Modra obrazovka,pomaly pocita,caste pady...

Zpráva

ptx008 · #1 Příspěvek od **ptx008** » 21 srp 2010 18:51

Logfile of random's system information tool 1.08 (written by random/random)
Run by Jason at 2010-08-21 19:15:12
Microsoft Windows XP Professional Service Pack 3
System drive C: has 24 GB (15%) free of 156 GB
Total RAM: 959 MB (35% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:15:28, on 21/08/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\AVG\AVG9\avgchsvx.exe
C:\Archivos de programa\AVG\AVG9\avgrsx.exe
C:\Archivos de programa\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Archivos de programa\AVG\AVG9\avgwdsvc.exe
C:\Archivos de programa\Bonjour\mDNSResponder.exe
C:\Archivos de programa\Java\jre6\bin\jqs.exe
C:\Archivos de programa\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Archivos de programa\AVG\AVG9\avgnsx.exe
C:\Archivos de programa\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Archivos de programa\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Archivos de programa\NASDAK\OmniMouse Driver\4.0\MOUSE32A.EXE
C:\Archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Archivos de programa\Java\jre6\bin\jusched.exe
C:\WINDOWS\vsnpstd.exe
C:\ARCHIV~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Archivos comunes\Nero\Lib\NMBgMonitor.exe
C:\Archivos de programa\Archivos comunes\Nero\Lib\NMIndexingService.exe
C:\Archivos de programa\Archivos comunes\Nero\Lib\NMIndexStoreSvr.exe
C:\Archivos de programa\Skype\Phone\Skype.exe
C:\Archivos de programa\Skype\Plugin Manager\skypePM.exe
C:\Archivos de programa\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Jason\Mis documentos\Downloads\RSIT.exe
C:\Archivos de programa\trend micro\Jason.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://es.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,C:\WINDOWS\system32\appconf32.exe,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Archivos de programa\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Archivos de programa\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Archivos de programa\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Archivos de programa\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Archivos de programa\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Archivos de programa\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Archivos de programa\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Archivos de programa\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Archivos de programa\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: Adobe PDF Reader Link Helper - {F22C37FD-2BCB-40b6-A12E-77DDA1FBDD88} - C:\WINDOWS\system32\AcroIEHelpe019.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Archivos de programa\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Archivos de programa\Epson Software\Easy Photo Print\EPTBL.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Archivos de programa\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: SYSTRAN Toolbar - {95daa571-4def-4a6d-97d8-98a346672a24} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Archivos de programa\Archivos comunes\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\Archivos de programa\NASDAK\OmniMouse Driver\4.0\MOUSE32A.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\ARCHIV~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Archivos de programa\Archivos comunes\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] "C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Archivos de programa\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Servicio de red')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Agregar entrada - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Archivos de programa\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Agregar entrada en Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Archivos de programa\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARCHIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARCHIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 1116542562
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{68CC5996-B6BC-4639-959F-CE65B2BB7E7A}: NameServer = 192.168.2.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Archivos de programa\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Archivos de programa\AVG\AVG9\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARCHIV~1\ARCHIV~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Precargador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Demonio de caché de las categorías de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Archivos de programa\AVG\AVG9\avgwdsvc.exe
O23 - Service: Servicio Bonjour (Bonjour Service) - Apple Inc. - C:\Archivos de programa\Bonjour\mDNSResponder.exe
O23 - Service: Servicio del administrador de discos lógicos (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Registro de sucesos (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Servicio Google Update (gupdate) (gupdate) - Unknown owner - C:\Archivos de programa\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Archivos de programa\Archivos comunes\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servicio COM de grabación de CD de IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Archivos de programa\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Archivos de programa\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Archivos de programa\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Archivos de programa\Archivos comunes\Nero\Lib\NMIndexingService.exe
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Administrador de sesión de Ayuda de escritorio remoto (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Tarjeta inteligente (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Archivos de programa\Spyware Terminator\sp_rsser.exe
O23 - Service: Instantáneas de volumen (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Adaptador de rendimiento de WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Servicio de uso compartido de red del Reproductor de Windows Media (WMPNetworkSvc) - Unknown owner - C:\Archivos de programa\Windows Media Player\WMPNetwk.exe

--
End of file - 12776 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Comprobar actualizaciones de Windows Live Toolbar.job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\OGADaily.job
C:\WINDOWS\tasks\OGALogon.job
C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
C:\WINDOWS\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Archivos de programa\AVG\AVG9\avgssie.dll [2010-07-21 1619296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Archivos de programa\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Archivos de programa\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Archivos de programa\Java\jre6\bin\ssv.dll [2008-12-07 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Aplicación auxiliar de inicio de sesión - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}]
Easy Photo Print - C:\Archivos de programa\Epson Software\Easy Photo Print\EPTBL.dll [2008-04-02 266240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Archivos de programa\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-12-20 764912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Archivos de programa\Java\jre6\bin\jp2ssv.dll [2008-12-07 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Archivos de programa\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Archivos de programa\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-07 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class - C:\Archivos de programa\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F22C37FD-2BCB-40b6-A12E-77DDA1FBDD88}]
Adobe PDF Reader Link Helper - C:\WINDOWS\system32\AcroIEHelpe019.dll [2010-08-19 208208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Archivos de programa\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]
{9421DD08-935F-4701-A9CA-22DF90AC4EA6} - Easy Photo Print - C:\Archivos de programa\Epson Software\Easy Photo Print\EPTBL.dll [2008-04-02 266240]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Archivos de programa\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
{95daa571-4def-4a6d-97d8-98a346672a24} - SYSTRAN Toolbar - C:\WINDOWS\system32\mscoree.dll [2009-11-07 297808]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"=C:\WINDOWS\system32\VTTimer.exe [2004-02-13 36864]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-02-26 65024]
"NeroFilterCheck"=C:\Archivos de programa\Archivos comunes\Nero\Lib\NeroCheck.exe [2007-03-01 153136]
"LWBMOUSE"=C:\Archivos de programa\NASDAK\OmniMouse Driver\4.0\MOUSE32A.EXE [2001-11-09 356352]
"Adobe Reader Speed Launcher"=C:\Archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"SunJavaUpdateSched"=C:\Archivos de programa\Java\jre6\bin\jusched.exe [2008-12-07 136600]
"snpstd"=C:\WINDOWS\vsnpstd.exe [2003-12-31 40960]
"AVG9_TRAY"=C:\ARCHIV~1\AVG\AVG9\avgtray.exe [2010-07-16 2065760]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Archivos de programa\Archivos comunes\Nero\Lib\NMBgMonitor.exe [2007-08-03 202024]
"swg"=C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-01-13 39408]
"SpywareTerminatorUpdate"=C:\Archivos de programa\Spyware Terminator\SpywareTerminatorUpdate.exe [2010-08-19 3037696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2010-07-16 12536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Archivos de programa\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Archivos de programa\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SynchronousMachineGroupPolicy"=0
"SynchronousUserGroupPolicy"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveSearch"=1
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\KAV\Kaspersky Anti-Virus 7.0.1.325\spanish\setup.exe"="C:\KAV\Kaspersky Anti-Virus 7.0.1.325\spanish\setup.exe:*:Enabled:Kaspersky Anti-Virus 7.0 Instalación"
"C:\Archivos de programa\Bonjour\mDNSResponder.exe"="C:\Archivos de programa\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Archivos de programa\iTunes\iTunes.exe"="C:\Archivos de programa\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Archivos de programa\uTorrent\uTorrent.exe"="C:\Archivos de programa\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Archivos de programa\LimeWire\LimeWire.exe"="C:\Archivos de programa\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Archivos de programa\Windows Live\Messenger\wlcsdk.exe"="C:\Archivos de programa\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Archivos de programa\Windows Live\Messenger\msnmsgr.exe"="C:\Archivos de programa\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Archivos de programa\Windows Live\Sync\WindowsLiveSync.exe"="C:\Archivos de programa\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Archivos de programa\SYSTRAN\6\SystranTranslationProjectManager.exe"="C:\Archivos de programa\SYSTRAN\6\SystranTranslationProjectManager.exe:*:Enabled:SystranTranslationProjectManager"
"C:\Archivos de programa\SYSTRAN\6\Dicts\SystranFilterEngine.exe"="C:\Archivos de programa\SYSTRAN\6\Dicts\SystranFilterEngine.exe:*:Enabled:Systran Filter Engine "
"C:\Archivos de programa\SYSTRAN\6\Dicts\SystranTranslationEngine.exe"="C:\Archivos de programa\SYSTRAN\6\Dicts\SystranTranslationEngine.exe:*:Enabled:Systran Translation Engine "
"C:\Archivos de programa\SYSTRAN\6\SystranToolbar.exe"="C:\Archivos de programa\SYSTRAN\6\SystranToolbar.exe:*:Enabled:SYSTRAN Translation Toolbar"
"C:\Archivos de programa\SYSTRAN\6\Dicts\SystranCodingEngine.exe"="C:\Archivos de programa\SYSTRAN\6\Dicts\SystranCodingEngine.exe:*:Enabled:Systran Coding Engine "
"C:\Archivos de programa\SYSTRAN\6\SystranDictionaryManager.exe"="C:\Archivos de programa\SYSTRAN\6\SystranDictionaryManager.exe:*:Enabled:SYSTRAN Dictionary Manager"
"C:\Archivos de programa\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Archivos de programa\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Archivos de programa\Microsoft Office\Office12\GROOVE.EXE"="C:\Archivos de programa\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Archivos de programa\Microsoft Office\Office12\ONENOTE.EXE"="C:\Archivos de programa\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Archivos de programa\AVG\AVG9\avgupd.exe"="C:\Archivos de programa\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Archivos de programa\AVG\AVG9\avgnsx.exe"="C:\Archivos de programa\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Archivos de programa\Skype\Plugin Manager\skypePM.exe"="C:\Archivos de programa\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Documents and Settings\Jason\Escritorio\0.6601684152982247.exe"="C:\Documents and Settings\Jason\Escritorio\0.6601684152982247.exe:*:Enabled:csrss"
"C:\Archivos de programa\Spyware Terminator\SpywareTerminatorUpdate.exe"="C:\Archivos de programa\Spyware Terminator\SpywareTerminatorUpdate.exe:*:Enabled:Crawler Spyware Terminator"
"C:\Archivos de programa\Skype\Phone\Skype.exe"="C:\Archivos de programa\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Archivos de programa\Windows Live\Messenger\wlcsdk.exe"="C:\Archivos de programa\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Archivos de programa\Windows Live\Messenger\msnmsgr.exe"="C:\Archivos de programa\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Archivos de programa\Windows Live\Sync\WindowsLiveSync.exe"="C:\Archivos de programa\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger="rundll32.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger="rundll32.exe

