Gracias Sikartus..paso a comentar:
E seguido al pie de la letra las instrucciones, como primera medida descargué los programas recomendados.
Apagué restarurar sistema, aun sigue asi.
Inicié a modo seguro
Ejecuté Ttroyan remover, y aqui el reporte
***** TROJAN REMOVER HAS RESTARTED THE SYSTEM *****
26/04/2008 01:47:35 a.m.: Trojan Remover has been restarted
C:\Documents and Settings\USER\jvqxjph.exe has been deleted (if it existed)
C:\WINDOWS\system32\yayyYSli.dll has been renamed to C:\WINDOWS\system32\yayyYSli.dll.vir
C:\WINDOWS\system32\cbXNFyww.dll has been renamed to C:\WINDOWS\system32\cbXNFyww.dll.vir
================================================== =====
Removing the following registry keys:
HKCR\CLSID\{D2376FB3-3D0D-414D-83AA-3AD6AD6B111F} - already removed
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\yayyYSli - already removed
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{BA543C6F-B8BD-4A9D-9730-49DBCAF5AB8B} - removed
HKCR\CLSID\{BA543C6F-B8BD-4A9D-9730-49DBCAF5AB8B} - removed
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{D2376FB3-3D0D-414D-83AA-3AD6AD6B111F} - removed
================================================== =====
================================================== =====
Deleting the following registry value(s):
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run \[GP Result] - already deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run \[d0b6feb6] - already deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\ShellExecuteHooks\[{D2376FB3-3D0D-414D-83AA-3AD6AD6B111F}] - already deleted
================================================== =====
The Lsa Authentication Packages registry entry has been reset
Trojan Remover forced a System Restart by terminating WINLOGON.EXE.
The Cleanup Utility was used to remove locked registry keys.
Unable to rename C:\Documents and Settings\USER\jvqxjph.exe to C:\Documents and Settings\USER\jvqxjph.exe.vir
(C:\Documents and Settings\USER\jvqxjph.exe does not appear to exist)
26/04/2008 01:47:36 a.m.: Trojan Remover closed
************************************************** **********
***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.6.9.2528. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 01:04:40 a.m. 26 Abr 2008
Using Database v6979
Operating System: Windows XP SP2 [Windows XP Professional Service Pack 2 (Build 2600)]
File System: NTFS
Data directory: C:\Documents and Settings\USER\Datos de programa\Simply Super Software\Trojan Remover\
Logfile directory: C:\Documents and Settings\USER\Mis documentos\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Archivos de programa\Trojan Remover\
Running with Administrator privileges
**************************************************
PC appears to be in SAFE MODE.
**************************************************
The regfile\shell\open\command Registry Key appears to have been modified.
The current Registry entry is: regedit.exe "%1" %*.
This entry calls the following file:
C:\WINDOWS\regedit.exe
Trojan Remover has restored the Registry regfile\shell\open key.
--------------------
**************************************************
01:04:51 a.m.: Scanning ----------WIN.INI-----------
WIN.INI found in C:\WINDOWS
**************************************************
01:04:51 a.m.: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\WINDOWS
**************************************************
01:04:51 a.m.: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.
**************************************************
01:04:52 a.m.: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1035776 bytes
Created: 19/08/2004
Modified: 13/06/2007
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
25088 bytes
Created: 19/08/2004
Modified: 19/08/2004
Company: Microsoft Corporation
----------
File: C:\Documents and Settings\USER\jvqxjph.exe
C:\Documents and Settings\USER\jvqxjph.exe - process is either not running or could not be terminated
C:\Documents and Settings\USER\jvqxjph.exe - unable to take ownership/change permissions
C:\Documents and Settings\USER\jvqxjph.exe - file could not be neutralised
[kill file error: C:\Documents and Settings\USER\jvqxjph.exe, El sistema no puede hallar el archivo especificado.
]
C:\Documents and Settings\USER\jvqxjph.exe - marked for renaming when the PC is restarted (if it exists)
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
515584 bytes
Created: 19/08/2004
Modified: 19/08/2004
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value Name: load
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: Cmaudio
Value Data: RunDll32 cmicnfg.cpl,CMICtrlWnd
cmicnfg.cpl [file not found to scan]
--------------------
Value Name: PCTVOICE
Value Data: pctspk.exe
C:\WINDOWS\system32\pctspk.exe
-R- 180224 bytes
Created: 27/06/2005
Modified: 23/09/2003
Company:
--------------------
Value Name: SunJavaUpdateSched
Value Data: C:\Archivos de programa\Java\jre1.5.0_10\bin\jusched.exe
C:\Archivos de programa\Java\jre1.5.0_10\bin\jusched.exe
49263 bytes
Created: 11/03/2007
Modified: 09/11/2006
Company: Sun Microsystems, Inc.
--------------------
Value Name: avast!
