINDOWS\\system32\\lxdocoms.exe"=
      "c:\\Archivos de programa\\Lexmark 9500 Series\\lxdomon.exe"=
      "c:\\WINDOWS\\system32\\lxdocfg.exe"=
      "c:\\Archivos de programa\\Microsoft Office\\Office14\\WINWORD.EXE"=
      "c:\\Archivos de programa\\TeamViewer\\Version7\\TeamViewer.exe"=
      "c:\\Archivos de programa\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
      "c:\\Archivos de programa\\Lexmark 9500 Series\\lxdoFax.exe"=
      "c:\\Documents and Settings\\Lic. Oscar Mora\\Escritorio\\solutoinstaller.exe"=
      "c:\\Archivos de programa\\AVG\\AVG2013\\avgmfapx.exe"=
      "c:\\Archivos de programa\\AVG\\AVG2013\\avgnsx.exe"=
      "c:\\Archivos de programa\\AVG\\AVG2013\\avgdiagex.exe"=
      "c:\\Archivos de programa\\AVG\\AVG2013\\avgemcx.exe"=
      .
      R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [19/04/2012 03:50 a.m. 55776]
      R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [21/09/2012 03:46 a.m. 177376]
      R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [31/01/2012 03:46 a.m. 35552]
      R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [23/12/2011 12:32 p.m. 179936]
      R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [23/12/2011 12:32 p.m. 19936]
      R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [22/02/2012 04:25 a.m. 159712]
      R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [19/03/2012 04:17 a.m. 164832]
      R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [08/08/2012 09:09 a.m. 26984]
      R1 SASDIFSV;SASDIFSV;c:\archivos de programa\SUPERAntiSpyware\sasdifsv.sys [22/07/2011 10:27 a.m. 12880]
      R1 SASKUTIL;SASKUTIL;c:\archivos de programa\SUPERAntiSpyware\SASKUTIL.SYS [12/07/2011 03:55 p.m. 67664]
      R2 !SASCORE;SAS Core Service;c:\archivos de programa\SUPERAntiSpyware\SASCORE.EXE [11/08/2011 05:38 p.m. 116608]
      R2 AVGIDSAgent;AVGIDSAgent;c:\archivos de programa\AVG\AVG2013\avgidsagent.exe [06/11/2012 07:00 p.m. 5814392]
      R2 avgwd;WatchDog de AVG;c:\archivos de programa\AVG\AVG2013\avgwdsvc.exe [22/10/2012 01:05 p.m. 196664]
      R2 FUSServices;Session Launcher Service;c:\windows\system32\FUSServices.exe [11/02/2010 03:05 a.m. 10752]
      R2 lxdo_device;lxdo_device;c:\windows\system32\lxdocoms.exe -service --> c:\windows\system32\lxdocoms.exe -service [?]
      R2 MotoHelper;MotoHelper Service;c:\archivos de programa\Motorola\MotoHelper\MotoHelperService.exe [07/09/2010 10:47 a.m. 202048]
      R2 TeamViewer7;TeamViewer 7;c:\archivos de programa\TeamViewer\Version7\TeamViewer_Service.exe [01/10/2012 11:32 a.m. 2673064]
      R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\archivos de programa\Archivos comunes\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [08/11/2012 08:46 a.m. 711112]
      R3 CMISTOR;CMIUCR.SYS CM320/CM220 Card Reader Driver;c:\windows\system32\drivers\cmiucr.SYS [05/01/2007 04:21 p.m. 93056]
      S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [14/04/2010 06:51 a.m. 1691480]
      S3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys --> c:\windows\system32\Drivers\androidusb.sys [?]
      S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [12/03/2012 02:07 p.m. 6016]
      S3 CFcatchme;CFcatchme;\??\c:\docume~1\LIC~1.OSC\CONFIG~1\Temp\CFcatchme.sys --> c:\docume~1\LIC~1.OSC\CONFIG~1\Temp\CFcatchme.sys [?]
      S3 cpuz129;cpuz129;\??\c:\windows\TEMP\cpuz_x32.sys --> c:\windows\TEMP\cpuz_x32.sys [?]
      S3 massfilter_hs;ZTE HandSet Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys --> c:\windows\system32\drivers\massfilter_hs.sys [?]
      S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [12/03/2012 02:07 p.m. 19968]
      S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [12/03/2012 02:07 p.m. 8320]
      S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [12/03/2012 02:07 p.m. 23424]
      S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [12/03/2012 02:07 p.m. 23936]
      S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys [12/03/2012 02:07 p.m. 9472]
      S3 zghsmdm;ZTE General Handset USB Modem Proprietary;c:\windows\system32\DRIVERS\zghsmdm.sys --> c:\windows\system32\DRIVERS\zghsmdm.sys [?]
      .
      Contents of the 'Scheduled Tasks' folder
      .
      2012-11-14 c:\windows\Tasks\Adobe Flash Player Updater.job
      - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-28 15:25]
      .
      2012-11-15 c:\windows\Tasks\GlaryInitialize.job
      - c:\archivos de programa\Glary Utilities\initialize.exe [2012-11-14 18:45]
      .
      2012-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
      - c:\archivos de programa\Google\Update\GoogleUpdate.exe [2010-04-14 12:37]
      .
      2012-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
      - c:\archivos de programa\Google\Update\GoogleUpdate.exe [2010-04-14 12:37]
      .
      2012-11-15 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-73586283-1606980848-839522115-1003.job
      - c:\archivos de programa\Real\RealUpgrade\realupgrade.exe [2012-06-21 17:00]
      .
      2012-11-15 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-73586283-1606980848-839522115-1003.job
      - c:\archivos de programa\Real\RealUpgrade\realupgrade.exe [2012-06-21 17:00]
      .
      2012-11-14 c:\windows\Tasks\shutdown.job
      - C:\shutdow.bat [2011-04-28 12:27]
      .
      .
      ------- Supplementary Scan -------
      .
      uStart Page = hxxp://www.google.com.mx/
      mStart Page = hxxp://www.google.com
      uSearchAssistant = hxxp://www.google.com/ie
      IE: &Enviar a OneNote - c:\archiv~1\MICROS~2\Office14\ONBttnIE.dll/105
      IE: E&xportar a Microsoft Excel - c:\archiv~1\MICROS~2\Office14\EXCEL.EXE/3000
      Trusted Zone: forospyware.com\www
      Trusted Zone: gob.mx\*.imss
      Trusted Zone: gob.mx\idse.imss
      Trusted Zone: gob.mx\www.imss
      TCP: DhcpNameServer = 192.168.1.254
      Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\archivos de programa\Archivos comunes\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
      DPF: {4B5DC085-DDEE-4B81-8F51-D63E31053F96} - hxxp://idse.imss.gob.mx/certificacion/SeguriTools/GenKey.cab
      FF - ProfilePath - c:\documents and settings\Lic. Oscar Mora\Datos de programa\Mozilla\Firefox\Profiles\482ba1bf.default\
      FF - prefs.js: browser.startup.homepage - hxxp://google.com
      FF - prefs.js: keyword.URL - hxxp://google.com
      FF - user.js: extensions.autoDisableScopes - 14
      FF - user.js: security.csp.enable - false
      .
      - - - - ORPHANS REMOVED - - - -
      .
      WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
      .
      .
      .
      **************************************************************************
      .
      catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
      Rootkit scan 2012-11-15 15:29
      Windows 5.1.2600 Service Pack 3 NTFS
      .
      scanning hidden processes ...
      .
      scanning hidden autostart entries ...
      .
      scanning hidden files ...
      .
      scan completed successfully
      hidden files: 0
      .
      **************************************************************************
      .
      --------------------- LOCKED REGISTRY KEYS ---------------------
      .
      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
      @Denied: (A 2) (Everyone)
      @="FlashBroker"
      "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
      "Enabled"=dword:00000001
      .
      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
      @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
      @Denied: (A 2) (Everyone)
      @="IFlashBroker5"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
      @="{00020424-0000-0000-C000-000000000046}"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      "Version"="1.0"
      .
      --------------------- DLLs Loaded Under Running Processes ---------------------
      .
      - - - - - - - > 'explorer.exe'(1316)
      c:\windows\system32\WININET.dll
      c:\archivos de programa\MultiScreen\TitleBar.dll
      c:\archiv~1\ARCHIV~1\MICROS~1\OFFICE14\Cultures\office.odf
      c:\archiv~1\MICROS~2\Office14\3082\GrooveIntlResource.dll
      c:\windows\system32\webcheck.dll
      c:\windows\system32\WPDShServiceObj.dll
      c:\windows\system32\PortableDeviceTypes.dll
      c:\windows\system32\PortableDeviceApi.dll
      .
      ------------------------ Other Running Processes ------------------------
      .
      c:\archivos de programa\Nero\Nero 7\InCD\InCDsrv.exe
      c:\archivos de programa\Java\jre6\bin\jqs.exe
      c:\windows\system32\lxdocoms.exe
      c:\archivos de programa\Motorola\MotoHelper\MotoHelperAgent.exe
      c:\archivos de programa\TeamViewer\Version7\TeamViewer.exe
      c:\archivos de programa\TeamViewer\Version7\tv_w32.exe
      c:\windows\system32\RUNDLL32.EXE
      c:\windows\RTHDCPL.EXE
      c:\archivos de programa\Xerox Companion Suite\MFServices.exe
      .
      **************************************************************************
      .
      Completion time: 2012-11-15 15:34:35 - machine was rebooted
      ComboFix-quarantined-files.txt 2012-11-15 21:34
      ComboFix2.txt 2012-11-13 15:55
      .
      Pre-Run: 103,826,255,872 bytes libres
      Post-Run: 103,857,426,432 bytes libres
      .
      - - End Of File - - 7A551FE44DC9065CA04CE02277EE3F47

      Y con respecto a desconectar las maquinas de la red....
      Como seria la operación?
      Porque la mía es donde todos accesan al sistema administrativo y desconectarla seria detener la operación de la oficina, y eso seria como pedir mi renuncia para evitar ser despedido.
      Y desconectar una a una y conectarlas hasta que todas estén limpias, seria algo parecido.
      No hay alguna forma de protegerme y después proteger las que ya estén limpias y así hasta limpiar todas?

      Por eso te preguntaba del procedimiento, porque con el procedimiento, si podría detener la operación 2 o 3 horas, poniendo a trabajar a todas al mismo tiempo y cuando estén limpias conectarlas a la red.

      Espero tus comentarios.

      GRACIAS !!!!

      SALUDOS

    4. #14
      Ex-Colaboradora Avatar de @SanMar
      Registrado
      jun 2008
      Ubicación
      Argentina
      Mensajes
      22.290

      Re: Mi Sistema esta mandando ERRORES MUY RAROS ¿TENGO VIRUS?

      Hola:


      Primero comenta si este equipo llamemosle PC1 ya esta en orden.


      Para los demás equipos puedes realizar el procedimiento que te indique en el Post 2, y vas pegando los reportes enumerando PC2, 3, 4 etc.


      Salu2.

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    5. #15
      Usuario Avatar de oscarmora_2000
      Registrado
      may 2008
      Ubicación
      Mexico
      Mensajes
      80

      Re: Mi Sistema esta mandando ERRORES MUY RAROS ¿TENGO VIRUS?

      Uffff.............
      Estuvo pesadon, pero ya esta TODO !!!!!

      PC1 REPORTE:

      Ya recupere algunas funciones de Excel
      Se siente mas rapida que antes
      En todo el día no se congelo ni mando errores de disco
      Solo mando algunos errores :

      ==>El servicio Examinador no ha podido recuperar la lista de copias de seguridad un número excesivo de veces en el transporte \Device\NetBT_Tcpip_{84ACA78B-9877-4039-BC33-36F8746E549A}. El Examinador de copia de seguridad está detenido.

      ===>Error en la llamada ScRegSetValueExW para FailureActions con el error siguiente:
      Acceso denegado.

      ===> Error del redirector al intentar determinar el tipo de conexión.

      Entre otros que son informativos

      Continua PC02

    6. #16
      Usuario Avatar de oscarmora_2000
      Registrado
      may 2008
      Ubicación
      Mexico
      Mensajes
      80

      Re: Mi Sistema esta mandando ERRORES MUY RAROS ¿TENGO VIRUS?

      PV02:

      Reporte de Malwarebytes:

      Malwarebytes Anti-Malware 1.65.1.1000
      Malwarebytes : Free anti-malware download

      Versión de la Base de Datos: v2012.11.16.07

      Windows XP Service Pack 3 x86 NTFS
      Internet Explorer 8.0.6001.18702
      Alma_Rosa :: ADMON [administrador]

      16/11/2012 10:14:41 a.m.
      mbam-log-2012-11-16 (10-14-41).txt

      Tipos de Análisis: Análisis Completo (C:\|)
      Opciones de análisis activado: Memoria | Inicio | Registro | Sistema de archivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
      Opciones de análisis desactivados: P2P
      Objetos examinados: 335021
      Tiempo transcurrido: 33 minuto(s), 31 segundo(s)

      Procesos en Memoria Detectados: 0
      (No se han detectado elementos maliciosos)

      Módulos de Memoria Detectados: 0
      (No se han detectado elementos maliciosos)

      Claves del Registro Detectados: 7
      HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (PUP.MyWebSearch) -> En cuarentena y eliminado con éxito.
      HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (PUP.MyWebSearch) -> En cuarentena y eliminado con éxito.
      HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (PUP.MyWebSearch) -> En cuarentena y eliminado con éxito.
      HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (PUP.MyWebSearch) -> En cuarentena y eliminado con éxito.
      HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (PUP.MyWebSearch) -> En cuarentena y eliminado con éxito.
      HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (PUP.MyWebSearch) -> En cuarentena y eliminado con éxito.
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47a3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> En cuarentena y eliminado con éxito.