======List of files/folders created in the last 1 months======

2010-08-21 19:15:12 ----D---- C:\Archivos de programa\trend micro
2010-08-21 19:15:11 ----D---- C:\rsit
2010-08-20 12:31:23 ----D---- C:\WINDOWS\LastGood
2010-08-19 23:44:27 ----A---- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2010-08-19 23:44:25 ----D---- C:\Documents and Settings\Jason\Datos de programa\Spyware Terminator
2010-08-19 23:44:13 ----D---- C:\Documents and Settings\All Users\Datos de programa\Spyware Terminator
2010-08-19 23:44:08 ----D---- C:\Archivos de programa\Spyware Terminator
2010-08-19 22:21:44 ----HD---- C:\Archivos de programa\Uninstall Information
2010-08-19 21:15:52 ----A---- C:\WINDOWS\system32\srvblck2.tmp
2010-08-19 19:30:24 ----A---- C:\WINDOWS\system32\drivers\cpuz134_x32.sys
2010-08-19 19:30:23 ----D---- C:\Archivos de programa\CPUID
2010-08-19 19:23:11 ----D---- C:\WINDOWS\ie8updates
2010-08-19 19:17:35 ----HDC---- C:\WINDOWS\ie8
2010-08-19 18:21:19 ----A---- C:\WINDOWS\system32\AcroIEHelpe019.dll
2010-08-19 17:35:11 ----A---- C:\WINDOWS\system32\XAudio2_7.dll
2010-08-19 17:35:11 ----A---- C:\WINDOWS\system32\XAPOFX1_5.dll
2010-08-19 17:35:09 ----A---- C:\WINDOWS\system32\xactengine3_7.dll
2010-08-19 17:35:09 ----A---- C:\WINDOWS\system32\D3DCompiler_43.dll
2010-08-19 17:35:08 ----A---- C:\WINDOWS\system32\d3dcsx_43.dll
2010-08-19 17:35:07 ----A---- C:\WINDOWS\system32\d3dx11_43.dll
2010-08-19 17:35:06 ----A---- C:\WINDOWS\system32\D3DX9_43.dll
2010-08-19 17:35:06 ----A---- C:\WINDOWS\system32\d3dx10_43.dll
2010-08-19 17:35:05 ----A---- C:\WINDOWS\system32\XAudio2_6.dll
2010-08-19 17:35:05 ----A---- C:\WINDOWS\system32\XAPOFX1_4.dll
2010-08-19 17:35:04 ----A---- C:\WINDOWS\system32\xactengine3_6.dll
2010-08-19 17:35:03 ----A---- C:\WINDOWS\system32\X3DAudio1_7.dll
2010-08-19 17:35:02 ----A---- C:\WINDOWS\system32\XAudio2_5.dll
2010-08-19 17:35:01 ----A---- C:\WINDOWS\system32\xactengine3_5.dll
2010-08-19 17:35:01 ----A---- C:\WINDOWS\system32\D3DCompiler_42.dll
2010-08-19 17:34:59 ----A---- C:\WINDOWS\system32\d3dcsx_42.dll
2010-08-19 17:34:57 ----A---- C:\WINDOWS\system32\d3dx11_42.dll
2010-08-19 17:34:57 ----A---- C:\WINDOWS\system32\d3dx10_42.dll
2010-08-19 17:34:56 ----A---- C:\WINDOWS\system32\D3DX9_42.dll
2010-08-19 17:34:55 ----A---- C:\WINDOWS\system32\d3dx10_41.dll
2010-08-19 17:34:55 ----A---- C:\WINDOWS\system32\D3DCompiler_41.dll
2010-08-19 17:34:54 ----A---- C:\WINDOWS\system32\D3DX9_41.dll
2010-08-19 17:34:52 ----A---- C:\WINDOWS\system32\XAudio2_4.dll
2010-08-19 17:34:52 ----A---- C:\WINDOWS\system32\XAPOFX1_3.dll
2010-08-19 17:34:51 ----A---- C:\WINDOWS\system32\xactengine3_4.dll
2010-08-19 17:34:50 ----A---- C:\WINDOWS\system32\X3DAudio1_6.dll
2010-08-19 17:34:48 ----A---- C:\WINDOWS\system32\d3dx10_40.dll
2010-08-19 17:34:48 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll
2010-08-19 17:34:40 ----A---- C:\WINDOWS\system32\D3DX9_40.dll
2010-08-19 17:34:38 ----A---- C:\WINDOWS\system32\XAudio2_3.dll
2010-08-19 17:34:38 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll
2010-08-19 17:34:37 ----A---- C:\WINDOWS\system32\xactengine3_3.dll
2010-08-19 17:34:37 ----A---- C:\WINDOWS\system32\X3DAudio1_5.dll
2010-08-19 17:34:36 ----A---- C:\WINDOWS\system32\XAudio2_2.dll
2010-08-19 17:34:36 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll
2010-08-19 17:34:35 ----A---- C:\WINDOWS\system32\xactengine3_2.dll
2010-08-19 17:34:34 ----A---- C:\WINDOWS\system32\d3dx10_39.dll
2010-08-19 17:34:34 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll
2010-08-19 17:34:33 ----A---- C:\WINDOWS\system32\D3DX9_39.dll
2010-08-19 17:34:32 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
2010-08-19 17:34:32 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
2010-08-19 17:34:31 ----A---- C:\WINDOWS\system32\xactengine3_1.dll
2010-08-19 17:34:31 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll
2010-08-19 17:34:30 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
2010-08-19 17:34:30 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
2010-08-19 17:34:29 ----A---- C:\WINDOWS\system32\D3DX9_38.dll
2010-08-19 17:34:28 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
2010-08-19 17:34:27 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
2010-08-19 17:34:27 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
2010-08-19 17:34:26 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2010-08-19 17:34:26 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2010-08-19 17:34:25 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2010-08-19 17:34:24 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
2010-08-19 17:34:22 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
2010-08-19 17:34:22 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2010-08-19 17:34:21 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2010-08-19 17:34:19 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2010-08-19 17:34:18 ----A---- C:\WINDOWS\system32\d3dx10_35.dll
2010-08-19 17:34:18 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
2010-08-19 17:34:17 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2010-08-19 17:34:16 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
2010-08-19 17:34:16 ----A---- C:\WINDOWS\system32\X3DAudio1_2.dll
2010-08-19 17:34:15 ----A---- C:\WINDOWS\system32\d3dx10_34.dll
2010-08-19 17:34:15 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll
2010-08-19 17:34:14 ----A---- C:\WINDOWS\system32\d3dx9_34.dll
2010-08-19 17:34:12 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2010-08-19 17:34:02 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
2010-08-19 17:34:00 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2010-08-19 17:34:00 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2010-08-19 17:33:56 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2010-08-19 17:33:55 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
2010-08-19 17:33:54 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2010-08-19 17:33:54 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2010-08-19 17:33:53 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
2010-08-19 17:33:53 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2010-08-19 17:33:52 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2010-08-19 17:33:52 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2010-08-19 17:33:51 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2010-08-19 17:33:50 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2010-08-19 17:33:49 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2010-08-19 17:33:43 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2010-08-19 17:33:43 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2010-08-19 17:33:43 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2010-08-19 17:33:42 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2010-08-19 17:33:41 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2010-08-19 17:33:41 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2010-08-19 17:33:40 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2010-08-19 17:33:37 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2010-08-19 17:11:39 ----D---- C:\WINDOWS\Logs
2010-08-19 14:08:16 ----D---- C:\WINDOWS\LastGood.Tmp
2010-08-19 12:36:14 ----D---- C:\WINDOWS\system32\UAs
2010-08-19 12:35:11 ----A---- C:\WINDOWS\system32\AcroIEHelpe.txt
2010-08-19 12:35:02 ----D---- C:\WINDOWS\system32\5005
2010-08-19 12:34:45 ----D---- C:\WINDOWS\system32\xmldm
2010-08-19 12:34:27 ----D---- C:\WINDOWS\system32\cock
2010-08-19 12:10:08 ----D---- C:\Archivos de programa\Mozilla Firefox
2010-08-19 12:07:09 ----D---- C:\Archivos de programa\ESET
2010-08-19 11:28:52 ----A---- C:\WINDOWS\Mdalaa.exe
2010-08-19 11:26:24 ----D---- C:\e3ba4f0e3759f275bfe8ea75
2010-08-18 23:08:41 ----D---- C:\Archivos de programa\Microsoft CAPICOM 2.1.0.2
2010-08-17 20:05:27 ----D---- C:\Archivos de programa\Yamicsoft
2010-08-16 23:17:00 ----HD---- C:\WINDOWS\PIF
2010-08-16 21:24:09 ----D---- C:\Documents and Settings\Jason\Datos de programa\skypePM
2010-08-16 21:23:18 ----D---- C:\Documents and Settings\Jason\Datos de programa\Skype
2010-08-16 21:20:04 ----D---- C:\Archivos de programa\Archivos comunes\Skype
2010-08-16 21:19:59 ----RD---- C:\Archivos de programa\Skype
2010-08-16 21:19:46 ----D---- C:\Documents and Settings\All Users\Datos de programa\Skype
2010-08-15 03:17:40 ----HDC---- C:\WINDOWS\$NtUninstallKB982214$
2010-08-15 03:17:32 ----HDC---- C:\WINDOWS\$NtUninstallKB2115168$
2010-08-15 03:17:18 ----HDC---- C:\WINDOWS\$NtUninstallKB981852$
2010-08-15 03:16:56 ----HDC---- C:\WINDOWS\$NtUninstallKB2079403$
2010-08-15 03:06:33 ----HDC---- C:\WINDOWS\$NtUninstallKB2160329$
2010-08-15 03:06:27 ----HDC---- C:\WINDOWS\$NtUninstallKB980436$
2010-08-15 03:03:03 ----HDC---- C:\WINDOWS\$NtUninstallKB981997$
2010-08-15 03:02:17 ----HDC---- C:\WINDOWS\$NtUninstallKB982665$
2010-08-08 03:01:19 ----HDC---- C:\WINDOWS\$NtUninstallKB2286198$
2010-07-23 18:48:48 ----A---- C:\WINDOWS\jestertb.dll

======List of files/folders modified in the last 1 months======

2010-08-21 19:15:12 ----RD---- C:\Archivos de programa
2010-08-21 19:11:23 ----D---- C:\WINDOWS\Temp
2010-08-21 19:09:27 ----D---- C:\WINDOWS\system32\CatRoot2
2010-08-21 19:05:36 ----SD---- C:\WINDOWS\Tasks
2010-08-21 07:13:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-08-20 23:36:17 ----D---- C:\Documents and Settings\All Users\Datos de programa\Google Updater
2010-08-20 16:55:44 ----D---- C:\WINDOWS
2010-08-20 12:33:12 ----HD---- C:\WINDOWS\inf
2010-08-20 12:33:10 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-08-20 12:33:10 ----D---- C:\WINDOWS\system32
2010-08-20 12:33:03 ----HD---- C:\WINDOWS\$hf_mig$
2010-08-20 12:32:58 ----A---- C:\WINDOWS\imsins.BAK
2010-08-19 23:44:29 ----D---- C:\WINDOWS\system32\drivers
2010-08-19 21:50:00 ----SHD---- C:\WINDOWS\Installer
2010-08-19 21:44:02 ----D---- C:\Config.Msi
2010-08-19 21:11:58 ----D---- C:\Documents and Settings\Jason\Datos de programa\uTorrent
2010-08-19 21:11:55 ----D---- C:\Documents and Settings\Jason\Datos de programa\Imax
2010-08-19 21:10:17 ----D---- C:\Archivos de programa\WinRAR
2010-08-19 21:10:16 ----D---- C:\Archivos de programa\LimeWire
2010-08-19 19:38:43 ----D---- C:\WINDOWS\system32\es-es
2010-08-19 19:38:42 ----D---- C:\WINDOWS\Media
2010-08-19 19:38:42 ----D---- C:\Archivos de programa\Internet Explorer
2010-08-19 19:20:55 ----D---- C:\WINDOWS\Help
2010-08-19 17:35:14 ----D---- C:\WINDOWS\system32\DirectX
2010-08-19 17:33:49 ----RSD---- C:\WINDOWS\assembly
2010-08-19 17:33:29 ----D---- C:\WINDOWS\Microsoft.NET
2010-08-19 17:32:54 ----HD---- C:\WINDOWS\msdownld.tmp
2010-08-19 13:22:25 ----D---- C:\WINDOWS\system32\drivers\Avg
2010-08-19 12:10:27 ----D---- C:\Documents and Settings\Jason\Datos de programa\Mozilla
2010-08-19 12:07:51 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-08-17 21:57:44 ----D---- C:\WINDOWS\Prefetch
2010-08-17 20:05:38 ----SD---- C:\Documents and Settings\Jason\Datos de programa\Microsoft
2010-08-16 21:20:04 ----D---- C:\Archivos de programa\Archivos comunes
2010-08-15 03:18:09 ----D---- C:\WINDOWS\ie7updates
2010-08-15 03:16:27 ----D---- C:\Documents and Settings\All Users\Datos de programa\Microsoft Help
2010-08-15 03:12:23 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-08-15 03:10:50 ----D---- C:\WINDOWS\WinSxS
2010-08-15 03:03:08 ----D---- C:\Archivos de programa\Movie Maker
2010-08-03 20:09:31 ----A---- C:\WINDOWS\system32\MRT.exe
2010-07-30 13:51:13 ----D---- C:\Documents and Settings\Jason\Datos de programa\Ohmud
2010-07-27 08:29:55 ----A---- C:\WINDOWS\system32\shell32.dll
2010-07-25 15:10:18 ----A---- C:\WINDOWS\NeroDigital.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 ohci1394;Controladora de host VIA OHCI compatible con IEEE 1394; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2008-11-20 43872]
R0 uagp35;Filtro AGPv3.5 de Microsoft; C:\WINDOWS\system32\DRIVERS\uagp35.sys [2008-04-14 44672]
R1 AmdK7;Controlador de procesador AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-14 41984]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2010-07-16 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2010-06-02 29584]
R1 AvgTdiX;AVG Free Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2010-07-16 243024]
R1 kbdhid;Controlador HID de teclado; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R2 cpuz134;cpuz134; \??\C:\WINDOWS\system32\drivers\cpuz134_x32.sys []
R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-08-05 54752]
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2004-02-24 400384]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-02-27 611820]
R3 Arp1394;Protocolo de cliente ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 AVWLP_USB;WLAN PRISM USB Driver; C:\WINDOWS\system32\DRIVERS\AVWLPUSB.sys [2003-04-28 606720]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 hidusb;Controlador de clases HID de Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 mouhid;Controlador HID de mouse; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-24 12416]
R3 NIC1394;Controlador de red 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2006-10-02 10368]
R3 rtl8139;Realtek RTL8139/810X Family Fast Ethernet NIC NT Driver; C:\WINDOWS\system32\DRIVERS\R8139n51.SYS [2002-04-01 45312]
R3 usbccgp;Controlador primario genérico USB de Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbstor;Dispositivo de almacenamiento masivo de datos USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Controlador minipuerto de la controladora de host universal USB de Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 viagfx;viagfx; C:\WINDOWS\system32\DRIVERS\vtmini.sys [2003-08-01 260864]
S3 CCDECODE;Descodificador de título cerrado; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 MSTEE;Convertidor Tee/Sink-to-Sink de transferencia de Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;Códec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Conexión de TV/Vídeo de Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 QV2KUX;Cámara Digital de Casio; C:\WINDOWS\system32\DRIVERS\qv2kux.sys [2001-08-17 3328]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 snpstd;USB PC Camera (SN9C102); C:\WINDOWS\system32\DRIVERS\snpstd.sys [2004-03-22 301824]
S3 streamip;Receptor BDA IP; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbprint;Clase de impresora USB de Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Controlador de escáner USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 WSTCODEC;Códec de teletexto estándar mundial; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-02-18 110592]
R2 avg9wd;AVG WatchDog; C:\Archivos de programa\AVG\AVG9\avgwdsvc.exe [2010-07-16 308136]
R2 Bonjour Service;Servicio Bonjour; C:\Archivos de programa\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 JavaQuickStarterService;Java Quick Starter; C:\Archivos de programa\Java\jre6\bin\jqs.exe [2008-12-07 152984]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Archivos de programa\Nero\Nero8\Nero BackItUp\NBService.exe [2007-08-08 836904]
R2 SeaPort;SeaPort; C:\Archivos de programa\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Archivos de programa\Spyware Terminator\sp_rsser.exe [2010-08-19 488960]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
R3 NMIndexingService;NMIndexingService; C:\Archivos de programa\Archivos comunes\Nero\Lib\NMIndexingService.exe [2007-08-03 382248]
S2 gupdate;Servicio Google Update (gupdate); C:\Archivos de programa\Google\Update\GoogleUpdate.exe [2009-12-30 135664]
S2 gusvc;Google Software Updater; C:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-21 183280]
S2 SSHNAS;SSHNAS; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 aspnet_state;Servicio de estado de ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 fsssvc;Servicio de Windows Live Protección infantil; C:\Archivos de programa\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]
S3 IDriverT;InstallDriver Table Manager; C:\Archivos de programa\Archivos comunes\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;Servicio del iPod; C:\Archivos de programa\iPod\bin\iPodService.exe [2008-03-30 504104]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Archivos de programa\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Archivos de programa\Archivos comunes\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Archivos de programa\Archivos comunes\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Servicio de uso compartido de red del Reproductor de Windows Media; C:\Archivos de programa\Windows Media Player\WMPNetwk.exe [2006-11-03 916480]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#2 Příspěvek od **stell** » 21 srp 2010 19:11

Zdravim
No mas tam kopec Malware,

Stiahnes>>Malwarebytes' Anti-Malware stiahnut-nainstalovat -aktualizovat-
sprav rychly skan,,log vloz sem,

ptx008 · #3 Příspěvek od **ptx008** » 21 srp 2010 19:52

Taky zdravim,diky za vas cas...tady je log z Mbam

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4458

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

21/08/2010 20:49:16
mbam-log-2010-08-21 (20-49-16).txt

Scan type: Quick scan
Objects scanned: 145943
Time elapsed: 17 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 14
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 2
Files Infected: 20

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\linkrdr.aiebho (Trojan.Banker) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{f22c37fd-2bcb-40b6-a12e-77dda1fbdd88} (Trojan.Banker) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{f22c37fd-2bcb-40b6-a12e-77dda1fbdd88} (Trojan.Banker) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f22c37fd-2bcb-40b6-a12e-77dda1fbdd88} (Trojan.Banker) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f22c37fd-2bcb-40b6-a12e-77dda1fbdd88} (Trojan.Banker) -> No action taken.
HKEY_CLASSES_ROOT\linkrdr.aiebho.1 (Trojan.Banker) -> No action taken.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> No action taken.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XBV6RD5SZF (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\prh (Trojan.Banker) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SSHNAS (Trojan.Renos) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,C:\WINDOWS\system32\appconf32.exe,) Good: (userinit.exe) -> No action taken.

Folders Infected:
C:\WINDOWS\system32\lowsec (Stolen.data) -> No action taken.
C:\WINDOWS\system32\xmldm (Stolen.Data) -> No action taken.

Files Infected:
C:\WINDOWS\system32\AcroIEHelpe019.dll (Trojan.Banker) -> No action taken.
C:\RECYCLER\S-1-5-21-861567501-1715567821-1801674531-1003\Dc1411.exe (Trojan.Agent.Gen) -> No action taken.
C:\RECYCLER\S-1-5-21-861567501-1715567821-1801674531-1003\Dc1415.exe (Trojan.Hiloti.Gen) -> No action taken.
C:\WINDOWS\ntasdi.dll (Trojan.Hiloti.Gen) -> No action taken.
C:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> No action taken.
C:\WINDOWS\system32\xmldm\FromJava01CB3F8A245CAD22_00005592_classes.jsa (Stolen.Data) -> No action taken.
C:\WINDOWS\system32\xmldm\FromJava01CB3F8A2482D2C2_00005592_classes.jsa (Stolen.Data) -> No action taken.
C:\WINDOWS\system32\xmldm\FromJava01CB3F8A262D97B0_00005592_classes.jsa (Stolen.Data) -> No action taken.
C:\WINDOWS\system32\xmldm\FromJava01CB3F8A27874CAA_00005592_classes.jsa (Stolen.Data) -> No action taken.
C:\WINDOWS\system32\xmldm\FromJava01CB3F8A279F242E_00005592_classes.jsa (Stolen.Data) -> No action taken.
C:\WINDOWS\system32\xmldm\FromJava01CB3F8C75287C70_00001772_classes.jsa (Stolen.Data) -> No action taken.
C:\WINDOWS\system32\xmldm\FromJava01CB3F8C754EA210_00001772_classes.jsa (Stolen.Data) -> No action taken.
C:\WINDOWS\system32\xmldm\FromJava01CB3F8C779DE940_00001772_classes.jsa (Stolen.Data) -> No action taken.
C:\WINDOWS\system32\xmldm\FromJava01CB3F8C77B8231E_00001772_classes.jsa (Stolen.Data) -> No action taken.
C:\WINDOWS\system32\xmldm\FromJava01CB3F8C78C7EF32_00001772_classes.jsa (Stolen.Data) -> No action taken.
C:\WINDOWS\system32\xmldm\FromJava01CB3F8C7D3DF598_00001772_rasphone.pbk (Stolen.Data) -> No action taken.
C:\WINDOWS\system32\xmldm\FromJava01CB3F8C7D8A40D8_00001772_rasphone.pbk (Stolen.Data) -> No action taken.
C:\WINDOWS\system32\xmldm\FromJava01CB3F8C7D988EF4_00001772_rasphone.pbk (Stolen.Data) -> No action taken.
C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> No action taken.
C:\WINDOWS\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job (Trojan.FakeAlert) -> No action taken.

