Utilizamos Cookies de terceros para generar estadísticas de audiencia y mostrar publicidad personalizada analizando tu navegación. Si sigues navegando estarás aceptando su uso. Más información X
PortadaForo AyudaTutoriales
InicioForosForo Virus

Eliminar fhmivnvb.exe u otra solución a mi problema

marinalope
2010-05-06 19:49 - Respuestas: 18 - Tema nº: 2683658


Sigue muy infectado
Descarga el Combofix y se lo pasas.
No requiere instalación. Se descarga y se deja en el escritorio
En el caso de Windows vista (Y supongo que también en Windows 7), se debe ejecutar como administrador (Boton derecho-ejecutar como
administrador)
Se recomienda desactivar temporalmente el antivirus, ya que algunos pueden detectarlo como virus (es un falso positivo, esto es por los códigos que
necesita ejecutar)
Se hace doble click en el arcihivo combofix.exe y se aceptan los términos de uso
Se abrirá una ventana de DOS. Los íconos del escritorio desaparecerán (Esto es normal) y aparecerá ese mensaje:
"Please, wait. ComboFix is preparing to run". "Attempting to create a new restore point".
Traducido, dice algo así como ComboFix se está preparando para ejecutarse y está intentando crear un nuevo punto de Restauración del Sistema.
Después comenzará el proceso de desinfección. No se debe mover el mouse para no interferir
En caso de que se use Windows XP se reiniciará automáticamente (No se debe reiniciar manualmente). En Vista esto no es necesario.
Después pega un nuevo log.
Posibles soluciones:
Eliminar fhmivnvb.exe u otra solución a mi problemaEliminar fhmivnvb.exe u otra solución a mi problema
Otra solucion a este problema????Otra solucion a este problema????
Otra solucion, a mi me funcionoOtra solucion, a mi me funciono
Codigo de error 8000401a otra solucionCodigo de error 8000401a otra solucion
Solucion: eliminar el virus w32 lechuck is here!Solucion: eliminar el virus w32 lechuck is here!
Jimmy999

Re: Eliminar fhmivnvb.exe u otra solución a mi problema - 2010-05-06 23:56 - Respuesta 7

Ya tengo el log.... pero es muy largo y no se si quedara muy claro si lo pego aquí...
¿lo hago de todas formas?
emtec

Re: Eliminar fhmivnvb.exe u otra solución a mi problema - 2010-05-06 23:59 - Respuesta 8

hola, si pegalo para que pueda ser analizado. saludos


     
Jimmy999

Re: Eliminar fhmivnvb.exe u otra solución a mi problema - 2010-05-07 00:12 - Respuesta 9

ComboFix 10-05-05.0D - Jaime 06/05/2010 23:38:12.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1671 [GMT 2:00]
Running from: c:\documents and settings\Jaime\Desktop\ComboFix.exe
AV: Internet Security Anti-Virus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
FW: Internet Security Firewall *disabled* {2BF21FEC-A5BE-424D-BDD7-3229CC84ED22}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Start Menu\Programs\Philips SPC210NC Webcam
c:\documents and settings\All Users\Start Menu\Programs\Philips SPC210NC Webcam \Uninstall Philips SPC210NC Webcam.lnk
c:\recycler\S-1-5-21-0160986853-0350413138-717379644-5081
c:\recycler\S-1-5-21-0181180870-0060929732-806051044-3455
c:\recycler\S-1-5-21-0360235417-4391664162-019575829-6013
c:\recycler\S-1-5-21-0583264162-8281640647-693409429-2382
c:\recycler\S-1-5-21-0691526388-6839714133-508903781-9001
c:\recycler\S-1-5-21-0790509323-6177556750-378739597-8379
c:\recycler\S-1-5-21-1254416572-1263425100-317347820-0350
c:\recycler\S-1-5-21-1621951411-8167989749-865110900-6111
c:\recycler\S-1-5-21-3560279320-9005827281-973055647-5442
c:\recycler\S-1-5-21-5010562118-8165195522-291417993-9911
c:\recycler\S-1-5-21-5685350811-0001320426-504323288-3336
c:\recycler\S-1-5-21-5988698525-5870445691-107813031-8570
c:\recycler\S-1-5-21-6056168244-5942916811-260096205-5866
c:\recycler\S-1-5-21-6468682522-1858273836-199393645-6470
c:\recycler\S-1-5-21-6784016510-4197126567-092637327-8826
c:\recycler\S-1-5-21-8265231812-0041316043-507547104-6724
c:\recycler\S-1-5-21-8378185637-9108329436-953713415-9256
c:\recycler\S-1-5-21-9024113900-9000300653-141031905-5936
c:\recycler\S-1-5-21-9290873273-8220718597-011020185-5100
c:\recycler\S-1-5-21-9876879533-5733694194-029002913-4684
c:\windows\Alcmtr.exe
c:\windows\Fonts\mlog
c:\windows\Fonts\services.exe
c:\windows\system32\2292.exe
c:\windows\system32\2565531.exe
c:\windows\system32\3620.exe
c:\windows\system32\3808557.exe
c:\windows\system32\4501108.exe
c:\windows\system32\4bvve.log
c:\windows\system32\5324.exe
c:\windows\system32\584469.exe
c:\windows\system32\7720301.exe
c:\windows\system32\8655619.exe
c:\windows\system32\8688272.exe
c:\windows\system32\8cb6910.log
c:\windows\system32\AutoRun.inf
c:\windows\system32\BtwSvc.dll
c:\windows\system32\d.bin
c:\windows\system32\drivers\62.exe
c:\windows\system32\drivers\npf.sys
c:\windows\system32\FInstall.sys
c:\windows\system32\Install.txt
c:\windows\system32\ms.bin
c:\windows\system32\msfazmlf.dll
c:\windows\system32\mskwivhb.dll
c:\windows\system32\msnsavzy.dll
c:\windows\system32\mspdvitt.dll
c:\windows\system32\mswacsbm.dll
c:\windows\system32\msxsltsso.dll
c:\windows\system32\opear.exe
c:\windows\system32\Packet.dll
c:\windows\system32\PereSvc.exe
c:\windows\system32\PowerDes.exe
c:\windows\system32\so.bin
c:\windows\system32\svvhost
c:\windows\system32\svvhost\svchost.exe
c:\windows\system32\w.exe
c:\windows\system32\winstartup.log
c:\windows\system32\wpcap.dll
c:\windows\TEMP\mta13187.dll

