Tema: Tengo el vundo y no logro eliminarlo (Solucionado)
Ver Mensaje Individual
  post #3 (permalink)  
Antiguo 22/10/07, 22:26:16
pgoc pgoc está offline
Usuario
  
Registrado: oct 2005
Ubicación: uruguay
Mensajes: 39
Aqui va el reporte del SilentRunners
"Silent Runners.vbs", revision 52, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run \ {++}
"CTFMON.EXE" = "C:\WINDOWS.0\system32\ctfmon.exe" [MS]
"swg" = "C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolba rNotifier.exe" ["Google Inc."]
"SUPERAntiSpyware" = "C:\Archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe" ["SUPERAntiSpyware.com"]
"Vidalia" = ""C:\Archivos de programa\Vidalia Bundle\Vidalia\vidalia.exe"" ["vidalia-project.net"]
"BitTorrent DNA" = ""C:\Archivos de programa\BitTorrent_DNA\dna.exe"" [null data]
"TuneUp MemOptimizer" = ""C:\Archivos de programa\TuneUp Utilities 2006\MemOptimizer.exe" autostart" ["TuneUp Software GmbH"]
"SpybotSD TeaTimer" = "C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe" ["Safer Networking Limited"]
"(Default)" = "(empty string)" [file not found]
"explore" = "C:\WINDOWS.0\system32\exploreinet.exe" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run \ {++}
"nod32kui" = ""C:\Archivos de programa\Eset\nod32kui.exe" /WAITSERVICE" ["Eset "]
"WINDVDPatch" = "CTHELPER.EXE" ["Creative Technology Ltd"]
"UpdReg" = "C:\WINDOWS.0\UpdReg.EXE" ["Creative Technology Ltd."]
"Jet Detection" = ""C:\Archivos de programa\Creative\SBLive\PROGRAM\ADGJDet.exe"" [empty string]
"NeroFilterCheck" = "C:\Archivos de programa\Archivos comunes\Ahead\Lib\NeroCheck.exe" ["Nero AG"]
"RemoteControl" = ""C:\Archivos de programa\CyberLink\PowerDVD\PDVDServ.exe"" ["Cyberlink Corp."]
"LanguageShortcut" = ""C:\Archivos de programa\CyberLink\PowerDVD\Language\Language.exe" " [null data]
"Acrobat Assistant 7.0" = ""C:\Archivos de programa\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"" ["Adobe Systems Inc."]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS.0\system32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"SunJavaUpdateSched" = ""C:\Archivos de programa\Java\jre1.6.0_03\bin\jusched.exe"" ["Sun Microsystems, Inc."]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS.0\system32\NvMcTray.dll,NvTaskbarInit" [MS]
"CloneCDTray" = ""C:\Archivos de programa\SlySoft\CloneCD\CloneCDTray.exe" /s" ["SlySoft, Inc."]
"AAWTray" = "C:\Archivos de programa\Lavasoft\Ad-Aware 2007\AAWTray.exe" [null data]
"PVR Agent" = "C:\Archivos de programa\KWorld Multimedia\PVR Plus\TVR\Scheduled.exe" [empty string]
"KernelFaultCheck" = "C:\WINDOWS.0\system32\dumprep 0 -k"

HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}\(Default) = (no title provided)
-> {HKLM...CLSID} = "FGCatchUrl"
\InProcServer32\(Default) = "C:\Archivos de programa\FlashGet\jccatch.dll" ["www.flashget.com"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Spybot-S&D IE Protection"
\InProcServer32\(Default) = "C:\ARCHIV~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
{B97BD157-9CD8-41F1-82B7-03119E3D8A40}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS.0\system32\xxyvv.dll" [file not found]

HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extensión de icono de HyperTerminal"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS.0\system32\hticons.dll" ["Hilgraeve, Inc."]
"{3028902F-6374-48b2-8DC6-9725E775B926}" = "IE Microsoft AutoComplete"
-> {HKLM...CLSID} = "IE Microsoft AutoComplete"
\InProcServer32\(Default) = "C:\WINDOWS.0\system32\browseui.dll" [MS]
"{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band"
-> {HKLM...CLSID} = "History Band"
\InProcServer32\(Default) = "C:\WINDOWS.0\system32\shdocvw.dll" [MS]
"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"
-> {HKLM...CLSID} = "Mis carpetas para compartir"
\InProcServer32\(Default) = "C:\Archivos de programa\MSN Messenger\fsshext.8.1.0178.00.dll" [MS]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Archivos de programa\WinRAR\rarext.dll" [null data]
"{B089FE88-FB52-11D3-BDF1-0050DA34150D}" = "NOD32 Context Menu Shell Extension"
-> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\Archivos de programa\Eset\nodshex.dll" [null data]
"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\ARCHIV~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]
"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\ARCHIV~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]
"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\ARCHIV~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]
"{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\ARCHIV~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]
"{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}" = "PowerISO"
-> {HKLM...CLSID} = "PowerISO"
\InProcServer32\(Default) = "C:\Archivos de programa\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."]
"{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2}" = "NeroCoverEd Live Icons"
-> {HKLM...CLSID} = "NeroCoverEdLiveIcons Class"
\InProcServer32\(Default) = "C:\Archivos de programa\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"]
"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"
-> {HKLM...CLSID} = "NeroDigitalIconHandler Class"
\InProcServer32\(Default) = "C:\Archivos de programa\Archivos comunes\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"
-> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"
\InProcServer32\(Default) = "C:\Archivos de programa\Archivos comunes\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}" = "Adobe.Acrobat.ContextMenu"
-> {HKLM...CLSID} = "Acrobat Elements Context Menu"
\InProcServer32\(Default) = "C:\Archivos de programa\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Archivos de programa\Microsoft Office\Office10\msohev.dll" [MS]
"{7C5E74A0-D5E0-11D0-A9BF-E886A83B9BE5}" = "Context Menu Shell Extension"
-> {HKLM...CLSID} = "Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\ARCHIV~1\TAGREN~1\TRshell.dll" ["Softpointer Inc"]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\WINDOWS.0\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "C:\WINDOWS.0\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS.0\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "C:\WINDOWS.0\system32\nvshell.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\WINDOWS.0\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{5464D816-CF16-4784-B9F3-75C0DB52B499}" = "Yahoo! Mail"
-> {HKLM...CLSID} = "YMailShellExt Class"
\InProcServer32\(Default) = "C:\ARCHIV~1\YAHOO!\COMMON\ymmapi.dll" ["Yahoo! Inc."]
"{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}" = "TuneUp Shredder Shell Context Menu Extension"
-> {HKLM...CLSID} = "TuneUp Shredder Shell Context Menu Extension"
\InProcServer32\(Default) = ""C:\Archivos de programa\TuneUp Utilities 2006\sdshelex.dll"" ["TuneUp Software GmbH"]
"{2B3453E4-49DF-11D3-8229-0080BE509050}" = "GMail Drive"
-> {HKLM...CLSID} = "GMail Drive"
\InProcServer32\(Default) = "C:\WINDOWS.0\system32\ShellExt\GMailFS.dll" ["Bjarke Viksoe"]
"{2B3453E4-49DF-11D3-8229-0080BE509052}" = "GMailFS Property Sheet"
-> {HKLM...CLSID} = "GMailFS Property Sheet"
\InProcServer32\(Default) = "C:\WINDOWS.0\system32\ShellExt\GMailFS.dll" ["Bjarke Viksoe"]
"{2B3453E4-49DF-11D3-8229-0080BE509054}" = "GMailFS Drop Handler"
-> {HKLM...CLSID} = "GMailFS Drop Handler"
\InProcServer32\(Default) = "C:\WINDOWS.0\system32\ShellExt\GMailFS.dll" ["Bjarke Viksoe"]
"{2B3453E4-49DF-11D3-8229-0080BE509056}" = "GMailFS Context Menu"
-> {HKLM...CLSID} = "GMailFS Context Menu"
\InProcServer32\(Default) = "C:\WINDOWS.0\system32\ShellExt\GMailFS.dll" ["Bjarke Viksoe"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellExecuteHooks\
<<!>> "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" = (no title provided)
-> {HKLM...CLSID} = "SABShellExecuteHook Class"
\InProcServer32\(Default) = "C:\Archivos de programa\SUPERAntiSpyware\SASSEH.DLL" ["SuperAdBlocker.com"]

HKLM\Software\Microsoft\Windows\CurrentVersion\She llServiceObjectDelayLoad\
"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
-> {HKLM...CLSID} = "WPDShServiceObj Class"
\InProcServer32\(Default) = "C:\WINDOWS.0\system32\WPDShServiceObj.dll" [MS]