#4 Příspěvek od **stell** » 21 srp 2010 19:55

Zmaaz vsetko, malwarebytesom.
start, spustit, do okna skopiruj prikaz:
cmd /c Reg query "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /s >ukaz.txt && ukaz.txt
obsah, ukaz.txt vloz sem.

ptx008 · #5 Příspěvek od **ptx008** » 21 srp 2010 20:30

tady je log,ale dalo to praci se sem dostat,firefox i explorer padaji jak svestky,nakonec druhy pocitac to jisti

! REG.EXE VERSION 3.0

#6 Příspěvek od **stell** » 21 srp 2010 20:37

system volume information/restore (Obnova systému):
1. Je potřeba vypnout nástroj obnova systému - Ovládací panely>systém>obnovení systému>vypnout nástroj obnovení systému>OK nebo použít a nyní jen restartovat PC
2. Po restartu je tento adresář kompletně smazán, obnovu opět zapnout.http://www.viry.cz/forum/viewtopic.php?f=11&t=47040.

PROSIM CITAJTE POZORNE NAVODY!!!,

Stáhněte na plochu, ukončete všechna aktivní okna a spusťte>>
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Suhlasit instalacio Konzoly pre zotavenie (Recovery console)

- ComboFix je třeba spustit pod účtem s právy administrátora.
- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano;

A este raz >ANO<

- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího modreho okna

- Po dokončení skenování, trvajícího maximálně 10-15 minut, by měl program vytvořit log - C:\ComboFix.txt, zkopírujte celý jeho obsah do svého threadu na forum
- Před použitím ComboFixu je treba vypnout všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary. NAVOD: http://www.bleepingcomputer.com/forums/topic114351.html
Mohou zasahovat do činnosti ComboFixu, což může způsobit, že nebude fungovat korektně.
V případě detekce antiviru u ComboFixu se jedná o falešný poplach.

ptx008 · #7 Příspěvek od **ptx008** » 21 srp 2010 21:39

ComboFix 10-08-21.01 - Jason 21/08/2010 22:16:46.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.34.3082.18.959.564 [GMT 2:00]
Running from: c:\documents and settings\Jason\Escritorio\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\jestertb.dll
c:\windows\Mdalaa.exe
c:\windows\system32\UAs
c:\windows\system32\UAs\firefox.exe_UAs001.dat
c:\windows\system32\UAs\IEXPLORE.EXE_UAs001.dat
c:\windows\system32\UAs\java.exe_UAs001.dat
c:\windows\system32\UAs\Skype.exe_UAs001.dat
c:\windows\system32\UAs\Skype.exe_UAs002.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SSHNAS

((((((((((((((((((((((((( Files Created from 2010-07-21 to 2010-08-21 )))))))))))))))))))))))))))))))
.

2010-08-21 19:10 . 2010-08-21 19:10 -------- d-----w- c:\windows\system32\xmldm
2010-08-21 18:25 . 2010-08-21 18:25 -------- d-----w- c:\documents and settings\Jason\Datos de programa\Malwarebytes
2010-08-21 18:25 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-21 18:25 . 2010-08-21 18:25 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Malwarebytes
2010-08-21 18:25 . 2010-08-21 18:25 -------- d-----w- c:\archivos de programa\Malwarebytes' Anti-Malware
2010-08-21 18:25 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-21 17:15 . 2010-08-21 17:15 -------- d-----w- c:\archivos de programa\trend micro
2010-08-21 17:15 . 2010-08-21 18:49 -------- d-----w- C:\rsit
2010-08-21 10:34 . 2010-08-21 10:34 -------- d-sh--w- c:\documents and settings\Jason\PrivacIE
2010-08-20 10:31 . 2010-08-20 10:31 -------- d-----w- c:\windows\LastGood
2010-08-19 21:44 . 2010-08-19 21:44 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-08-19 21:44 . 2010-08-19 21:46 -------- d-----w- c:\documents and settings\Jason\Datos de programa\Spyware Terminator
2010-08-19 21:44 . 2010-08-21 10:37 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Spyware Terminator
2010-08-19 21:44 . 2010-08-19 21:54 -------- d-----w- c:\archivos de programa\Spyware Terminator
2010-08-19 17:56 . 2010-08-19 17:58 26 ----a-w- c:\windows\system32\urhtps.dat
2010-08-19 17:43 . 2010-08-19 17:43 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-08-19 17:39 . 2010-08-19 17:39 -------- d-sh--w- c:\documents and settings\Jason\IETldCache
2010-08-19 17:30 . 2010-07-09 11:18 20328 ----a-w- c:\windows\system32\drivers\cpuz134_x32.sys
2010-08-19 17:30 . 2010-08-19 17:30 -------- d-----w- c:\archivos de programa\CPUID
2010-08-19 17:23 . 2010-06-24 12:24 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-08-19 17:23 . 2010-06-24 12:24 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-08-19 17:23 . 2010-06-24 12:24 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-08-19 17:23 . 2010-08-20 10:33 -------- d-----w- c:\windows\ie8updates
2010-08-19 17:22 . 2010-06-18 11:39 16896 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-08-19 17:17 . 2010-08-19 17:21 -------- dc-h--w- c:\windows\ie8
2010-08-19 15:34 . 2009-09-04 15:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2010-08-19 15:33 . 2007-03-12 14:42 3495784 ----a-w- c:\windows\system32\d3dx9_33.dll
2010-08-19 15:11 . 2010-08-19 15:11 -------- d-----w- c:\windows\Logs
2010-08-19 10:35 . 2010-08-19 10:35 -------- d-----w- c:\windows\system32\5005
2010-08-19 10:34 . 2010-08-19 10:34 -------- d-----w- c:\windows\system32\cock
2010-08-19 10:07 . 2010-08-19 10:07 -------- d-----w- c:\archivos de programa\ESET
2010-08-19 09:26 . 2010-08-19 09:26 -------- d-----w- C:\e3ba4f0e3759f275bfe8ea75
2010-08-18 21:08 . 2010-08-18 21:08 -------- d-----w- c:\archivos de programa\Microsoft CAPICOM 2.1.0.2
2010-08-17 18:05 . 2010-08-17 18:05 -------- d-----w- c:\archivos de programa\Yamicsoft
2010-08-16 21:17 . 2010-08-16 21:17 -------- d--h--w- c:\windows\PIF
2010-08-16 19:24 . 2010-08-16 19:24 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-08-16 19:24 . 2010-08-21 19:13 -------- d-----w- c:\documents and settings\Jason\Datos de programa\skypePM
2010-08-16 19:23 . 2010-08-21 19:59 -------- d-----w- c:\documents and settings\Jason\Datos de programa\Skype
2010-08-16 19:20 . 2010-08-16 19:20 -------- d-----w- c:\archivos de programa\Archivos comunes\Skype
2010-08-16 19:19 . 2010-08-16 19:21 -------- d-----r- c:\archivos de programa\Skype
2010-08-16 19:19 . 2010-08-16 19:19 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-21 17:05 . 2009-01-13 20:14 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Google Updater
2010-08-19 21:44 . 2010-08-19 21:44 6144 ----a-w- c:\documents and settings\All Users\Datos de programa\Spyware Terminator\sp_rsdel.exe
2010-08-19 21:44 . 2010-08-19 21:44 5632 ----a-w- c:\documents and settings\All Users\Datos de programa\Spyware Terminator\fileobjinfo.sys
2010-08-19 19:15 . 2010-08-19 19:15 112 ----a-w- c:\windows\system32\srvblck2.tmp
2010-08-19 19:11 . 2008-07-13 16:51 -------- d-----w- c:\documents and settings\Jason\Datos de programa\uTorrent
2010-08-19 19:11 . 2010-01-02 03:44 -------- d-----w- c:\documents and settings\Jason\Datos de programa\Imax
2010-08-19 19:10 . 2008-10-04 10:45 -------- d-----w- c:\archivos de programa\LimeWire
2010-08-15 01:16 . 2008-05-18 11:26 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Microsoft Help
2010-08-15 01:12 . 2001-08-24 12:00 533140 ----a-w- c:\windows\system32\perfh00A.dat
2010-08-15 01:12 . 2001-08-24 12:00 101604 ----a-w- c:\windows\system32\perfc00A.dat
2010-07-30 11:51 . 2010-04-17 12:19 -------- d-----w- c:\documents and settings\Jason\Datos de programa\Ohmud
2010-07-28 07:39 . 2009-01-15 19:57 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-21 16:18 . 2010-07-21 16:18 1373536 ----a-w- c:\documents and settings\All Users\Datos de programa\avg9\update\backup\avgssff.dll
2010-07-21 16:18 . 2010-07-21 16:18 1107296 ----a-w- c:\documents and settings\All Users\Datos de programa\avg9\update\backup\avgxpl.dll
2010-07-21 16:18 . 2010-07-21 16:18 4368224 ----a-w- c:\documents and settings\All Users\Datos de programa\avg9\update\backup\avgcorex.dll
2010-07-16 11:03 . 2010-03-10 12:44 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-16 11:03 . 2010-07-16 11:03 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-16 11:03 . 2008-06-19 11:17 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-05 18:43 . 2008-05-18 11:12 -------- d-----w- c:\archivos de programa\Archivos comunes\InstallShield
2010-06-30 12:32 . 2008-04-14 05:48 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:24 . 2008-04-14 05:48 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 09:02 . 2008-04-14 05:22 1852032 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2008-04-13 22:45 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2008-04-14 05:48 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2008-05-18 10:50 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:42 . 2008-04-14 05:48 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-03 02:41 . 2010-06-03 02:41 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2010-06-02 17:15 . 2008-06-19 11:17 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-06-02 02:55 . 2010-08-19 15:35 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-06-02 02:55 . 2010-08-19 15:35 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-06-02 02:55 . 2010-08-19 15:35 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-05-26 09:41 . 2010-08-19 15:35 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-05-26 09:41 . 2010-08-19 15:35 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-05-26 09:41 . 2010-08-19 15:35 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-05-26 09:41 . 2010-08-19 15:35 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-05-26 09:41 . 2010-08-19 15:35 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2008-12-09 15:23 . 2008-12-09 15:23 47616 --sh--r- c:\windows\system32\appconf32.exe
.

------- Sigcheck -------

[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys

[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\asyncmac.sys
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys

[-] 2001-08-24 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys
[-] 2001-08-24 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys

[-] 2008-04-14 . 188DDD286BC0DAEA6984858C6A4D7BBF . 25088 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys

[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ndis.sys
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys

[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ntfs.sys
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys

[-] 2001-08-24 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys
[-] 2001-08-24 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys

[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys

[-] 2008-04-14 . E28818BD591F8AF8FBE9897472B9665E . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll
[-] 2008-04-14 . E28818BD591F8AF8FBE9897472B9665E . 77824 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\browser.dll

[-] 2008-04-14 . 671ACA589DA3733FAC878A751C5BF0ED . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe
[-] 2008-04-14 . 671ACA589DA3733FAC878A751C5BF0ED . 13312 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\lsass.exe

[-] 2008-04-14 . A48884C9359EE9F1FC8F3F0D93FB1D95 . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll
[-] 2008-04-14 . A48884C9359EE9F1FC8F3F0D93FB1D95 . 198144 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\netman.dll

[-] 2008-04-14 . 8EE9639C01B92490E09638CAA1B16C3C . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll
[-] 2008-04-14 . 8EE9639C01B92490E09638CAA1B16C3C . 409088 . . [6.7.2600.5512] . . c:\windows\system32\dllcache\qmgr.dll

[-] 2009-02-09 . AEF41FC6F108CC4F94F9B4E96AFA9C70 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[-] 2009-02-09 . 97869C55F562B777987100EA30AD8108 . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll
[-] 2009-02-09 . 97869C55F562B777987100EA30AD8108 . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll
[-] 2008-04-14 . 53D02EFFA72CA5C57687BEE20610ABA6 . 399360 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\rpcss.dll

[-] 2009-02-09 . 953DF7327510DF0DE048B8E80E504EF9 . 111104 . . [5.1.2600.5755] . . c:\windows\system32\services.exe
[-] 2009-02-09 . 953DF7327510DF0DE048B8E80E504EF9 . 111104 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe
[-] 2009-02-09 . AA6E1769469F9D15603A619FC1FB9E18 . 111104 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2008-04-14 . D658A8C2FC7B2AD53D1259741A09EE04 . 109056 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\services.exe

[-] 2008-04-14 . CDD2DC6AE65084481E723E746C20539A . 57856 . . [5.1.2600.5512] . . c:\windows\system32\spoolsv.exe
[-] 2008-04-14 . CDD2DC6AE65084481E723E746C20539A . 57856 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\spoolsv.exe

[-] 2008-04-14 . 213C80D912880BBF04453D09FFCCB28C . 510976 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2008-04-14 . 213C80D912880BBF04453D09FFCCB28C . 510976 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\winlogon.exe

[-] 2008-04-14 . 618A4C7A7C0CA86DA884C8C0FACAD8C2 . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2008-04-14 . 618A4C7A7C0CA86DA884C8C0FACAD8C2 . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll

[-] 2008-04-14 . E423C9C1946C656E0E4840210A0A8681 . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll
[-] 2008-04-14 . E423C9C1946C656E0E4840210A0A8681 . 62464 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\cryptsvc.dll

[-] 2008-07-07 20:27 . A225DD0D0489BD580781D19524A10B19 . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
[-] 2008-07-07 20:27 . A225DD0D0489BD580781D19524A10B19 . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll
[-] 2008-07-07 20:25 . 6EC3C2A5CEA41B78BB55B30444292CB8 . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[-] 2008-04-14 05:48 . 76ABF3BB5A6D684641EC92B28240811D . 246272 . . [2001.12.4414.701] . . c:\windows\$NtUninstallKB950974$\es.dll

[-] 2008-04-14 . 95DF6A7520912B1040F748A287EA382A . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll
[-] 2008-04-14 . 95DF6A7520912B1040F748A287EA382A . 110080 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\imm32.dll

[-] 2009-03-21 . 7DC06BF4CBC3FCD7557D8D69DFBD49F5 . 1042944 . . [5.1.2600.5781] . . c:\windows\system32\kernel32.dll
[-] 2009-03-21 . 7DC06BF4CBC3FCD7557D8D69DFBD49F5 . 1042944 . . [5.1.2600.5781] . . c:\windows\system32\dllcache\kernel32.dll
[-] 2009-03-21 . 97D5372816EC546BD035EDAEDB5E6918 . 1044992 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2008-04-14 . F43FE49CF77EC1CEF9DB9E67BDDB970F . 1042944 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB959426$\kernel32.dll