Value Data: C:\ARCHIV~1\ALWILS~1\Avast4\ashDisp.exe
C:\ARCHIV~1\ALWILS~1\Avast4\ashDisp.exe
79224 bytes
Created: 29/02/2008
Modified: 29/03/2008
Company: ALWIL Software
--------------------
Value Name: GP Result
Value Data: gpreslt.exe
C:\WINDOWS\system32\gpreslt.exe
-HS- 135168 bytes
Created: 21/04/2008
Modified: 22/04/2008
Company:
gpreslt.exe - this registry value has been removed
C:\WINDOWS\system32\gpreslt.exe - process is either not running or could not be terminated
C:\WINDOWS\system32\gpreslt.exe - HIDDEN and SYSTEM file attributes removed
C:\WINDOWS\system32\gpreslt.exe - file renamed to: C:\WINDOWS\system32\gpreslt.exe.vir
--------------------
Value Name: d0b6feb6
Value Data: rundll32.exe "C:\WINDOWS\system32\uklchrfv.dll",b
C:\WINDOWS\system32\uklchrfv.dll
96320 bytes
Created: 25/04/2008
Modified: 25/04/2008
Company:
C:\WINDOWS\system32\uklchrfv.dll appears to contain: ADWARE.VIRTUMONDE (HEURISTIC DETECTION)
C:\WINDOWS\system32\uklchrfv.dll - file renamed to: C:\WINDOWS\system32\uklchrfv.dll.vir
C:\WINDOWS\system32\vfrhclku.ini - HIDDEN and SYSTEM file attributes removed
C:\WINDOWS\system32\vfrhclku.ini, associated with Adware.VirtuMonde, has been deleted
--------------------
Value Name: BMd385cd2a
Value Data: Rundll32.exe "C:\WINDOWS\system32\ablhrqnh.dll",s
C:\WINDOWS\system32\ablhrqnh.dll
105536 bytes
Created: 25/04/2008
Modified: 25/04/2008
Company:
--------------------
Value Name: TrojanScanner
Value Data: C:\Archivos de programa\Trojan Remover\Trjscan.exe
C:\Archivos de programa\Trojan Remover\Trjscan.exe
877136 bytes
Created: 26/04/2008
Modified: 24/04/2008
Company: Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Once
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run OnceEx
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: CTFMON.EXE
Value Data: C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
15360 bytes
Created: 19/08/2004
Modified: 19/08/2004
Company: Microsoft Corporation
--------------------
Value Name: MsnMsgr
Value Data: "C:\Archivos de programa\Windows Live\Messenger\MsnMsgr.Exe" /background
C:\Archivos de programa\Windows Live\Messenger\MsnMsgr.Exe
5724184 bytes
Created: 18/10/2007
Modified: 18/10/2007
Company: Microsoft Corporation
--------------------
Value Name: Yahoo! Pager
Value Data: "C:\ARCHIV~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
C:\ARCHIV~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
4538368 bytes
Created: 25/06/2006
Modified: 20/06/2006
Company: Yahoo! Inc.
--------------------
Value Name: SUPERAntiSpyware
Value Data: C:\Archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe
1481968 bytes
Created: 29/02/2008
Modified: 29/02/2008
Company: SUPERAntiSpyware.com
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run Once
This Registry Key appears to be empty
**************************************************
01:05:51 a.m.: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
----------
ValueName: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}
File: C:\Archivos de programa\SUPERAntiSpyware\SASSEH.DLL
C:\Archivos de programa\SUPERAntiSpyware\SASSEH.DLL
77824 bytes
Created: 20/12/2006
Modified: 20/12/2006
Company: SuperAdBlocker.com
----------
ValueName: {D2376FB3-3D0D-414D-83AA-3AD6AD6B111F}
File: C:\WINDOWS\system32\yayyYSli.dll
C:\WINDOWS\system32\yayyYSli.dll
40448 bytes
Created: 25/04/2008
Modified: 25/04/2008
Company:
C:\WINDOWS\system32\yayyYSli.dll appears to contain: ADWARE.VIRTUMONDE (HEURISTIC DETECTION)
C:\WINDOWS\system32\yayyYSli.dll - this registry value has been removed
HKCR\CLSID\{D2376FB3-3D0D-414D-83AA-3AD6AD6B111F} - this key has been removed
C:\WINDOWS\system32\yayyYSli.dll - file ownership assigned to: ABC-63C5BBDAB86\USER
C:\WINDOWS\system32\yayyYSli.dll - file backed up to C:\WINDOWS\system32\yayyYSli.dll.vir
C:\WINDOWS\system32\yayyYSli.dll - file has been neutralised
C:\WINDOWS\system32\yayyYSli.dll - marked for renaming when the PC is restarted
----------
**************************************************
01:06:36 a.m.: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------
**************************************************
01:06:36 a.m.: Scanning -----ACTIVE SCREENSAVER-----
No active ScreenSaver found to scan.