Infected copy of c:\windows\system32\drivers\intelppm.sys was found and disinfected
Restored copy from - Kitty had a snack :p
c:\windows\system32\userinit.exe . . . is infected!!

c:\windows\system32\svchost.exe . . . is infected!!

c:\windows\system32\spoolsv.exe . . . is infected!!

c:\windows\explorer.exe . . . is infected!!

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-\Legacy_BTWSVC
-\Legacy_NPF
-\Service_BtwSvc
-\Service_NPF
-\Legacy_peresvc
-\Service_peresvc


((((((((((((((((((((((((( Files Created from 2010-04-06 to 2010-05-06 )))))))))))))))))))))))))))))))
.

2010-05-06 21:29 . 2010-05-06 21:29 d-w- c:\windows\system32\GroupPolicy
2010-05-06 17:39 . 2010-05-06 17:39 d-w- c:\program files\Trend Micro
2010-05-06 13:36 . 2010-05-06 13:36 d-w- c:\documents and settings\All Users\Application Data\CA
2010-05-06 12:34 . 2010-05-06 12:34 d-w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-05-06 12:34 . 2010-05-06 12:34 d-w- c:\documents and settings\Administrator\Application Data\Yahoo!
2010-05-06 12:34 . 2010-05-06 12:34 d-w- c:\program files\Yahoo!
2010-05-06 12:34 . 2010-05-06 12:34 d-w- c:\program files\CCleaner
2010-05-05 18:28 . 2010-05-05 18:28 d-w- c:\documents and settings\Jaime\WINDOWS
2010-05-05 18:26 . 2010-05-05 18:34 d-w- C:\!KillBox
2010-05-05 12:56 . 2010-05-05 12:56 d-w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-05-04 22:38 . 2010-05-04 23:35 d-s-w- c:\documents and settings\NetworkService\UserData
2010-05-04 22:33 . 2009-03-06 14:22 284160 -cw- c:\windows\system32\dllcache\pdh.dll
2010-05-04 22:33 . 2009-02-09 12:10 473600 -cw- c:\windows\system32\dllcache\fastprox.dll
2010-05-04 22:33 . 2009-02-09 12:10 401408 -cw- c:\windows\system32\dllcache\rpcss.dll
2010-05-04 22:33 . 2009-02-06 11:11 135168 -cw- c:\windows\system32\dllcache\services.exe
2010-05-04 22:33 . 2009-02-06 10:10 252928 -cw- c:\windows\system32\dllcache\wmiprvse.exe
2010-05-04 22:33 . 2009-02-09 12:10 714752 -cw- c:\windows\system32\dllcache\ntdll.dll
2010-05-04 22:33 . 2009-02-09 12:10 617472 -cw- c:\windows\system32\dllcache\advapi32.dll
2010-05-04 22:33 . 2009-02-09 12:10 453120 -cw- c:\windows\system32\dllcache\wmiprvsd.dll
2010-05-04 22:33 . 2009-10-23 15:28 3583488 -cw- c:\windows\system32\dllcache\moviemk.exe
2010-05-04 22:33 . 2008-05-03 11:55 2560 w- c:\windows\system32\xpsp4res.dll
2010-05-04 22:33 . 2008-04-21 12:08 240128 -cw- c:\windows\system32\dllcache\wordpad.exe
2010-05-04 22:23 . 2010-05-06 12:34 d-w- c:\documents and settings\Administrator
2010-05-04 18:35 . 2010-05-06 13:54 d-w- c:\windows\system32\config\systemprofile\Tracing
2010-05-04 18:00 . 2010-04-29 13:39 38224 a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-04 18:00 . 2010-05-04 18:00 d-w- c:\program files\Malwarebytes' Anti-Malware
2010-05-04 18:00 . 2010-04-29 13:39 20952 a-w- c:\windows\system32\drivers\mbam.sys
2010-05-04 17:49 . 2010-05-04 17:49 d-w- c:\documents and settings\Jaime\Application Data\Malwarebytes
2010-05-04 17:49 . 2010-05-04 17:49 d-w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-04 13:16 . 2010-05-04 13:18 d-w- c:\documents and settings\Jaime\Application Data\.clamwin
2010-05-04 13:16 . 2010-05-04 13:16 d-w- c:\program files\ClamWin
2010-05-04 13:16 . 2010-05-04 13:16 d-w- c:\documents and settings\All Users\.clamwin
2010-05-04 12:12 . 2010-05-04 12:12 d-w- c:\documents and settings\Jaime\Local Settings\Application Data\Innovative Solutions
2010-05-04 12:12 . 2010-05-04 12:12 d-w- c:\program files\Common Files\Innovative Solutions
2010-05-04 12:12 . 2010-05-04 12:12 d-w- c:\documents and settings\All Users\Application Data\Innovative Solutions
2010-05-04 12:12 . 2010-05-04 12:12 d-w- c:\program files\Innovative Solutions
2010-05-04 11:35 . 2010-05-04 12:57 d-w- c:\documents and settings\Jaime\Application Data\TuneUp Software
2010-05-04 11:34 . 2010-05-04 11:34 d-w- c:\documents and settings\All Users\Application Data\TuneUp Software
2010-05-04 11:34 . 2010-05-04 11:34 d-shw- c:\documents and settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-05-04 11:17 . 2010-05-06 13:07 d-w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-05-04 11:17 . 2010-05-06 12:38 d-w- c:\program files\Spybot - Search & Destroy
2010-05-04 10:34 . 2010-05-06 21:42 578560 -ca-w- c:\windows\system32\dllcache\user32.dll
2010-05-03 16:08 . 2008-04-14 03:42 53760 a-w- c:\windows\system32\vfwwdm32.dll
2010-05-03 13:39 . 2004-06-09 13:37 65536 a-w- c:\windows\VM_STI.EXE
2010-05-03 13:39 . 2003-05-15 15:17 61440 a-w- c:\windows\system32\VM31bSTI.dll
2010-05-03 13:39 . 2005-02-26 14:25 91527 a-w- c:\windows\system32\drivers\usbVM31b.sys
2010-05-03 13:34 . 2010-05-03 13:34 d-w- c:\windows\system32\wbem\Repository
2010-05-03 13:33 . 2010-05-03 13:33 d-w- c:\documents and settings\Jaime\Application Data\PC Tools
2010-05-03 13:33 . 2010-05-04 23:15 d-w- c:\program files\PC Tools Internet Security
2010-05-03 12:52 . 2010-05-03 13:06 8608 a-w- c:\windows\system32\mtflop.sys
2010-05-03 12:21 . 2010-05-03 12:21 210816 -ca-w- c:\windows\system32\dllcache\ndis.sys
2010-05-02 19:06 . 2010-05-02 19:06 d-w- c:\program files\Philips
2010-05-02 13:18 . 2010-05-02 13:18 d-w- c:\documents and settings\Jaime\Local Settings\Application Data\id Software
2010-05-02 12:53 . 2005-05-26 13:34 2297552 a-w- c:\windows\system32\d3dx9_26.dll
2010-05-02 12:53 . 2010-05-02 12:53 d-w- c:\windows\Logs
2010-05-01 11:26 . 2007-03-22 18:24 28160 a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-05-01 11:26 . 2006-06-29 11:07 14048 w- c:\windows\system32\spmsg2.dll
2010-04-29 17:25 . 2010-05-02 10:21 d-w- c:\program files\Garena
2010-04-29 16:15 . 2010-05-03 16:12 d-w- c:\program files\Left 4 Dead 2
2010-04-29 13:44 . 2010-04-29 13:44 d-w- c:\program files\NOS