[-] 2008-04-14 . FB67F1E092AB9967D0CD17300D751874 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll
[-] 2008-04-14 . FB67F1E092AB9967D0CD17300D751874 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\linkinfo.dll

[-] 2008-04-14 . 87F15A88AA3376B48F75D7D176B312A0 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll
[-] 2008-04-14 . 87F15A88AA3376B48F75D7D176B312A0 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\lpk.dll

[-] 2010-06-24 . 919B94179E1D0FD9F7F4CFE033D88C3C . 5954560 . . [8.00.6001.23037] . . c:\windows\$hf_mig$\KB2183461-IE8\SP3QFE\mshtml.dll
[-] 2010-06-24 . 919B94179E1D0FD9F7F4CFE033D88C3C . 5954560 . . [8.00.6001.23037] . . c:\windows\SoftwareDistribution\Download\65fd1ba7bd525d66353e57ff2bc83c6d\SP3QFE\mshtml.dll
[-] 2010-06-24 . 84ACAD2E4408261306BF83F1D436589D . 5951488 . . [8.00.6001.18939] . . c:\windows\SoftwareDistribution\Download\65fd1ba7bd525d66353e57ff2bc83c6d\SP3GDR\mshtml.dll
[-] 2010-06-24 . 84ACAD2E4408261306BF83F1D436589D . 5951488 . . [8.00.6001.18939] . . c:\windows\system32\mshtml.dll
[-] 2010-06-24 . 84ACAD2E4408261306BF83F1D436589D . 5951488 . . [8.00.6001.18939] . . c:\windows\system32\dllcache\mshtml.dll
[-] 2010-06-24 . 01B78EB76DBEBC1B1BE1A07451071216 . 3603968 . . [7.00.6000.21283] . . c:\windows\$hf_mig$\KB2183461-IE7\SP3QFE\mshtml.dll
[-] 2010-06-24 . 01B78EB76DBEBC1B1BE1A07451071216 . 3603968 . . [7.00.6000.21283] . . c:\windows\SoftwareDistribution\Download\45d013cd9275a90fa8ed7db5b5df5409\sp3qfe\mshtml.dll
[-] 2010-06-24 . 640DF2F0959B0E161E51CB4630321096 . 3600896 . . [7.00.6000.17080] . . c:\windows\ie8\mshtml.dll
[-] 2010-06-24 . 640DF2F0959B0E161E51CB4630321096 . 3600896 . . [7.00.6000.17080] . . c:\windows\SoftwareDistribution\Download\45d013cd9275a90fa8ed7db5b5df5409\sp3gdr\mshtml.dll
[-] 2010-05-06 . 4B1BB5DB92DF08ACA55EA93B29F4BCF5 . 5950976 . . [8.00.6001.18928] . . c:\windows\ie8updates\KB2183461-IE8\mshtml.dll
[-] 2010-05-06 . 4B1BB5DB92DF08ACA55EA93B29F4BCF5 . 5950976 . . [8.00.6001.18928] . . c:\windows\SoftwareDistribution\Download\4c63122518a43a5948b889f6ab73e322\SP3GDR\mshtml.dll
[-] 2010-05-06 . 5D7062AA7BBC8A5FF8ED8109325984E1 . 5953024 . . [8.00.6001.23019] . . c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\mshtml.dll
[-] 2010-05-06 . 5D7062AA7BBC8A5FF8ED8109325984E1 . 5953024 . . [8.00.6001.23019] . . c:\windows\SoftwareDistribution\Download\4c63122518a43a5948b889f6ab73e322\SP3QFE\mshtml.dll
[-] 2010-05-04 . C1B8C872FB167D58B9ABC1D4857FC8A5 . 3600384 . . [7.00.6000.17063] . . c:\windows\ie7updates\KB2183461-IE7\mshtml.dll
[-] 2010-05-04 . D2FABF8EE17F7CDB1F585F0B7A43A323 . 3603456 . . [7.00.6000.21264] . . c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\mshtml.dll
[-] 2010-03-11 . F760DFAA9B70309B7C1D12B028F03A4D . 3599872 . . [7.00.6000.17023] . . c:\windows\ie7updates\KB982381-IE7\mshtml.dll
[-] 2010-03-11 . E306F00CB98152D1A98625C4524BB79C . 3602944 . . [7.00.6000.21228] . . c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\mshtml.dll
[-] 2010-01-05 . 407060403B70A7495356785962A2C1EB . 3599360 . . [7.00.6000.16981] . . c:\windows\ie7updates\KB980182-IE7\mshtml.dll
[-] 2010-01-05 . B06E01DFD4684E13B8A90BE5E32243D1 . 3602944 . . [7.00.6000.21183] . . c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\mshtml.dll
[-] 2009-10-29 . BC453D96D6A032CF8A251BC157115F1B . 3598336 . . [7.00.6000.16945] . . c:\windows\ie7updates\KB978207-IE7\mshtml.dll
[-] 2009-10-29 . ABDFF4FA270F2414EC7F83941E044C25 . 3602432 . . [7.00.6000.21148] . . c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\mshtml.dll
[-] 2009-10-21 . 6E9905848A599A0E700D84CB0B5F796B . 3598336 . . [7.00.6000.16939] . . c:\windows\ie7updates\KB976325-IE7\mshtml.dll
[-] 2009-10-21 . 0A0BB43C4180D9216ED0513DD2030154 . 3602432 . . [7.00.6000.21142] . . c:\windows\$hf_mig$\KB976749-IE7\SP3QFE\mshtml.dll
[-] 2009-08-29 . A2BAFFDCC7A4302FF3D4E42B490B3367 . 3598336 . . [7.00.6000.16915] . . c:\windows\ie7updates\KB976749-IE7\mshtml.dll
[-] 2009-08-29 . 1B6DCB429488F06B6033E6A5BB169E03 . 3600384 . . [7.00.6000.21115] . . c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\mshtml.dll
[-] 2009-07-19 . 7E135A331D82BB8BCDA8564836DED11B . 3597824 . . [7.00.6000.16890] . . c:\windows\ie7updates\KB974455-IE7\mshtml.dll
[-] 2009-07-19 . CADE87CCB6AD40D17811AE0D4723214C . 3600384 . . [7.00.6000.21089] . . c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\mshtml.dll
[-] 2009-04-29 . C4D41CC6C813E9EB155192ADB43F29C5 . 3596288 . . [7.00.6000.16850] . . c:\windows\ie7updates\KB972260-IE7\mshtml.dll
[-] 2009-04-29 . E7C859681D12765666979277C038FC17 . 3598336 . . [7.00.6000.21045] . . c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\mshtml.dll
[-] 2009-03-08 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB982381-IE8\mshtml.dll
[-] 2009-02-21 . 0B00171D0A7277BF9F9EC039316C7F1D . 3596800 . . [7.00.6000.21015] . . c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\mshtml.dll
[-] 2009-02-20 . 64C6CB141DBF4BF571E5585F44926C47 . 3595264 . . [7.00.6000.16825] . . c:\windows\ie7updates\KB969897-IE7\mshtml.dll
[-] 2009-01-16 . 653DFF1A0F79BEAD41CB83F592ADC468 . 3594752 . . [7.00.6000.16809] . . c:\windows\ie7updates\KB963027-IE7\mshtml.dll
[-] 2009-01-16 . CEB53B9C31AA34F38E276479BE517815 . 3596288 . . [7.00.6000.20996] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\mshtml.dll
[-] 2008-12-13 . FA85C2D58E8B1D714DC45D29A61BC085 . 3593216 . . [7.00.6000.16788] . . c:\windows\ie7updates\KB961260-IE7\mshtml.dll
[-] 2008-12-13 . E356252ED0213EBE440909DEA09CA713 . 3594752 . . [7.00.6000.20973] . . c:\windows\$hf_mig$\KB960714-IE7\SP2QFE\mshtml.dll
[-] 2008-10-17 . 23CBAA98845D5FC1208EA18F4BB77689 . 3593216 . . [7.00.6000.16762] . . c:\windows\ie7updates\KB960714-IE7\mshtml.dll
[-] 2008-10-16 . 078BFAD2393DD205B67D9CCA1A64B268 . 3595264 . . [7.00.6000.20935] . . c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\mshtml.dll
[-] 2008-08-27 . 57F6433D15795DE8484E7E500E74EBFA . 3593216 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB958215-IE7\mshtml.dll
[-] 2008-08-26 . 2197F0EEFCAE104D952C41B73E87DD4A . 3594752 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\mshtml.dll
[-] 2008-06-24 . 23547E2454837DED7A38462C67290D21 . 3592192 . . [7.00.6000.16705] . . c:\windows\ie7updates\KB956390-IE7\mshtml.dll
[-] 2008-06-23 . D58797097D2E1C749B03F7386EE91B20 . 3594240 . . [7.00.6000.20861] . . c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\mshtml.dll
[-] 2008-04-23 . C95B16C5AF0B545DFEF83A5A37941ABD . 3591680 . . [7.00.6000.16674] . . c:\windows\ie7updates\KB953838-IE7\mshtml.dll
[-] 2008-04-23 . C355D57B0EAA08D65ADD4AD805960A34 . 3593728 . . [7.00.6000.20815] . . c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\mshtml.dll
[-] 2008-04-14 . 85B88C504D1527978F1C2FBE6A41E799 . 3066880 . . [6.00.2900.5512] . . c:\windows\ie7\mshtml.dll
[-] 2008-03-01 . 38FF5050D7BC47F344AE271B6C250201 . 3591680 . . [7.00.6000.16640] . . c:\windows\ie7updates\KB950759-IE7\mshtml.dll
[-] 2008-03-01 . 38FF5050D7BC47F344AE271B6C250201 . 3591680 . . [7.00.6000.16640] . . c:\windows\SoftwareDistribution\Download\e47b4ea11d8fc9cc1e6a8b0a8a846e45\SP2GDR\mshtml.dll
[-] 2008-03-01 . 4E71261369D4C6169B3D4BBBFD1A5046 . 3593216 . . [7.00.6000.20772] . . c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\mshtml.dll
[-] 2008-03-01 . 4E71261369D4C6169B3D4BBBFD1A5046 . 3593216 . . [7.00.6000.20772] . . c:\windows\SoftwareDistribution\Download\e47b4ea11d8fc9cc1e6a8b0a8a846e45\SP2QFE\mshtml.dll
[-] 2007-08-13 . C6EC2493346ED8888A549F59210A8ED3 . 3578368 . . [7.00.5730.13] . . c:\windows\ie7updates\KB947864-IE7\mshtml.dll

[-] 2008-04-14 . 0F021B29E0C2C9D897258399FB2149CD . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll
[-] 2008-04-14 . 0F021B29E0C2C9D897258399FB2149CD . 343040 . . [7.0.2600.5512] . . c:\windows\system32\dllcache\msvcrt.dll

[-] 2008-06-20 . 738AE6EEE9531C826E212BF686B0C5E5 . 248320 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll
[-] 2008-06-20 . 738AE6EEE9531C826E212BF686B0C5E5 . 248320 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll
[-] 2008-06-20 . DC10B07F256C8EDF6642015E380C741E . 248320 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[-] 2008-04-14 . AD893C9D3A09081D55A4BDFBC66AD592 . 248320 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\mswsock.dll

[-] 2008-04-14 . CD2BBB52DFAAB666B812A51B1E96F2A0 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll
[-] 2008-04-14 . CD2BBB52DFAAB666B812A51B1E96F2A0 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\netlogon.dll

[-] 2010-04-28 . 6C58E6B28B0DA1E631D6E0B48622A6EE . 2192384 . . [5.1.2600.5973] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2010-04-28 . 6C58E6B28B0DA1E631D6E0B48622A6EE . 2192384 . . [5.1.2600.5973] . . c:\windows\SoftwareDistribution\Download\a277157c3d936ad8fd248b709987c4ba\SP3GDR\ntoskrnl.exe
[-] 2010-04-28 . 6C58E6B28B0DA1E631D6E0B48622A6EE . 2192384 . . [5.1.2600.5973] . . c:\windows\system32\ntoskrnl.exe
[-] 2010-04-28 . 6C58E6B28B0DA1E631D6E0B48622A6EE . 2192384 . . [5.1.2600.5973] . . c:\windows\system32\dllcache\ntoskrnl.exe
[-] 2010-04-28 . 236509EED5F0256FB9A803104F1DE148 . 2192512 . . [5.1.2600.5973] . . c:\windows\$hf_mig$\KB981852\SP3QFE\ntoskrnl.exe
[-] 2010-04-28 . 236509EED5F0256FB9A803104F1DE148 . 2192512 . . [5.1.2600.5973] . . c:\windows\SoftwareDistribution\Download\a277157c3d936ad8fd248b709987c4ba\SP3QFE\ntoskrnl.exe
[-] 2010-02-17 . 318271984461DD8E31FF1A36B3B3F099 . 2192384 . . [5.1.2600.5938] . . c:\windows\$NtUninstallKB981852$\ntoskrnl.exe
[-] 2010-02-16 . 1D596B8BEBAB1A9C7B749D553E5E2A20 . 2192512 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe
[-] 2009-12-09 . AF45490AE45CD4386FBA6D1AD0EB8A30 . 2191744 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntoskrnl.exe
[-] 2009-12-09 . 7D1F6D3373183322C5B1B6D6AFE91F83 . 2191616 . . [5.1.2600.5913] . . c:\windows\$NtUninstallKB979683$\ntoskrnl.exe
[-] 2009-08-04 . 8E32445E48DF5B18490FA52CEBD0600B . 2191616 . . [5.1.2600.5857] . . c:\windows\$NtUninstallKB977165$\ntoskrnl.exe
[-] 2009-08-04 . 9D8ED9B8757480993BAFA211E66D98C8 . 2191744 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe
[-] 2009-02-10 . 6BC8E4AAFC98B556B8FB616AD30CD5A3 . 2191616 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[-] 2009-02-09 . 0A413FFFE5C2FC00D5F8F6FF4B3F6889 . 2191488 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntoskrnl.exe
[-] 2008-08-14 . 894487999106154C4CF4383E93E7380E . 2191616 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[-] 2008-08-14 . E2FA0A9A7F10AB6EDF3F890D2905D12A . 2191616 . . [5.1.2600.5657] . . c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[-] 2008-04-14 . 6468827016FA22CAE81D7059F1A974C0 . 2191360 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956841$\ntoskrnl.exe

[-] 2008-04-14 . 56DE6FD410B277C4345D7A2C3414DB64 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll
[-] 2008-04-14 . 56DE6FD410B277C4345D7A2C3414DB64 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\powrprof.dll

[-] 2008-04-14 . B6BE3C96CD33336A551DB3F2299A8E69 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll
[-] 2008-04-14 . B6BE3C96CD33336A551DB3F2299A8E69 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\scecli.dll

[-] 2008-04-14 . D5AC9FA63EBEFD7AACCB14BA0DB1BAC3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll
[-] 2008-04-14 . D5AC9FA63EBEFD7AACCB14BA0DB1BAC3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\sfc.dll

[-] 2008-04-14 . 4F2340F0BD5B6365C38E74DD391919A8 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
[-] 2008-04-14 . 4F2340F0BD5B6365C38E74DD391919A8 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\svchost.exe

[-] 2008-04-14 . 04A5B8EA326951DB27DF60A14F2999FF . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll
[-] 2008-04-14 . 04A5B8EA326951DB27DF60A14F2999FF . 249856 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\tapisrv.dll

[-] 2008-04-14 . DA8898129E0075C7DE4DEE457514A73C . 579584 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2008-04-14 . DA8898129E0075C7DE4DEE457514A73C . 579584 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\user32.dll