**************************************************
01:06:36 a.m.: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
Key: {44BBA840-CC51-11CF-AAFA-00AA00B6015C}
Path: "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
C:\Archivos de programa\Outlook Express\setup50.exe
73728 bytes
Created: 27/06/2005
Modified: 19/08/2004
Company: Microsoft Corporation
C:\Archivos de programa\Outlook Express\setup50.exe [file not found to scan]
----------
Key: {7790769C-0471-11d2-AF11-00C04FA35D02}
Path: "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
C:\Archivos de programa\Outlook Express\setup50.exe
73728 bytes
Created: 27/06/2005
Modified: 19/08/2004
Company: Microsoft Corporation
C:\Archivos de programa\Outlook Express\setup50.exe [file not found to scan]
----------
**************************************************
01:06:37 a.m.: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: HidServ
%SystemRoot%\System32\hidserv.dll - file is globally excluded (file cannot be found)
--------------------
**************************************************
01:06:39 a.m.: Scanning ----- SERVICES REGISTRY KEYS -----
Key: AmdK7
ImagePath: system32\DRIVERS\amdk7.sys
C:\WINDOWS\system32\DRIVERS\amdk7.sys
41600 bytes
Created: 19/08/2004
Modified: 19/08/2004
Company: Microsoft Corporation
----------
Key: AresChatServer
ImagePath: C:\Archivos de programa\Ares\chatServer.exe
C:\Archivos de programa\Ares\chatServer.exe
263168 bytes
Created: 19/03/2007
Modified: 19/03/2007
Company: Ares Development Group
----------
Key: aspnet_state
ImagePath: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\asp net_state.exe
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspne t_state.exe
32768 bytes
Created: 15/07/2004
Modified: 15/07/2004
Company: Microsoft Corporation
----------
Key: aswFsBlk
ImagePath: system32\DRIVERS\aswFsBlk.sys
C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys
20560 bytes
Created: 22/04/2008
Modified: 29/03/2008
Company: ALWIL Software
----------
Key: aswUpdSv
ImagePath: "C:\Archivos de programa\Alwil Software\Avast4\aswUpdSv.exe"
C:\Archivos de programa\Alwil Software\Avast4\aswUpdSv.exe
17272 bytes
Created: 29/02/2008
Modified: 29/03/2008
Company: ALWIL Software
----------
Key: avast! Antivirus
ImagePath: "C:\Archivos de programa\Alwil Software\Avast4\ashServ.exe"
C:\Archivos de programa\Alwil Software\Avast4\ashServ.exe
144760 bytes
Created: 29/02/2008
Modified: 29/03/2008
Company: ALWIL Software
----------
Key: avast! Mail Scanner
ImagePath: "C:\Archivos de programa\Alwil Software\Avast4\ashMaiSv.exe" /service
C:\Archivos de programa\Alwil Software\Avast4\ashMaiSv.exe
247160 bytes
Created: 29/02/2008
Modified: 29/03/2008
Company: ALWIL Software
----------
Key: avast! Web Scanner
ImagePath: "C:\Archivos de programa\Alwil Software\Avast4\ashWebSv.exe" /service
C:\Archivos de programa\Alwil Software\Avast4\ashWebSv.exe
345464 bytes
Created: 29/02/2008
Modified: 29/03/2008
Company: ALWIL Software
----------
Key: catchme
ImagePath: \??\C:\DOCUME~1\USER\CONFIG~1\Temp\catchme.sys - this file is globally excluded
----------
Key: cmuda
ImagePath: system32\drivers\cmuda.sys
C:\WINDOWS\system32\drivers\cmuda.sys
-R- 755392 bytes
Created: 27/06/2005
Modified: 06/11/2003
Company: C-Media Inc
----------
Key: dmadmin
ImagePath: %SystemRoot%\System32\dmadmin.exe /com
C:\WINDOWS\System32\dmadmin.exe
225792 bytes
Created: 19/08/2004
Modified: 19/08/2004
Company: Microsoft Corp., VERITAS Software
----------
Key: gusvc
ImagePath: "C:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe"
C:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe
136120 bytes
Created: 25/12/2006
Modified: 03/01/2007
Company: Google
----------
Key: MBAMCatchMe
ImagePath: \??\C:\Archivos de programa\Malwarebytes' Anti-Malware\catchme.sys
C:\Archivos de programa\Malwarebytes' Anti-Malware\catchme.sys
27048 bytes
Created: 24/04/2008
Modified: 07/04/2008
Company:
----------
Key: ms_mpu401
ImagePath: system32\drivers\msmpu401.sys
C:\WINDOWS\system32\drivers\msmpu401.sys
2944 bytes
Created: 27/06/2005
Modified: 17/08/2001
Company: Microsoft Corporation
----------
Key: Ptserial
ImagePath: system32\DRIVERS\ptserial.sys
C:\WINDOWS\system32\DRIVERS\ptserial.sys
-R- 354287 bytes
Created: 27/06/2005
Modified: 23/09/2003
Company: PCTEL, INC.
