Foro de InfoSpyware - Foro de Hijackthis - Foro de Virus

Hola Sa-sa

Realiza lo siguiente:

Apaga Restaurar Sistema
Activa la opción "Ver archivos ocultos"
Ahora Elimina los Siguientes Archivos: ( Si no se dejan Eliminar usa FileAssasin):
*Nota: solo lo que marco con rojo

C:\info@traduceme.com.ar\$QRNTN$\MESSAGES.TBB
C:\sabrina@traduceme.com.ar\$QRNTN$\MESSAGES.TBB

Reinicia el computador
Prende la opcion Restaurar Sistema

Realiza un nuevo escaneo con Kaspersky y pega nuevamente el reporte
COmentanos como te fue



Andresmix

En realidad, un rato antes de ver este último mensaje, borré las carpetas:

C:\info@traduceme.com.ar y C:\sabrina@traduceme.com.ar

porque ví que el problema parecía estar ahí, y estas son dos cuentas de correo que ya no existen más... Hice mal?? :(

HOla
Si borraste esos archivos que te menciones esta bien...
Ahora prosigue con el escaneo con Kaspersky y comentanos como esta tu pc...y cualquier duda q tengas

¡Hola!

Bueno, he seguido todos los pasos recomendados y al parecer, creo que desapareció el problema, pero por las dudas igual pego el reporte aquí:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER INFORME
martes, 02 de octubre de 2007 12:42:44
Sistema operativo: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner versión: 5.0.84.1
Ultima actualización: 2/10/2007
Registros en la base antivirus: 400329
-------------------------------------------------------------------------------

Configuración del análisis:
Analizar usando las siguientes bases: standard
Analizar archivos: verdadero
Analizar bases de correo: verdadero

Objetivo a analizar - Mi PC:
A:\
C:\
D:\
E:\

Estadísticas:
Número de objeros analizados: 130881
Virus encontrados: 0
Objetos infectados: 0 / 0
Objetos sospechosos: 0
Duración del análisis: 02:20:58