[-] 2008-04-14 . F5B8745B9A90EAF17E30C0574E049AA3 . 26624 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
[-] 2008-04-14 . F5B8745B9A90EAF17E30C0574E049AA3 . 26624 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\userinit.exe

[-] 2010-06-24 . 53E8F49C2C08DECABEF9161064A86B7F . 919040 . . [8.00.6001.23037] . . c:\windows\$hf_mig$\KB2183461-IE8\SP3QFE\wininet.dll
[-] 2010-06-24 . 53E8F49C2C08DECABEF9161064A86B7F . 919040 . . [8.00.6001.23037] . . c:\windows\SoftwareDistribution\Download\65fd1ba7bd525d66353e57ff2bc83c6d\SP3QFE\wininet.dll
[-] 2010-06-24 . 2129E30C14179D3B68F31758D8A0E79C . 916480 . . [8.00.6001.18939] . . c:\windows\SoftwareDistribution\Download\65fd1ba7bd525d66353e57ff2bc83c6d\SP3GDR\wininet.dll
[-] 2010-06-24 . 2129E30C14179D3B68F31758D8A0E79C . 916480 . . [8.00.6001.18939] . . c:\windows\system32\wininet.dll
[-] 2010-06-24 . 2129E30C14179D3B68F31758D8A0E79C . 916480 . . [8.00.6001.18939] . . c:\windows\system32\dllcache\wininet.dll
[-] 2010-06-24 . 46D856A9FBCCD5FD15E4AEA382E482C1 . 841216 . . [7.00.6000.21283] . . c:\windows\$hf_mig$\KB2183461-IE7\SP3QFE\wininet.dll
[-] 2010-06-24 . 46D856A9FBCCD5FD15E4AEA382E482C1 . 841216 . . [7.00.6000.21283] . . c:\windows\SoftwareDistribution\Download\45d013cd9275a90fa8ed7db5b5df5409\sp3qfe\wininet.dll
[-] 2010-06-24 . A74756EF8D4138114DC755EB2327E6F2 . 832512 . . [7.00.6000.17080] . . c:\windows\ie8\wininet.dll
[-] 2010-06-24 . A74756EF8D4138114DC755EB2327E6F2 . 832512 . . [7.00.6000.17080] . . c:\windows\SoftwareDistribution\Download\45d013cd9275a90fa8ed7db5b5df5409\sp3gdr\wininet.dll
[-] 2010-05-06 . 26412D06783E47EAC7667569BF6962D3 . 916480 . . [8.00.6001.18923] . . c:\windows\ie8updates\KB2183461-IE8\wininet.dll
[-] 2010-05-06 . 26412D06783E47EAC7667569BF6962D3 . 916480 . . [8.00.6001.18923] . . c:\windows\SoftwareDistribution\Download\4c63122518a43a5948b889f6ab73e322\SP3GDR\wininet.dll
[-] 2010-05-06 . 9ACFBEE8E9573EE39CB93C636DF36F78 . 919040 . . [8.00.6001.23014] . . c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\wininet.dll
[-] 2010-05-06 . 9ACFBEE8E9573EE39CB93C636DF36F78 . 919040 . . [8.00.6001.23014] . . c:\windows\SoftwareDistribution\Download\4c63122518a43a5948b889f6ab73e322\SP3QFE\wininet.dll
[-] 2010-05-04 . 345B28A14C3ACA70D01F187583DF867A . 832512 . . [7.00.6000.17055] . . c:\windows\ie7updates\KB2183461-IE7\wininet.dll
[-] 2010-05-04 . 02BF58A0F206A7B5EF89E122B85EE9B5 . 841216 . . [7.00.6000.21256] . . c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\wininet.dll
[-] 2010-03-11 . 81FCC6AAE296C865DD0C472EE801D859 . 832512 . . [7.00.6000.17023] . . c:\windows\ie7updates\KB982381-IE7\wininet.dll
[-] 2010-03-11 . 4F671EAC0E07BDBB729D0933BDBE97FF . 841216 . . [7.00.6000.21228] . . c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\wininet.dll
[-] 2010-01-05 . 7713A11DAE2A6323975BB5359F8FC223 . 832512 . . [7.00.6000.16981] . . c:\windows\ie7updates\KB980182-IE7\wininet.dll
[-] 2010-01-05 . DCCFF51F32CFDA714B8519B580D61141 . 841216 . . [7.00.6000.21183] . . c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\wininet.dll
[-] 2009-10-29 . 88F9D85D94FA202BB9F1163685971D69 . 832512 . . [7.00.6000.16945] . . c:\windows\ie7updates\KB978207-IE7\wininet.dll
[-] 2009-10-29 . BA3BB33CE516EBD872B8BB3308A2C666 . 841216 . . [7.00.6000.21148] . . c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\wininet.dll
[-] 2009-08-29 . 6597915DA41219053DF9B2360032B172 . 832512 . . [7.00.6000.16915] . . c:\windows\ie7updates\KB976325-IE7\wininet.dll
[-] 2009-08-29 . EFF49BF8D852D5DA2790C3A33587FBDA . 840704 . . [7.00.6000.21115] . . c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\wininet.dll
[-] 2009-06-29 . 9907FB019DAF1A624EEE46A4350843B6 . 828928 . . [7.00.6000.21073] . . c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\wininet.dll
[-] 2009-06-29 . 5C2E5B0FEC1AE97F1E3A1C7F092BB2F2 . 827392 . . [7.00.6000.16876] . . c:\windows\ie7updates\KB974455-IE7\wininet.dll
[-] 2009-04-29 . A7EDF34FF0506D47E79DA5AA25658CFF . 827392 . . [7.00.6000.16850] . . c:\windows\ie7updates\KB972260-IE7\wininet.dll
[-] 2009-04-29 . 5E2D1154842EEA6D7FA850384873224D . 828928 . . [7.00.6000.21045] . . c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\wininet.dll
[-] 2009-03-08 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB982381-IE8\wininet.dll
[-] 2009-03-03 . ECF5B3AAADB70120D215DE09A2D4C095 . 828416 . . [7.00.6000.21020] . . c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\wininet.dll
[-] 2009-03-03 . 56F619B5E715C2C5F954621C4FBFD65F . 826368 . . [7.00.6000.16827] . . c:\windows\ie7updates\KB969897-IE7\wininet.dll
[-] 2008-12-20 . 0CC976387A70D9FBFBD90592D31B04C3 . 827904 . . [7.00.6000.20978] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll
[-] 2008-12-20 . 98824B66C84CCF7450F525D1721FF322 . 826368 . . [7.00.6000.16791] . . c:\windows\ie7updates\KB963027-IE7\wininet.dll
[-] 2008-10-16 . DFD883B35E4CD3716E3DD28162176C5D . 826368 . . [7.00.6000.16762] . . c:\windows\ie7updates\KB961260-IE7\wininet.dll
[-] 2008-10-16 . 3FDC8BBA7F4D0B6A58E4D0F58F9F0133 . 827904 . . [7.00.6000.20935] . . c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll
[-] 2008-08-26 . 9DB1BF3FC76E5E6F5E596397D1673609 . 827904 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
[-] 2008-08-26 . 449E4D403064AD4BBED98B611915FFB0 . 826368 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB958215-IE7\wininet.dll
[-] 2008-06-23 . 04CF52937E3FC3281A1CFCEC8DFF15AF . 826368 . . [7.00.6000.16705] . . c:\windows\ie7updates\KB956390-IE7\wininet.dll
[-] 2008-06-23 . 10FB0B4FA340B03D8FCA78B9B48DF136 . 827904 . . [7.00.6000.20861] . . c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
[-] 2008-04-23 . 0D45837A7829CA98C2197695B1BA9951 . 827392 . . [7.00.6000.20815] . . c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
[-] 2008-04-23 . EC9C54304985590CD28A8E7EBF8225D8 . 826368 . . [7.00.6000.16674] . . c:\windows\ie7updates\KB953838-IE7\wininet.dll
[-] 2008-04-14 . A9A84CFC20D5F4C609E9CBF9491B8DF6 . 668672 . . [6.00.2900.5512] . . c:\windows\ie7\wininet.dll
[-] 2008-03-01 . 39E5AA52B667BDD18690336E7E410EAF . 826368 . . [7.00.6000.16640] . . c:\windows\ie7updates\KB950759-IE7\wininet.dll
[-] 2008-03-01 . 39E5AA52B667BDD18690336E7E410EAF . 826368 . . [7.00.6000.16640] . . c:\windows\SoftwareDistribution\Download\e47b4ea11d8fc9cc1e6a8b0a8a846e45\SP2GDR\wininet.dll
[-] 2008-03-01 . 8975DA62B7B5FD9982E07C95B591AA3D . 827392 . . [7.00.6000.20772] . . c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
[-] 2008-03-01 . 8975DA62B7B5FD9982E07C95B591AA3D . 827392 . . [7.00.6000.20772] . . c:\windows\SoftwareDistribution\Download\e47b4ea11d8fc9cc1e6a8b0a8a846e45\SP2QFE\wininet.dll
[-] 2007-08-13 . A4A0FC92358F39538A6494C42EF99FE9 . 818688 . . [7.00.5730.13] . . c:\windows\ie7updates\KB947864-IE7\wininet.dll

[-] 2008-04-14 . 22DB5B3DA7005C6472D35BEF3FFDA5EC . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll
[-] 2008-04-14 . 22DB5B3DA7005C6472D35BEF3FFDA5EC . 82432 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ws2_32.dll

[-] 2008-04-14 . F7EE4BBFB48437EDC6F7F061DE1E8F2F . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll
[-] 2008-04-14 . F7EE4BBFB48437EDC6F7F061DE1E8F2F . 19968 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ws2help.dll

[-] 2008-04-14 . 7522F548A84ABAD8FA516DE5AB3931EF . 1036288 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 7522F548A84ABAD8FA516DE5AB3931EF . 1036288 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\explorer.exe

[-] 2008-04-14 . 463D57BF9FE5871208FF99399360A57D . 1287168 . . [5.1.2600.5512] . . c:\windows\system32\ole32.dll
[-] 2008-04-14 . 463D57BF9FE5871208FF99399360A57D . 1287168 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ole32.dll

[-] 2008-04-14 . 0F30EEC6013FCF76693405EC4A7DF899 . 171520 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2008-04-14 . 0F30EEC6013FCF76693405EC4A7DF899 . 171520 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\srsvc.dll

[-] 2008-04-14 . B2718EC9DC738E915D4177498E92BC4D . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
[-] 2008-04-14 . B2718EC9DC738E915D4177498E92BC4D . 13824 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\wscntfy.exe

[-] 2008-04-14 . 14FDADCF05A37582399DAF1DA1DE1C7B . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
[-] 2008-04-14 . 14FDADCF05A37582399DAF1DA1DE1C7B . 129024 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\xmlprov.dll

[-] 2008-04-14 . 2744C713F0217BD8FFD13E2EF731371C . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll
[-] 2008-04-14 . 2744C713F0217BD8FFD13E2EF731371C . 56320 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\eventlog.dll

[-] 2008-04-14 . 2A1E1DF559B291583903D2F9CC504522 . 1572352 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
[-] 2008-04-14 . 2A1E1DF559B291583903D2F9CC504522 . 1572352 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\sfcfiles.dll

[-] 2008-04-14 . DAAE1CB1B1875B760496E7D3336DA1AD . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[-] 2008-04-14 . DAAE1CB1B1875B760496E7D3336DA1AD . 15360 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ctfmon.exe

[-] 2008-04-14 . CA70EDBF32032EA53F114CB930741CB5 . 135168 . . [6.00.2900.5512] . . c:\windows\system32\shsvcs.dll
[-] 2008-04-14 . CA70EDBF32032EA53F114CB930741CB5 . 135168 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\shsvcs.dll

[-] 2008-04-14 . E424F05B07AC4357DC08D06218D76C7C . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll
[-] 2008-04-14 . E424F05B07AC4357DC08D06218D76C7C . 59904 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\regsvc.dll

[-] 2008-04-14 . 51BE25C404D3DD344C6079DE715E4977 . 193536 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll
[-] 2008-04-14 . 51BE25C404D3DD344C6079DE715E4977 . 193536 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\schedsvc.dll

[-] 2008-04-14 . B622A432EF02895DE4AA38AC8B85FA4C . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll
[-] 2008-04-14 . B622A432EF02895DE4AA38AC8B85FA4C . 71680 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ssdpsrv.dll

[-] 2008-04-14 . 288B20D56D5F0EC4BCC77FBFA5A81740 . 296960 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll
[-] 2008-04-14 . 288B20D56D5F0EC4BCC77FBFA5A81740 . 296960 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\termsrv.dll

[-] 2008-04-14 . 30CD42BFCDAFEFE8567B9E527DD3AE08 . 175104 . . [5.1.2600.5512] . . c:\windows\system32\appmgmts.dll
[-] 2008-04-14 . 30CD42BFCDAFEFE8567B9E527DD3AE08 . 175104 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\appmgmts.dll

[-] 2001-08-24 . 1C905333C0B9F3D7C68DDF25E54B00F9 . 12032 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys

[-] 2008-04-13 20:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\dllcache\aec.sys
[-] 2008-04-13 20:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys

[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ip6fw.sys
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys

[-] 2008-04-14 05:48 . 27415CEEB58C8C2F92AFF8CFE2517A3C . 927504 . . [4.1.0.61] . . c:\windows\system32\mfc40u.dll
[-] 2008-04-14 05:48 . 27415CEEB58C8C2F92AFF8CFE2517A3C . 927504 . . [4.1.0.61] . . c:\windows\system32\dllcache\mfc40u.dll

[-] 2008-04-14 . 047E70B04B288439245DDC8DD1A31982 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll
[-] 2008-04-14 . 047E70B04B288439245DDC8DD1A31982 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\msgsvc.dll

[-] 2008-04-14 05:48 . 57CF215B0250DE0C4AE36ABC8AE31BE4 . 52736 . . [9.0.1.56] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll
[-] 2006-10-18 19:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
[-] 2006-10-18 19:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll
[-] 2004-08-10 23:45 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
[-] 2004-08-10 23:45 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll

[-] 2010-04-28 . E04EE6357753B8041744E1C815CC8AE4 . 2069376 . . [5.1.2600.5973] . . c:\windows\$hf_mig$\KB981852\SP3QFE\ntkrnlpa.exe
[-] 2010-04-28 . E04EE6357753B8041744E1C815CC8AE4 . 2069376 . . [5.1.2600.5973] . . c:\windows\SoftwareDistribution\Download\a277157c3d936ad8fd248b709987c4ba\SP3QFE\ntkrnlpa.exe
[-] 2010-04-28 . 0150B2CE676EA606A2304A2820CD4204 . 2069248 . . [5.1.2600.5973] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2010-04-28 . 0150B2CE676EA606A2304A2820CD4204 . 2069248 . . [5.1.2600.5973] . . c:\windows\SoftwareDistribution\Download\a277157c3d936ad8fd248b709987c4ba\SP3GDR\ntkrnlpa.exe
[-] 2010-04-28 . 0150B2CE676EA606A2304A2820CD4204 . 2069248 . . [5.1.2600.5973] . . c:\windows\system32\ntkrnlpa.exe
[-] 2010-04-28 . 0150B2CE676EA606A2304A2820CD4204 . 2069248 . . [5.1.2600.5973] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[-] 2010-02-16 . E7D906C631864E89122862C637234199 . 2069248 . . [5.1.2600.5938] . . c:\windows\$NtUninstallKB981852$\ntkrnlpa.exe
[-] 2010-02-16 . 8154DCA6598C06058410A296FDDC9AC2 . 2069376 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrnlpa.exe
[-] 2009-12-09 . E2C8A909D8CAEB494D45EAC2E06BA3E3 . 2068608 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntkrnlpa.exe
[-] 2009-12-09 . 2B61E092BAED6211FA2D0C11D665B007 . 2068480 . . [5.1.2600.5913] . . c:\windows\$NtUninstallKB979683$\ntkrnlpa.exe
[-] 2009-08-04 . 21FA534239604D3200B028838B6ED72F . 2068608 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe
[-] 2009-08-04 . ECFDB2EEECEC8FBCA643801100D4D179 . 2068480 . . [5.1.2600.5857] . . c:\windows\$NtUninstallKB977165$\ntkrnlpa.exe
[-] 2009-02-10 . 2050C3BAB913974643D43C1A414CACB5 . 2068480 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntkrnlpa.exe
[-] 2009-02-09 . 9B5E5D325CEDBB10A9A86679634A38CC . 2068608 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[-] 2008-08-14 . F285B6D10EFF2C06ED021E9FBD282A77 . 2068480 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[-] 2008-08-14 . 89778A04B054445527AEC416AA8E2DBB . 2068480 . . [5.1.2600.5657] . . c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[-] 2008-04-14 . 2E2931A58B112CDF2A99B00B5DACDBE4 . 2068224 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe

[-] 2008-04-14 05:48 . D60C40D71A4D874C903255E4827AFA0C . 437760 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll
[-] 2008-04-14 05:48 . D60C40D71A4D874C903255E4827AFA0C . 437760 . . [5.1.2400.5512] . . c:\windows\system32\dllcache\ntmssvc.dll

[-] 2008-04-14 . 7594203F459ABDB5FE53C08D6B1BD53B . 186368 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll
[-] 2008-04-14 . 7594203F459ABDB5FE53C08D6B1BD53B . 186368 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\upnphost.dll

[-] 2008-04-14 . 9EF059A2C76BCE8DB9B0DD95EFE23A48 . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll
[-] 2008-04-14 . 9EF059A2C76BCE8DB9B0DD95EFE23A48 . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dllcache\dsound.dll

[-] 2008-04-14 . AE5DD931EFAB3687BA4DF0671F4CE078 . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll
[-] 2008-04-14 . AE5DD931EFAB3687BA4DF0671F4CE078 . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\dllcache\d3d9.dll

[-] 2008-04-14 . 28D0D87445F4ADD6614155EC13F042DD . 279552 . . [5.03.2600.5512] . . c:\windows\system32\ddraw.dll
[-] 2008-04-14 . 28D0D87445F4ADD6614155EC13F042DD . 279552 . . [5.03.2600.5512] . . c:\windows\system32\dllcache\ddraw.dll

[-] 2008-04-14 05:48 . F71CB6064DFC10DFB767B537BFA33D61 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\olepro32.dll
[-] 2008-04-14 05:48 . F71CB6064DFC10DFB767B537BFA33D61 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\olepro32.dll

[-] 2008-04-14 . 91C2A139745F2AF17E4685A1E54B4FDA . 41984 . . [5.1.2600.5512] . . c:\windows\system32\perfctrs.dll
[-] 2008-04-14 . 91C2A139745F2AF17E4685A1E54B4FDA . 41984 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\perfctrs.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\archivos de programa\Archivos comunes\Nero\Lib\NMBgMonitor.exe" [2007-08-03 202024]
"swg"="c:\archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-13 39408]
"SpywareTerminatorUpdate"="c:\archivos de programa\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-08-19 3037696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2004-02-13 36864]
"SoundMan"="SOUNDMAN.EXE" [2004-02-26 65024]
"NeroFilterCheck"="c:\archivos de programa\Archivos comunes\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"LWBMOUSE"="c:\archivos de programa\NASDAK\OmniMouse Driver\4.0\MOUSE32A.EXE" [2001-11-09 356352]
"Adobe Reader Speed Launcher"="c:\archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="c:\archivos de programa\Java\jre6\bin\jusched.exe" [2008-12-07 136600]
"snpstd"="c:\windows\vsnpstd.exe" [2003-12-31 40960]
"AVG9_TRAY"="c:\archiv~1\AVG\AVG9\avgtray.exe" [2010-07-16 2065760]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\archivos de programa\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-16 11:03 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NBKeyScan"="c:\archivos de programa\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\KAV\\Kaspersky Anti-Virus 7.0.1.325\\spanish\\setup.exe"=
"c:\\Archivos de programa\\Bonjour\\mDNSResponder.exe"=
"c:\\Archivos de programa\\iTunes\\iTunes.exe"=
"c:\\Archivos de programa\\uTorrent\\uTorrent.exe"=
"c:\\Archivos de programa\\LimeWire\\LimeWire.exe"=
"c:\\Archivos de programa\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Archivos de programa\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Archivos de programa\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Archivos de programa\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Archivos de programa\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Archivos de programa\\AVG\\AVG9\\avgupd.exe"=
"c:\\Archivos de programa\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Archivos de programa\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Archivos de programa\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
"c:\\Archivos de programa\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"2479:TCP"= 2479:TCP:Services
"4642:TCP"= 4642:TCP:Services
"3389:TCP"= 3389:TCP:Remote Desktop
"1531:TCP"= 1531:TCP:Services
"1562:TCP"= 1562:TCP:Services
"5867:TCP"= 5867:TCP:Services
"5868:TCP"= 5868:TCP:Services
"8992:TCP"= 8992:TCP:Services
"8991:TCP"= 8991:TCP:Services

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [19/06/2008 13:17 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [10/03/2010 14:44 243024]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [19/08/2010 23:44 142592]
R2 avg9wd;AVG WatchDog;c:\archivos de programa\AVG\AVG9\avgwdsvc.exe [10/03/2010 15:34 308136]
R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [19/08/2010 19:30 20328]
S2 gupdate;Servicio Google Update (gupdate);c:\archivos de programa\Google\Update\GoogleUpdate.exe [30/12/2009 16:50 135664]
.
Contents of the 'Scheduled Tasks' folder

2010-08-21 c:\windows\Tasks\Google Software Updater.job
- c:\archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-29 23:44]

2010-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\archivos de programa\Google\Update\GoogleUpdate.exe [2009-12-30 14:50]

2010-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\archivos de programa\Google\Update\GoogleUpdate.exe [2009-12-30 14:50]

2010-08-21 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 15:04]

2010-08-21 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 15:04]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportar a Microsoft Excel - c:\archiv~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {68CC5996-B6BC-4639-959F-CE65B2BB7E7A} = 192.168.2.1
FF - ProfilePath - c:\documents and settings\Jason\Datos de programa\Mozilla\Firefox\Profiles\pv9ho5od.default\
FF - component: c:\windows\system32\5005\components\AcroFF.dll
FF - plugin: c:\archivos de programa\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\archivos de programa\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\archivos de programa\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\archivos de programa\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\archivos de programa\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\archivos de programa\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\archivos de programa\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\archivos de programa\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\archivos de programa\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\archivos de programa\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\archivos de programa\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\archivos de programa\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

BHO-{ED0CF0C8-62F1-4865-A3FD-2E2A2B50FAFA} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-21 22:28
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x852D078A]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf74ebf28
\Driver\ACPI -> ACPI.sys @ 0xf743dcb8
\Driver\atapi -> ntoskrnl.exe @ 0x805c7abe
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615
ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615
ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac
NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
copy of MBR has been found in sector 0x01314FFD8
malicious code @ sector 0x01314FFDB !
PE file found in sector at 0x01314FFF1 !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3392)
c:\windows\system32\WININET.dll
c:\archiv~1\WINDOW~2\wmpband.dll
c:\archivos de programa\iTunes\iTunesMiniPlayer.dll
c:\archivos de programa\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
c:\archivos de programa\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\archivos de programa\NASDAK\OmniMouse Driver\4.0\MOUDL32A.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\archivos de programa\AVG\AVG9\avgchsvx.exe
c:\archivos de programa\AVG\AVG9\avgrsx.exe
c:\archivos de programa\AVG\AVG9\avgcsrvx.exe
c:\archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\archivos de programa\Bonjour\mDNSResponder.exe
c:\windows\system32\WgaTray.exe
c:\archivos de programa\Java\jre6\bin\jqs.exe
c:\archivos de programa\Nero\Nero8\Nero BackItUp\NBService.exe
c:\archivos de programa\AVG\AVG9\avgnsx.exe
c:\archivos de programa\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\archivos de programa\Spyware Terminator\sp_rsser.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\SOUNDMAN.EXE
c:\archivos de programa\Archivos comunes\Nero\Lib\NMIndexingService.exe
c:\archivos de programa\Archivos comunes\Nero\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Completion time: 2010-08-21 22:36:54 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-21 20:36

Pre-Run: 31.806.038.016 bytes libres
Post-Run: 31.833.145.344 bytes libres

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - CAC8DEB4EB79C5414CC0E60127A47DCE

#8 Příspěvek od **stell** » 21 srp 2010 21:52

bootkit_remover
stiahni na plochu -rozbal na plochu a spust,program bleskove prebehne-stlac klaves okno sa ti zatvori-na ploche sa vytvori log-obsah vloz sem.

stahni si win32kdiag http://rootrepeal.psikotick.com/Win32kDiag.exe na plochu
- spust
- po dokonceni skenu by se mel objevit Win32kDiag.txt
- jeho obsah mi vloz, kdyby prekoril pocet povolenych znaku, uploudni jako prilohu.