      Valores del Registro Detectados: 0
      (No se han detectado elementos maliciosos)

      Elementos de Datos del Registro Detectados: 0
      (No se han detectado elementos maliciosos)

      Carpetas Detectadas: 0
      (No se han detectado elementos maliciosos)

      Archivos Detectados: 0
      (No se han detectado elementos maliciosos)

      fin)


      Reporte ComboFix:


      ComboFix 12-11-16.02 - Alma_Rosa 16/11/2012 10:56:14.1.2 - x86
      Microsoft Windows XP Professional 5.1.2600.3.1252.52.3082.18.1014.550 [GMT -6:00]
      Running from: c:\documents and settings\Alma_Rosa\Escritorio\ComboFix.exe
      AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
      .
      WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
      .
      .
      ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      c:\archivos de programa\Astrology_4aEI
      c:\documents and settings\Alma_Rosa\Mis documentos\124058E9.tmp
      c:\windows\system32\Cache
      c:\windows\system32\Cache\272512937d9e61a4.fb
      c:\windows\system32\Cache\287204568329e189.fb
      c:\windows\system32\Cache\28bc8f716fd76a47.fb
      c:\windows\system32\Cache\2c53092c95605355.fb
      c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
      c:\windows\system32\Cache\32c84fe32bb74d60.fb
      c:\windows\system32\Cache\3917078cb68ec657.fb
      c:\windows\system32\Cache\590ba23ce359fd0c.fb
      c:\windows\system32\Cache\610289e025a3ee9a.fb
      c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
      c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
      c:\windows\system32\Cache\6d03dad1035885d3.fb
      c:\windows\system32\Cache\7aa62d0be929fe56.fb
      c:\windows\system32\Cache\846f4078489d43f8.fb
      c:\windows\system32\Cache\a8556537add6dfc5.fb
      c:\windows\system32\Cache\ad10a52aff5e038d.fb
      c:\windows\system32\Cache\c1fa887b03019701.fb
      c:\windows\system32\Cache\c4d28dca2e7648be.fb
      c:\windows\system32\Cache\d201ef9910cd39de.fb
      c:\windows\system32\Cache\d2e94710a5708128.fb
      c:\windows\system32\Cache\d79b9dfe81484ec4.fb
      c:\windows\system32\Cache\d897e09db4e6a231.fb
      c:\windows\system32\Cache\f998975c9cc711ee.fb
      c:\windows\system32\SET5B.tmp
      c:\windows\system32\SET5D.tmp
      c:\windows\system32\SET61.tmp
      c:\windows\system32\SET69.tmp
      .
      .
      ((((((((((((((((((((((((( Files Created from 2012-10-16 to 2012-11-16 )))))))))))))))))))))))))))))))
      .
      .
      2012-11-16 16:13 . 2012-11-16 16:13 -------- d-----w- c:\documents and settings\Alma_Rosa\Datos de programa\Malwarebytes
      2012-11-16 16:13 . 2012-09-30 01:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
      2012-11-16 16:12 . 2012-11-16 16:12 -------- d-----w- c:\archivos de programa\Archivos comunes\Java
      2012-11-16 16:12 . 2012-11-16 16:12 73728 ----a-w- c:\windows\system32\javacpl.cpl
      2012-11-16 16:12 . 2012-11-16 16:12 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
      .
      .
      .
      (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2012-11-16 16:12 . 2010-07-12 15:12 473072 ----a-w- c:\windows\system32\deployJava1.dll
      2012-11-08 16:51 . 2012-08-29 15:09 26984 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
      2012-10-22 19:56 . 2007-01-14 07:16 1866496 ----a-w- c:\windows\system32\win32k.sys
      2012-10-08 18:52 . 2012-09-24 13:16 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
      2012-10-08 18:52 . 2012-09-24 13:16 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
      2012-10-02 18:04 . 2004-08-19 22:42 58368 ----a-w- c:\windows\system32\synceng.dll
      2012-08-28 15:18 . 2007-01-04 13:40 916992 ----a-w- c:\windows\system32\wininet.dll
      2012-08-28 15:18 . 2004-08-19 22:42 43520 ------w- c:\windows\system32\licmgr10.dll
      2012-08-28 15:18 . 2004-08-19 22:43 1469440 ------w- c:\windows\system32\inetcpl.cpl
      2012-08-28 12:07 . 2004-08-19 22:23 385024 ------w- c:\windows\system32\html.iec
      2012-08-24 20:43 . 2012-03-19 10:17 301920 ----a-w- c:\windows\system32\drivers\avgtdix.sys
      2012-08-24 13:53 . 2004-08-19 22:42 177664 ----a-w- c:\windows\system32\wintrust.dll
      2012-08-23 06:27 . 2007-01-14 07:15 2151424 ----a-w- c:\windows\system32\ntoskrnl.exe
      2012-08-23 06:27 . 2005-03-02 11:13 2030080 ----a-w- c:\windows\system32\ntkrnlpa.exe
      2012-03-13 04:39 . 2012-07-25 20:37 97208 ----a-w- c:\archivos de programa\mozilla firefox\components\browsercomps.dll
      .
      .
      ------- Sigcheck -------
      Note: Unsigned files aren't necessarily malware.
      .
      [-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
      [-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys
      [-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
      [-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
      [-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys
      .
      [-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\asyncmac.sys
      [-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys
      [-] 2004-08-04 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\asyncmac.sys
      .
      [-] 2001-08-24 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys
      [-] 2001-08-24 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys
      .
      [-] 2008-04-14 . 188DDD286BC0DAEA6984858C6A4D7BBF . 25088 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kbdclass.sys
      [-] 2008-04-14 . 188DDD286BC0DAEA6984858C6A4D7BBF . 25088 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys
      [-] 2004-08-19 . 71BFDDA7B3006B45B18D8BAC92BC9993 . 25088 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kbdclass.sys
      .
      [-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ndis.sys
      [-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys
      [-] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ndis.sys
      .
      [-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntfs.sys
      [-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys
      [-] 2004-08-04 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ntfs.sys
      .
      [-] 2001-08-24 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys
      [-] 2001-08-24 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys
      .
      [-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
      [-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
      [-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
      [-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
      [-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
      [-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
      [-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
      [-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
      [-] 2007-01-14 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys
      .
      [-] 2008-04-14 . 671ACA589DA3733FAC878A751C5BF0ED . 13312 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lsass.exe
      [-] 2008-04-14 . 671ACA589DA3733FAC878A751C5BF0ED . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe
      [-] 2004-08-19 . 2B0B88652C9F6714FD4886839B3B0442 . 13312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lsass.exe
      .
      [-] 2008-04-14 . A48884C9359EE9F1FC8F3F0D93FB1D95 . 198144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netman.dll
      [-] 2008-04-14 . A48884C9359EE9F1FC8F3F0D93FB1D95 . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll
      [-] 2007-01-14 . 157B6FCB58270E3DF3ED67D316DCECE0 . 197632 . . [5.1.2600.2743] . . c:\windows\$NtServicePackUninstall$\netman.dll
      .
      [-] 2008-04-14 02:18 . 93F4E612C695E81512110956454E6E25 . 837120 . . [2001.12.4414.700] . . c:\windows\ServicePackFiles\i386\comres.dll
      [-] 2008-04-14 02:18 . 93F4E612C695E81512110956454E6E25 . 837120 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
      [-] 2004-08-19 22:41 . DECF5947EF11B06D716E08D0B86FC62A . 837120 . . [2001.12.4414.258] . . c:\windows\$NtServicePackUninstall$\comres.dll
      .
      [-] 2008-04-14 . 8EE9639C01B92490E09638CAA1B16C3C . 409088 . . [6.7.2600.5512] . . c:\windows\ServicePackFiles\i386\qmgr.dll
      [-] 2008-04-14 . 8EE9639C01B92490E09638CAA1B16C3C . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll
      [-] 2008-04-14 . 8EE9639C01B92490E09638CAA1B16C3C . 409088 . . [6.7.2600.5512] . . c:\windows\system32\bits\qmgr.dll
      [-] 2004-08-19 . 02451268DC47E4DC228210DA0E3C3274 . 382464 . . [6.6.2600.2180] . . c:\windows\$NtServicePackUninstall$\qmgr.dll
      .
      [-] 2009-02-09 . AEF41FC6F108CC4F94F9B4E96AFA9C70 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
      [-] 2009-02-09 . 97869C55F562B777987100EA30AD8108 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\rpcss.dll
      [-] 2009-02-09 . 97869C55F562B777987100EA30AD8108 . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll
      [-] 2009-02-09 . 97869C55F562B777987100EA30AD8108 . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll
      [-] 2009-02-09 . D326677E8A052EABA778B9767ECB7724 . 401408 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\rpcss.dll
      [-] 2008-04-14 . 53D02EFFA72CA5C57687BEE20610ABA6 . 399360 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\rpcss.dll
      [-] 2008-04-14 . 53D02EFFA72CA5C57687BEE20610ABA6 . 399360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rpcss.dll
      [-] 2007-01-14 . 78793AAE30E77A07D6C5A378D163B909 . 398336 . . [5.1.2600.2726] . . c:\windows\$NtUninstallKB956572_0$\rpcss.dll
      .
      [-] 2009-02-09 . 953DF7327510DF0DE048B8E80E504EF9 . 111104 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\services.exe
      [-] 2009-02-09 . 953DF7327510DF0DE048B8E80E504EF9 . 111104 . . [5.1.2600.5755] . . c:\windows\system32\services.exe
      [-] 2009-02-09 . 953DF7327510DF0DE048B8E80E504EF9 . 111104 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe
      [-] 2009-02-09 . AA6E1769469F9D15603A619FC1FB9E18 . 111104 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
      [-] 2009-02-09 . 14BDC84F56A5DB7A01FDAA6FA7893759 . 111104 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\services.exe
      [-] 2008-04-14 . D658A8C2FC7B2AD53D1259741A09EE04 . 109056 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\services.exe
      [-] 2008-04-14 . D658A8C2FC7B2AD53D1259741A09EE04 . 109056 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\services.exe
      [-] 2004-08-19 . F9852F505E0699BB83D5C6321917040B . 108544 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB956572_0$\services.exe
      .
      [-] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
      [-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\spoolsv.exe
      [-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\dllcache\spoolsv.exe
      [-] 2008-04-14 . CDD2DC6AE65084481E723E746C20539A . 57856 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2347290$\spoolsv.exe
      [-] 2008-04-14 . CDD2DC6AE65084481E723E746C20539A . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe
      [-] 2007-01-14 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe
      .
      [-] 2008-04-14 . 213C80D912880BBF04453D09FFCCB28C . 510976 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
      [-] 2008-04-14 . 213C80D912880BBF04453D09FFCCB28C . 510976 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
      [-] 2004-08-19 . FCB59D25D628B4D3181DC816D14679DD . 505344 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe
      .
      [-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ipsec.sys
      [-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys
      [-] 2004-08-04 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ipsec.sys
      .
      [-] 2010-08-23 . 3DDEC846E57F668C07407F3AC3B66220 . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
      [-] 2010-08-23 . 3DDEC846E57F668C07407F3AC3B66220 . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
      [-] 2010-08-23 . 24B09ED0C5B019A5198A74504179EEB0 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
      [-] 2008-04-14 . 618A4C7A7C0CA86DA884C8C0FACAD8C2 . 617472 . . [5.82] . . c:\windows\$NtUninstallKB2296011$\comctl32.dll
      [-] 2008-04-14 . 618A4C7A7C0CA86DA884C8C0FACAD8C2 . 617472 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
      [-] 2008-04-14 . 08D17A982CD6191B34D1B8C8A2E694B6 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
      [-] 2007-01-14 . 3E555C1ABB1F5DF1649B83B1878AC123 . 617472 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll
      [-] 2006-08-25 . 27CDCD592CCCBC1A5A62A0DE169B5BBB . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
      [-] 2001-08-24 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
      .
      [-] 2008-04-14 . E423C9C1946C656E0E4840210A0A8681 . 62464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\cryptsvc.dll
      [-] 2008-04-14 . E423C9C1946C656E0E4840210A0A8681 . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll
      [-] 2004-08-19 . 149CFFBF77CC1306FC535557CF513B91 . 60416 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\cryptsvc.dll
      .
      [-] 2008-07-07 20:27 . A225DD0D0489BD580781D19524A10B19 . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll
      [-] 2008-07-07 20:27 . A225DD0D0489BD580781D19524A10B19 . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
      [-] 2008-07-07 20:27 . A225DD0D0489BD580781D19524A10B19 . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll
      [-] 2008-07-07 20:25 . 6EC3C2A5CEA41B78BB55B30444292CB8 . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
      [-] 2008-07-07 20:18 . 9B8FE9DB4DB64DB5CB3B76DBA8C38B8B . 253952 . . [2001.12.4414.320] . . c:\windows\$NtServicePackUninstall$\es.dll
      [-] 2008-04-14 02:18 . 76ABF3BB5A6D684641EC92B28240811D . 246272 . . [2001.12.4414.701] . . c:\windows\$NtUninstallKB950974$\es.dll
      [-] 2008-04-14 02:18 . 76ABF3BB5A6D684641EC92B28240811D . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll
      [-] 2007-01-14 07:17 . 0D0F85237E32538F58278D673032676A . 243200 . . [2001.12.4414.308] . . c:\windows\$NtUninstallKB950974_0$\es.dll
      .
      [-] 2008-04-14 . 95DF6A7520912B1040F748A287EA382A . 110080 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\imm32.dll
      [-] 2008-04-14 . 95DF6A7520912B1040F748A287EA382A . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll
      [-] 2004-08-19 . BE2282FBEAFBB76577D47B06071139BB . 110080 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\imm32.dll
      .
      [-] 2009-03-21 . 7DC06BF4CBC3FCD7557D8D69DFBD49F5 . 1042944 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3GDR\kernel32.dll
      [-] 2009-03-21 . 7DC06BF4CBC3FCD7557D8D69DFBD49F5 . 1042944 . . [5.1.2600.5781] . . c:\windows\system32\kernel32.dll
      [-] 2009-03-21 . 7DC06BF4CBC3FCD7557D8D69DFBD49F5 . 1042944 . . [5.1.2600.5781] . . c:\windows\system32\dllcache\kernel32.dll
      [-] 2009-03-21 . 97D5372816EC546BD035EDAEDB5E6918 . 1044992 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
      [-] 2009-03-21 . 6FB482ABD03E16295A73270A3D30808F . 1042432 . . [5.1.2600.3541] . . c:\windows\$NtServicePackUninstall$\kernel32.dll
      [-] 2008-04-14 . F43FE49CF77EC1CEF9DB9E67BDDB970F . 1042944 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB959426$\kernel32.dll
      [-] 2008-04-14 . F43FE49CF77EC1CEF9DB9E67BDDB970F . 1042944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kernel32.dll
      [-] 2007-01-14 . 104C9E03B077BF78AD2543827138E8AC . 1038336 . . [5.1.2600.2945] . . c:\windows\$NtUninstallKB959426_0$\kernel32.dll
      .
      [-] 2008-04-14 . FB67F1E092AB9967D0CD17300D751874 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\linkinfo.dll
      [-] 2008-04-14 . FB67F1E092AB9967D0CD17300D751874 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll
      [-] 2007-01-14 . C4E7CEFD3802415865E631BE3AB6AC3B . 19968 . . [5.1.2600.2751] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll
      .
      [-] 2008-04-14 . 87F15A88AA3376B48F75D7D176B312A0 . 22016 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lpk.dll
      [-] 2008-04-14 . 87F15A88AA3376B48F75D7D176B312A0 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll
      [-] 2004-08-19 . 24B2A5D3EE366A3E9C1E0941363618C7 . 22016 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lpk.dll
      .
      [-] 2008-04-14 . 0F021B29E0C2C9D897258399FB2149CD . 343040 . . [7.0.2600.5512] . . c:\windows\ServicePackFiles\i386\msvcrt.dll