----------
Key: PxHelp20
ImagePath: System32\Drivers\PxHelp20.sys
C:\WINDOWS\System32\Drivers\PxHelp20.sys
43528 bytes
Created: 27/09/2006
Modified: 07/03/2007
Company: Sonic Solutions
----------
Key: SASDIFSV
ImagePath: \??\C:\Archivos de programa\SUPERAntiSpyware\SASDIFSV.SYS
C:\Archivos de programa\SUPERAntiSpyware\SASDIFSV.SYS
8944 bytes
Created: 29/02/2008
Modified: 29/02/2008
Company:
----------
Key: SASENUM
ImagePath: \??\C:\Archivos de programa\SUPERAntiSpyware\SASENUM.SYS
C:\Archivos de programa\SUPERAntiSpyware\SASENUM.SYS
-R- 4096 bytes
Created: 16/02/2006
Modified: 16/02/2006
Company: SuperAdBlocker, Inc.
----------
Key: SASKUTIL
ImagePath: \??\C:\Archivos de programa\SUPERAntiSpyware\SASKUTIL.sys
C:\Archivos de programa\SUPERAntiSpyware\SASKUTIL.sys
51440 bytes
Created: 29/02/2008
Modified: 29/02/2008
Company:
----------
Key: Secdrv
ImagePath: system32\DRIVERS\secdrv.sys
C:\WINDOWS\system32\DRIVERS\secdrv.sys
20480 bytes
Created: 17/07/2004
Modified: 13/11/2007
Company: Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.
----------
Key: SiS315
ImagePath: system32\DRIVERS\sisgrp.sys
C:\WINDOWS\system32\DRIVERS\sisgrp.sys
-R- 427776 bytes
Created: 27/06/2005
Modified: 29/10/2003
Company: Silicon Integrated Systems Corporation
----------
Key: sisagp
ImagePath: system32\DRIVERS\sisagp.sys
C:\WINDOWS\system32\DRIVERS\sisagp.sys
41088 bytes
Created: 27/06/2005
Modified: 03/08/2004
Company: Silicon Integrated Systems Corporation
----------
Key: SiSkp
ImagePath: system32\drivers\srvkp.sys
C:\WINDOWS\system32\drivers\srvkp.sys
11264 bytes
Created: 27/06/2005
Modified: 29/10/2003
Company: Silicon Integrated Systems Corporation
----------
Key: SISNIC
ImagePath: system32\DRIVERS\sisnic.sys
C:\WINDOWS\system32\DRIVERS\sisnic.sys
32768 bytes
Created: 27/06/2005
Modified: 03/08/2004
Company: SiS Corporation
----------
Key: SONYPVU1
ImagePath: system32\DRIVERS\SONYPVU1.SYS
C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
7552 bytes
Created: 27/12/2005
Modified: 17/08/2001
Company: Sony Corporation
----------
Key: sr
ImagePath: \SystemRoot\system32\DRIVERS\sr.sys
C:\WINDOWS\system32\DRIVERS\sr.sys
73600 bytes
Created: 27/06/2005
Modified: 19/08/2004
Company: Microsoft Corporation
----------
Key: SwPrv
ImagePath: C:\WINDOWS\system32\dllhost.exe /Processid:{368ED74A-8DC3-4AB2-960F-25BFADD2D929}
C:\WINDOWS\system32\dllhost.exe
5120 bytes
Created: 19/08/2004
Modified: 19/08/2004
Company: Microsoft Corporation
----------
Key: usnjsvc
ImagePath: "C:\Archivos de programa\Windows Live\Messenger\usnsvc.exe"
C:\Archivos de programa\Windows Live\Messenger\usnsvc.exe
98328 bytes
Created: 18/10/2007
Modified: 18/10/2007
Company: Microsoft Corporation
----------
Key: Vmodem
ImagePath: system32\DRIVERS\vmodem.sys
C:\WINDOWS\system32\DRIVERS\vmodem.sys
-R- 703673 bytes
Created: 27/06/2005
Modified: 23/09/2003
Company: PCTEL, INC.
----------
Key: Vpctcom
ImagePath: system32\DRIVERS\vpctcom.sys
C:\WINDOWS\system32\DRIVERS\vpctcom.sys
-R- 801490 bytes
Created: 27/06/2005
Modified: 23/09/2003
Company: PCtel, Inc.
----------
Key: Vvoice
ImagePath: system32\DRIVERS\vvoice.sys
C:\WINDOWS\system32\DRIVERS\vvoice.sys
-R- 70320 bytes
Created: 27/06/2005
Modified: 23/09/2003
Company: PCtel, Inc.