HKLM\System\CurrentControlSet\Control\Session Manager\
<<!>> "BootExecute" = "PDBoot.exe" ["Raxco Software, Inc."]|"autocheck autochk *"|"lsdelete" [null data]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> !SASWinLogon\DLLName = "C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.dll" ["SUPERAntiSpyware.com"]
<<!>> byvwx\DLLName = "C:\WINDOWS.0\system32\byvwx.dll" [file not found]
<<!>> nnlmn\DLLName = "C:\WINDOWS.0\system32\nnlmn.dll" [file not found]
<<!>> opnoo\DLLName = "C:\WINDOWS.0\system32\opnoo.dll" [file not found]
<<!>> pmkkj\DLLName = "C:\WINDOWS.0\system32\pmkkj.dll" [file not found]
<<!>> wvusp\DLLName = "C:\WINDOWS.0\system32\wvusp.dll" [file not found]

HKLM\Software\Classes\Folder\shellex\ColumnHandler s\
{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"
-> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"
\InProcServer32\(Default) = "C:\Archivos de programa\Archivos comunes\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandler s\
Adobe.Acrobat.ContextMenu\(Default) = "{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}"
-> {HKLM...CLSID} = "Acrobat Elements Context Menu"
\InProcServer32\(Default) = "C:\Archivos de programa\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."]
Cover Designer\(Default) = "{73FCA462-9BD5-4065-A73F-A8E5F6904EF7}"
-> {HKLM...CLSID} = "NeroCoverEdContextMenu Class"
\InProcServer32\(Default) = "C:\Archivos de programa\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"]
NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"
-> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\Archivos de programa\Eset\nodshex.dll" [null data]
PandoShellExt\(Default) = "{9C150845-2A2D-44CC-90B3-AA03480AA3D2}"
-> {HKLM...CLSID} = "PDShellExt Class"
\InProcServer32\(Default) = "C:\Archivos de programa\Pando Networks\Pando\PandoShellExt.dll" ["Pando Networks"]
PowerISO\(Default) = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}"
-> {HKLM...CLSID} = "PowerISO"
\InProcServer32\(Default) = "C:\Archivos de programa\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."]
TagRename_ContextMenu\(Default) = "{7C5E74A0-D5E0-11D0-A9BF-E886A83B9BE5}"
-> {HKLM...CLSID} = "Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\ARCHIV~1\TAGREN~1\TRshell.dll" ["Softpointer Inc"]
TuneUp Shredder\(Default) = "{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}"
-> {HKLM...CLSID} = "TuneUp Shredder Shell Context Menu Extension"
\InProcServer32\(Default) = ""C:\Archivos de programa\TuneUp Utilities 2006\sdshelex.dll"" ["TuneUp Software GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Archivos de programa\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\ARCHIV~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]
Yahoo! Mail\(Default) = "{5464D816-CF16-4784-B9F3-75C0DB52B499}"
-> {HKLM...CLSID} = "YMailShellExt Class"
\InProcServer32\(Default) = "C:\ARCHIV~1\YAHOO!\COMMON\ymmapi.dll" ["Yahoo! Inc."]

HKLM\Software\Classes\Directory\shellex\ContextMen uHandlers\
PandoShellExt\(Default) = "{9C150845-2A2D-44CC-90B3-AA03480AA3D2}"
-> {HKLM...CLSID} = "PDShellExt Class"
\InProcServer32\(Default) = "C:\Archivos de programa\Pando Networks\Pando\PandoShellExt.dll" ["Pando Networks"]
PowerISO\(Default) = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}"
-> {HKLM...CLSID} = "PowerISO"
\InProcServer32\(Default) = "C:\Archivos de programa\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."]
TuneUp Shredder\(Default) = "{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}"
-> {HKLM...CLSID} = "TuneUp Shredder Shell Context Menu Extension"
\InProcServer32\(Default) = ""C:\Archivos de programa\TuneUp Utilities 2006\sdshelex.dll"" ["TuneUp Software GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Archivos de programa\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\ARCHIV~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]