      [-] 2008-04-14 . 0F021B29E0C2C9D897258399FB2149CD . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll
      [-] 2008-04-14 . B1CB86D70023988360DA136B317D8546 . 343040 . . [7.0.2600.5512] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll
      [-] 2004-08-19 . 3CDD949F8340F06FD99667B4F75409D0 . 343040 . . [7.0.2600.2180] . . c:\windows\$NtServicePackUninstall$\msvcrt.dll
      [-] 2004-08-19 . C19174138C9DAB560E4324374C5F739E . 343040 . . [7.0.2600.2180] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll
      [-] 2001-08-24 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
      .
      [-] 2008-06-20 . 738AE6EEE9531C826E212BF686B0C5E5 . 248320 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll
      [-] 2008-06-20 . 738AE6EEE9531C826E212BF686B0C5E5 . 248320 . . [5.1.2600.5625] . . c:\windows\$NtUninstallKB2509553$\mswsock.dll
      [-] 2008-06-20 . DC10B07F256C8EDF6642015E380C741E . 248320 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\mswsock.dll
      [-] 2008-06-20 . DC10B07F256C8EDF6642015E380C741E . 248320 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
      [-] 2008-06-20 . C7C251D08747385131AF5D6E10653514 . 248320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\mswsock.dll
      [-] 2008-06-20 . 5E11D375C92A0DDA7AC4D487FC4E1978 . 248320 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll
      [-] 2008-06-20 . 5E11D375C92A0DDA7AC4D487FC4E1978 . 248320 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll
      [-] 2008-04-14 . AD893C9D3A09081D55A4BDFBC66AD592 . 248320 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\mswsock.dll
      [-] 2008-04-14 . AD893C9D3A09081D55A4BDFBC66AD592 . 248320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\mswsock.dll
      [-] 2004-08-19 . 10558FED65AAA5DC95125E069AE65036 . 248320 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748_0$\mswsock.dll
      .
      [-] 2009-02-06 . E24DE816D7A868A11A320C0A09164BFF . 408064 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\netlogon.dll
      [-] 2009-02-06 . E24DE816D7A868A11A320C0A09164BFF . 408064 . . [5.1.2600.3520] . . c:\windows\$NtUninstallKB975467_0$\netlogon.dll
      [-] 2008-04-14 . CD2BBB52DFAAB666B812A51B1E96F2A0 . 407040 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netlogon.dll
      [-] 2008-04-14 . CD2BBB52DFAAB666B812A51B1E96F2A0 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll
      [-] 2004-08-19 . 7FD182B1B80117C353983565D60B1CAF . 407040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB968389_0$\netlogon.dll
      .
      [-] 2008-04-14 . 56DE6FD410B277C4345D7A2C3414DB64 . 17408 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\powrprof.dll
      [-] 2008-04-14 . 56DE6FD410B277C4345D7A2C3414DB64 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll
      [-] 2004-08-19 . 75EFF6383C2F9BC1198C5351754D27AC . 17408 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\powrprof.dll
      .
      [-] 2008-04-14 . B6BE3C96CD33336A551DB3F2299A8E69 . 185856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\scecli.dll
      [-] 2008-04-14 . B6BE3C96CD33336A551DB3F2299A8E69 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll
      [-] 2004-08-19 . C6347748F2E9F310EA1E1915482ABFEF . 184832 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\scecli.dll
      .
      [-] 2008-04-14 . D5AC9FA63EBEFD7AACCB14BA0DB1BAC3 . 5120 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfc.dll
      [-] 2008-04-14 . D5AC9FA63EBEFD7AACCB14BA0DB1BAC3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll
      [-] 2004-08-19 . CA557E5E31C7BCFC2CB61CCFE9F6C945 . 5120 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfc.dll
      .
      [-] 2008-04-14 . 4F2340F0BD5B6365C38E74DD391919A8 . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\svchost.exe
      [-] 2008-04-14 . 4F2340F0BD5B6365C38E74DD391919A8 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
      [-] 2004-08-19 . FA03E1FC17F38FBDBA81470D08B3E416 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\svchost.exe
      .
      [-] 2008-04-14 . 04A5B8EA326951DB27DF60A14F2999FF . 249856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tapisrv.dll
      [-] 2008-04-14 . 04A5B8EA326951DB27DF60A14F2999FF . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll
      [-] 2007-01-14 . 861E25215BA370D4CA9337C2BC0E647F . 249344 . . [5.1.2600.2716] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll
      .
      [-] 2008-04-14 . DA8898129E0075C7DE4DEE457514A73C . 579584 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
      [-] 2008-04-14 . DA8898129E0075C7DE4DEE457514A73C . 579584 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
      [-] 2007-01-14 . 37CE819E8ECB3517B9981A886876EF72 . 578048 . . [5.1.2600.2622] . . c:\windows\$NtServicePackUninstall$\user32.dll
      .
      [-] 2008-04-14 . F5B8745B9A90EAF17E30C0574E049AA3 . 26624 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe
      [-] 2008-04-14 . F5B8745B9A90EAF17E30C0574E049AA3 . 26624 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
      [-] 2004-08-19 . 7B30B4D55B4562C733A5DDF6D6F72B3F . 25088 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\userinit.exe
      .
      [-] 2008-04-14 . 22DB5B3DA7005C6472D35BEF3FFDA5EC . 82432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2_32.dll
      [-] 2008-04-14 . 22DB5B3DA7005C6472D35BEF3FFDA5EC . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll
      [-] 2004-08-19 . B4A90738BA4355F187BD26D6C112082B . 82944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2_32.dll
      .
      [-] 2008-04-14 . F7EE4BBFB48437EDC6F7F061DE1E8F2F . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2help.dll
      [-] 2008-04-14 . F7EE4BBFB48437EDC6F7F061DE1E8F2F . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll
      [-] 2004-08-19 . 0EDF3501370A14BEFB27526CD06FACEE . 19968 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2help.dll
      .
      [-] 2008-04-14 . 7522F548A84ABAD8FA516DE5AB3931EF . 1036288 . . [6.00.2900.5512] . . c:\windows\explorer.exe
      [-] 2008-04-14 . 7522F548A84ABAD8FA516DE5AB3931EF . 1036288 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
      [-] 2004-08-19 . 89C8DD146CEAF482D82822766437D93F . 1034752 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe
      .
      [-] 2008-04-14 . F4B9F9AA2F72FAD20D09C3E3FF2BE224 . 152064 . . [5.1.2600.5512] . . c:\windows\regedit.exe
      [-] 2008-04-14 . F4B9F9AA2F72FAD20D09C3E3FF2BE224 . 152064 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regedit.exe
      [-] 2004-08-19 . 2BA8F4A46C83C6D3A02E9073A304F82C . 152064 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regedit.exe
      .
      [-] 2011-11-01 . 494276CFE71555AE0F3234C1B227E67A . 1288192 . . [5.1.2600.6168] . . c:\windows\system32\ole32.dll
      [-] 2011-11-01 . 494276CFE71555AE0F3234C1B227E67A . 1288192 . . [5.1.2600.6168] . . c:\windows\system32\dllcache\ole32.dll
      [-] 2011-11-01 . E8C2FA9AC16C25C0AB0677BA12D74BC1 . 1288704 . . [5.1.2600.6168] . . c:\windows\$hf_mig$\KB2624667\SP3QFE\ole32.dll
      [-] 2010-07-16 . 448FE53C1B2671DB712C8E8838E4263F . 1287680 . . [5.1.2600.6010] . . c:\windows\$NtUninstallKB2624667$\ole32.dll
      [-] 2010-07-16 . BCFEA258277FB42DD7F447EB61C34D06 . 1288704 . . [5.1.2600.6010] . . c:\windows\$hf_mig$\KB979687\SP3QFE\ole32.dll
      [-] 2008-04-14 . 463D57BF9FE5871208FF99399360A57D . 1287168 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB979687$\ole32.dll
      [-] 2008-04-14 . 463D57BF9FE5871208FF99399360A57D . 1287168 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ole32.dll
      [-] 2007-01-14 . 1CCD86AF8968519AE6BF9729FC566F1A . 1285632 . . [5.1.2600.2726] . . c:\windows\$NtServicePackUninstall$\ole32.dll
      .
      [-] 2010-04-16 . A8374FF31AC6EDEBB806D2B61D44618D . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\usp10.dll
      [-] 2010-04-16 . A8374FF31AC6EDEBB806D2B61D44618D . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\dllcache\usp10.dll
      [-] 2010-04-16 . 964D29711065A944E1BEC7FD676E61D9 . 406016 . . [1.0420.2600.5969] . . c:\windows\$hf_mig$\KB981322\SP3QFE\usp10.dll
      [-] 2008-04-14 . D2ABEB6AF76DA414D1FFF8B409F00635 . 406016 . . [1.0420.2600.5512] . . c:\windows\$NtUninstallKB981322$\usp10.dll
      [-] 2008-04-14 . D2ABEB6AF76DA414D1FFF8B409F00635 . 406016 . . [1.0420.2600.5512] . . c:\windows\ServicePackFiles\i386\usp10.dll
      [-] 2004-08-19 . 0405987EE320AB0572E463C1E69C0121 . 406528 . . [1.0420.2600.2180] . . c:\windows\$NtServicePackUninstall$\usp10.dll
      .
      [-] 2008-04-14 . D9A84134776399F6BD244BC456076575 . 4096 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\ksuser.dll
      [-] 2008-04-14 . D9A84134776399F6BD244BC456076575 . 4096 . . [5.3.2600.5512] . . c:\windows\system32\ksuser.dll
      [-] 2004-08-19 . 13A247D9214BB41BE25F2B491DCB7962 . 4096 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\ksuser.dll
      .
      [-] 2008-04-14 . DAAE1CB1B1875B760496E7D3336DA1AD . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
      [-] 2008-04-14 . DAAE1CB1B1875B760496E7D3336DA1AD . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
      [-] 2004-08-19 . 25ECFA69AF1563FDE8DFD31F9954497A . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
      .
      [-] 2009-07-27 . 1F617C5A76215C380478D750CE92CC73 . 135168 . . [6.00.2900.5853] . . c:\windows\system32\shsvcs.dll
      [-] 2009-07-27 . 1F617C5A76215C380478D750CE92CC73 . 135168 . . [6.00.2900.5853] . . c:\windows\system32\dllcache\shsvcs.dll
      [-] 2009-07-27 . 8A34F9730A2206726B1BE4DC4209CAB9 . 135168 . . [6.00.2900.5853] . . c:\windows\$hf_mig$\KB971029\SP3QFE\shsvcs.dll
      [-] 2008-04-14 . CA70EDBF32032EA53F114CB930741CB5 . 135168 . . [6.00.2900.5512] . . c:\windows\$NtUninstallKB971029$\shsvcs.dll
      [-] 2008-04-14 . CA70EDBF32032EA53F114CB930741CB5 . 135168 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\shsvcs.dll
      [-] 2007-03-03 . 00C566D725F80E77DAACB82D1FED4493 . 135168 . . [6.00.2900.3051] . . c:\windows\$NtServicePackUninstall$\shsvcs.dll
      .
      [-] 2008-04-14 . B5D9EFEBE404A9A2C74EF27E1823A78B . 4608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msimg32.dll
      [-] 2008-04-14 . B5D9EFEBE404A9A2C74EF27E1823A78B . 4608 . . [5.1.2600.5512] . . c:\windows\system32\msimg32.dll
      [-] 2004-08-19 . 954E6AAC31883B151A936793406D7A90 . 4608 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msimg32.dll
      .
      [-] 2008-04-14 . 0F30EEC6013FCF76693405EC4A7DF899 . 171520 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
      [-] 2008-04-14 . 0F30EEC6013FCF76693405EC4A7DF899 . 171520 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
      [-] 2004-08-19 . C791D16BF25264738B14873436293BD0 . 171008 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll
      .
      [-] 2008-04-14 . B2718EC9DC738E915D4177498E92BC4D . 13824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wscntfy.exe
      [-] 2008-04-14 . B2718EC9DC738E915D4177498E92BC4D . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
      [-] 2004-08-19 . 9C90A6DBE5D43E189F199172675D6312 . 13824 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wscntfy.exe
      .
      [-] 2008-04-14 . 14FDADCF05A37582399DAF1DA1DE1C7B . 129024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\xmlprov.dll
      [-] 2008-04-14 . 14FDADCF05A37582399DAF1DA1DE1C7B . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
      [-] 2004-08-19 . 843E0DB8042A8C0D749EB2B9EFA54F24 . 129536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\xmlprov.dll
      .
      [-] 2010-12-09 . 48AADE1D5F48819A4C3978C09AAD1DC9 . 742912 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntdll.dll
      [-] 2010-12-09 . 45B458684F0471C4F25A31A0BE4D2C70 . 742912 . . [5.1.2600.6055] . . c:\windows\system32\ntdll.dll
      [-] 2010-12-09 . 45B458684F0471C4F25A31A0BE4D2C70 . 742912 . . [5.1.2600.6055] . . c:\windows\system32\dllcache\ntdll.dll
      [-] 2009-02-09 . 6CBEC637D1B5A19A1C91F2B84E03CDE2 . 739840 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntdll.dll
      [-] 2009-02-09 . D9B5602198F7DEE18B898298A52F684D . 739328 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntdll.dll
      [-] 2009-02-09 . D9B5602198F7DEE18B898298A52F684D . 739328 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB2393802$\ntdll.dll
      [-] 2009-02-09 . D3A1B3EA95A52C4FAED7963CA1725F3F . 739840 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\ntdll.dll
      [-] 2008-04-14 . 91346D0D58E9FA1C75D8D0319F281745 . 730624 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\ntdll.dll
      [-] 2008-04-14 . 91346D0D58E9FA1C75D8D0319F281745 . 730624 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntdll.dll
      [-] 2004-08-19 . 306B64DD1822BB33A7B54D203B8DB4C4 . 732672 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB956572_0$\ntdll.dll
      .
      [-] 2009-02-27 . 3AEC5DBB88B5DF8982857317A00AF9D1 . 177152 . . [5.1.2600.5768] . . c:\windows\system32\msctfime.ime
      [-] 2009-02-27 . 3AEC5DBB88B5DF8982857317A00AF9D1 . 177152 . . [5.1.2600.5768] . . c:\windows\system32\dllcache\msctfime.ime
      [-] 2009-02-27 . EE8205E9F125C970711F78908D828B25 . 177152 . . [5.1.2600.5768] . . c:\windows\$hf_mig$\KB961503\SP3QFE\msctfime.ime
      [-] 2008-04-14 . DFE0E9229DD3C1441B93AAB15610B9B8 . 177152 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB961503$\msctfime.ime
      [-] 2008-04-14 . DFE0E9229DD3C1441B93AAB15610B9B8 . 177152 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msctfime.ime
      [-] 2004-08-19 . BFF509A62E57630555DAD0B7E0209573 . 177152 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msctfime.ime
      .
      [-] 2008-04-14 . 2744C713F0217BD8FFD13E2EF731371C . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll
      [-] 2008-04-14 . 2744C713F0217BD8FFD13E2EF731371C . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll
      [-] 2004-08-19 . 5696DF4EF09C375CE42FB2DDE1E68AB7 . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll
      .
      [-] 2008-04-14 . 2A1E1DF559B291583903D2F9CC504522 . 1572352 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll
      [-] 2008-04-14 . 2A1E1DF559B291583903D2F9CC504522 . 1572352 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
      [-] 2004-08-19 . AAFD7382D64710AE3A6F1DEE5020CF19 . 1548800 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll
      .
      [-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ipsec.sys
      [-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys
      [-] 2004-08-04 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ipsec.sys
      .
      [-] 2008-04-14 . E424F05B07AC4357DC08D06218D76C7C . 59904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regsvc.dll
      [-] 2008-04-14 . E424F05B07AC4357DC08D06218D76C7C . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll
      [-] 2004-08-19 . D025E953864EBEBAB5933086D15C4FC6 . 59904 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regsvc.dll
      .
      [-] 2008-04-14 . 51BE25C404D3DD344C6079DE715E4977 . 193536 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\schedsvc.dll
      [-] 2008-04-14 . 51BE25C404D3DD344C6079DE715E4977 . 193536 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll
      [-] 2004-08-19 . 0125649B3C00D037E07FD7BCEF7B653B . 192000 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\schedsvc.dll
      .
      [-] 2008-04-14 . B622A432EF02895DE4AA38AC8B85FA4C . 71680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ssdpsrv.dll
      [-] 2008-04-14 . B622A432EF02895DE4AA38AC8B85FA4C . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll
      [-] 2004-08-19 . 4AFF5EA8BF2362C3D5001295FDEB3ABD . 71680 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ssdpsrv.dll
      .
      [-] 2008-04-14 . 288B20D56D5F0EC4BCC77FBFA5A81740 . 296960 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\termsrv.dll
      [-] 2008-04-14 . 288B20D56D5F0EC4BCC77FBFA5A81740 . 296960 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll
      [-] 2004-08-19 . C2038466BE5A6A76EFD592FA0B459E17 . 296960 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\termsrv.dll
      .
      [-] 2008-04-14 . 54B34DA91EAF52A8EAC654CED8977980 . 347136 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\hnetcfg.dll
      [-] 2008-04-14 . 54B34DA91EAF52A8EAC654CED8977980 . 347136 . . [5.1.2600.5512] . . c:\windows\system32\hnetcfg.dll