Bombre del objeto infectado / Nombre del virus / Última acción
C:\Archivos de programa\ESET\cache\CACHE.NDB Object is locked saltado
C:\Archivos de programa\ESET\logs\virlog.dat Object is locked saltado
C:\Archivos de programa\ESET\logs\warnlog.dat Object is locked saltado
C:\Archivos de programa\TRADOS\MTiX\MultiTerm\Termbase\MTMaster.l db Object is locked saltado
C:\Archivos de programa\TRADOS\MTiX\MultiTerm\Termbase\MTMaster.m db Object is locked saltado
C:\Documents and Settings\LocalService\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked saltado
C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked saltado
C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked saltado
C:\Documents and Settings\LocalService\Configuración local\Historial\History.IE5\index.dat Object is locked saltado
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked saltado
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked saltado
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked saltado
C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked saltado
C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked saltado
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked saltado
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked saltado
C:\Documents and Settings\Sabrina\Configuración local\Archivos temporales de Internet\Content.IE5\index.dat Object is locked saltado
C:\Documents and Settings\Sabrina\Configuración local\Archivos temporales de Internet\Content.IE5\O56FCDEB\mando[1].htm Object is locked saltado
C:\Documents and Settings\Sabrina\Configuración local\Datos de programa\Identities\{D8862DDB-39D1-47CD-A277-BCC99951D2E8}\Microsoft\Outlook Express\Folders.dbx Object is locked saltado
C:\Documents and Settings\Sabrina\Configuración local\Datos de programa\Identities\{D8862DDB-39D1-47CD-A277-BCC99951D2E8}\Microsoft\Outlook Express\Hotmail - Bandeja de entrada.dbx Object is locked saltado
C:\Documents and Settings\Sabrina\Configuración local\Datos de programa\Identities\{D8862DDB-39D1-47CD-A277-BCC99951D2E8}\Microsoft\Outlook Express\Offline.dbx Object is locked saltado
C:\Documents and Settings\Sabrina\Configuración local\Datos de programa\Identities\{D8862DDB-39D1-47CD-A277-BCC99951D2E8}\Microsoft\Outlook Express\Pop3uidl.dbx Object is locked saltado
C:\Documents and Settings\Sabrina\Configuración local\Datos de programa\Microsoft\Messenger\sabricis@hotmail.com\ SharingMetadata\Logs\Dfsr00005.log Object is locked saltado
C:\Documents and Settings\Sabrina\Configuración local\Datos de programa\Microsoft\Messenger\sabricis@hotmail.com\ SharingMetadata\pending.dat Object is locked saltado
C:\Documents and Settings\Sabrina\Configuración local\Datos de programa\Microsoft\Messenger\sabricis@hotmail.com\ SharingMetadata\Working\database_EC4C_336D_4C33_32 26\dfsr.db Object is locked saltado
C:\Documents and Settings\Sabrina\Configuración local\Datos de programa\Microsoft\Messenger\sabricis@hotmail.com\ SharingMetadata\Working\database_EC4C_336D_4C33_32 26\fsr.log Object is locked saltado
C:\Documents and Settings\Sabrina\Configuración local\Datos de programa\Microsoft\Messenger\sabricis@hotmail.com\ SharingMetadata\Working\database_EC4C_336D_4C33_32 26\fsrtmp.log Object is locked saltado
C:\Documents and Settings\Sabrina\Configuración local\Datos de programa\Microsoft\Messenger\sabricis@hotmail.com\ SharingMetadata\Working\database_EC4C_336D_4C33_32 26\tmp.edb Object is locked saltado
C:\Documents and Settings\Sabrina\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat Object is locked saltado
C:\Documents and Settings\Sabrina\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG Object is locked saltado
C:\Documents and Settings\Sabrina\Configuración local\Datos de programa\Microsoft\Windows Live Contacts\sabricis@hotmail.com\real\members.stg Object is locked saltado
C:\Documents and Settings\Sabrina\Configuración local\Datos de programa\Microsoft\Windows Live Contacts\sabricis@hotmail.com\shadow\members.stg Object is locked saltado
C:\Documents and Settings\Sabrina\Configuración local\Datos de programa\Mozilla\Firefox\Profiles\irja9zff.default \Cache\_CACHE_001_ Object is locked saltado
C:\Documents and Settings\Sabrina\Configuración local\Datos de programa\Mozilla\Firefox\Profiles\irja9zff.default \Cache\_CACHE_002_ Object is locked saltado
C:\Documents and Settings\Sabrina\Configuración local\Datos de programa\Mozilla\Firefox\Profiles\irja9zff.default \Cache\_CACHE_003_ Object is locked saltado
C:\Documents and Settings\Sabrina\Configuración local\Datos de programa\Mozilla\Firefox\Profiles\irja9zff.default \Cache\_CACHE_MAP_ Object is locked saltado
C:\Documents and Settings\Sabrina\Configuración local\Historial\History.IE5\index.dat Object is locked saltado
C:\Documents and Settings\Sabrina\Configuración local\Historial\History.IE5\MSHist0120071002200710 03\index.dat Object is locked saltado
C:\Documents and Settings\Sabrina\Configuración local\Temp\IH28.tmp Object is locked saltado
C:\Documents and Settings\Sabrina\Configuración local\Temp\JET511B.tmp Object is locked saltado
C:\Documents and Settings\Sabrina\Configuración local\Temp\JET5513.tmp Object is locked saltado
C:\Documents and Settings\Sabrina\Configuración local\Temp\~DFB753.tmp Object is locked saltado
C:\Documents and Settings\Sabrina\Configuración local\Temp\~DFB761.tmp Object is locked saltado
C:\Documents and Settings\Sabrina\Configuración local\Temp\~DFBF5F.tmp Object is locked saltado
C:\Documents and Settings\Sabrina\Configuración local\Temp\~DFBF64.tmp Object is locked saltado
C:\Documents and Settings\Sabrina\Cookies\index.dat Object is locked saltado
C:\Documents and Settings\Sabrina\Datos de programa\Adobe\Acrobat\7.0\Updater\udlog.txt Object is locked saltado