HKLM\Software\Classes\Folder\shellex\ContextMenuHa ndlers\
NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"
-> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\Archivos de programa\Eset\nodshex.dll" [null data]
PowerISO\(Default) = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}"
-> {HKLM...CLSID} = "PowerISO"
\InProcServer32\(Default) = "C:\Archivos de programa\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."]
TagRename_ContextMenu\(Default) = "{7C5E74A0-D5E0-11D0-A9BF-E886A83B9BE5}"
-> {HKLM...CLSID} = "Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\ARCHIV~1\TAGREN~1\TRshell.dll" ["Softpointer Inc"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Archivos de programa\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\ARCHIV~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]

HKLM\Software\Classes\AllFilesystemObjects\shellex \ContextMenuHandlers\
FAExt\(Default) = "{05672D66-9736-42F5-8BEB-FA1DD3CA51C4}"
-> {HKLM...CLSID} = "FAExt Class"
\InProcServer32\(Default) = "C:\ARCHIV~1\FILEAS~1\FILEAS~1.DLL" ["Malwarebytes"]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\

"MemCheckBoxInRunDlg" = (REG_DWORD) hex:0x00000001
{unrecognized setting}

HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS.0\Web\Wallpaper\Blax_XE.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\WINDOWS.0\Web\Wallpaper\Blax_XE.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS.0\system32\logon.scr" [MS]


Startup items in "Admin" & "All Users" startup folders:
-------------------------------------------------------

C:\Documents and Settings\Admin\Menú Inicio\Programas\Inicio
"VCool.exe" -> shortcut to: "C:\WINDOWS.0\system32\VCool.exe" [" "]

C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio
"Microsoft Office" -> shortcut to: "C:\Archivos de programa\Microsoft Office\Office10\OSA.EXE -b -l" [MS]
"Remote Control" -> shortcut to: "C:\Archivos de programa\KWorld Multimedia\PVR-TV 7131 Utilities\P3XRCtl.exe" [empty string]
"Inicio rápido de Adobe Acrobat" -> shortcut to: "C:\WINDOWS.0\Installer\{AC76BA86-1034-4700-7760-000000000002}\SC_Acrobat.exe" [null data]
"Privoxy" -> shortcut to: "C:\Archivos de programa\Vidalia Bundle\Privoxy\privoxy.exe" ["The Privoxy team - www.privoxy.org"]


Enabled Scheduled Tasks:
------------------------

"Mantenimiento con 1 clic" -> launches: "C:\Archivos de programa\TuneUp Utilities 2006\SystemOptimizer.exe /schedulestart" ["TuneUp Software GmbH"]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Pa rameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Pa rameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
C:\WINDOWS.0\system32\imon.dll ["Eset "], 01 - 05, 11
%SystemRoot%\system32\mswsock.dll [MS], 06 - 08, 12 - 25
%SystemRoot%\system32\rsvpsp.dll [MS], 09 - 10


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\archivos de programa\google\googletoolbar2.dll" ["Google Inc."]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"
-> {HKLM...CLSID} = "PDF de Adobe"
\InProcServer32\(Default) = "C:\Archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"]
"{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}"
-> {HKLM...CLSID} = "Megaupload Toolbar"
\InProcServer32\(Default) = "C:\ARCHIV~1\MEGAUP~1\MEGAUP~1.DLL" ["MEGAUPLOAD "]

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
-> {HKLM...CLSID} = "Barra Yahoo! con bloqueador de ventanas emergentes"
\InProcServer32\(Default) = "C:\Archivos de programa\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\archivos de programa\google\googletoolbar2.dll" ["Google Inc."]
"{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}"
-> {HKLM...CLSID} = "PDFCreator Toolbar"
\InProcServer32\(Default) = "C:\Archivos de programa\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll" [null data]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"
-> {HKLM...CLSID} = "PDF de Adobe"
\InProcServer32\(Default) = "C:\Archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"]
"{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}"
-> {HKLM...CLSID} = "Megaupload Toolbar"
\InProcServer32\(Default) = "C:\ARCHIV~1\MEGAUP~1\MEGAUP~1.DLL" ["MEGAUPLOAD "]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided)
-> {HKLM...CLSID} = "Barra Yahoo! con bloqueador de ventanas emergentes"
\InProcServer32\(Default) = "C:\Archivos de programa\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\archivos de programa\google\googletoolbar2.dll" ["Google Inc."]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" = (no title provided)
-> {HKLM...CLSID} = "PDF de Adobe"
\InProcServer32\(Default) = "C:\Archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"]
"{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}" = "PDFCreator Toolbar"
-> {HKLM...CLSID} = "PDFCreator Toolbar"
\InProcServer32\(Default) = "C:\Archivos de programa\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll" [null data]
"{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}" = (no title provided)
-> {HKLM...CLSID} = "Megaupload Toolbar"
\InProcServer32\(Default) = "C:\ARCHIV~1\MEGAUP~1\MEGAUP~1.DLL" ["MEGAUPLOAD "]