2010-04-29 13:44 . 2010-03-29 06:53 32576 a-w- c:\documents and settings\Jaime\Application Data\Mozilla\Firefox\Profiles\z7b6cy21.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
2010-04-29 13:44 . 2010-03-29 06:53 29984 a-w- c:\documents and settings\Jaime\Application Data\Mozilla\Firefox\Profiles\z7b6cy21.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe
2010-04-28 19:34 . 2010-04-28 19:34 d-w- c:\program files\PolderbitS
2010-04-28 19:01 . 2010-04-28 19:01 d-w- c:\documents and settings\Jaime\Application Data\AVS4YOU
2010-04-28 19:00 . 2010-04-28 19:11 d-w- c:\program files\Common Files\AVSMedia
2010-04-28 19:00 . 2008-08-13 08:22 974848 a-w- c:\windows\system32\mfc70.dll
2010-04-28 19:00 . 2008-08-13 08:22 487424 a-w- c:\windows\system32\msvcp70.dll
2010-04-28 19:00 . 2008-08-13 08:22 344064 a-w- c:\windows\system32\msvcr70.dll
2010-04-28 19:00 . 2008-08-13 08:22 24576 a-w- c:\windows\system32\msxml3a.dll
2010-04-28 19:00 . 2010-04-28 19:11 d-w- c:\program files\AVS4YOU
2010-04-28 19:00 . 2010-04-28 19:01 d-w- c:\documents and settings\All Users\Application Data\AVS4YOU
2010-04-28 18:26 . 2010-04-28 18:33 d-w- c:\documents and settings\Jaime\Application Data\Youtube Downloader HD
2010-04-28 17:01 . 2010-04-28 17:01 d-w- c:\documents and settings\Jaime\Local Settings\Application Data\Ares
2010-04-28 17:01 . 2010-05-03 12:20 d-w- c:\program files\Ares
2010-04-28 16:15 . 2010-04-28 16:15 d-w- c:\documents and settings\Jaime\Application Data\Office Genuine Advantage
2010-04-26 17:49 . 2010-04-28 13:43 d-w- c:\program files\JDownloader
2010-04-25 09:40 . 2010-04-03 22:55 61440 a-w- c:\windows\system32\OpenCL.dll
2010-04-25 09:40 . 2010-04-03 22:55 11647592 a-w- c:\windows\system32\nvcompiler.dll
2010-04-25 09:39 . 2010-04-25 09:39 d-w- C:\NVIDIA
2010-04-25 09:24 . 2010-04-25 09:24 d-w- c:\program files\SystemRequirementsLab
2010-04-25 09:24 . 2010-04-25 09:24 d-w- c:\documents and settings\Jaime\Application Data\SystemRequirementsLab
2010-04-25 09:24 . 2010-04-25 09:24 290816 a-w- c:\documents and settings\Jaime\Application Data\SystemRequirementsLab\SRLProxy_nvd_4.dll
2010-04-25 09:24 . 2010-04-25 09:24 290816 a-w- c:\documents and settings\Jaime\Application Data\SystemRequirementsLab\SRLProxy_nvd_3.dll
2010-04-25 09:24 . 2010-04-25 09:24 290816 a-w- c:\documents and settings\Jaime\Application Data\SystemRequirementsLab\SRLProxy_nvd_2.dll
2010-04-25 09:24 . 2010-04-25 09:24 290816 a-w- c:\documents and settings\Jaime\Application Data\SystemRequirementsLab\SRLProxy_nvd_1.dll
2010-04-25 09:23 . 2010-04-25 09:23 d-w- c:\windows\Sun
2010-04-24 22:19 . 2010-04-24 22:19 d-w- c:\documents and settings\LocalService\Application Data\AdobeUM
2010-04-24 22:18 . 2010-04-24 22:18 d-shw- c:\documents and settings\LocalService\UserData
2010-04-24 22:18 . 2010-04-24 22:18 d-w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2010-04-24 18:08 . 2010-04-24 18:08 d-w- c:\documents and settings\Jaime\Local Settings\Application Data\PCHealth
2010-04-24 18:04 . 2010-04-24 18:04 d-w- c:\program files\Alcohol Soft
2010-04-24 18:02 . 2010-04-24 18:02 691696 a-w- c:\windows\system32\drivers\sptd.sys
2010-04-24 09:30 . 2010-04-24 09:30 d-w- c:\documents and settings\NetworkService\Application Data\HPAppData
2010-04-24 00:03 . 2010-04-24 00:03 d-w- c:\windows\system32\KB905474
2010-04-23 23:56 . 2010-04-23 23:56 d-w- c:\documents and settings\Default User\Local Settings\Application Data\Microsoft Help
2010-04-23 22:50 . 2010-04-23 22:50 d-w- c:\documents and settings\Jaime\Local Settings\Application Data\HP
2010-04-23 22:18 . 2010-04-23 22:18 d-w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-04-23 21:34 . 2010-05-04 22:28 d-w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft
2010-04-23 21:34 . 2010-04-23 21:34 d-w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Threat Expert
2010-04-23 21:34 . 2010-04-23 21:34 d-w- c:\windows\system32\config\systemprofile\Application Data\HPAppData
2010-04-23 15:19 . 2010-04-23 15:19 d-w- c:\program files\MSXML 4.0
2010-04-23 15:03 . 2008-06-13 11:05 272128 -cw- c:\windows\system32\dllcache\bthport.sys
2010-04-23 15:02 . 2009-12-31 16:50 353792 -cw- c:\windows\system32\dllcache\srv.sys
2010-04-23 15:02 . 2010-02-16 14:08 2146304 -cw- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-04-23 15:02 . 2010-02-16 13:25 2066816 -cw- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-04-23 15:02 . 2010-02-16 13:25 2024448 -cw- c:\windows\system32\dllcache\ntkrpamp.exe
2010-04-23 15:01 . 2010-02-24 13:11 455680 -cw- c:\windows\system32\dllcache\mrxsmb.sys
2010-04-23 14:59 . 2009-11-21 15:51 471552 -cw- c:\windows\system32\dllcache\aclayers.dll
2010-04-23 14:57 . 2010-05-01 11:58 d-w- c:\documents and settings\All Users\Application Data\McAfee
2010-04-23 14:54 . 2009-10-15 16:28 81920 -cw- c:\windows\system32\dllcache\fontsub.dll
2010-04-23 14:54 . 2009-10-15 16:28 119808 -cw- c:\windows\system32\dllcache\t2embed.dll
2010-04-23 14:53 . 2008-05-08 14:02 203136 -cw- c:\windows\system32\dllcache\rmcast.sys
2010-04-23 14:52 . 2008-04-11 19:04 691712 -cw- c:\windows\system32\dllcache\inetcomm.dll
2010-04-23 14:52 . 2009-06-21 21:44 153088 -cw- c:\windows\system32\dllcache\triedit.dll
2010-04-23 14:52 . 2010-02-12 10:03 317952 w- c:\windows\system32\browserchoice.exe
2010-04-23 14:51 . 2008-05-01 14:33 331776 -cw- c:\windows\system32\dllcache\msadce.dll
2010-04-23 14:51 . 2009-07-31 04:35 1172480 -cw- c:\windows\system32\dllcache\msxml3.dll
2010-04-23 14:49 . 2009-07-10 13:27 1315328 -cw- c:\windows\system32\dllcache\msoe.dll
2010-04-23 14:47 . 2008-10-15 16:34 337408 -cw- c:\windows\system32\dllcache\netapi32.dll
2010-04-23 14:46 . 2009-08-13 15:16 512000 -cw- c:\windows\system32\dllcache\js-c-r-i-p-t.dll
2010-04-23 14:37 . 2010-05-04 23:25 dhw- c:\windows\$hf_mig$