----------
Key: w300bus
ImagePath: system32\DRIVERS\w300bus.sys
C:\WINDOWS\system32\DRIVERS\w300bus.sys
-R- 60800 bytes
Created: 22/09/2007
Modified: 13/03/2006
Company: MCCI
----------
Key: w300mdfl
ImagePath: system32\DRIVERS\w300mdfl.sys
C:\WINDOWS\system32\DRIVERS\w300mdfl.sys
-R- 9264 bytes
Created: 22/09/2007
Modified: 13/03/2006
Company: MCCI
----------
Key: w300mdm
ImagePath: system32\DRIVERS\w300mdm.sys
C:\WINDOWS\system32\DRIVERS\w300mdm.sys
-R- 96352 bytes
Created: 22/09/2007
Modified: 13/03/2006
Company: MCCI
----------
Key: w300mgmt
ImagePath: system32\DRIVERS\w300mgmt.sys
C:\WINDOWS\system32\DRIVERS\w300mgmt.sys
-R- 87824 bytes
Created: 22/09/2007
Modified: 13/03/2006
Company: MCCI
----------
Key: w300obex
ImagePath: system32\DRIVERS\w300obex.sys
C:\WINDOWS\system32\DRIVERS\w300obex.sys
-R- 85696 bytes
Created: 22/09/2007
Modified: 13/03/2006
Company: MCCI
----------
Key: WLSetupSvc
ImagePath: "C:\Archivos de programa\Windows Live\installer\WLSetupSvc.exe"
C:\Archivos de programa\Windows Live\installer\WLSetupSvc.exe
266240 bytes
Created: 25/10/2007
Modified: 25/10/2007
Company: Microsoft Corporation
----------
**************************************************
01:06:50 a.m.: Scanning -----VXD ENTRIES-----
**************************************************
01:06:50 a.m.: Scanning ----- WINLOGON\NOTIFY DLLS -----
Key: !SASWinLogon
DLL: C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.dll
C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.dll
294912 bytes
Created: 19/04/2007
Modified: 19/04/2007
Company: SUPERAntiSpyware.com
----------
Key: yayyYSli
DLL: yayyYSli.dll
C:\WINDOWS\system32\yayyYSli.dll
40448 bytes
Created: 25/04/2008
Modified: 25/04/2008
Company:
C:\WINDOWS\system32\yayyYSli.dll appears to contain: ADWARE.VIRTUMONDE (HEURISTIC DETECTION)
C:\WINDOWS\system32\yayyYSli.dll - this reference has been removed (file already neutralised)
----------
**************************************************
01:06:58 a.m.: Scanning ----- CONTEXTMENUHANDLERS -----
Key: avast
CLSID: {472083B0-C522-11CF-8763-00608CC02F24}
Path: C:\Archivos de programa\Alwil Software\Avast4\ashShell.dll
C:\Archivos de programa\Alwil Software\Avast4\ashShell.dll
75128 bytes
Created: 29/02/2008
Modified: 29/03/2008
Company: ALWIL Software
----------
Key: BriefcaseMenu
CLSID: {85BBD920-42A0-1069-A2E4-08002B30309D}
Path: syncui.dll
C:\WINDOWS\system32\syncui.dll
195072 bytes
Created: 19/08/2004
Modified: 19/08/2004
Company: Microsoft Corporation
----------
Key: Glary Utilities
CLSID: {72923739-5A47-40A3-9895-25AF0DFBB9E4}
Path: C:\ARCHIV~1\GLARYU~1\CONTEX~1.DLL
C:\ARCHIV~1\GLARYU~1\CONTEX~1.DLL
30208 bytes
Created: 23/09/2007
Modified: 20/08/2007
Company: GlarySoft,Inc.
----------
Key: Offline Files
CLSID: {750fdf0e-2a26-11d1-a3ea-080036587f03}
Path: %SystemRoot%\System32\cscui.dll
C:\WINDOWS\System32\cscui.dll
332800 bytes
Created: 19/08/2004
Modified: 19/08/2004
Company: Microsoft Corporation
----------
Key: Open With
CLSID: {09799AFB-AD67-11d1-ABCD-00C04FC30936}
Path: %SystemRoot%\system32\SHELL32.dll
C:\WINDOWS\system32\SHELL32.dll
8496640 bytes
Created: 19/08/2004
Modified: 25/10/2007
Company: Microsoft Corporation
----------
Key: Open With EncryptionMenu
CLSID: {A470F8CF-A1E8-4f65-8335-227475AA5C46}
Path: %SystemRoot%\system32\SHELL32.dll
C:\WINDOWS\system32\SHELL32.dll
8496640 bytes
Created: 19/08/2004
Modified: 25/10/2007
Company: Microsoft Corporation
----------
Key: PandoShellExt
CLSID: {9C150845-2A2D-44CC-90B3-AA03480AA3D2}
Path: C:\Archivos de programa\Pando Networks\Pando\PandoShellExt.dll
C:\Archivos de programa\Pando Networks\Pando\PandoShellExt.dll
57344 bytes
Created: 27/02/2008
Modified: 27/02/2008
Company: Pando Networks
----------
Key: Trojan Remover
CLSID: {52B87208-9CCF-42C9-B88E-069281105805}
Path: C:\ARCHIV~1\TROJAN~1\Trshlex.dll
C:\ARCHIV~1\TROJAN~1\Trshlex.dll
467552 bytes
Created: 26/04/2008
Modified: 05/02/2007
Company: Simply Super Software
----------
Key: WinRAR
CLSID: {B41DB860-8EE4-11D2-9906-E49FADC173CA}
Path: C:\Archivos de programa\WinRAR\rarext.dll
C:\Archivos de programa\WinRAR\rarext.dll
128512 bytes
Created: 08/08/2007
Modified: 22/05/2007
Company:
----------
Key: Yahoo! Mail
CLSID: {5464D816-CF16-4784-B9F3-75C0DB52B499}
Path: C:\ARCHIV~1\Yahoo!\Common\ymmapi.dll
C:\ARCHIV~1\Yahoo!\Common\ymmapi.dll
180848 bytes
Created: 25/06/2006
Modified: 23/11/2004
Company: Yahoo! Inc.