ptx008 · #9 Příspěvek od **ptx008** » 21 srp 2010 22:11

.\debug.cpp(238) : Debug log started at 21.08.2010 - 21:04:47
.\boot_cleaner.cpp(675) : Bootkit Remover
.\boot_cleaner.cpp(676) : (c) 2009 eSage Lab
.\boot_cleaner.cpp(677) : www.esagelab.com
.\boot_cleaner.cpp(681) : Program version: 1.1.0.0
.\boot_cleaner.cpp(688) : OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)
.\debug.cpp(248) : **********************************************
.\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] ***********
.\debug.cpp(250) : **********************************************
.\debug.cpp(256) : 0x804d7000 0x00217400 "\WINDOWS\system32\ntoskrnl.exe"
.\debug.cpp(256) : 0x806ef000 0x00020300 "\WINDOWS\system32\hal.dll"
.\debug.cpp(256) : 0xf7987000 0x00002000 "\WINDOWS\system32\KDCOM.DLL"
.\debug.cpp(256) : 0xf7897000 0x00003000 "\WINDOWS\system32\BOOTVID.dll"
.\debug.cpp(256) : 0xf7437000 0x0002f000 "ACPI.sys"
.\debug.cpp(256) : 0xf7989000 0x00002000 "\WINDOWS\system32\DRIVERS\WMILIB.SYS"
.\debug.cpp(256) : 0xf7426000 0x00011000 "pci.sys"
.\debug.cpp(256) : 0xf7487000 0x0000a000 "isapnp.sys"
.\debug.cpp(256) : 0xf7497000 0x00010000 "ohci1394.sys"
.\debug.cpp(256) : 0xf74a7000 0x0000e000 "\WINDOWS\system32\DRIVERS\1394BUS.SYS"
.\debug.cpp(256) : 0xf798b000 0x00002000 "viaide.sys"
.\debug.cpp(256) : 0xf7707000 0x00007000 "\WINDOWS\system32\DRIVERS\PCIIDEX.SYS"
.\debug.cpp(256) : 0xf74b7000 0x0000b000 "MountMgr.sys"
.\debug.cpp(256) : 0xf7407000 0x0001f000 "ftdisk.sys"
.\debug.cpp(256) : 0xf798d000 0x00002000 "dmload.sys"
.\debug.cpp(256) : 0xf73e1000 0x00026000 "dmio.sys"
.\debug.cpp(256) : 0xf770f000 0x00005000 "PartMgr.sys"
.\debug.cpp(256) : 0xf74c7000 0x0000d000 "VolSnap.sys"
.\debug.cpp(256) : 0xf73c9000 0x00018000 "atapi.sys"
.\debug.cpp(256) : 0xf74d7000 0x00009000 "disk.sys"
.\debug.cpp(256) : 0xf74e7000 0x0000d000 "\WINDOWS\system32\DRIVERS\CLASSPNP.SYS"
.\debug.cpp(256) : 0xf73a9000 0x00020000 "fltMgr.sys"
.\debug.cpp(256) : 0xf7397000 0x00012000 "sr.sys"
.\debug.cpp(256) : 0xf74f7000 0x00009000 "PxHelp20.sys"
.\debug.cpp(256) : 0xf7380000 0x00017000 "KSecDD.sys"
.\debug.cpp(256) : 0xf72f3000 0x0008d000 "Ntfs.sys"
.\debug.cpp(256) : 0xf72c6000 0x0002d000 "NDIS.sys"
.\debug.cpp(256) : 0xf7507000 0x0000f000 "Combo-Fix.sys"
.\debug.cpp(256) : 0xf7517000 0x0000b000 "uagp35.sys"
.\debug.cpp(256) : 0xf72ac000 0x0001a000 "Mup.sys"
.\debug.cpp(256) : 0xf7547000 0x00010000 "\SystemRoot\system32\DRIVERS\nic1394.sys"
.\debug.cpp(256) : 0xf7557000 0x0000b000 "\SystemRoot\system32\DRIVERS\amdk7.sys"
.\debug.cpp(256) : 0xf720e000 0x00040000 "\SystemRoot\system32\DRIVERS\vtmini.sys"
.\debug.cpp(256) : 0xf71fa000 0x00014000 "\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS"
.\debug.cpp(256) : 0xf7567000 0x0000c000 "\SystemRoot\system32\DRIVERS\R8139n51.SYS"
.\debug.cpp(256) : 0xf7577000 0x0000b000 "\SystemRoot\system32\DRIVERS\imapi.sys"
.\debug.cpp(256) : 0xf792f000 0x00003000 "\SystemRoot\system32\drivers\pfc.sys"
.\debug.cpp(256) : 0xf7587000 0x00010000 "\SystemRoot\system32\DRIVERS\cdrom.sys"
.\debug.cpp(256) : 0xf7597000 0x0000f000 "\SystemRoot\system32\DRIVERS\redbook.sys"
.\debug.cpp(256) : 0xf71d7000 0x00023000 "\SystemRoot\system32\DRIVERS\ks.sys"
.\debug.cpp(256) : 0xf793b000 0x00003000 "\SystemRoot\System32\Drivers\GEARAspiWDM.sys"
.\debug.cpp(256) : 0xf774f000 0x00006000 "\SystemRoot\system32\DRIVERS\usbuhci.sys"
.\debug.cpp(256) : 0xf71b3000 0x00024000 "\SystemRoot\system32\DRIVERS\USBPORT.SYS"
.\debug.cpp(256) : 0xf7757000 0x00008000 "\SystemRoot\system32\DRIVERS\usbehci.sys"
.\debug.cpp(256) : 0xf7120000 0x00093000 "\SystemRoot\system32\drivers\ALCXWDM.SYS"
.\debug.cpp(256) : 0xf70fc000 0x00024000 "\SystemRoot\system32\drivers\portcls.sys"
.\debug.cpp(256) : 0xf75a7000 0x0000f000 "\SystemRoot\system32\drivers\drmk.sys"
.\debug.cpp(256) : 0xf709a000 0x00062000 "\SystemRoot\system32\drivers\ALCXSENS.SYS"
.\debug.cpp(256) : 0xf7777000 0x00007000 "\SystemRoot\system32\DRIVERS\fdc.sys"
.\debug.cpp(256) : 0xf7089000 0x00011000 "\SystemRoot\system32\DRIVERS\serial.sys"
.\debug.cpp(256) : 0xf7947000 0x00004000 "\SystemRoot\system32\DRIVERS\serenum.sys"
.\debug.cpp(256) : 0xf7075000 0x00014000 "\SystemRoot\system32\DRIVERS\parport.sys"
.\debug.cpp(256) : 0xf7b39000 0x00001000 "\SystemRoot\system32\DRIVERS\audstub.sys"
.\debug.cpp(256) : 0xf75b7000 0x0000d000 "\SystemRoot\system32\DRIVERS\rasl2tp.sys"
.\debug.cpp(256) : 0xf7953000 0x00003000 "\SystemRoot\system32\DRIVERS\ndistapi.sys"
.\debug.cpp(256) : 0xf705e000 0x00017000 "\SystemRoot\system32\DRIVERS\ndiswan.sys"
.\debug.cpp(256) : 0xf75c7000 0x0000b000 "\SystemRoot\system32\DRIVERS\raspppoe.sys"
.\debug.cpp(256) : 0xf75d7000 0x0000c000 "\SystemRoot\system32\DRIVERS\raspptp.sys"
.\debug.cpp(256) : 0xf7797000 0x00005000 "\SystemRoot\system32\DRIVERS\TDI.SYS"
.\debug.cpp(256) : 0xf6fad000 0x00011000 "\SystemRoot\system32\DRIVERS\psched.sys"
.\debug.cpp(256) : 0xf75e7000 0x00009000 "\SystemRoot\system32\DRIVERS\msgpc.sys"
.\debug.cpp(256) : 0xf77a7000 0x00005000 "\SystemRoot\system32\DRIVERS\ptilink.sys"
.\debug.cpp(256) : 0xf77b7000 0x00005000 "\SystemRoot\system32\DRIVERS\raspti.sys"
.\debug.cpp(256) : 0xf6f55000 0x00030000 "\SystemRoot\system32\DRIVERS\rdpdr.sys"
.\debug.cpp(256) : 0xf75f7000 0x0000a000 "\SystemRoot\system32\DRIVERS\termdd.sys"
.\debug.cpp(256) : 0xf77c7000 0x00007000 "\SystemRoot\system32\DRIVERS\kbdclass.sys"
.\debug.cpp(256) : 0xf77cf000 0x00006000 "\SystemRoot\system32\DRIVERS\mouclass.sys"
.\debug.cpp(256) : 0xf7993000 0x00002000 "\SystemRoot\system32\DRIVERS\swenum.sys"
.\debug.cpp(256) : 0xf6ef7000 0x0005e000 "\SystemRoot\system32\DRIVERS\update.sys"
.\debug.cpp(256) : 0xf7977000 0x00004000 "\SystemRoot\system32\DRIVERS\mssmbios.sys"
.\debug.cpp(256) : 0xf7607000 0x0000a000 "\SystemRoot\System32\Drivers\NDProxy.SYS"
.\debug.cpp(256) : 0xf7617000 0x0000f000 "\SystemRoot\system32\DRIVERS\usbhub.sys"
.\debug.cpp(256) : 0xf7999000 0x00002000 "\SystemRoot\system32\DRIVERS\USBD.SYS"
.\debug.cpp(256) : 0xf799d000 0x00002000 "\SystemRoot\System32\Drivers\Fs_Rec.SYS"
.\debug.cpp(256) : 0xf7b6a000 0x00001000 "\SystemRoot\System32\Drivers\Null.SYS"
.\debug.cpp(256) : 0xf79a1000 0x00002000 "\SystemRoot\System32\Drivers\Beep.SYS"
.\debug.cpp(256) : 0xf780f000 0x00007000 "\SystemRoot\system32\DRIVERS\HIDPARSE.SYS"
.\debug.cpp(256) : 0xf7817000 0x00006000 "\SystemRoot\System32\drivers\vga.sys"
.\debug.cpp(256) : 0xf79a5000 0x00002000 "\SystemRoot\System32\Drivers\mnmdd.SYS"
.\debug.cpp(256) : 0xf79a9000 0x00002000 "\SystemRoot\System32\DRIVERS\RDPCDD.sys"
.\debug.cpp(256) : 0xf7827000 0x00005000 "\SystemRoot\System32\Drivers\Msfs.SYS"
.\debug.cpp(256) : 0xf7837000 0x00008000 "\SystemRoot\System32\Drivers\Npfs.SYS"
.\debug.cpp(256) : 0xf794f000 0x00003000 "\SystemRoot\system32\DRIVERS\rasacd.sys"
.\debug.cpp(256) : 0xf5e16000 0x00013000 "\SystemRoot\system32\DRIVERS\ipsec.sys"
.\debug.cpp(256) : 0xf5dbd000 0x00059000 "\SystemRoot\system32\DRIVERS\tcpip.sys"
.\debug.cpp(256) : 0xf5d83000 0x0003a000 "\SystemRoot\System32\Drivers\avgtdix.sys"
.\debug.cpp(256) : 0xf5d5d000 0x00026000 "\SystemRoot\system32\DRIVERS\ipnat.sys"
.\debug.cpp(256) : 0xf7657000 0x00009000 "\SystemRoot\system32\DRIVERS\wanarp.sys"
.\debug.cpp(256) : 0xf784f000 0x00007000 "\SystemRoot\system32\DRIVERS\USBSTOR.SYS"
.\debug.cpp(256) : 0xf7667000 0x0000f000 "\SystemRoot\system32\DRIVERS\arp1394.sys"
.\debug.cpp(256) : 0xf5d35000 0x00028000 "\SystemRoot\system32\DRIVERS\netbt.sys"
.\debug.cpp(256) : 0xf5d13000 0x00022000 "\SystemRoot\System32\drivers\afd.sys"
.\debug.cpp(256) : 0xf5cf0000 0x00023000 "\??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys"
.\debug.cpp(256) : 0xf7677000 0x0000b000 "\SystemRoot\System32\Drivers\Fips.SYS"
.\debug.cpp(256) : 0xf7867000 0x00006000 "\SystemRoot\System32\Drivers\avgmfx86.sys"
.\debug.cpp(256) : 0xf5c1c000 0x00034000 "\SystemRoot\System32\Drivers\avgldx86.sys"
.\debug.cpp(256) : 0xf787f000 0x00008000 "\SystemRoot\system32\DRIVERS\usbccgp.sys"
.\debug.cpp(256) : 0xf5b85000 0x00097000 "\SystemRoot\system32\DRIVERS\AVWLPUSB.sys"
.\debug.cpp(256) : 0xf5eef000 0x00003000 "\SystemRoot\system32\DRIVERS\hidusb.sys"
.\debug.cpp(256) : 0xf76e7000 0x00009000 "\SystemRoot\system32\DRIVERS\HIDCLASS.SYS"
.\debug.cpp(256) : 0xf5edf000 0x00004000 "\SystemRoot\system32\DRIVERS\kbdhid.sys"
.\debug.cpp(256) : 0xf5ed7000 0x00004000 "\SystemRoot\system32\DRIVERS\mouhid.sys"
.\debug.cpp(256) : 0xf704e000 0x00010000 "\SystemRoot\System32\Drivers\Cdfs.SYS"
.\debug.cpp(256) : 0xbf800000 0x001c5000 "\SystemRoot\System32\win32k.sys"
.\debug.cpp(256) : 0xf5e51000 0x00003000 "\SystemRoot\System32\drivers\Dxapi.sys"
.\debug.cpp(256) : 0xf775f000 0x00005000 "\SystemRoot\System32\watchdog.sys"
.\debug.cpp(256) : 0xbf000000 0x00012000 "\SystemRoot\System32\drivers\dxg.sys"
.\debug.cpp(256) : 0xf7b0e000 0x00001000 "\SystemRoot\System32\drivers\dxgthk.sys"
.\debug.cpp(256) : 0xbf012000 0x0019a000 "\SystemRoot\System32\vtdisp.dll"
.\debug.cpp(256) : 0xbffa0000 0x00046000 "\SystemRoot\System32\ATMFD.DLL"
.\debug.cpp(256) : 0xed685000 0x0000c000 "\SystemRoot\system32\DRIVERS\fssfltr_tdi.sys"
.\debug.cpp(256) : 0xed589000 0x00004000 "\SystemRoot\system32\DRIVERS\ndisuio.sys"
.\debug.cpp(256) : 0xed2d8000 0x0002d000 "\SystemRoot\system32\DRIVERS\mrxdav.sys"
.\debug.cpp(256) : 0xf7a41000 0x00002000 "\SystemRoot\System32\Drivers\ParVdm.SYS"
.\debug.cpp(256) : 0xed274000 0x00004000 "\??\C:\WINDOWS\system32\drivers\cpuz134_x32.sys"
.\debug.cpp(256) : 0xed133000 0x00015000 "\SystemRoot\system32\drivers\wdmaud.sys"
.\debug.cpp(256) : 0xed6b5000 0x0000f000 "\SystemRoot\system32\drivers\sysaudio.sys"
.\debug.cpp(256) : 0xecd1e000 0x00057000 "\SystemRoot\system32\DRIVERS\srv.sys"
.\debug.cpp(256) : 0xf7877000 0x00006000 "\SystemRoot\System32\Drivers\TDTCP.SYS"
.\debug.cpp(256) : 0xeca2b000 0x00023000 "\SystemRoot\System32\Drivers\RDPWD.SYS"
.\debug.cpp(256) : 0xf7787000 0x00006000 "\??\C:\DOCUME~1\Jason\CONFIG~1\Temp\mbr.sys"
.\debug.cpp(256) : 0xec602000 0x00041000 "\SystemRoot\System32\Drivers\HTTP.sys"
.\debug.cpp(256) : 0xf77ef000 0x00008000 "\??\C:\ComboFix\catchme.sys"
.\debug.cpp(256) : 0xf7a3f000 0x00002000 "\??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS"
.\debug.cpp(256) : 0x7c910000 0x000b8000 "\WINDOWS\system32\ntdll.dll"
.\debug.cpp(263) : **********************************************
.\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] ***********
.\debug.cpp(308) : **********************************************
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\D:"
.\debug.cpp(400) : Destination="\Device\CdRom0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1106&DEV_3059&SUBSYS_C0AA1297&REV_60#3&61aaa01&0&8D#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0012"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS"
.\debug.cpp(400) : Destination="\Device\Ndis"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1106&DEV_3038&SUBSYS_30381106&REV_81#3&61aaa01&0&81#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0007"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10EC&DEV_8139&SUBSYS_813910EC&REV_10#3&61aaa01&0&58#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0002"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1"
.\debug.cpp(400) : Destination="\Device\Video0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}"
.\debug.cpp(400) : Destination="\Device\00000037"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_0425&Pid_0101#5&3379506f&0&2#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination="\Device\USBPDO-6"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{71985f4a-1ca1-11d3-9cc8-00c04f7971e0}"
.\debug.cpp(400) : Destination="\Device\00000037"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\0000002e"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY2"
.\debug.cpp(400) : Destination="\Device\Video1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmIoDaemon"
.\debug.cpp(400) : Destination="\Device\DmControl\DmIoDaemon"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0C#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination="\Device\0000003f"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ip"
.\debug.cpp(400) : Destination="\Device\Ip"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY3"
.\debug.cpp(400) : Destination="\Device\Video2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{C450F7B5-3620-450E-B26E-BDCC6D8CB426}"
.\debug.cpp(400) : Destination="\Device\{C450F7B5-3620-450E-B26E-BDCC6D8CB426}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{B221EE96-2A58-4473-8075-F6377E118791}"
.\debug.cpp(400) : Destination="\Device\{B221EE96-2A58-4473-8075-F6377E118791}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#RemovableMedia#7&8b96fe9&0&RM#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\Harddisk2\DP(1)0-0+5"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPSECDev"
.\debug.cpp(400) : Destination="\Device\IPSEC"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY4"
.\debug.cpp(400) : Destination="\Device\Video3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\0000002d"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{5857e0c2-24ce-11dd-b9e1-806d6172696f}"
.\debug.cpp(400) : Destination="\Device\CdRom0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDPROXY"
.\debug.cpp(400) : Destination="\Device\NDProxy"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY5"
.\debug.cpp(400) : Destination="\Device\Video4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{9aa4a2cc-81e0-4cfd-802f-0f74526d2bd3}"
.\debug.cpp(400) : Destination="\Device\00000037"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CDR4_XP"
.\debug.cpp(400) : Destination="\Device\PxHelperDevice0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\$VDMLPT1"
.\debug.cpp(400) : Destination="\Device\ParallelVdm0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\00000037"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{fd0a5af4-b41d-11d2-9c95-00c04f7971e0}"
.\debug.cpp(400) : Destination="\Device\00000037"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\RdpDrDvMgr"
.\debug.cpp(400) : Destination="\Device\RdpDrDvMgr"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1106&DEV_3059&SUBSYS_C0AA1297&REV_60#3&61aaa01&0&8D#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0012"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{A815ECD0-197B-4FB0-ADE8-42724B449748}"
.\debug.cpp(400) : Destination="\Device\{A815ECD0-197B-4FB0-ADE8-42724B449748}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice"
.\debug.cpp(400) : Destination="\Device\WMIDataDevice"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\F:"
.\debug.cpp(400) : Destination="\Device\Harddisk1\DP(1)0-0+4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{721e0772-24d5-11dd-b9f8-806d6172696f}"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USBSTOR#Disk&Ven_OEI-USB&Prod_CompactFlash&Rev__2.0#CA57682A51&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\00000067"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM1"
.\debug.cpp(400) : Destination="\Device\Serial0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomTSSTcorp_CD#DVDW_SH-S162L_______________TS00____#5&208e98bb&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\Ide\IdeDeviceP1T0L0-e"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{dff220f3-f70f-11d0-b917-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\00000037"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM2"
.\debug.cpp(400) : Destination="\Device\Serial1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE"
.\debug.cpp(400) : Destination="\Device\NamedPipe"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c5066e-72c1-11d2-9755-0000f8004788}"
.\debug.cpp(400) : Destination="\Device\KSENUM#00000002"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{2eb07ea0-7e70-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination="\Device\00000037"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_0425&Pid_0101&MI_01&Col03#7&188bc9c1&0&0002#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination="\Device\0000006f"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\G:"
.\debug.cpp(400) : Destination="\Device\Harddisk2\DP(1)0-0+5"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1106&DEV_3059&SUBSYS_C0AA1297&REV_60#3&61aaa01&0&8D#{65e8773e-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0012"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomTSSTcorp_CD#DVDW_SH-S162L_______________TS00____#5&208e98bb&0&0.0.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\Ide\IdeDeviceP1T0L0-e"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC"
.\debug.cpp(400) : Destination="\Device\Mup"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPNAT"
.\debug.cpp(400) : Destination="\Device\IPNAT"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{0a4252a0-7e70-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination="\Device\00000037"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PSched"
.\debug.cpp(400) : Destination="\Device\PSched"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GEARAspiWDMDevice"
.\debug.cpp(400) : Destination="\Device\GEARAspiWDMDevice"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\00000037"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0"
.\debug.cpp(400) : Destination="\Device\USBFDO-0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AvgTdi"
.\debug.cpp(400) : Destination="\Device\AvgTdi"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tcp"
.\debug.cpp(400) : Destination="\Device\Tcp"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{9BB1BF07-5F7E-4277-9F52-1EB871CB3F80}"
.\debug.cpp(400) : Destination="\Device\{9BB1BF07-5F7E-4277-9F52-1EB871CB3F80}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg"
.\debug.cpp(400) : Destination="\FileSystem\Filters\FltMgrMsg"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LCD"
.\debug.cpp(400) : Destination="\Device\VideoPdo0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1"
.\debug.cpp(400) : Destination="\Device\USBFDO-1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PTIMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000033"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Avg7Rs"
.\debug.cpp(400) : Destination="\Device\Avg7Rs"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0"
.\debug.cpp(400) : Destination="\Device\Harddisk0\DR0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USBSTOR#Disk&Ven_OEI-USB&Prod_SM#MS#SD&Rev__2.0#CA57682A51&1#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\00000068"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN"
.\debug.cpp(400) : Destination="\DosDevices\LPT1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD2"
.\debug.cpp(400) : Destination="\Device\USBFDO-2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{cf1dda2c-9743-11d0-a3ee-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\00000037"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination="\Device\00000037"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000031"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive1"
.\debug.cpp(400) : Destination="\Device\Harddisk1\DR2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\sysaudio"
.\debug.cpp(400) : Destination="\Device\sysaudio"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0002#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000032"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#RemovableMedia#7&6a1e26e&0&RM#{53f5630a-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\Harddisk1\DP(1)0-0+4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD3"
.\debug.cpp(400) : Destination="\Device\USBFDO-3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000030"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\00000037"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#AuthenticAMD_-_x86_Family_6_Model_10#_0#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) : Destination="\Device\0000003c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0"
.\debug.cpp(400) : Destination="\Device\CdRom0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive2"
.\debug.cpp(400) : Destination="\Device\Harddisk2\DR3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1106&DEV_3059&SUBSYS_C0AA1297&REV_60#3&61aaa01&0&8D#{dda54a40-1e4c-11d1-a050-405705c10000}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0012"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\sp_rsdrv2"
.\debug.cpp(400) : Destination="\Device\sp_rsdrv2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD4"
.\debug.cpp(400) : Destination="\Device\USBFDO-4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#RemovableMedia#7&6a1e26e&0&RM#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\Harddisk1\DP(1)0-0+4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_0425&Pid_0101&MI_00#7&55bad83&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination="\Device\0000006c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global"
.\debug.cpp(400) : Destination="\GLOBAL??"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\fssfltr"
.\debug.cpp(400) : Destination="\Device\fssfltr"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_124a&Pid_168b#5&bac6173&0&1#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination="\Device\USBPDO-7"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#FixedButton#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination="\Device\00000043"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AvgAviLdr"
.\debug.cpp(400) : Destination="\Device\AvgAviLdrDev"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#1#{86e0d1e0-8089-11d0-9ce4-08003e301f73}"
.\debug.cpp(400) : Destination="\Device\0000004d"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Paspi0"
.\debug.cpp(400) : Destination="\Device\Paspi0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PxHelperDevice0"
.\debug.cpp(400) : Destination="\Device\PxHelperDevice0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50671-72c1-11d2-9755-0000f8004788}"
.\debug.cpp(400) : Destination="\Device\KSENUM#00000002"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#2#{86e0d1e0-8089-11d0-9ce4-08003e301f73}"
.\debug.cpp(400) : Destination="\Device\0000004e"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&1ee3d36f&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination="\Device\USBPDO-1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{A5E3D0C5-1690-4BE8-BB87-D5B15457F588}"
.\debug.cpp(400) : Destination="\Device\{A5E3D0C5-1690-4BE8-BB87-D5B15457F588}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{2D4D70AD-B2F5-4BD6-BDDF-B5E3F00C0C9B}"
.\debug.cpp(400) : Destination="\Device\{2D4D70AD-B2F5-4BD6-BDDF-B5E3F00C0C9B}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#ThermalZone#THRM#{4afa3d51-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination="\Device\0000003e"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3e227e76-690d-11d2-8161-0000f8775bf1}"
.\debug.cpp(400) : Destination="\Device\00000037"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad809c00-7b88-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination="\Device\00000037"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{9ea331fa-b91b-45f8-9285-bd2bc77afcde}"
.\debug.cpp(400) : Destination="\Device\00000037"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ARP1394"
.\debug.cpp(400) : Destination="\Device\ARP1394"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{07dad660-22f1-11d1-a9f4-00c04fbbde8f}"
.\debug.cpp(400) : Destination="\Device\00000037"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\catchme"
.\debug.cpp(400) : Destination="\Device\catchme"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_0425&Pid_0101&MI_01&Col02#7&188bc9c1&0&0001#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination="\Device\0000006e"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#1#{4d36e978-e325-11ce-bfc1-08002be10318}"
.\debug.cpp(400) : Destination="\Device\0000004d"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1106&DEV_3038&SUBSYS_30381106&REV_81#3&61aaa01&0&83#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0009"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&Signature12591258Offset7E00Length2629FF3200#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{930393BF-9D7C-4C5C-9DE5-65D03AE46832}"
.\debug.cpp(400) : Destination="\Device\{930393BF-9D7C-4C5C-9DE5-65D03AE46832}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager"
.\debug.cpp(400) : Destination="\Device\MountPointManager"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50674-72c1-11d2-9755-0000f8004788}"
.\debug.cpp(400) : Destination="\Device\KSENUM#00000002"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\0000002c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MbDlDp32"
.\debug.cpp(400) : Destination="\Device\PxHelperDevice0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmConfig"
.\debug.cpp(400) : Destination="\Device\DmControl\DmConfig"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0E#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination="\Device\00000040"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArp"
.\debug.cpp(400) : Destination="\Device\WANARP"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&c2a22ca&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination="\Device\USBPDO-2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#ftdisk#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\00000003"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{68CC5996-B6BC-4639-959F-CE65B2BB7E7A}"
.\debug.cpp(400) : Destination="\Device\{68CC5996-B6BC-4639-959F-CE65B2BB7E7A}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_124a&Pid_168b#5&bac6173&0&1#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\USBPDO-7"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1106&DEV_3038&SUBSYS_30381106&REV_81#3&61aaa01&0&80#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0006"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmTrace"
.\debug.cpp(400) : Destination="\Device\DmControl\DmTrace"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1106&DEV_3104&SUBSYS_F6431297&REV_86#3&61aaa01&0&84#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0010"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000037"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIP"
.\debug.cpp(400) : Destination="\Device\NdisWanIp"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#dmio#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\00000002"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{fbf6f530-07b9-11d2-a71e-0000f8004788}"
.\debug.cpp(400) : Destination="\Device\KSENUM#00000002"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{bf963d80-c559-11d0-8a2b-00a0c9255ac1}"
.\debug.cpp(400) : Destination="\Device\00000037"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CPUZ134"
.\debug.cpp(400) : Destination="\Device\cpuz134"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0:"
.\debug.cpp(400) : Destination="\Device\Ide\IdePort0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&350b3c2c&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination="\Device\USBPDO-3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{5857e0c4-24ce-11dd-b9e1-806d6172696f}"
.\debug.cpp(400) : Destination="\Device\Harddisk2\DP(1)0-0+5"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\1394BUS0"
.\debug.cpp(400) : Destination="\Device\1394BUS0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#DiskMaxtor_6Y160P0__________________________YAR41BW0#3459533745544551202020202020202020202020#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\Ide\IdeDeviceP0T0L0-3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_55aa&Pid_b012#CA57682A51#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination="\Device\USBPDO-5"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0400#1#{97f76ef0-f883-11d0-af1f-0000f800845c}"
.\debug.cpp(400) : Destination="\Device\0000004f"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination="\Device\00000037"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\0000002f"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK1"
.\debug.cpp(400) : Destination="\Device\ParTechInc0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{5857e0c3-24ce-11dd-b9e1-806d6172696f}"
.\debug.cpp(400) : Destination="\Device\Harddisk1\DP(1)0-0+4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{a7c7a5b1-5af3-11d1-9ced-00a024bf0407}"
.\debug.cpp(400) : Destination="\Device\00000037"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISTAPI"
.\debug.cpp(400) : Destination="\Device\NdisTapi"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NdisWan"
.\debug.cpp(400) : Destination="\Device\NdisWan"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi1:"
.\debug.cpp(400) : Destination="\Device\Ide\IdePort1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#RemovableMedia#7&8b96fe9&0&RM#{53f5630a-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\Harddisk2\DP(1)0-0+5"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPMULTICAST"
.\debug.cpp(400) : Destination="\Device\IPMULTICAST"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LPT1"
.\debug.cpp(400) : Destination="\Device\Parallel0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK2"
.\debug.cpp(400) : Destination="\Device\ParTechInc1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmLoader"
.\debug.cpp(400) : Destination="\Device\DmLoader"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#2#{4d36e978-e325-11ce-bfc1-08002be10318}"
.\debug.cpp(400) : Destination="\Device\0000004e"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK3"
.\debug.cpp(400) : Destination="\Device\ParTechInc2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomTSSTcorp_CD#DVDW_SH-S162L_______________TS00____#5&208e98bb&0&0.0.0#{1186654d-47b8-48b9-beb9-7df113ae3c67}"
.\debug.cpp(400) : Destination="\Device\Ide\IdeDeviceP1T0L0-e"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_0425&Pid_0101&MI_00#7&55bad83&0&0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination="\Device\0000006c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{49851279-2CA1-40A6-BA65-8D153AAB052E}"
.\debug.cpp(400) : Destination="\Device\{49851279-2CA1-40A6-BA65-8D153AAB052E}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1106&DEV_3038&SUBSYS_30381106&REV_81#3&61aaa01&0&82#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0008"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1106&DEV_7205&SUBSYS_F6431297&REV_01#4&1feb96e4&0&0008#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0013"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr"
.\debug.cpp(400) : Destination="\FileSystem\Filters\FltMgr"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl"
.\debug.cpp(400) : Destination="\Device\FtControl"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\C:"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT"
.\debug.cpp(400) : Destination="\Device\MailSlot"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\mbr"
.\debug.cpp(400) : Destination="\Device\mbr"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX"
.\debug.cpp(400) : Destination="\DosDevices\COM1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LPTENUM#MicrosoftRawPort#4&1d62032d&0&LPT1#{811fc6a5-f728-11d0-a537-0000f8753ed1}"
.\debug.cpp(400) : Destination="\Device\Parallel0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL"
.\debug.cpp(400) : Destination="\Device\Null"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT"
.\debug.cpp(400) : Destination=""