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-06 21:48 . 2010-05-06 21:48 54016 a-w- c:\windows\system32\wuaucldt.exe
2010-05-06 21:48 . 2010-05-06 21:48 54016 a-w- c:\documents and settings\Jaime\wuaucldt.exe
2010-05-06 21:42 . 2002-08-29 00:41 578560 a-w- c:\windows\system32\user32.dll
2010-05-06 17:47 . 2008-03-16 00:41 d-a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-05-04 12:12 . 2010-05-04 12:12 d-w- c:\windows\Fonts\AdvUninstal
2010-05-03 13:33 . 2008-03-16 00:41 d-w- c:\documents and settings\All Users\Application Data\PC Tools
2010-05-03 13:22 . 2008-03-15 22:22 69232 a-w- c:\documents and settings\Jaime\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-03 13:21 . 2008-03-16 00:42 d-w- c:\program files\Common Files\PC Tools
2010-05-02 19:06 . 2008-03-15 21:36 dhw- c:\program files\InstallShield Installation Information
2010-05-02 19:05 . 2008-03-16 03:08 d-w- c:\program files\Common Files\InstallShield
2010-05-01 11:27 . 2008-03-16 07:15 d-w- c:\program files\MSBuild
2010-04-30 22:35 . 2008-03-16 07:09 d-w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-04-29 13:44 . 2008-03-15 22:19 d-w- c:\documents and settings\All Users\Application Data\NOS
2010-04-25 09:42 . 2008-03-15 21:43 d-w- c:\program files\NVIDIA Corporation
2010-04-23 23:58 . 2008-03-16 07:15 d-w- c:\program files\Microsoft Works
2010-04-03 22:55 . 2009-07-14 18:54 6432128 a-w- c:\windows\system32\nv4_disp.dll
2010-04-03 22:55 . 2009-07-14 18:54 4075520 a-w- c:\windows\system32\nvcuda.dll
2010-04-03 22:55 . 2009-07-14 18:54 2646632 a-w- c:\windows\system32\nvcuvenc.dll
2010-04-03 22:55 . 2009-07-14 18:54 227944 a-w- c:\windows\system32\nvcodins.dll
2010-04-03 22:55 . 2009-07-14 18:54 227944 a-w- c:\windows\system32\nvcod.dll
2010-04-03 22:55 . 2009-07-14 18:54 2183470 a-w- c:\windows\system32\nvdata.bin
2010-04-03 22:55 . 2009-07-14 18:54 2030184 a-w- c:\windows\system32\nvcuvid.dll
2010-04-03 22:55 . 2009-07-14 18:54 14757888 a-w- c:\windows\system32\nvoglnt.dll
2010-04-03 22:55 . 2009-07-14 18:54 1097728 a-w- c:\windows\system32\nvapi.dll
2010-04-03 22:55 . 2009-07-14 18:54 10232128 a-w- c:\windows\system32\drivers\nv4_mini.sys
2010-04-03 22:55 . 2008-03-15 21:42 600680 a-w- c:\windows\system32\nvudisp.exe
2010-04-03 17:23 . 2010-04-03 17:23 278120 a-w- c:\windows\system32\nvmccs.dll
2010-04-03 17:23 . 2010-04-03 17:23 154216 a-w- c:\windows\system32\nvsvc32.exe
2010-04-03 17:23 . 2010-04-03 17:23 145000 a-w- c:\windows\system32\nvcolor.exe
2010-04-03 17:23 . 2010-04-03 17:23 13670504 a-w- c:\windows\system32\nvcpl.dll
2010-04-03 17:23 . 2010-04-03 17:23 110696 a-w- c:\windows\system32\nvmctray.dll
2010-04-03 17:22 . 2010-04-03 17:22 81920 a-w- c:\windows\system32\nvwddi.dll
2010-04-02 14:54 . 2008-03-15 21:42 600680 a-w- c:\windows\system32\NVUNINST.EXE
2010-03-10 19:36 . 2008-03-16 00:49 217032 a-w- c:\windows\system32\drivers\PCTCore.sys
2010-03-09 11:09 . 2002-08-29 00:41 430080 a-w- c:\windows\system32\vbs-c-r-i-p-t.dll
2010-02-26 05:43 . 2002-08-29 00:41 667136 a-w- c:\windows\system32\wininet.dll
2010-02-26 05:43 . 2008-03-16 00:02 81920 w- c:\windows\system32\ieencode.dll
2010-02-24 13:11 . 2002-08-29 01:59 455680 a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 14:08 . 2002-08-29 01:04 2146304 a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2002-08-29 01:04 2024448 a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33 . 2002-08-29 00:40 100864 a-w- c:\windows\system32\6to4svc.dll
2010-02-11 20:57 . 2010-02-11 20:57 49152 a-w- c:\windows\hpwin.exe
2010-02-11 12:02 . 2002-08-29 01:37 226880 a-w- c:\windows\system32\drivers\tcpip6.sys
2010-01-09 18:54 . 2010-01-09 18:54 11 sha-r- c:\windows\system32\GroupPolicy\User\Scripts\Logon\autorun.bat
.
Infected c:\windows\system32\user32.dll hex repaired