----------
Key: {a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Path: %SystemRoot%\system32\SHELL32.dll
C:\WINDOWS\system32\SHELL32.dll
8496640 bytes
Created: 19/08/2004
Modified: 25/10/2007
Company: Microsoft Corporation
----------
Key: {CA8ACAFA-5FBB-467B-B348-90DD488DE003}
Path: C:\Archivos de programa\SUPERAntiSpyware\SASCTXMN.DLL
C:\Archivos de programa\SUPERAntiSpyware\SASCTXMN.DLL
61440 bytes
Created: 27/02/2007
Modified: 27/02/2007
Company: SUPERAntiSpyware.com
----------
**************************************************
01:07:00 a.m.: Scanning ----- FOLDER\COLUMNHANDLERS -----
Key: {0D2E74C4-3C34-11d2-A27E-00C04FC30871}
File: %SystemRoot%\system32\SHELL32.dll
C:\WINDOWS\system32\SHELL32.dll
8496640 bytes
Created: 19/08/2004
Modified: 25/10/2007
Company: Microsoft Corporation
----------
Key: {24F14F01-7B1C-11d1-838f-0000F80461CF}
File: %SystemRoot%\system32\SHELL32.dll
C:\WINDOWS\system32\SHELL32.dll
8496640 bytes
Created: 19/08/2004
Modified: 25/10/2007
Company: Microsoft Corporation
----------
Key: {24F14F02-7B1C-11d1-838f-0000F80461CF}
File: %SystemRoot%\system32\SHELL32.dll
C:\WINDOWS\system32\SHELL32.dll
8496640 bytes
Created: 19/08/2004
Modified: 25/10/2007
Company: Microsoft Corporation
----------
Key: {66742402-F9B9-11D1-A202-0000F81FEDEE}
File: %SystemRoot%\system32\SHELL32.dll
C:\WINDOWS\system32\SHELL32.dll
8496640 bytes
Created: 19/08/2004
Modified: 25/10/2007
Company: Microsoft Corporation
----------
**************************************************
01:07:00 a.m.: Scanning ----- BROWSER HELPER OBJECTS -----
Key: {02478D38-C3F9-4EFB-9B51-7695ECA05670}
BHO: C:\Archivos de programa\Yahoo!\Companion\Installs\cpn0\yt.dll
C:\Archivos de programa\Yahoo!\Companion\Installs\cpn0\yt.dll
439872 bytes
Created: 25/06/2006
Modified: 06/06/2006
Company: Yahoo! Inc.
----------
Key: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
BHO: C:\Archivos de programa\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
C:\Archivos de programa\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
37808 bytes
Created: 30/07/2005
Modified: 02/03/2001
Company:
----------
Key: {38D3FE60-3D53-4F37-BB0E-C7A97A26A156}
BHO: C:\Archivos de programa\Pando Networks\Pando\PandoIEPlugin.dll
C:\Archivos de programa\Pando Networks\Pando\PandoIEPlugin.dll
569344 bytes
Created: 27/02/2008
Modified: 27/02/2008
Company: Pando Networks
----------
Key: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}
BHO: C:\Archivos de programa\Yahoo!\Common\yiesrvcAR.dll
C:\Archivos de programa\Yahoo!\Common\yiesrvcAR.dll
176128 bytes
Created: 25/06/2006
Modified: 05/06/2006
Company: Yahoo! Inc.
----------
Key: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
BHO: C:\Archivos de programa\Java\jre1.5.0_10\bin\ssv.dll
C:\Archivos de programa\Java\jre1.5.0_10\bin\ssv.dll
440056 bytes
Created: 09/11/2006
Modified: 09/11/2006
Company: Sun Microsystems, Inc.