C:\Documents and Settings\Sabrina\Datos de programa\Mozilla\Firefox\Profiles\irja9zff.default \cert8.db Object is locked saltado
C:\Documents and Settings\Sabrina\Datos de programa\Mozilla\Firefox\Profiles\irja9zff.default \flashgot.log Object is locked saltado
C:\Documents and Settings\Sabrina\Datos de programa\Mozilla\Firefox\Profiles\irja9zff.default \formhistory.dat Object is locked saltado
C:\Documents and Settings\Sabrina\Datos de programa\Mozilla\Firefox\Profiles\irja9zff.default \history.dat Object is locked saltado
C:\Documents and Settings\Sabrina\Datos de programa\Mozilla\Firefox\Profiles\irja9zff.default \key3.db Object is locked saltado
C:\Documents and Settings\Sabrina\Datos de programa\Mozilla\Firefox\Profiles\irja9zff.default \parent.lock Object is locked saltado
C:\Documents and Settings\Sabrina\Datos de programa\Mozilla\Firefox\Profiles\irja9zff.default \search.sqlite Object is locked saltado
C:\Documents and Settings\Sabrina\Datos de programa\Mozilla\Firefox\Profiles\irja9zff.default \urlclassifier2.sqlite Object is locked saltado
C:\Documents and Settings\Sabrina\Datos de programa\Skype\sabricis\call256.dbb Object is locked saltado
C:\Documents and Settings\Sabrina\Datos de programa\Skype\sabricis\callmember256.dbb Object is locked saltado
C:\Documents and Settings\Sabrina\Datos de programa\Skype\sabricis\chat512.dbb Object is locked saltado
C:\Documents and Settings\Sabrina\Datos de programa\Skype\sabricis\chatmsg1024.dbb Object is locked saltado
C:\Documents and Settings\Sabrina\Datos de programa\Skype\sabricis\chatmsg256.dbb Object is locked saltado
C:\Documents and Settings\Sabrina\Datos de programa\Skype\sabricis\chatmsg512.dbb Object is locked saltado
C:\Documents and Settings\Sabrina\Datos de programa\Skype\sabricis\contactgroup256.dbb Object is locked saltado
C:\Documents and Settings\Sabrina\Datos de programa\Skype\sabricis\index2.dat Object is locked saltado
C:\Documents and Settings\Sabrina\Datos de programa\Skype\sabricis\profile4096.dbb Object is locked saltado
C:\Documents and Settings\Sabrina\Datos de programa\Skype\sabricis\transfer256.dbb Object is locked saltado
C:\Documents and Settings\Sabrina\Datos de programa\Skype\sabricis\transfer512.dbb Object is locked saltado
C:\Documents and Settings\Sabrina\Datos de programa\Skype\sabricis\user1024.dbb Object is locked saltado
C:\Documents and Settings\Sabrina\Datos de programa\Skype\sabricis\user16384.dbb Object is locked saltado
C:\Documents and Settings\Sabrina\Datos de programa\Skype\sabricis\user256.dbb Object is locked saltado
C:\Documents and Settings\Sabrina\Datos de programa\Skype\sabricis\user4096.dbb Object is locked saltado
C:\Documents and Settings\Sabrina\Datos de programa\Skype\sabricis\voicemail256.dbb Object is locked saltado
C:\Documents and Settings\Sabrina\Mis documentos\TeamWorks Projects\165.98.137.154\Projects\Rental 070919\termbase\mxw_57.ldb Object is locked saltado
C:\Documents and Settings\Sabrina\Mis documentos\TeamWorks Projects\165.98.137.154\Projects\Rental 070919\termbase\mxw_57.mdb Object is locked saltado
C:\Documents and Settings\Sabrina\Mis documentos\Trados\TM\KJIR_11540.iix Object is locked saltado
C:\Documents and Settings\Sabrina\Mis documentos\Trados\TM\KJIR_11540.mdf Object is locked saltado
C:\Documents and Settings\Sabrina\Mis documentos\Trados\TM\KJIR_11540.mtf Object is locked saltado
C:\Documents and Settings\Sabrina\Mis documentos\Trados\TM\KJIR_11540.mwf Object is locked saltado
C:\Documents and Settings\Sabrina\Mis documentos\Trados\TM\KJIR_11540.tmw Object is locked saltado
C:\Documents and Settings\Sabrina\ntuser.dat Object is locked saltado
C:\Documents and Settings\Sabrina\ntuser.dat.LOG Object is locked saltado
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked saltado
C:\System Volume Information\_restore{D720FE40-0039-4532-8DF9-0C817F22A361}\RP1\change.log Object is locked saltado
C:\WINDOWS\Debug\PASSWD.LOG Object is locked saltado
C:\WINDOWS\SchedLgU.Txt Object is locked saltado
C:\WINDOWS\SoftwareDistribution\EventCache\{98E123 3E-F9A8-4AEB-A197-A220639EEB1F}.bin Object is locked saltado
C:\WINDOWS\SoftwareDistribution\ReportingEvents.lo g Object is locked saltado
C:\WINDOWS\Sti_Trace.log Object is locked saltado
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked saltado
C:\WINDOWS\system32\config\default Object is locked saltado
C:\WINDOWS\system32\config\default.LOG Object is locked saltado
C:\WINDOWS\system32\config\SAM Object is locked saltado
C:\WINDOWS\system32\config\SAM.LOG Object is locked saltado
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked saltado
C:\WINDOWS\system32\config\SECURITY Object is locked saltado
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked saltado
C:\WINDOWS\system32\config\software Object is locked saltado
C:\WINDOWS\system32\config\software.LOG Object is locked saltado
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked saltado
C:\WINDOWS\system32\config\system Object is locked saltado
C:\WINDOWS\system32\config\system.LOG Object is locked saltado
C:\WINDOWS\system32\h323log.txt Object is locked saltado
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked saltado
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked saltado
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked saltado
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MA P Object is locked saltado
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MA P Object is locked saltado
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DAT A Object is locked saltado
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked saltado
C:\WINDOWS\wiadebug.log Object is locked saltado
C:\WINDOWS\wiaservc.log Object is locked saltado
C:\WINDOWS\WindowsUpdate.log Object is locked saltado