- Sigcheck -

[-] 2008-04-14 . D93C2930F79FBC4CCB307920B1FC4291 . 82432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2008-04-14 . DABE0B8BFA03628361636AED846731B1 . 82944 . . [5.1.2600.5512] . . c:\windows\system32\spoolsv.exe
[-] 2001-08-23 . 399E9722D93446CE799AEAA2CC4720C9 . 75776 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe

[-] 2008-04-14 . 8237DAE5C58EC0636ECDF7E8D4E4882B . 38912 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 . 40C6EC1AA28E71CEB7E63581B4682C02 . 38912 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
[-] 2001-08-23 . E68077D983A244D8034FA8E49350E3AA . 37376 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\svchost.exe

[-] 2008-04-14 . BA8B656AE5ED8FC28C55D3A79F24B3C7 . 50688 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 . 1DE46849F9B52A3433E944AF8484254B . 50688 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
[-] 2002-08-29 . CC891C48EA6DE93215C264E827725531 . 46592 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\userinit.exe

[-] 2008-04-14 . 9E085FC836B74280812CDA4741D1359A . 1058304 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 44B06C9486877DA4D46EA380B65A598D . 1058304 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2002-08-29 . B20581FB4BD9E2A4B47EA0B6DD557678 . 1028608 . . [6.00.2800.1106] . . c:\windows\$NtServicePackUninstall$\explorer.exe

[-] 2008-04-14 . 6AE204668C244CBFC70DAECB21A872FB . 38400 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe

[-] 2008-04-14 . 69C58215AFF1DB6BFB70A7E30EAE009A . 39936 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 . D98A963C3BB91D4944650349F2047E01 . 39936 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[-] 2002-08-29 . 6E27D0C326D44A0E85DFE4AF9FC96B33 . 37888 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-27 3883856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 39936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-03 13670504]
"syncman"="c:\windows\system32\wuaucldt.exe" [2010-05-06 54016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"syncman"="c:\documents and settings\jaime\wuaucldt.exe" [2010-05-06 54016]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"chdxq"="c:\windows\TEMP\wavffc.exe" [2010-05-06 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\explorer.exe,"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-527237240-789336058-682003330-1003\Scripts\Logon\0\0]
"Script"=autorun.bat