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_0425&Pid_0101&MI_01&Col01#7&188bc9c1&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination="\Device\0000006d"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ndisuio"
.\debug.cpp(400) : Destination="\Device\Ndisuio"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination="\Device\00000036"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&20477f50&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination="\Device\USBPDO-4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&319d8414&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination="\Device\USBPDO-0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1106&DEV_3044&SUBSYS_30441106&REV_46#3&61aaa01&0&60#{6bdd1fc1-810f-11d0-bec7-08002be2092f}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0003"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#Vid_0425&Pid_0101&MI_01&Col03#7&188bc9c1&0&0002#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination="\Device\0000006f"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination="\Device\00000035"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{C0EC04AC-0E2A-42B9-8EF1-1BEF129694BA}"
.\debug.cpp(400) : Destination="\Device\{C0EC04AC-0E2A-42B9-8EF1-1BEF129694BA}"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PROCEXP113"
.\debug.cpp(400) : Destination="\Device\PROCEXP113"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DmInfo"
.\debug.cpp(400) : Destination="\Device\DmControl\DmInfo"

.\debug.cpp(451) : **********************************************
.\boot_cleaner.cpp(1077) : System volume is \\.\C:
.\boot_cleaner.cpp(1113) : \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
.\boot_cleaner.cpp(1151) :
.\boot_cleaner.cpp(1152) : Size Device Name MBR Status
.\boot_cleaner.cpp(1153) : --------------------------------------------
.\boot_cleaner.cpp(1197) : 152 GB \\.\PhysicalDrive0 Controlled by rootkit!
.\boot_cleaner.cpp(1203) :
.\boot_cleaner.cpp(1226) : Boot code on some of your physical disks is hidden by a rootkit.
.\boot_cleaner.cpp(1228) : To disinfect the master boot sector, use the following command:
.\boot_cleaner.cpp(1229) : remover.exe fix <device_name>
.\boot_cleaner.cpp(1233) : To inspect the boot code manually, dump the master boot sector:
.\boot_cleaner.cpp(1234) : remover.exe dump <device_name> [output_file]
.\boot_cleaner.cpp(1237) :
.\boot_cleaner.cpp(1242) : Done;

ptx008 · #10 Příspěvek od **ptx008** » 21 srp 2010 22:16

Running from: C:\Documents and Settings\Jason\Escritorio\Win32kDiag.exe

Log file at : C:\Documents and Settings\Jason\Escritorio\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...

Finished!

#11 Příspěvek od **stell** » 21 srp 2010 22:20

ok
tieto otvorene porty poznas??

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"2479:TCP"= 2479:TCP:Services
"4642:TCP"= 4642:TCP:Services
"3389:TCP"= 3389:TCP:Remote Desktop
"1531:TCP"= 1531:TCP:Services
"1562:TCP"= 1562:TCP:Services
"5867:TCP"= 5867:TCP:Services
"5868:TCP"= 5868:TCP:Services
"8992:TCP"= 8992:TCP:Services
"8991:TCP"= 8991:TCP:Services

bootkitremover.exe mas na ploche?? ak ano -klik-start-klik-spsutit-skopiruj tento prikaz do okna.
"%userprofile%\Escritorio\remover.exe" fix \\.\PhysicalDrive0
[enter]
restart znovu spust bootkitremover.exe a vloz sem novy log,

#12 Příspěvek od **stell** » 21 srp 2010 22:59

ak to budes mat, tak pokracujes.
Pri tejto akcii je nutné mať ComboFix na ploche.

Vypni>FIREWALL>Antivir>Antispyware>vsetko rezidentne.

Otvor Notepad (Poznámkový blok) a zkopíruj do neho celý zeleny tex:

Kód: Vybrat vše

KILLALL::
Folder::
c:\windows\system32\xmldm
File::
c:\windows\system32\urhtps.dat
c:\windows\system32\srvblck2.tmp
c:\windows\Tasks\OGALogon.job
c:\windows\Tasks\OGADaily.job

Potom klik na Subor -> Uložiť ako.. .. -> Ako je Názov souboru tak do toho riadku napiš:CFScript.txt
Typ súboru tak tam vyberies *všetky súbory
A ulož ho na plochu.> Pozor CFScript.txt>Neotvarat a nemoze byt ani>CFScript.txt.txt A Urobis Toto :
Obrázek

Po skonceni skenu vlož log čo ComboFix vytvorí

dnes ,koncim,

ptx008 · #13 Příspěvek od **ptx008** » 22 srp 2010 18:45

Zdravim
omlouvam se,ale uz sem na to vecer nemel.....po "%userprofile%\Escritorio\remover.exe" fix \\.\PhysicalDrive0 a restartu se disk hlasil jako ze je novy tak ze totalni ztrata dat jeste ted z toho doluju fotky

pouceni na priste pro me,udelej si zalohu woe!
moc diky za pomoc a vas cas

#14 Příspěvek od **stell** » 22 srp 2010 19:03

hm, to ma mrzi, este sa mi toto nestalo,mal si tam Mebroota,,, ale staci, ak zadas s konzoly pre zotavenie ,prikazy,
fixmbr [enter]
fixboot [enter]

VIRY.CZ

Modra obrazovka,pomaly pocita,caste pady...

Modra obrazovka,pomaly pocita,caste pady...

Re: Modra obrazovka,pomaly pocita,caste pady...

Re: Modra obrazovka,pomaly pocita,caste pady...

Re: Modra obrazovka,pomaly pocita,caste pady...

Re: Modra obrazovka,pomaly pocita,caste pady...

Re: Modra obrazovka,pomaly pocita,caste pady...

Re: Modra obrazovka,pomaly pocita,caste pady...

Re: Modra obrazovka,pomaly pocita,caste pady...

Re: Modra obrazovka,pomaly pocita,caste pady...

Re: Modra obrazovka,pomaly pocita,caste pady...

Re: Modra obrazovka,pomaly pocita,caste pady...

Re: Modra obrazovka,pomaly pocita,caste pady...

Re: Modra obrazovka,pomaly pocita,caste pady...

Re: Modra obrazovka,pomaly pocita,caste pady...