      [-] 2004-08-19 . ED424C815B96ECDB3167914E84189B1D . 347136 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\hnetcfg.dll
      .
      [-] 2008-04-14 . 30CD42BFCDAFEFE8567B9E527DD3AE08 . 175104 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\appmgmts.dll
      [-] 2008-04-14 . 30CD42BFCDAFEFE8567B9E527DD3AE08 . 175104 . . [5.1.2600.5512] . . c:\windows\system32\appmgmts.dll
      [-] 2004-08-19 . 0CF68B185221E5B162EF1B0559428B40 . 175104 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\appmgmts.dll
      .
      [-] 2001-08-24 . 1C905333C0B9F3D7C68DDF25E54B00F9 . 12032 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys
      .
      [-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ServicePackFiles\i386\aec.sys
      [-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys
      [-] 2006-02-14 23:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$NtServicePackUninstall$\aec.sys
      .
      [-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\agp440.sys
      [-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\drivers\agp440.sys
      .
      [-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ip6fw.sys
      [-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys
      [-] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ip6fw.sys
      .
      [-] 2010-09-18 07:18 . C7D2DE04EEA71D72EB0A8793FA6E9FC1 . 953856 . . [4.1.6151] . . c:\windows\$hf_mig$\KB2387149\SP3QFE\mfc40u.dll
      [-] 2010-09-18 06:53 . 46EF24BCFAF0F7AB46B1A80CCC5BCC71 . 953856 . . [4.1.6151] . . c:\windows\system32\mfc40u.dll
      [-] 2010-09-18 06:53 . 46EF24BCFAF0F7AB46B1A80CCC5BCC71 . 953856 . . [4.1.6151] . . c:\windows\system32\dllcache\mfc40u.dll
      [-] 2008-04-14 02:18 . 27415CEEB58C8C2F92AFF8CFE2517A3C . 927504 . . [4.1.0.61] . . c:\windows\$NtUninstallKB2387149$\mfc40u.dll
      [-] 2008-04-14 02:18 . 27415CEEB58C8C2F92AFF8CFE2517A3C . 927504 . . [4.1.0.61] . . c:\windows\ServicePackFiles\i386\mfc40u.dll
      [-] 2001-08-24 10:00 . F1197F879AF9ED702D3E6EBCD3B99107 . 924432 . . [4.1.6140] . . c:\windows\$NtServicePackUninstall$\mfc40u.dll
      .
      [-] 2008-04-14 . 047E70B04B288439245DDC8DD1A31982 . 33792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msgsvc.dll
      [-] 2008-04-14 . 047E70B04B288439245DDC8DD1A31982 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll
      [-] 2004-08-19 . CA33F6547C49E749E47FB6A0D1DBE192 . 33792 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msgsvc.dll
      .
      [-] 2008-04-14 02:18 . 57CF215B0250DE0C4AE36ABC8AE31BE4 . 52736 . . [9.0.1.56] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
      [-] 2006-10-19 02:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
      [-] 2006-10-19 02:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll
      [-] 2004-08-19 22:42 . 7BB55C1143F8270467928AA843A48192 . 52736 . . [9.0.1.56] . . c:\windows\$NtServicePackUninstall$\mspmsnsv.dll
      .
      [-] 2008-04-14 02:18 . D60C40D71A4D874C903255E4827AFA0C . 437760 . . [5.1.2400.5512] . . c:\windows\ServicePackFiles\i386\ntmssvc.dll
      [-] 2008-04-14 02:18 . D60C40D71A4D874C903255E4827AFA0C . 437760 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll
      [-] 2004-08-19 22:42 . 395948DEE2B0F534A8C70687CC6DD7CA . 437760 . . [5.1.2400.2180] . . c:\windows\$NtServicePackUninstall$\ntmssvc.dll
      .
      [-] 2008-04-14 . 7594203F459ABDB5FE53C08D6B1BD53B . 186368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\upnphost.dll
      [-] 2008-04-14 . 7594203F459ABDB5FE53C08D6B1BD53B . 186368 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll
      [-] 2004-08-19 . 4B48358383940F6E559DA2F64753029F . 185344 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\upnphost.dll
      .
      [-] 2008-04-14 . 9EF059A2C76BCE8DB9B0DD95EFE23A48 . 367616 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\dsound.dll
      [-] 2008-04-14 . 9EF059A2C76BCE8DB9B0DD95EFE23A48 . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll
      [-] 2004-08-19 . BDE6AEDFD66768C08C42DAE5056B6779 . 367616 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\dsound.dll
      .
      [-] 2008-04-14 . AE5DD931EFAB3687BA4DF0671F4CE078 . 1689088 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\d3d9.dll
      [-] 2008-04-14 . AE5DD931EFAB3687BA4DF0671F4CE078 . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll
      [-] 2004-08-19 . 77A1379688F15B02D5100183A54778BB . 1689088 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\d3d9.dll
      .
      [-] 2008-04-14 . 28D0D87445F4ADD6614155EC13F042DD . 279552 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\ddraw.dll
      [-] 2008-04-14 . 28D0D87445F4ADD6614155EC13F042DD . 279552 . . [5.03.2600.5512] . . c:\windows\system32\ddraw.dll
      [-] 2004-08-19 . 285B7EA6C449DA0E08B1195FE7033A1A . 266240 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\ddraw.dll
      .
      [-] 2008-04-14 02:18 . F71CB6064DFC10DFB767B537BFA33D61 . 84992 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\olepro32.dll
      [-] 2008-04-14 02:18 . F71CB6064DFC10DFB767B537BFA33D61 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\olepro32.dll
      [-] 2004-08-19 22:42 . 74A98B98FB63049B6FECC472AD09A577 . 83456 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\olepro32.dll
      .
      [-] 2008-04-14 . 91C2A139745F2AF17E4685A1E54B4FDA . 41984 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\perfctrs.dll
      [-] 2008-04-14 . 91C2A139745F2AF17E4685A1E54B4FDA . 41984 . . [5.1.2600.5512] . . c:\windows\system32\perfctrs.dll
      [-] 2004-08-19 . AC18C8A4D842211748AAACF89EFEBF07 . 41984 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\perfctrs.dll
      .
      [-] 2008-04-14 . F4968D88123785BCF95A31E0225C5592 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\version.dll
      [-] 2008-04-14 . F4968D88123785BCF95A31E0225C5592 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\version.dll
      [-] 2004-08-19 . 63782F8342BB8F04E0AFCAABA2B60C09 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\version.dll
      .
      [-] 2008-04-14 . 0F30EEC6013FCF76693405EC4A7DF899 . 171520 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
      [-] 2008-04-14 . 0F30EEC6013FCF76693405EC4A7DF899 . 171520 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
      [-] 2004-08-19 . C791D16BF25264738B14873436293BD0 . 171008 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll
      .
      [-] 2008-04-14 . C71CFACDBFADD819736F61F5738BDDC1 . 177152 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\w32time.dll
      [-] 2008-04-14 . C71CFACDBFADD819736F61F5738BDDC1 . 177152 . . [5.1.2600.5512] . . c:\windows\system32\w32time.dll
      [-] 2004-08-19 . 13835C57C973519F82B27EA506239369 . 176640 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\w32time.dll
      .
      [-] 2008-04-14 . 7226422C95FDF8AA6092EE964912B0DF . 334336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wiaservc.dll
      [-] 2008-04-14 . 7226422C95FDF8AA6092EE964912B0DF . 334336 . . [5.1.2600.5512] . . c:\windows\system32\wiaservc.dll
      [-] 2007-03-03 . FBBC9ADC4E3FB61F7346517F04239123 . 334336 . . [5.1.2600.3051] . . c:\windows\$NtServicePackUninstall$\wiaservc.dll
      .
      [-] 2008-04-14 . D94FF77931D467AC3ED916F767FA7E1F . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\midimap.dll
      [-] 2008-04-14 . D94FF77931D467AC3ED916F767FA7E1F . 18944 . . [5.1.2600.5512] . . c:\windows\system32\midimap.dll
      [-] 2004-08-19 . 3D9CD39DA8C8FC3C04BF11B89501C9FB . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\midimap.dll
      .
      [-] 2008-04-14 . 73ECA7B33EB3F7262D92EA80B61708CD . 7680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rasadhlp.dll
      [-] 2008-04-14 . 73ECA7B33EB3F7262D92EA80B61708CD . 7680 . . [5.1.2600.5512] . . c:\windows\system32\rasadhlp.dll
      [-] 2007-01-14 . 93D6AEA2B292424863412EEBCC0834CF . 7680 . . [5.1.2600.2938] . . c:\windows\$NtServicePackUninstall$\rasadhlp.dll
      .
      [-] 2008-04-14 . AF6AFCD7BAB71127B3812762500EFBA1 . 19456 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wshtcpip.dll
      [-] 2008-04-14 . AF6AFCD7BAB71127B3812762500EFBA1 . 19456 . . [5.1.2600.5512] . . c:\windows\system32\wshtcpip.dll
      [-] 2004-08-19 . DE1A0E546351E4D33BB7E1FB8480E9E1 . 19968 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wshtcpip.dll
      .
      ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown
      REGEDIT4
      .
      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
      "{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\archivos de programa\Yahoo!\Companion\Installs\cpn0\yt.dll" [2012-06-11 1524056]
      .
      [HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
      [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
      [HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
      [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
      .
      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
      2012-11-08 16:51 1796552 ----a-w- c:\archivos de programa\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
      "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\archivos de programa\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll" [2012-11-08 1796552]
      .
      [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
      [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
      [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-16 141848]
      "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-16 166424]
      "Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-16 137752]
      "RTHDCPL"="RTHDCPL.EXE" [2008-07-17 16876032]
      "AVG_TRAY"="c:\archivos de programa\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]
      "vProt"="c:\archivos de programa\AVG Secure Search\vprot.exe" [2012-11-08 997320]
      "ROC_ROC_JULY_P1"="c:\archivos de programa\AVG Secure Search\ROC_ROC_JULY_P1.exe" [2012-08-29 1022048]
      "Adobe ARM"="c:\archivos de programa\Archivos comunes\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
      "Adobe Reader Speed Launcher"="c:\archivos de programa\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
      "SunJavaUpdateSched"="c:\archivos de programa\Archivos comunes\Java\Java Update\jusched.exe" [2012-09-17 254896]
      .
      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
      .
      c:\documents and settings\Alma_Rosa\Menú Inicio\Programas\Inicio\
      Acceso directo a Inicio.lnk - n:\oscar\Inicio.bat [2011-10-11 71]
      .
      [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
      BootExecute REG_MULTI_SZ autocheck autochk *\0c:\archiv~1\AVG\AVG2012\avgrsx.exe /sync /restart
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
      @=""
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
      2008-04-14 02:19 1695232 ----a-w- c:\archivos de programa\Messenger\msmsgs.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\security center]
      "AntiVirusOverride"=dword:00000001
      .
      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "c:\\Archivos de programa\\Messenger\\msmsgs.exe"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "c:\\Archivos de programa\\Microsoft Office\\Office14\\GROOVE.EXE"=
      "c:\\Archivos de programa\\AVG\\AVG2012\\avgmfapx.exe"=
      "c:\\RASplus\\RASplus_Runner.exe"=
      "c:\\Archivos de programa\\AVG\\AVG2012\\avgnsx.exe"=
      "c:\\Archivos de programa\\AVG\\AVG2012\\avgdiagex.exe"=
      "c:\\Archivos de programa\\AVG\\AVG2012\\avgemcx.exe"=
      .
      R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [19/04/2012 03:50 a.m. 24896]
      R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [31/01/2012 03:46 a.m. 31952]
      R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [22/02/2012 04:25 a.m. 237408]
      R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [19/03/2012 04:17 a.m. 301920]
      R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [29/08/2012 09:09 a.m. 26984]
      R2 avgwd;WatchDog de AVG;c:\archivos de programa\AVG\AVG2012\avgwdsvc.exe [14/02/2012 03:53 a.m. 193288]
      R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\archivos de programa\Archivos comunes\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [08/11/2012 10:51 a.m. 711112]
      R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [23/12/2011 12:32 p.m. 139856]
      R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [23/12/2011 12:32 p.m. 24144]
      R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [23/12/2011 12:32 p.m. 17232]
      S0 zzvumu;zzvumu;c:\windows\system32\drivers\xglysqsp.sys --> c:\windows\system32\drivers\xglysqsp.sys [?]
      S2 AVGIDSAgent;AVGIDSAgent;c:\archivos de programa\AVG\AVG2012\avgidsagent.exe [13/08/2012 02:24 a.m. 5167736]
      .
      --- Other Services/Drivers In Memory ---
      .
      *NewlyCreated* - JAVAQUICKSTARTERSERVICE
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
      2009-03-08 09:32 128512 ----a-w- c:\windows\system32\advpack.dll
      .
      Contents of the 'Scheduled Tasks' folder
      .
      2012-11-16 c:\windows\Tasks\Adobe Flash Player Updater.job
      - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-24 18:52]
      .
      2012-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
      - c:\archivos de programa\Google\Update\GoogleUpdate.exe [2010-10-05 14:42]
      .
      2012-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
      - c:\archivos de programa\Google\Update\GoogleUpdate.exe [2010-10-05 14:42]
      .
      2012-11-16 c:\windows\Tasks\User_Feed_Synchronization-{657A252A-A6F6-4291-B72F-D766C8DF305A}.job
      - c:\windows\system32\msfeedssync.exe [2007-08-14 09:31]
      .
      .
      ------- Supplementary Scan -------
      .
      uStart Page = hxxp://mx.yahoo.com/
      IE: E&xportar a Microsoft Excel - c:\archiv~1\MICROS~2\Office14\EXCEL.EXE/3000
      Trusted Zone: Sistemas
      TCP: DhcpNameServer = 192.168.1.254
      Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\archivos de programa\Archivos comunes\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
      FF - ProfilePath - c:\documents and settings\Alma_Rosa\Datos de programa\Mozilla\Firefox\Profiles\2r354jm8.default\
      FF - prefs.js: keyword.URL - hxxps://isearch.avg.com/search?cid=%7Ba5caaae6-0957-40df-9ee5-2e228aa5ed7d%7D&mid=4a061ed7c8bd47d08273d16e48eeae60-669b252a2b814e52707d5262fb33b78cb9f5552f&ds=AVG&v=12.2.5.32&lang=es-es&pr=fr&d=2012-07-25%2017%3A26%3A50&sap=ku&q=
      FF - prefs.js: network.proxy.type - 0
      .
      - - - - ORPHANS REMOVED - - - -
      .
      BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
      Toolbar-Locked - (no file)
      WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
      SafeBoot-guxietjs.sys
      SafeBoot-nprxlzqb.sys
      SafeBoot-qccjzhiq.sys
      SafeBoot-ypodsigi.sys
      SafeBoot-ysbvamhb.sys
      .
      .
      .
      **************************************************************************
      .
      catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
      Rootkit scan 2012-11-16 11:03
      Windows 5.1.2600 Service Pack 3 NTFS
      .
      scanning hidden processes ...
      .
      scanning hidden autostart entries ...
      .
      scanning hidden files ...
      .
      scan completed successfully
      hidden files: 0
      .
      **************************************************************************
      .
      --------------------- LOCKED REGISTRY KEYS ---------------------
      .
      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
      @Denied: (A 2) (Everyone)
      @="FlashBroker"
      "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
      "Enabled"=dword:00000001
      .
      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
      @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
      @Denied: (A 2) (Everyone)
      @="IFlashBroker5"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
      @="{00020424-0000-0000-C000-000000000046}"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      "Version"="1.0"
      .
      Completion time: 2012-11-16 11:06:23
      ComboFix-quarantined-files.txt 2012-11-16 17:06
      .
      Pre-Run: 233,686,069,248 bytes libres
      Post-Run: 233,757,499,392 bytes libres
      .
      - - End Of File - - 11870D2FD86A1F105B36FF631D3C5F6C