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [16/03/2008 2:49 217032]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [16/03/2008 2:42 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [16/03/2008 2:42 59664]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [16/03/2008 2:49 233136]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [16/03/2008 2:49 88040]
R3 pctNDIS;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [16/03/2008 2:42 58816]
S0 wvkvmbk;wvkvmbk; [x]
S3 {402AE9A6-34BB-4725-B223F345FBB99A40};{402AE9A6-34BB-4725-B223F345FBB99A40};c:\windows\System32\svchost.exe -k netsvcs [23/08/2001 13:00 38912]
S3 {6E9E1A30-562B-4D26-8E49866E4939AFB7};{6E9E1A30-562B-4D26-8E49866E4939AFB7};c:\windows\System32\svchost.exe -k netsvcs [23/08/2001 13:00 38912]
S3 {7149B0F9-EC9C-472A-8547411D145BA918};{7149B0F9-EC9C-472A-8547411D145BA918};c:\windows\System32\svchost.exe -k netsvcs [23/08/2001 13:00 38912]
S3 diskchk;diskchk;c:\windows\system32\diskchk.sys [23/08/2001 13:00 2432]
S3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [16/03/2008 2:42 78264]
S3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [16/03/2008 2:42 115216]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [16/03/2008 2:42 70408]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [16/03/2008 2:42 33552]
S4 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools Internet Security\BDT\BDTUpdateService.exe [16/03/2008 2:50 112592]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [24/04/2010 20:02 691696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
getPlusHelper REG_MULTI_SZ getPlusHelper

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs



{402AE9A6-34BB-4725-B223F345FBB99A40}

{6E9E1A30-562B-4D26-8E49866E4939AFB7}
.
Contents of the 'Scheduled Tasks' folder

2010-05-06 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 13:07]

2010-05-06 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-04-24 20:18]
.
.
- Supplementary Scan -
.
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Jaime\Application Data\Mozilla\Firefox\Profiles\z7b6cy21.default\
FF - prefs.js: browser.startup.homepage - hxxp://hotmail.com/
FF - plugin: c:\documents and settings\Jaime\Application Data\Mozilla\Firefox\Profiles\z7b6cy21.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll

FIREFOX POLICIES
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javas-c-r-i-p-t.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javas-c-r-i-p-t.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.des-c-r-i-p-tion", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Regedit32 - c:\windows\system32\regedit.exe
SSODL-GootkitSSO-{2C1BC293-217D-45C2-A216-7D868ECBF001} - c:\windows\System32\msxsltsso.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-06 23:47
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\system32\wuaucldt.exe 54016 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x89EAD2A8] CLASSPNP.SYS @ 0xf763bf28
\Driver\ACPI -> ACPI.sys @ 0xf758ecb8
\Driver\atapi -> atapi.sys @ 0xf7480852
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805e710a
ParseProcedure -> ntoskrnl.exe @ 0x80578f7a
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805e710a
ParseProcedure -> ntoskrnl.exe @ 0x80578f7a
NDIS: Realtek RTL8139/810x Family Fast Ethernet NIC -> SendCompleteHandler -> 0x89d485c0
PacketIndicateHandler -> NDIS.sys @ 0xf7875a21
SendHandler -> NDIS.sys @ 0xf785387b
user & kernel MBR OK

**************************************************************************
.
- LOCKED REGISTRY KEYS -

[HKEY_LOCAL_MACHINE\software\ASRock\WiFi-802.11n]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\Arlnk\shell]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\magnet\shell]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{19F4CECD-60C0-49D3-86F9-839544C513CF}\1.0]
@DACL=(02 0000)
@="mcoemmgr 1.0 Type Library"

[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{6C13A1F5-8891-4C29-9A24-3BCA07419128}\1.0]
@DACL=(02 0000)
@="McAPILib"

[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{D6F870AF-7292-4670-96D3-EAA62A31FB08}\1.0]
@DACL=(02 0000)
@="McShell 1.0 Type Library"

[HKEY_LOCAL_MACHINE\software\Hewlett-Packard\DigitalImaging\Services]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Hewlett-Packard\usg\#Hewlett-Packard#HP Photosmart C4200 series#1205618673\MVpCThreshold]
@DACL=(02 0000)
"ThresholdLow"="6.04"
"ThresholdHi"="72.48"

[HKEY_LOCAL_MACHINE\software\Hewlett-Packard\usg\#Hewlett-Packard#HP Photosmart C4200 series#1205618673\SixMonthWindow]
@DACL=(02 0000)
"Log000Date"="1205618681;03/15/2008 14:04"
"Log000"="31."
"Count"="3"
"LastTime"="1272823710;05/02/2010 20:08"
"LastTotal"="31."
"Log001Date"="1272004271;04/22/2010 23:31"
"Log001"="31."
"Log002Date"="1272816431;05/02/2010 18:07"
"Log002"="31."

[HKEY_LOCAL_MACHINE\software\Microsoft\Advanced INF Setup\IE UserData NT\RegBackup]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\Advanced INF Setup\IE.HKCUZoneInfo\RegBackup]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\Advanced INF Setup\IE40.UserAgent\RegBackup]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\Advanced INF Setup\IEHomePageInfo\RegBackup]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT]
@DACL=(02 0000)
"GROOVE.EXE"=dword:00000001
"OUTLOOK.EXE"=dword:00000001
"clview.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]
@DACL=(02 0000)
"svchost.exe"=dword:00001f40