----------
Key: {9030D464-4C02-4ABF-8ECC-5164760863C6}
BHO: C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
328752 bytes
Created: 20/09/2007
Modified: 20/09/2007
Company: Microsoft Corporation
----------
Key: {BA543C6F-B8BD-4A9D-9730-49DBCAF5AB8B}
BHO: C:\WINDOWS\system32\cbXNFyww.dll
C:\WINDOWS\system32\cbXNFyww.dll
281088 bytes
Created: 25/04/2008
Modified: 25/04/2008
Company:
C:\WINDOWS\system32\cbXNFyww.dll appears to contain: ADWARE.VIRTUMONDE (HEURISTIC DETECTION)
C:\WINDOWS\system32\cbXNFyww.dll - this BHO was being loaded by the following key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{BA543C6F-B8BD-4A9D-9730-49DBCAF5AB8B} - this key has been removed
C:\WINDOWS\system32\cbXNFyww.dll - this BHO was referenced by the following key:
HKEY_CLASSES_ROOT\CLSID\{BA543C6F-B8BD-4A9D-9730-49DBCAF5AB8B} - this key has been removed
C:\WINDOWS\system32\cbXNFyww.dll - file ownership assigned to: ABC-63C5BBDAB86\USER
C:\WINDOWS\system32\cbXNFyww.dll - file backed up to C:\WINDOWS\system32\cbXNFyww.dll.vir
C:\WINDOWS\system32\cbXNFyww.dll - file has been neutralised
C:\WINDOWS\system32\cbXNFyww.dll - marked for renaming when the PC is restarted
C:\WINDOWS\system32\wwyFNXbc.ini - HIDDEN and SYSTEM file attributes removed
C:\WINDOWS\system32\wwyFNXbc.ini, associated with Adware.VirtuMonde, has been deleted
C:\WINDOWS\system32\wwyFNXbc.ini2 - HIDDEN and SYSTEM file attributes removed
C:\WINDOWS\system32\wwyFNXbc.ini2, associated with Adware.VirtuMonde, has been deleted
Adware.VirtuMonde has modified a critical registry key value:
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\"Authent ication Packages"
This key value has been reset.
----------
Key: {D2376FB3-3D0D-414D-83AA-3AD6AD6B111F}
BHO: C:\WINDOWS\system32\yayyYSli.dll
C:\WINDOWS\system32\yayyYSli.dll
40448 bytes
Created: 25/04/2008
Modified: 25/04/2008
Company:
C:\WINDOWS\system32\yayyYSli.dll appears to contain: ADWARE.VIRTUMONDE (HEURISTIC DETECTION)
C:\WINDOWS\system32\yayyYSli.dll - this BHO was being loaded by the following key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{D2376FB3-3D0D-414D-83AA-3AD6AD6B111F} - this key has been removed (file already neutralised)
C:\WINDOWS\system32\yayyYSli.dll - this BHO was referenced by the following key:
HKEY_CLASSES_ROOT\CLSID\{D2376FB3-3D0D-414D-83AA-3AD6AD6B111F} - this key has been removed
----------
Key: {fc79be72-8af8-4abf-b4bb-a0b609b10a82}
BHO: C:\WINDOWS\system32\sghskten.dll
C:\WINDOWS\system32\sghskten.dll
107072 bytes
Created: 25/04/2008
Modified: 25/04/2008
Company:
----------
**************************************************
01:07:18 a.m.: Scanning ----- SHELLSERVICEOBJECTS -----
Key: PostBootReminder
CLSID: {7849596a-48ea-486e-8937-a2a3009f31a9}
Path: %SystemRoot%\system32\SHELL32.dll
C:\WINDOWS\system32\SHELL32.dll
8496640 bytes
Created: 19/08/2004
Modified: 25/10/2007
Company: Microsoft Corporation
----------
Key: CDBurn
CLSID: {fbeb8a05-beee-4442-804e-409d6c4515e9}
Path: %SystemRoot%\system32\SHELL32.dll
C:\WINDOWS\system32\SHELL32.dll
8496640 bytes
Created: 19/08/2004
Modified: 25/10/2007
Company: Microsoft Corporation
----------
Key: WebCheck
CLSID: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
Path: %SystemRoot%\system32\webcheck.dll
C:\WINDOWS\system32\webcheck.dll
280576 bytes
Created: 19/08/2004
Modified: 19/08/2004
Company: Microsoft Corporation
----------
Key: SysTray
CLSID: {35CEC8A3-2BE6-11D2-8773-92E220524153}
Path: C:\WINDOWS\system32\stobject.dll
C:\WINDOWS\system32\stobject.dll
122368 bytes
Created: 19/08/2004
Modified: 19/08/2004
Company: Microsoft Corporation
----------
**************************************************
01:07:19 a.m.: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----
Value: {438755C2-A8BA-11D1-B96B-00A0C90312E1}
Comment: Precargador Browseui
File: %SystemRoot%\system32\browseui.dll
C:\WINDOWS\system32\browseui.dll
1023488 bytes
Created: 19/08/2004
Modified: 16/02/2008
Company: Microsoft Corporation
----------
Value: {8C7461EF-2B13-11d2-BE35-3078302C2030}
Comment: Demonio de caché de las categorías de componente
File: %SystemRoot%\system32\browseui.dll
C:\WINDOWS\system32\browseui.dll
1023488 bytes
Created: 19/08/2004
Modified: 16/02/2008
Company: Microsoft Corporation
----------
**************************************************
01:07:19 a.m.: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.