Explorer Bars

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
{182EC0BE-5110-49C8-A062-BEB1D02A220B}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF"
\InProcServer32\(Default) = "C:\Archivos de programa\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Consola de Sun Java"
"CLSIDExtension" = "{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in 1.6.0_03"
\InProcServer32\(Default) = "C:\Archivos de programa\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.6.0_03"
\InProcServer32\(Default) = "C:\Archivos de programa\Java\jre1.6.0_03\bin\npjpi160_03.dll" ["Sun Microsystems, Inc."]

{D6E814A0-E0C5-11D4-8D29-0050BA6940E3}\
"ButtonText" = "FlashGet"
"MenuText" = "FlashGet"
"Exec" = "C:\Archivos de programa\FlashGet\FlashGet.exe" ["FlashGet.com"]

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\
"MenuText" = "Spybot - Search & Destroy Configuration"
"CLSIDExtension" = "{53707962-6F74-2D53-2644-206D7942484F}"
-> {HKLM...CLSID} = "Spybot-S&D IE Protection"
\InProcServer32\(Default) = "C:\ARCHIV~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]

{E2E2DD38-D088-4134-82B7-F2BA38496583}\
"MenuText" = "@xpsp3res.dll,-20001"
"Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]

{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}\
"ButtonText" = "Yahoo! Messenger"
"MenuText" = "Yahoo! Messenger"
"Exec" = "C:\Archivos de programa\Yahoo!\Messenger\YahooMessenger.exe" ["Yahoo! Inc."]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Archivos de programa\Messenger\msmsgs.exe" [MS]


Miscellaneous IE Hijack Points
------------------------------

C:\WINDOWS.0\INF\IERESET.INF (used to "Reset Web Settings")

Added lines (compared with English-language version):
[Strings]: START_PAGE_URL=http://www.google.es

Missing lines (compared with English-language version):
[Strings]: 1 line

HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\
<<H>> "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = "*h" (unwritable string)
-> {HKLM...CLSID} = "Barra Yahoo! con bloqueador de ventanas emergentes"
\InProcServer32\(Default) = "C:\Archivos de programa\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]

HKLM\Software\Microsoft\Internet Explorer\AboutURLs\
<<H>> "TuneUp" = "file://C|/Documents and Settings/All Users/Datos de programa/TuneUp Software/Common/base.css" [file not found]
<<H>> "Tabs" = "C:\Documents and Settings\Admin\Datos de programa\MEGAUPLOADTOOLBAR\tabwelcome.html" [null data]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Ad-Aware 2007 Service, aawservice, ""C:\Archivos de programa\Lavasoft\Ad-Aware 2007\aawservice.exe"" ["Lavasoft AB"]
Cyberlink RichVideo Service(CRVS), RichVideo, ""C:\Archivos de programa\CyberLink\Shared files\RichVideo.exe"" [empty string]
NOD32 Kernel Service, NOD32krn, ""C:\Archivos de programa\Eset\nod32krn.exe"" ["Eset "]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS.0\system32\nvsvc32.exe" ["NVIDIA Corporation"]
PDAgent, PDAgent, ""C:\Archivos de programa\Raxco\PerfectDisk\PDAgent.exe"" ["Raxco Software, Inc."]
PDEngine, PDEngine, ""C:\Archivos de programa\Raxco\PerfectDisk\PDEngine.exe"" ["Raxco Software, Inc."]
User Profile Hive Cleanup, UPHClean, "C:\Archivos de programa\UPHClean\uphclean.exe" [MS]


Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monito rs\
Adobe PDF Port\Driver = "C:\WINDOWS.0\system32\AdobePDF.dll" ["Adobe Systems Incorporated."]
PDFCreator\Driver = "pdfcmnnt.dll" [null data]


---------- (launch time: 2007-10-22 23:18:35)
<<!>>: Suspicious data at a malware launch point.
<<H>>: Suspicious data at a browser hijack point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 132 seconds.
---------- (total run time: 238 seconds)
Responder Con Cita