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE]
@DACL=(02 0000)
"GROOVE.EXE"=dword:00000001
"OUTLOOK.EXE"=dword:00000001
"clview.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL]
@DACL=(02 0000)
"GROOVE.EXE"=dword:00000001
"OUTLOOK.EXE"=dword:00000001
"clview.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD]
@DACL=(02 0000)
"GROOVE.EXE"=dword:00000001
"OUTLOOK.EXE"=dword:00000001
"clview.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_OBJECT_DATA_ATTRIBUTE]
@DACL=(02 0000)
"WindowsLiveWriter.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND]
@DACL=(02 0000)
"GROOVE.EXE"=dword:00000001
"OUTLOOK.EXE"=dword:00000001
"clview.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_UNC_SAVEDFILECHECK]
@DACL=(02 0000)
"GROOVE.EXE"=dword:00000001
"OUTLOOK.EXE"=dword:00000001
"clview.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL]
@DACL=(02 0000)
"GROOVE.EXE"=dword:00000001
"OUTLOOK.EXE"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\9.0]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\FilterShimDllExclusionList]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\FilterShimDllInclusionList]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\FilterShimExclusionList]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\FilterShimInclusionList]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\NodeCLSIDs\{13A7995E-7D8F-45B4-9C77-819265225763}]
@DACL=(02 0000)
"Priority"=dword:00000001
"AutoInsert"=dword:00000001
"Name"="WMPlayer Spectrum Analyzer DMO"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\NodeCLSIDs\{95037DA1-6ED9-4B27-8CFF-9AD3DFB0B2F2}]
@DACL=(02 0000)
"Priority"=dword:fffffffb
"AutoInsert"=dword:00000001
"Name"="WMPlayer SRSWow DMO"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\NodeCLSIDs\{974BF3BF-C9AE-4476-8003-5FE544DF458C}]
@DACL=(02 0000)
"Priority"=dword:fffffffe
"AutoInsert"=dword:00000001
"Name"="WMPlayer Video Processing DMO"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\NodeCLSIDs\{B2DBA270-9F49-4513-AC13-76496D6EBA3A}]
@DACL=(02 0000)
"Priority"=dword:00000002
"AutoInsert"=dword:00000000
"Name"="Speaker Enhancement DMO"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\NodeCLSIDs\{D01BC8E2-70AD-4976-9612-21B37ED5C8E8}]
@DACL=(02 0000)
"Priority"=dword:00000003
"AutoInsert"=dword:00000001
"Name"="WMPlayer Equalizer DMO"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\NodeCLSIDs\{D7E9C0B4-0E4D-46B4-BC46-1D0222F92C6F}]
@DACL=(02 0000)
"Priority"=dword:fffffffc
"AutoInsert"=dword:00000001
"Name"="Seamless Audio DMO"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\NodeCLSIDs\{E5A8C40E-654B-44D4-ACBB-DBE6D3B3333B}]
@DACL=(02 0000)
"Priority"=dword:fffffffd
"AutoInsert"=dword:00000001
"Name"="Volume Normalization DMO"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\NodeCLSIDs\{FB02E8EF-ACFE-4CC0-96DF-8B5C7098272C}]
@DACL=(02 0000)
"Priority"=dword:fffffffe
"AutoInsert"=dword:00000001
"Name"="WMPlayer Time Compression DMO"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\Effects\Alchemy]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Setup\Installed Versions]
@DACL=(02 0000)
"wmp.dll"=hex:00,00,09,00,9c,11,00,00
"wmploc.dll"=hex:00,00,09,00,97,11,00,00
"wmplayer.exe"=hex:00,00,09,00,97,11,00,00

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\ShimDllExclusionList]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\ShimDllInclusionList]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\ShimExclusionList]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\ShimInclusionList]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\SmartPlaylist]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\UIPlugins]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\UIPlugins\{0776F107-F5A6-404B-9A78-7027FA6EAADD}]
@DACL=(02 0000)
"FriendlyName"="Complemento de música de Windows Live Messenger"
"Des-c-r-i-p-tion"="Cambia tu mensaje personal en Windows Live Messenger y muestra la canción que estás escuchando."
"Capabilities"=dword:40000001

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\UIPlugins\{0890F930-4F80-4646-BAB1-4B6E5571FB89}]
@DACL=(02 0000)
"Capabilities"=dword:00000004
"FriendlyName"="res://wmploc.dll/RT_STRING/#1491"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\UIPlugins\{1F32514F-1561-4922-A604-8A1F478B5A42}]
@DACL=(02 0000)
"Capabilities"=dword:00000004
"FriendlyName"="res://wmploc.dll/RT_STRING/#1495"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\UIPlugins\{52903d79-f993-4de6-8317-20c9c176d823}]
@DACL=(02 0000)
"Capabilities"=dword:00000004
"FriendlyName"="res://wmploc.dll/RT_STRING/#1496"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\UIPlugins\{59E7BF52-E5C9-4382-A39A-522DEE9AFDFD}]
@DACL=(02 0000)
"Capabilities"=dword:00000004
"FriendlyName"="res://wmploc.dll/RT_STRING/#1497"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\UIPlugins\{5DF031B7-6A37-42D9-8802-E27F4F224332}]
@DACL=(02 0000)
"Capabilities"=dword:00000003
"FriendlyName"="Viz Plug-in"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\UIPlugins\{5F4BB5C9-4652-489B-8601-EEC0C3C32E2E}]
@DACL=(02 0000)
"Capabilities"=dword:00000004
"FriendlyName"="res://wmploc.dll/RT_STRING/#1494"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\UIPlugins\{7F2B1D6B-1357-402C-A1C8-67E59583B41D}]
@DACL=(02 0000)
"Des-c-r-i-p-tion"="Captions plugin des-c-r-i-p-tion"
"Capabilities"=dword:000000f0
"FriendlyName"="Captions plugin name"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\UIPlugins\{93075F62-16B3-43EC-A53B-FFAD0E01D5E7}]
@DACL=(02 0000)
"Capabilities"=dword:00000003
"FriendlyName"="res://wmploc.dll/RT_STRING/#209"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\UIPlugins\{9695AEF9-9D03-4671-8F2F-FF49D1BB01C4}]
@DACL=(02 0000)
"Des-c-r-i-p-tion"="Media Information des-c-r-i-p-tion"
"Capabilities"=dword:00000005
"FriendlyName"="res://wmploc.dll/RT_STRING/#1407"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\UIPlugins\{976ABECA-93F7-4d81-9187-2A6137829675}]
@DACL=(02 0000)
"Capabilities"=dword:00000004
"FriendlyName"="res://wmploc.dll/RT_STRING/#1490"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\UIPlugins\{99DB05E3-F81E-4C8A-A252-F396306AB6FE}]
@DACL=(02 0000)
"Des-c-r-i-p-tion"="Banner plugin des-c-r-i-p-tion"
"Capabilities"=dword:000000f0
"FriendlyName"="Banner plugin name"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\UIPlugins\{9F9562EB-15B6-46C6-A7CB-0A66FC65130E}]
@DACL=(02 0000)
"Capabilities"=dword:00000004
"FriendlyName"="res://wmploc.dll/RT_STRING/#1493"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\UIPlugins\{9FA014E3-076F-4865-A73C-117131B8E292}]
@DACL=(02 0000)
"Capabilities"=dword:00000004
"FriendlyName"="res://wmploc.dll/RT_STRING/#1492"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\UIPlugins\{D5E49195-ED19-40fb-9EE0-E6625A808B77}]
@DACL=(02 0000)
"Capabilities"=dword:00000003
"FriendlyName"="Video Plug-in"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\UIPlugins\{E641D09E-E500-4c09-8260-F1CD7B902E9C}]
@DACL=(02 0000)
"FriendlyName"="WM View plugin name"
"Des-c-r-i-p-tion"="WM View plugin des-c-r-i-p-tion"
"Capabilities"=dword:000000f0