      CONTINUA PC3

    7. #17
      Usuario Avatar de oscarmora_2000
      Registrado
      may 2008
      Ubicación
      Mexico
      Mensajes
      80

      Re: Mi Sistema esta mandando ERRORES MUY RAROS ¿TENGO VIRUS?

      PC03:

      Reporte Malwarebytes :

      Malwarebytes Anti-Malware 1.65.1.1000
      Malwarebytes : Free anti-malware download

      Versión de la Base de Datos: v2012.11.16.07

      Windows XP Service Pack 3 x86 NTFS
      Internet Explorer 8.0.6001.18702
      LA MUÑE :: COBRANZAS [administrador]

      16/11/2012 10:36:00 a.m.
      mbam-log-2012-11-16 (10-36-00).txt

      Tipos de Análisis: Análisis Completo (C:\|)
      Opciones de análisis activado: Memoria | Inicio | Registro | Sistema de archivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
      Opciones de análisis desactivados: P2P
      Objetos examinados: 224593
      Tiempo transcurrido: 29 minuto(s), 42 segundo(s)

      Procesos en Memoria Detectados: 0
      (No se han detectado elementos maliciosos)

      Módulos de Memoria Detectados: 0
      (No se han detectado elementos maliciosos)

      Claves del Registro Detectados: 0
      (No se han detectado elementos maliciosos)

      Valores del Registro Detectados: 0
      (No se han detectado elementos maliciosos)

      Elementos de Datos del Registro Detectados: 0
      (No se han detectado elementos maliciosos)

      Carpetas Detectadas: 0
      (No se han detectado elementos maliciosos)

      Archivos Detectados: 0
      (No se han detectado elementos maliciosos)

      fin)

      Reporte ComboFix:

      ComboFix 12-11-16.02 - LA MUÑE 16/11/2012 11:16:19.1.2 - x86
      Microsoft Windows XP Professional 5.1.2600.3.1252.52.3082.18.1012.477 [GMT -6:00]
      Running from: c:\combofix\ComboFix.exe
      .
      WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
      .
      .
      ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      c:\documents and settings\All Users\SPL4A.tmp
      c:\documents and settings\All Users\SPL6A.tmp
      .
      .
      ((((((((((((((((((((((((( Files Created from 2012-10-16 to 2012-11-16 )))))))))))))))))))))))))))))))
      .
      .
      2012-11-16 16:32 . 2012-11-16 16:32 -------- d-----w- c:\documents and settings\LA MUÑE\Datos de programa\Malwarebytes
      2012-11-16 16:31 . 2012-11-16 16:31 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Malwarebytes
      2012-11-16 16:31 . 2012-11-16 16:31 -------- d-----w- c:\archivos de programa\Malwarebytes' Anti-Malware
      2012-11-16 16:31 . 2012-09-30 01:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
      2012-11-16 16:22 . 2012-11-16 16:22 -------- d-----w- c:\archivos de programa\CCleaner
      2012-10-25 18:56 . 2012-10-25 18:56 -------- d-----w- c:\documents and settings\LA MUÑE\Configuración local\Datos de programa\Facebook
      2012-10-25 16:35 . 2012-10-25 16:35 -------- d-----w- c:\documents and settings\LA MUÑE\Datos de programa\Lexmark Productivity Studio
      2012-10-18 22:34 . 2012-10-18 22:34 -------- d-----w- c:\archivos de programa\ESET
      .
      .
      .
      (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2012-10-22 19:56 . 2004-08-19 13:30 1866496 ----a-w- c:\windows\system32\win32k.sys
      2012-10-12 13:55 . 2012-04-10 13:25 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
      2012-10-12 13:55 . 2011-06-08 02:27 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
      2012-10-12 13:55 . 2012-10-12 13:55 9575864 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
      2012-10-02 18:04 . 2004-08-19 13:42 58368 ----a-w- c:\windows\system32\synceng.dll
      2012-08-28 15:18 . 2004-08-19 13:42 916992 ----a-w- c:\windows\system32\wininet.dll
      2012-08-28 15:18 . 2004-08-19 13:42 43520 ----a-w- c:\windows\system32\licmgr10.dll
      2012-08-28 15:18 . 2004-08-19 13:43 1469440 ------w- c:\windows\system32\inetcpl.cpl
      2012-08-28 12:07 . 2004-08-19 13:23 385024 ----a-w- c:\windows\system32\html.iec
      2012-08-24 13:53 . 2004-08-19 13:42 177664 ----a-w- c:\windows\system32\wintrust.dll
      2012-08-23 06:27 . 2004-08-19 13:33 2151424 ----a-w- c:\windows\system32\ntoskrnl.exe
      2012-08-23 06:27 . 2004-08-19 15:33 2030080 ----a-w- c:\windows\system32\ntkrnlpa.exe
      2012-08-20 21:31 . 2012-02-22 22:37 350096 ----a-w- c:\windows\system32\qproxy.dll
      2012-08-20 21:29 . 2012-08-21 16:24 28440 ----a-w- c:\windows\system32\drivers\qwd.sys
      2012-03-13 04:38 . 2012-04-23 22:40 97208 ----a-w- c:\archivos de programa\mozilla firefox\components\browsercomps.dll
      .
      .
      ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown
      REGEDIT4
      .
      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Facebook Update"="c:\documents and settings\LA MUÑE\Configuración local\Datos de programa\Facebook\Update\FacebookUpdate.exe" [2012-10-25 138096]
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-21 134656]
      "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-21 166912]
      "Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-21 134656]
      "RTHDCPL"="RTHDCPL.EXE" [2010-09-08 19573352]
      "Adobe ARM"="c:\archivos de programa\Archivos comunes\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
      "lxdomon.exe"="c:\archivos de programa\Lexmark 9500 Series\lxdomon.exe" [2010-02-10 455336]
      "lxdoamon"="c:\archivos de programa\Lexmark 9500 Series\lxdoamon.exe" [2010-02-10 25256]
      "Lexmark 9500 Series Fax Server"="c:\archivos de programa\Lexmark 9500 Series\fm3032.exe" [2010-02-10 311976]
      "QAppTray"="c:\archivos de programa\Qustodio\qapp\QAppTray.exe" [2012-08-20 1714048]
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
      "Malwarebytes Anti-Malware"="c:\archivos de programa\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-09-30 766536]
      .
      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
      .
      c:\documents and settings\LA MUÑE\Menú Inicio\Programas\Inicio\
      LanConfig.lnk - n:\oscar\Inicio.bat [2011-10-11 71]
      .
      c:\documents and settings\All Users\Menú Inicio\Programas\Inicio\
      McAfee Security Scan Plus.lnk - c:\archivos de programa\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\qwd.sys]
      @="Driver"
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\security center]
      "AntiVirusOverride"=dword:00000001
      .
      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "c:\\WINDOWS\\system32\\lxdocoms.exe"=
      "c:\\Archivos de programa\\Lexmark 9500 Series\\lxdomon.exe"=
      "c:\\WINDOWS\\system32\\lxdocfg.exe"=
      "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdopswx.exe"=
      "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdotime.exe"=
      "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdojswx.exe"=
      "c:\\Archivos de programa\\Microsoft Office\\Office14\\GROOVE.EXE"=
      "c:\\Documents and Settings\\LA MUÑE\\Configuración local\\Datos de programa\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
      .
      R1 qwd;qwd service;c:\windows\system32\drivers\qwd.sys [21/08/2012 10:24 a.m. 28440]
      R2 lxdo_device;lxdo_device;c:\windows\system32\lxdocoms.exe -service --> c:\windows\system32\lxdocoms.exe -service [?]
      R3 NmPar;PCI Parallel Port;c:\windows\system32\drivers\NmPar.sys [24/12/2008 04:40 a.m. 80256]
      S2 lxdoCATSCustConnectService;lxdoCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdoserv.exe [16/02/2012 05:15 p.m. 98984]
      S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [07/06/2011 08:11 p.m. 1691480]
      S3 cpudrv;cpudrv;c:\archivos de programa\SystemRequirementsLab\cpudrv.sys [18/12/2009 09:58 a.m. 11336]
      S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\archivos de programa\McAfee Security Scan\3.0.207\McCHSvc.exe [17/06/2011 11:33 a.m. 237008]
      .
      Contents of the 'Scheduled Tasks' folder
      .
      2012-11-16 c:\windows\Tasks\Adobe Flash Player Updater.job
      - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 13:55]
      .
      2012-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
      - c:\archivos de programa\Google\Update\GoogleUpdate.exe [2012-04-24 22:26]
      .
      2012-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
      - c:\archivos de programa\Google\Update\GoogleUpdate.exe [2012-04-24 22:26]
      .
      2013-01-02 c:\windows\Tasks\User_Feed_Synchronization-{0CC989BC-3F68-4F32-A2DC-32E144096A64}.job
      - c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
      .
      .
      ------- Supplementary Scan -------
      .
      LSP: c:\windows\system32\qproxy.dll
      Trusted Zone: SISTEMAS
      TCP: DhcpNameServer = 192.168.1.254
      FF - ProfilePath - c:\documents and settings\LA MUÑE\Datos de programa\Mozilla\Firefox\Profiles\llsjpjsb.default\
      FF - prefs.js: network.proxy.type - 0
      .
      - - - - ORPHANS REMOVED - - - -
      .
      Toolbar-Locked - (no file)
      .
      .
      .
      **************************************************************************
      .
      catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
      Rootkit scan 2012-11-16 11:22
      Windows 5.1.2600 Service Pack 3 NTFS
      .
      scanning hidden processes ...
      .
      scanning hidden autostart entries ...
      .
      scanning hidden files ...
      .
      scan completed successfully
      hidden files: 0
      .
      **************************************************************************
      .
      --------------------- LOCKED REGISTRY KEYS ---------------------
      .
      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
      @Denied: (A 2) (Everyone)
      @="FlashBroker"
      "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
      "Enabled"=dword:00000001
      .
      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
      @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
      @Denied: (A 2) (Everyone)
      @="IFlashBroker5"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
      @="{00020424-0000-0000-C000-000000000046}"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      "Version"="1.0"
      .
      --------------------- DLLs Loaded Under Running Processes ---------------------
      .
      - - - - - - - > 'lsass.exe'(740)
      c:\windows\system32\qproxy.dll
      .
      Completion time: 2012-11-16 11:24:21
      ComboFix-quarantined-files.txt 2012-11-16 17:24
      .
      Pre-Run: 28,530,958,336 bytes libres
      Post-Run: 28,692,811,776 bytes libres
      .
      - - End Of File - - A3B1180C21ECF0EAE21959E4FEC7B9A5


      CONTINUA PC04

    8. #18
      Usuario Avatar de oscarmora_2000
      Registrado
      may 2008
      Ubicación
      Mexico
      Mensajes
      80

      Re: Mi Sistema esta mandando ERRORES MUY RAROS ¿TENGO VIRUS?

      PC04:

      Resporte Malwarebytes:


      Malwarebytes Anti-Malware 1.65.1.1000
      Malwarebytes : Free anti-malware download

      Versión de la Base de Datos: v2012.11.16.08

      Windows XP Service Pack 3 x86 NTFS
      Internet Explorer 8.0.6001.18702
      Antonio_Herrera :: CONTABILIDAD [administrador]

      16/11/2012 11:50:08 a.m.
      mbam-log-2012-11-16 (11-50-08).txt

      Tipos de Análisis: Análisis Completo (C:\|)
      Opciones de análisis activado: Memoria | Inicio | Registro | Sistema de archivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
      Opciones de análisis desactivados: P2P
      Objetos examinados: 214990
      Tiempo transcurrido: 20 minuto(s), 18 segundo(s)

      Procesos en Memoria Detectados: 0
      (No se han detectado elementos maliciosos)

      Módulos de Memoria Detectados: 0
      (No se han detectado elementos maliciosos)

      Claves del Registro Detectados: 7
      HKCR\CLSID\{1D4DB7D2-6EC9-47a3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> En cuarentena y eliminado con éxito.
      HKCR\TypeLib\{1D4DB7D0-6EC9-47a3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> En cuarentena y eliminado con éxito.
      HKCR\Interface\{1D4DB7D1-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> En cuarentena y eliminado con éxito.
      HKCR\FunWebProductsInstaller.Start.1 (PUP.MyWebSearch) -> En cuarentena y eliminado con éxito.
      HKCR\FunWebProductsInstaller.Start (PUP.MyWebSearch) -> En cuarentena y eliminado con éxito.
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> En cuarentena y eliminado con éxito.
      HKLM\SOFTWARE\FunWebProducts (PUP.MyWebSearch) -> En cuarentena y eliminado con éxito.

      Valores del Registro Detectados: 0
      (No se han detectado elementos maliciosos)

      Elementos de Datos del Registro Detectados: 0
      (No se han detectado elementos maliciosos)

      Carpetas Detectadas: 4
      C:\Archivos de programa\FunWebProducts (PUP.MyWebSearch) -> En cuarentena y eliminado con éxito.
      C:\Archivos de programa\FunWebProducts\Installr (PUP.MyWebSearch) -> En cuarentena y eliminado con éxito.
      C:\Archivos de programa\FunWebProducts\Installr\1.bin (PUP.MyWebSearch) -> En cuarentena y eliminado con éxito.
      C:\Archivos de programa\FunWebProducts\Installr\1.bin\chrome (PUP.MyWebSearch) -> En cuarentena y eliminado con éxito.

      Archivos Detectados: 3
      C:\Archivos de programa\FunWebProducts\Installr\1.bin\F3EZSETP.DLL (PUP.MyWebSearch) -> En cuarentena y eliminado con éxito.
      C:\Archivos de programa\FunWebProducts\Installr\1.bin\F3PLUGIN.DLL (PUP.FunWebProducts) -> En cuarentena y eliminado con éxito.
      C:\Archivos de programa\FunWebProducts\Installr\1.bin\NPFUNWEB.DLL (PUP.FunWebProducts) -> En cuarentena y eliminado con éxito.

      fin)


      Reporte ComboFix:

      ComboFix 12-11-16.02 - Antonio_Herrera 16/11/2012 12:24:26.1.2 - x86
      Microsoft Windows XP Professional 5.1.2600.3.1252.52.3082.18.991.620 [GMT -6:00]
      Running from: c:\documents and settings\Antonio Herrera\Escritorio\ComboFix.exe
      .
      WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
      .
      .
      ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      c:\documents and settings\Antonio Herrera\WINDOWS
      c:\windows\system32\Cache
      c:\windows\system32\pdfcom.dll
      .
      .
      ((((((((((((((((((((((((( Files Created from 2012-10-16 to 2012-11-16 )))))))))))))))))))))))))))))))
      .
      .
      2012-11-16 17:49 . 2012-11-16 17:49 -------- d-----w- c:\documents and settings\Antonio Herrera\Datos de programa\Malwarebytes
      2012-11-16 17:48 . 2012-11-16 17:48 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Malwarebytes
      2012-11-16 17:48 . 2012-11-16 17:48 -------- d-----w- c:\archivos de programa\Malwarebytes' Anti-Malware
      2012-11-16 17:48 . 2012-09-30 01:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
      2012-11-16 17:44 . 2012-11-16 17:44 -------- d-----w- c:\archivos de programa\CCleaner
      .
      .
      .
      (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2012-10-22 19:56 . 2008-04-14 12:00 1866496 ----a-w- c:\windows\system32\win32k.sys
      2012-10-02 18:04 . 2008-04-14 12:00 58368 ----a-w- c:\windows\system32\synceng.dll
      2012-08-28 15:18 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
      2012-08-28 15:18 . 2008-04-14 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
      2012-08-28 15:18 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
      2012-08-28 12:07 . 2008-04-14 12:00 385024 ------w- c:\windows\system32\html.iec
      2012-08-24 13:53 . 2008-04-14 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
      2012-08-23 06:27 . 2008-04-14 12:00 2151424 ----a-w- c:\windows\system32\ntoskrnl.exe
      2012-08-23 06:27 . 2008-04-14 07:27 2030080 ----a-w- c:\windows\system32\ntkrnlpa.exe
      .
      .
      ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown
      REGEDIT4
      .
      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "SUPERAntiSpyware"="c:\archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-10-30 4762496]
      "OfficeSyncProcess"="c:\archivos de programa\Microsoft Office\Office14\MSOSYNC.EXE" [2012-01-21 719672]
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "SoundMan"="SOUNDMAN.EXE" [2010-03-09 577536]
      "VTTimer"="VTTimer.exe" [2012-02-03 53248]
      "VTTrayp"="VTtrayp.exe" [2012-02-03 163840]
      "SunJavaUpdateSched"="c:\archivos de programa\Archivos comunes\Java\Java Update\jusched.exe" [2011-06-09 254696]
      "Adobe ARM"="c:\archivos de programa\Archivos comunes\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
      "TkBellExe"="c:\archivos de programa\Real\RealPlayer\update\realsched.exe" [2012-02-03 296056]
      "lxdomon.exe"="c:\archivos de programa\Lexmark 9500 Series\lxdomon.exe" [2010-02-10 455336]
      "lxdoamon"="c:\archivos de programa\Lexmark 9500 Series\lxdoamon.exe" [2010-02-10 25256]
      "Lexmark 9500 Series Fax Server"="c:\archivos de programa\Lexmark 9500 Series\fm3032.exe" [2010-02-10 311976]
      "BCSSync"="c:\archivos de programa\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
      .
      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
      .
      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
      "_nltide_3"="advpack.dll" [2009-03-08 128512]
      .
      c:\documents and settings\Antonio Herrera\Menú Inicio\Programas\Inicio\
      Inicio.bat [2010-1-22 71]
      Lan Config.lnk - n:\oscar\Inicio.bat [2011-10-11 71]
      .
      c:\documents and settings\Antonio Herrera\Menú Inicio\Programas\Inicio\
      Inicio.bat [2010-1-22 71]
      Lan Config.lnk - n:\oscar\Inicio.bat [2011-10-11 71]
      .
      [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
      "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\archivos de programa\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
      @=""
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\security center]
      "AntiVirusOverride"=dword:00000001
      .
      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "%windir%\\system32\\sessmgr.exe"=
      "c:\\PACIOLI\\PAC3000W.EXE"=
      "c:\\WINDOWS\\system32\\lxdocoms.exe"=
      "c:\\Archivos de programa\\Lexmark 9500 Series\\lxdomon.exe"=
      "c:\\WINDOWS\\system32\\lxdocfg.exe"=
      "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdopswx.exe"=
      "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdotime.exe"=
      "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdojswx.exe"=
      "c:\\RASplus\\RASplus_Runner.exe"=
      "c:\\Archivos de programa\\Microsoft Office\\Office14\\GROOVE.EXE"=
      "c:\\Archivos de programa\\Messenger\\msmsgs.exe"=
      "c:\\Archivos de programa\\Microsoft Office\\Office14\\WINWORD.EXE"=
      .
      R1 SASDIFSV;SASDIFSV;c:\archivos de programa\SUPERAntiSpyware\sasdifsv.sys [22/07/2011 10:27 a.m. 12880]
      R1 SASKUTIL;SASKUTIL;c:\archivos de programa\SUPERAntiSpyware\SASKUTIL.SYS [12/07/2011 03:55 p.m. 67664]
      R2 !SASCORE;SAS Core Service;c:\archivos de programa\SUPERAntiSpyware\SASCORE.EXE [11/08/2011 05:38 p.m. 116608]
      R2 lxdo_device;lxdo_device;c:\windows\system32\lxdocoms.exe -service --> c:\windows\system32\lxdocoms.exe -service [?]
      R2 lxdoCATSCustConnectService;lxdoCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdoserv.exe [07/02/2012 02:31 p.m. 98984]
      S0 ViBus;ViBus;c:\windows\system32\drivers\ViBus.sys [03/02/2012 01:48 p.m. 16896]
      S0 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\drivers\ViPrt.sys [03/02/2012 01:48 p.m. 52224]
      .
      Contents of the 'Scheduled Tasks' folder
      .
      2012-11-16 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1715567821-1979792683-1606980848-1005.job
      - c:\archivos de programa\Real\RealUpgrade\realupgrade.exe [2011-11-29 22:02]
      .
      2012-11-16 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1715567821-1979792683-1606980848-1005.job
      - c:\archivos de programa\Real\RealUpgrade\realupgrade.exe [2011-11-29 22:02]
      .
      2012-11-16 c:\windows\Tasks\User_Feed_Synchronization-{2A6C9BCD-2C9D-4CB1-92BC-263DEE03076E}.job
      - c:\windows\system32\msfeedssync.exe [2009-03-08 10:31]
      .
      .
      ------- Supplementary Scan -------
      .
      IE: E&xportar a Microsoft Excel - c:\archiv~1\MICROS~2\Office14\EXCEL.EXE/3000
      Trusted Zone: gob.mx\*.imss
      Trusted Zone: sistemas
      TCP: DhcpNameServer = 192.168.1.254
      .
      - - - - ORPHANS REMOVED - - - -
      .
      WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
      .
      .
      .
      **************************************************************************
      .
      catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
      Rootkit scan 2012-11-16 12:28
      Windows 5.1.2600 Service Pack 3 NTFS
      .
      scanning hidden processes ...
      .
      scanning hidden autostart entries ...
      .
      scanning hidden files ...
      .
      scan completed successfully
      hidden files: 0
      .
      **************************************************************************
      .
      Completion time: 2012-11-16 12:29:27
      ComboFix-quarantined-files.txt 2012-11-16 18:29
      .
      Pre-Run: 65,158,942,720 bytes libres
      Post-Run: 65,345,032,192 bytes libres
      .
      - - End Of File - - 6316912A0CFC4668E070CA6E850DFE39

      CONTINUA PC05

    9. #19
      Usuario Avatar de oscarmora_2000
      Registrado
      may 2008
      Ubicación
      Mexico
      Mensajes
      80

      Re: Mi Sistema esta mandando ERRORES MUY RAROS ¿TENGO VIRUS?

      PC05:

      Reporte Malwarebytes:

      Malwarebytes Anti-Malware 1.65.1.1000
      Malwarebytes : Free anti-malware download

      Versión de la Base de Datos: v2012.11.16.08

      Windows XP Service Pack 3 x86 NTFS
      Internet Explorer 8.0.6001.18702
      Lic. Oscar Mora :: RECEPCION [administrador]

      16/11/2012 12:53:09 p.m.
      mbam-log-2012-11-16 (12-53-09).txt

      Tipos de Análisis: Análisis Completo (C:\|)
      Opciones de análisis activado: Memoria | Inicio | Registro | Sistema de archivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
      Opciones de análisis desactivados: P2P
      Objetos examinados: 234575
      Tiempo transcurrido: 38 minuto(s), 49 segundo(s)

      Procesos en Memoria Detectados: 0
      (No se han detectado elementos maliciosos)

      Módulos de Memoria Detectados: 0
      (No se han detectado elementos maliciosos)

      Claves del Registro Detectados: 0
      (No se han detectado elementos maliciosos)

      Valores del Registro Detectados: 0
      (No se han detectado elementos maliciosos)

      Elementos de Datos del Registro Detectados: 0
      (No se han detectado elementos maliciosos)

      Carpetas Detectadas: 0
      (No se han detectado elementos maliciosos)

      Archivos Detectados: 0
      (No se han detectado elementos maliciosos)

      fin)


      Reporte ComboFix:

      ComboFix 12-11-16.02 - Lic. Oscar Mora 16/11/2012 13:36:31.1.2 - x86
      Microsoft Windows XP Professional 5.1.2600.3.1252.52.3082.18.1015.531 [GMT -6:00]
      Running from: c:\documents and settings\Lic. Oscar Mora\Escritorio\ComboFix.exe
      AV: Panda Cloud Antivirus *Enabled/Updated* {5AD27692-540A-464E-B625-78275FA38393}
      FW: Cloud Antivirus Firewall *Disabled* {1337562C-110A-4AF8-B12B-750C0B30E802}
      .
      WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
      .
      .
      ((((((((((((((((((((((((( Files Created from 2012-10-16 to 2012-11-16 )))))))))))))))))))))))))))))))
      .
      .
      2012-11-14 19:37 . 2012-11-14 19:37 -------- d-----w- C:\logs
      2012-11-14 19:30 . 2012-11-14 19:30 -------- d-----w- C:\lexmark
      2012-11-14 15:46 . 2012-11-14 15:46 -------- d-----r- C:\MSOCache
      2012-11-14 15:25 . 2012-11-14 15:25 -------- d-----w- C:\Intel
      2012-11-14 15:22 . 2012-11-14 15:26 -------- d-----w- C:\P17G1333 V1.0A
      .
      .
      .
      (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2012-10-22 19:56 . 2004-08-19 13:30 1866496 ----a-w- c:\windows\system32\win32k.sys
      2012-10-02 18:04 . 2004-08-19 13:42 58368 ----a-w- c:\windows\system32\synceng.dll
      2012-08-28 15:18 . 2004-08-19 13:42 916992 ----a-w- c:\windows\system32\wininet.dll
      2012-08-28 15:18 . 2004-08-19 13:42 43520 ------w- c:\windows\system32\licmgr10.dll
      2012-08-28 15:18 . 2004-08-19 13:43 1469440 ------w- c:\windows\system32\inetcpl.cpl
      2012-08-28 12:07 . 2004-08-19 13:23 385024 ------w- c:\windows\system32\html.iec
      2012-08-26 16:46 . 2012-08-26 16:46 120872 ----a-w- c:\windows\system32\drivers\PSINProt.sys
      2012-08-26 16:46 . 2012-08-26 16:46 179368 ----a-w- c:\windows\system32\drivers\PSINKNC.sys
      2012-08-26 16:46 . 2012-08-26 16:46 114856 ----a-w- c:\windows\system32\drivers\PSINProc.sys
      2012-08-26 16:46 . 2012-08-26 16:46 102696 ----a-w- c:\windows\system32\drivers\PSINFile.sys
      2012-08-26 16:46 . 2012-08-26 16:46 149544 ----a-w- c:\windows\system32\drivers\PSINAflt.sys
      2012-08-24 13:53 . 2004-08-19 13:42 177664 ----a-w- c:\windows\system32\wintrust.dll
      2012-08-23 06:27 . 2004-08-19 13:33 2151424 ----a-w- c:\windows\system32\ntoskrnl.exe
      2012-08-23 06:27 . 2004-08-19 15:33 2030080 ----a-w- c:\windows\system32\ntkrnlpa.exe
      .
      .
      ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown
      REGEDIT4
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "PSUAMain"="c:\archivos de programa\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" [2012-08-26 37152]
      "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-08-22 131072]
      "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-08-22 155648]
      "Persistence"="c:\windows\system32\igfxpers.exe" [2012-08-22 131072]
      "SysTrayApp"="c:\archivos de programa\IDT\WDM\sttray.exe" [2012-08-22 442433]
      "Adobe ARM"="c:\archivos de programa\Archivos comunes\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-24 926896]
      "lxdomon.exe"="c:\archivos de programa\Lexmark 9500 Series\lxdomon.exe" [2010-02-10 455336]
      "lxdoamon"="c:\archivos de programa\Lexmark 9500 Series\lxdoamon.exe" [2010-02-10 25256]
      "Lexmark 9500 Series Fax Server"="c:\archivos de programa\Lexmark 9500 Series\fm3032.exe" [2010-02-10 311976]
      .
      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
      .
      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "c:\\WINDOWS\\system32\\lxdocoms.exe"=
      "c:\\Archivos de programa\\Lexmark 9500 Series\\lxdomon.exe"=
      "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdopswx.exe"=
      "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdojswx.exe"=
      "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdotime.exe"=
      .
      R1 NNSALPC;NNSAlpc;c:\windows\system32\drivers\NNSAlpc.sys [27/06/2012 03:51 p.m. 82472]
      R1 NNSHTTP;NNSHttp;c:\windows\system32\drivers\NNSHttp.sys [27/06/2012 03:51 p.m. 120744]
      R1 NNSIDS;NNSids;c:\windows\system32\drivers\NNSIds.sys [27/06/2012 03:51 p.m. 122664]
      R1 NNSPICC;NNSPicc;c:\windows\system32\drivers\NNSpicc.sys [27/06/2012 03:51 p.m. 93992]
      R1 NNSPOP3;NNSPop3;c:\windows\system32\drivers\NNSPop3.sys [27/06/2012 03:51 p.m. 104104]
      R1 NNSPROT;NNSProt;c:\windows\system32\drivers\NNSProt.sys [27/06/2012 03:51 p.m. 286376]
      R1 NNSPRV;NNSPrv;c:\windows\system32\drivers\NNSPrv.sys [27/06/2012 03:51 p.m. 153000]
      R1 NNSSMTP;NNSSmtp;c:\windows\system32\drivers\NNSSmtp.sys [27/06/2012 03:51 p.m. 106536]
      R1 NNSSTRM;NNSStrm;c:\windows\system32\drivers\NNSStrm.sys [12/07/2012 11:18 a.m. 206632]
      R1 NNSTLSC;NNSTlsc;c:\windows\system32\drivers\NNStlsc.sys [27/06/2012 03:51 p.m. 92840]
      R1 PSINKNC;PSINKnc;c:\windows\system32\drivers\PSINKNC.sys [26/08/2012 10:46 a.m. 179368]
      R2 lxdo_device;lxdo_device;c:\windows\system32\lxdocoms.exe -service --> c:\windows\system32\lxdocoms.exe -service [?]
      R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\archivos de programa\Panda Security\Panda Cloud Antivirus\PSANHost.exe [26/08/2012 10:41 a.m. 140064]
      R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [26/08/2012 10:46 a.m. 149544]
      R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [26/08/2012 10:46 a.m. 102696]
      R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [26/08/2012 10:46 a.m. 114856]
      R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [26/08/2012 10:46 a.m. 120872]
      R2 PSUAService;Panda Product Service;c:\archivos de programa\Panda Security\Panda Cloud Antivirus\PSUAService.exe [26/08/2012 11:14 a.m. 36640]
      S2 lxdoCATSCustConnectService;lxdoCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdoserv.exe [14/11/2012 01:36 p.m. 94208]
      S3 NNSNAHS;Network Activity Hook Server Service;c:\windows\system32\drivers\NNSNAHS.sys [09/09/2011 01:54 p.m. 38536]
      S4 NNSPIHS;NNSPihs;c:\windows\system32\drivers\NNSpihs.sys [27/06/2012 03:51 p.m. 51496]
      .
      --- Other Services/Drivers In Memory ---
      .
      *Deregistered* - PSKMAD
      .
      Contents of the 'Scheduled Tasks' folder
      .
      2012-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
      - c:\archivos de programa\Google\Update\GoogleUpdate.exe [2012-11-14 15:56]
      .
      2012-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
      - c:\archivos de programa\Google\Update\GoogleUpdate.exe [2012-11-14 15:56]
      .
      .
      ------- Supplementary Scan -------
      .
      IE: E&xportar a Microsoft Excel - c:\archiv~1\MICROS~2\Office14\EXCEL.EXE/3000
      TCP: DhcpNameServer = 192.168.1.254
      .
      .
      **************************************************************************
      .
      catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
      Rootkit scan 2012-11-16 13:40
      Windows 5.1.2600 Service Pack 3 NTFS
      .
      scanning hidden processes ...
      .
      scanning hidden autostart entries ...
      .
      scanning hidden files ...
      .
      scan completed successfully
      hidden files: 0
      .
      **************************************************************************
      .
      --------------------- DLLs Loaded Under Running Processes ---------------------
      .
      - - - - - - - > 'explorer.exe'(3784)
      c:\windows\system32\WININET.dll
      c:\windows\system32\webcheck.dll
      .
      Completion time: 2012-11-16 13:41:32
      ComboFix-quarantined-files.txt 2012-11-16 19:41
      .
      Pre-Run: 110,123,175,936 bytes libres
      Post-Run: 110,096,945,152 bytes libres
      .
      WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
      .
      - - End Of File - - 51DF06612C809A418557840A53458FA0


      CONTINUA PC06

    10. #20
      Usuario Avatar de oscarmora_2000
      Registrado
      may 2008
      Ubicación
      Mexico
      Mensajes
      80

      Re: Mi Sistema esta mandando ERRORES MUY RAROS ¿TENGO VIRUS?