**************************************************
01:07:19 a.m.: Scanning ----- APPINIT_DLLS -----
The AppInit_DLLs value is blank
**************************************************
01:07:19 a.m.: Scanning ----- SECURITY PROVIDER DLLS -----
DLL: msapsspc.dll
C:\WINDOWS\system32\msapsspc.dll
86016 bytes
Created: 19/08/2004
Modified: 19/08/2004
Company: Microsoft Corporation
----------
DLL: schannel.dll
C:\WINDOWS\system32\schannel.dll
144896 bytes
Created: 19/08/2004
Modified: 25/04/2007
Company: Microsoft Corporation
----------
DLL: digest.dll
C:\WINDOWS\system32\digest.dll
68608 bytes
Created: 19/08/2004
Modified: 19/08/2004
Company: Microsoft Corporation
----------
DLL: msnsspc.dll
C:\WINDOWS\system32\msnsspc.dll
290816 bytes
Created: 19/08/2004
Modified: 19/08/2004
Company: Microsoft Corporation
----------
**************************************************
01:07:20 a.m.: Scanning ------ USER STARTUP GROUPS ------
Checking Startup Group for All Users
[C:\WINDOWS\Profiles\All Users\Start Menu\Programs\StartUp]
No Startup files for All Users were located to check
**************************************************
01:07:20 a.m.: Scanning ------ COMMON STARTUP GROUP ------
[C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\desktop.ini
-HS- 84 bytes
Created: 27/06/2005
Modified: 27/06/2005
Company:
--------------------
C:\Archivos de programa\Microsoft Office\Office\OSA9.EXE
65588 bytes
Created: 17/02/1999
Modified: 17/02/1999
Company: Microsoft Corporation
Microsoft Office.lnk - links to C:\Archivos de programa\Microsoft Office\Office\OSA9.EXE
--------------------
**************************************************
No User Startup Groups were located to check
**************************************************
01:07:20 a.m.: Scanning ----- SCHEDULED TASKS -----
No Scheduled Tasks found to scan
**************************************************
01:07:20 a.m.: ----- ADDITIONAL CHECKS -----
PE386 rootkit checks completed
----------
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
---------
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\Documents and Settings\USER\Configuración local\Datos de programa\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\USER\Configuración local\Datos de programa\Microsoft\Wallpaper1.bmp
1440054 bytes
Created: 27/06/2005
Modified: 24/04/2008
Company:
----------
Web Desktop Wallpaper: %USERPROFILE%\Configuración local\Datos de programa\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\USER\Configuración local\Datos de programa\Microsoft\Wallpaper1.bmp
1440054 bytes
Created: 27/06/2005
Modified: 24/04/2008
Company:
----------
Additional file checks completed
---------
**************************************************
01:07:22 a.m.: Scanning ------ %TEMP% DIRECTORY ------
**************************************************
01:07:24 a.m.: Scanning ------ C:\WINDOWS\Temp DIRECTORY ------
**************************************************
01:07:29 a.m.: Scanning ------ ROOT DIRECTORY ------
**************************************************
01:07:33 a.m.: Scanning ----- RUNNING PROCESSES -----
[Only loaded modules not scanned already
during this scan will be scanned here]
C:\WINDOWS\System32\smss.exe
[1 loaded module]
--------------------
C:\WINDOWS\system32\csrss.exe
[11 loaded modules in total]
--------------------
C:\WINDOWS\system32\winlogon.exe
[75 loaded modules in total]
--------------------
C:\WINDOWS\system32\services.exe
[25 loaded modules in total]
--------------------
C:\WINDOWS\system32\lsass.exe
[52 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe
[32 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe
[38 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe
[64 loaded modules in total]
--------------------
C:\WINDOWS\Explorer.EXE
[95 loaded modules in total]
--------------------
C:\Documents and Settings\USER\Datos de programa\Simply Super Software\Trojan Remover\mym2.exe
FileSize: 2478656
[This is a Trojan Remover component]
[23 loaded modules in total]
--------------------
**************************************************
01:08:00 a.m.: Checking AUTOEXEC.BAT file
AUTOEXEC.BAT found in C:\
No malicious entries were found in the AUTOEXEC.BAT file
**************************************************
01:08:00 a.m.: Checking AUTOEXEC.NT file
AUTOEXEC.NT found in C:\WINDOWS\system32
No malicious entries were found in the AUTOEXEC.NT file
**************************************************
01:08:00 a.m.: Checking HOSTS file
No malicious entries were found in the HOSTS file
**************************************************
01:08:00 a.m.: started scan of Windows\System32 DLLS
Removing the following DLLs associated with Adware.VirtuMonde:
geBrrRhg.dll
urqRIyYR.dll
1282 DLL files scanned, 2 malicious DLLs deleted (or marked for deletion)
01:09:33 a.m.: completed scan of Windows\System32 DLLS
**************************************************
**************************************************
01:09:33 a.m.: ------ Scan for other files to remove ------
C:\WINDOWS\pskt.ini has been deleted
----------
1 malware-related files deleted (or marked for deletion)
**************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://www.google.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Local Page":
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Start Page":
This value is blank
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
**************************************************
=== CHANGES WERE MADE TO THE WINDOWS REGISTRY ===
=== ONE OR MORE FILES WERE RENAMED OR REMOVED ===
Scan completed at: 26/04/2008 01:09:33 a.m.
-------------------------------------------------------------------------
One or more files could not be moved or renamed as requested.
They may be in use by Windows, so Trojan Remover needs
to restart the system in order to deal with these files.
26/04/2008 01:09:45 a.m.: restart commenced
************************************************** **********
Continúa........