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\UIPlugins\{F24A1BC2-2331-4B91-8A13-5A549DA56E9D}]
@DACL=(02 0000)
"Capabilities"=dword:00000003
"FriendlyName"="Border Plug-in"

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\UIPlugins\{FD981763-B6BB-4d51-9143-6D372A0ED56F}]
@DACL=(02 0000)
"FriendlyName"="res://wmploc.dll/RT_STRING/#5822"
"Des-c-r-i-p-tion"="res://wmploc.dll/RT_STRING/#5823"
"Capabilities"=dword:00000003

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}]
@DACL=(02 0000)
"FriendlyName"="DirectX"
"ComponentGUID"="{44BBA855-CC51-11CF-AAFA-00AA00B6015C}"
"Version"=dword:00040009
"Sub-Version"=dword:00000388
"ExceptionInfName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\\dxxp.inf"
"ExceptionCatalogName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\\dxxp.cat"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{AA936DF4-2B08-4B1F-B071-72192E287704}]
@DACL=(02 0000)
"FriendlyName"="DirectX BDA"
"ComponentGUID"="{AA936DF4-2B08-4B1F-B071-72192E287704}"
"Version"=dword:00040009
"Sub-Version"=dword:00000388
"ExceptionInfName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{AA936DF4-2B08-4B1F-B071-72192E287704}\\dxbda.inf"
"ExceptionCatalogName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{AA936DF4-2B08-4B1F-B071-72192E287704}\\dx9bda.cat"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\Oc Manager\Errors]
@DACL=(02 0000)
"sysoc"=multi:"Setup could not copy one or more files. The specific\0d\0aerror code is 0x4c7. Press OK to continue or Cancel\0d\0ato stop setup and try again. If you continue the components\0d\0amay not function properly.\0d\0a\00\00"

[HKEY_LOCAL_MACHINE\software\PCTools\Spyware Doctor\BNS]
@DACL=(02 0000)
"flStatus"=dword:00000000
"flURL"="http://www.pctools.com/es/internet-security/install/?uid=85E7-922D"
"tlStatus"=dword:00000000
"tlURL"="http://www.pctools.com/es/internet-security/unreg/?uid=85E7-922D"
"uStatus"=dword:00000001
"uURL"="http://www.pctools.com/es/internet-security/uninstall/?uid=85E7-922D&PID=0&subproduct=NRM"

[HKEY_LOCAL_MACHINE\software\Philips\Philips SPC210NC Webcam]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Realtek Semiconductor Corp.\Realtek High Definition Audio Driver]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\VertigoGames\BlackShot]
@DACL=(02 0000)
.
- DLLs Loaded Under Running Processes -

- - - - - - - > 'winlogon.exe'(996)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll

- - - - - - - > 'lsass.exe'(1052)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
Other Running Processes
.
c:\windows\System32\nvsvc32.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\System32\GroupPolicy\User\Scripts\Logon\winlogo.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\TEMP\VRT3.tmp
.
**************************************************************************
.
Completion time: 2010-05-06 23:51:59 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-06 21:51

Pre-Run: 59.491.528.704 bytes free
Post-Run: 59.645.911.040 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

Current=4 Default=4 Failed=2 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - AAEBC18E6AB4BFA832F142EA45BA272D
marinalope

Re: Eliminar fhmivnvb.exe u otra solución a mi problema - 2010-05-07 01:34 - Respuesta 10

El log al que me refería es el del HijackThis,no al del Combofix.
Página:Anterior2 Siguiente

Respuestas relacionadas:

Instalar window7 en una particion sin eliminar otra?Instalar window7 en una particion sin eliminar otra?Foro
Eliminar una instalacion de vista dentor de otraEliminar una instalacion de vista dentor de otraForo
Eliminar una cuenta de airg y crear otraEliminar una cuenta de airg y crear otraForo
Eliminar mi cuenta en airg y crear otra desde mi celEliminar mi cuenta en airg y crear otra desde mi celForo
Quiero eliminar nod32 para instalarlo otra vezQuiero eliminar nod32 para instalarlo otra vezForo
Eliminar babylon de google chrome (solucion simple)Eliminar babylon de google chrome (solucion simple)Foro
Cómo eliminar existe otra instalación en curso en windows 7Cómo eliminar existe otra instalación en curso en windows 7Foro
Solucion a mi problemaSolucion a mi problemaForo
Solucion de problemaSolucion de problemaForo
Solucion de mi problemaSolucion de mi problemaForo
InicioSecciones
^ SubirAviso legal
Política Privacidad
Configurarequipos23 Diciembre 2024