      PC06:

      Reporte Malwarebytes:


      Malwarebytes Anti-Malware 1.65.1.1000
      Malwarebytes : Free anti-malware download

      Versión de la Base de Datos: v2012.11.16.08

      Windows XP Service Pack 3 x86 NTFS
      Internet Explorer 8.0.6001.18702
      Claudia :: VENTAS [administrador]

      16/11/2012 12:43:31 p.m.
      mbam-log-2012-11-16 (12-43-31).txt

      Tipos de Análisis: Análisis Completo (C:\|)
      Opciones de análisis activado: Memoria | Inicio | Registro | Sistema de archivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
      Opciones de análisis desactivados: P2P
      Objetos examinados: 262874
      Tiempo transcurrido: 1 hora(s), 13 minuto(s), 27 segundo(s)

      Procesos en Memoria Detectados: 0
      (No se han detectado elementos maliciosos)

      Módulos de Memoria Detectados: 0
      (No se han detectado elementos maliciosos)

      Claves del Registro Detectados: 0
      (No se han detectado elementos maliciosos)

      Valores del Registro Detectados: 0
      (No se han detectado elementos maliciosos)

      Elementos de Datos del Registro Detectados: 0
      (No se han detectado elementos maliciosos)

      Carpetas Detectadas: 0
      (No se han detectado elementos maliciosos)

      Archivos Detectados: 0
      (No se han detectado elementos maliciosos)

      fin)

      Reporte ComboFix:

      ComboFix 12-11-16.02 - Claudia 16/11/2012 14:48:08.1.2 - x86
      Microsoft Windows XP Professional 5.1.2600.3.1252.52.3082.18.959.624 [GMT -6:00]
      Running from: c:\documents and settings\Claudia\Escritorio\ComboFix.exe
      AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
      .
      WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
      .
      .
      ((((((((((((((((((((((((( Files Created from 2012-10-16 to 2012-11-16 )))))))))))))))))))))))))))))))
      .
      .
      2012-11-16 18:42 . 2012-11-16 18:42 -------- d-----w- c:\documents and settings\Claudia\Datos de programa\Malwarebytes
      2012-11-16 18:42 . 2012-11-16 18:42 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Malwarebytes
      2012-11-16 18:42 . 2012-11-16 18:42 -------- d-----w- c:\archivos de programa\Malwarebytes' Anti-Malware
      2012-11-16 18:42 . 2012-09-30 01:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
      2012-11-16 16:35 . 2012-11-16 16:35 -------- d-----w- c:\documents and settings\Claudia\Datos de programa\AVG2013
      2012-11-16 16:28 . 2012-11-16 16:28 -------- d-----w- c:\documents and settings\Claudia\Datos de programa\TuneUp Software
      2012-11-16 16:20 . 2012-11-16 16:30 -------- d-----w- c:\documents and settings\All Users\Datos de programa\AVG2013
      2012-11-16 16:14 . 2012-11-16 16:14 -------- d-----w- c:\documents and settings\Claudia\Configuración local\Datos de programa\MFAData
      2012-11-16 16:14 . 2012-11-16 16:14 -------- d-----w- c:\documents and settings\Claudia\Configuración local\Datos de programa\Avg2013
      .
      .
      .
      (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2012-11-13 00:19 . 2012-08-13 17:29 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
      2012-11-13 00:19 . 2012-08-13 17:29 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
      2012-10-22 19:56 . 2007-01-14 07:16 1866496 ----a-w- c:\windows\system32\win32k.sys
      2012-10-22 19:02 . 2011-12-23 18:32 179936 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
      2012-10-15 09:48 . 2012-04-19 09:50 55776 ----a-w- c:\windows\system32\drivers\avgidshx.sys
      2012-10-05 09:32 . 2011-12-23 18:32 93536 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
      2012-10-02 18:04 . 2004-08-19 22:42 58368 ----a-w- c:\windows\system32\synceng.dll
      2012-10-02 09:30 . 2012-02-22 10:25 159712 ----a-w- c:\windows\system32\drivers\avgldx86.sys
      2012-09-21 09:46 . 2012-03-19 10:17 164832 ----a-w- c:\windows\system32\drivers\avgtdix.sys
      2012-09-21 09:46 . 2012-09-21 09:46 177376 ----a-w- c:\windows\system32\drivers\avglogx.sys
      2012-09-21 09:45 . 2011-12-23 18:32 19936 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
      2012-09-14 09:05 . 2012-01-31 09:46 35552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
      2012-08-30 15:32 . 2012-08-13 18:58 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
      2012-08-28 15:18 . 2007-01-04 13:40 916992 ----a-w- c:\windows\system32\wininet.dll
      2012-08-28 15:18 . 2004-08-19 22:42 43520 ----a-w- c:\windows\system32\licmgr10.dll
      2012-08-28 15:18 . 2004-08-19 22:43 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
      2012-08-28 12:07 . 2004-08-19 22:23 385024 ----a-w- c:\windows\system32\html.iec
      2012-08-24 13:53 . 2004-08-19 22:42 177664 ----a-w- c:\windows\system32\wintrust.dll
      2012-08-23 06:27 . 2007-01-14 07:15 2151424 ----a-w- c:\windows\system32\ntoskrnl.exe
      2012-08-23 06:27 . 2005-03-02 11:13 2030080 ----a-w- c:\windows\system32\ntkrnlpa.exe
      .
      .
      ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown
      REGEDIT4
      .
      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
      "{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\archivos de programa\Yahoo!\Companion\Installs\cpn0\yt.dll" [2012-06-11 1524056]
      .
      [HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
      [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
      [HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
      [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
      .
      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
      2012-08-13 18:58 2045024 ----a-w- c:\archivos de programa\AVG Secure Search\12.2.0.5\AVG Secure Search_toolbar.dll
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
      "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\archivos de programa\AVG Secure Search\12.2.0.5\AVG Secure Search_toolbar.dll" [2012-08-13 2045024]
      .
      [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
      [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
      [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "RTHDCPL"="RTHDCPL.EXE" [2010-01-25 16862208]
      "VTTimer"="VTTimer.exe" [2010-01-25 53248]
      "VTTrayp"="VTtrayp.exe" [2010-01-25 163840]
      "vProt"="c:\archivos de programa\AVG Secure Search\vprot.exe" [2012-08-30 947808]
      "ROC_roc_ssl_v12"="c:\archivos de programa\AVG Secure Search\ROC_roc_ssl_v12.exe" [2012-08-13 1020512]
      "Adobe ARM"="c:\archivos de programa\Archivos comunes\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
      "SSBkgdUpdate"="c:\archivos de programa\Archivos comunes\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
      "PaperPort PTD"="c:\archivos de programa\ScanSoft\PaperPort\pptd40nt.exe" [2007-11-13 29984]
      "IndexSearch"="c:\archivos de programa\ScanSoft\PaperPort\IndexSearch.exe" [2007-11-13 46368]
      "AVG_UI"="c:\archivos de programa\AVG\AVG2013\avgui.exe" [2012-11-07 3143800]
      .
      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
      .
      c:\documents and settings\Claudia\Menú Inicio\Programas\Inicio\
      Config Lan.lnk - n:\oscar\Inicio.bat [2011-10-11 71]
      .
      c:\documents and settings\All Users\Menú Inicio\Programas\Inicio\
      Windows Search.lnk - c:\archivos de programa\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
      .
      [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
      "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\archivos de programa\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
      .
      [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
      BootExecute REG_MULTI_SZ autocheck autochk *\0c:\archiv~1\AVG\AVG2013\avgrsx.exe /sync /restart
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\security center]
      "AntiVirusOverride"=dword:00000001
      .
      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "c:\\Archivos de programa\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
      "c:\\WINDOWS\\system32\\lxdocoms.exe"=
      "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdopswx.exe"=
      "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdojswx.exe"=
      "c:\\Archivos de programa\\Messenger\\msmsgs.exe"=
      "c:\\Archivos de programa\\AVG\\AVG2013\\avgnsx.exe"=
      "c:\\Archivos de programa\\AVG\\AVG2013\\avgdiagex.exe"=
      "c:\\Archivos de programa\\AVG\\AVG2013\\avgmfapx.exe"=
      "c:\\Archivos de programa\\AVG\\AVG2013\\avgemcx.exe"=
      .
      R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [19/04/2012 03:50 a.m. 55776]
      R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [21/09/2012 03:46 a.m. 177376]
      R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [31/01/2012 03:46 a.m. 35552]
      R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [23/12/2011 12:32 p.m. 179936]
      R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [23/12/2011 12:32 p.m. 19936]
      R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [22/02/2012 04:25 a.m. 159712]
      R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [19/03/2012 04:17 a.m. 164832]
      R2 avgwd;WatchDog de AVG;c:\archivos de programa\AVG\AVG2013\avgwdsvc.exe [22/10/2012 01:05 p.m. 196664]
      R2 lxdo_device;lxdo_device;c:\windows\system32\lxdocoms.exe -service --> c:\windows\system32\lxdocoms.exe -service [?]
      R2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;c:\archivos de programa\Archivos comunes\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [30/08/2012 09:32 a.m. 722528]
      R3 FaxLffv2;Companion Suite Pro LL2 Modem Driver;c:\windows\system32\drivers\FaxLffv2.sys [21/08/2012 01:05 p.m. 18944]
      R3 XMLDIUSB;XML USB Device Interface;c:\windows\system32\drivers\XMLDIUSB.sys [21/08/2012 01:05 p.m. 33152]
      S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [13/08/2012 12:58 p.m. 27496]
      S2 AVGIDSAgent;AVGIDSAgent;c:\archivos de programa\AVG\AVG2013\avgidsagent.exe [06/11/2012 07:00 p.m. 5814392]
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
      2009-03-08 09:32 128512 ----a-w- c:\windows\system32\advpack.dll
      .
      Contents of the 'Scheduled Tasks' folder
      .
      2012-11-16 c:\windows\Tasks\Adobe Flash Player Updater.job
      - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-13 00:19]
      .
      2012-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
      - c:\archivos de programa\Google\Update\GoogleUpdate.exe [2012-08-28 14:27]
      .
      2012-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
      - c:\archivos de programa\Google\Update\GoogleUpdate.exe [2012-08-28 14:27]
      .
      2012-11-16 c:\windows\Tasks\User_Feed_Synchronization-{AFDBA9CA-636B-48E6-AB6D-4868BDC9F8E3}.job
      - c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
      .
      .
      ------- Supplementary Scan -------
      .
      uStart Page = hxxp://www.google.com/
      uSearchAssistant =
      IE: E&xportar a Microsoft Excel - c:\archiv~1\MICROS~2\Office14\EXCEL.EXE/3000
      Trusted Zone: Sistemas
      TCP: DhcpNameServer = 192.168.1.254
      Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\archivos de programa\Archivos comunes\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll
      .
      - - - - ORPHANS REMOVED - - - -
      .
      WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
      .
      .
      .
      **************************************************************************
      .
      catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
      Rootkit scan 2012-11-16 14:54
      Windows 5.1.2600 Service Pack 3 NTFS
      .
      scanning hidden processes ...
      .
      scanning hidden autostart entries ...
      .
      scanning hidden files ...
      .
      scan completed successfully
      hidden files: 0
      .
      **************************************************************************
      .
      --------------------- LOCKED REGISTRY KEYS ---------------------
      .
      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
      @Denied: (A 2) (Everyone)
      @="FlashBroker"
      "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
      "Enabled"=dword:00000001
      .
      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
      @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
      @Denied: (A 2) (Everyone)
      @="IFlashBroker5"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
      @="{00020424-0000-0000-C000-000000000046}"
      .
      [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      "Version"="1.0"
      .
      --------------------- DLLs Loaded Under Running Processes ---------------------
      .
      - - - - - - - > 'explorer.exe'(2492)
      c:\windows\system32\WININET.dll
      c:\windows\system32\webcheck.dll
      .
      Completion time: 2012-11-16 14:56:41
      ComboFix-quarantined-files.txt 2012-11-16 20:56
      .
      Pre-Run: 27,016,892,416 bytes libres
      Post-Run: 26,993,561,600 bytes libres
      .
      - - End Of File - - 071DE5167DE2ED386A732E9943803424

      CONTINUA PC07