Análisis completado.

¡Mil gracias!

S.

Aquí estoy otra vez...
Acabo de pasar el SpyBot, y sigo teniendo el mismo problema: detecta el SpyAgent y no me deja eliminarlo

Por lo visto no puedo pegar aquí la imagen de la pantalla, pero en el spybot me aparece un mensaje que dice:

Unexpected error in fixing problems
(Cannot create file "C:\WINDOWS\wininit.ini". El proceso no tiene acceso al archivo porque está siendo utilizado por otro proceso)

¿Se les ocurre alguna forma de solucionarlo?

Muchísimas gracias otra vez,

S.

Hola Sa-sa

• Descarga el SilentRunner (dale click con el boton derecho del ratón al enlace y luego en Guardar enlace cómo, Save as o Save Link as....)
  • Ejecuta el script, al hacerlo, te hará unas preguntas, en dichas preguntas contesta 'No' y 'Si' (en ese orden)....
  • Luego, deberás esperar (aunque parezca que no hace nada) a que te aparezca un mensaje con el botón OK
  • En la misma carpeta que ejecutes el script aparecerá un archivo llamado Reporte el cual deberás colocarlo aquí (si lo abres o envías antes de ver el mensaje con el botón Ok, no estará completo)
    Ten un poquito de paciencia hasta que termine el proceso.

Salu2
Recuerda volver

Hola Devil May Cry,

Gracias por tu ayuda... pego aquí el informe:

"Silent Runners.vbs", revision 52, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run \ {++}
"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"msnmsgr" = ""C:\Archivos de programa\MSN Messenger\msnmsgr.exe" /background" [MS]
"swg" = "C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolba rNotifier.exe" ["Google Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run \ {++}
"AGRSMMSG" = "AGRSMMSG.exe" ["Agere Systems"]
"CHotkey" = "mHotkey.exe" ["Chicony"]
"EPSON Stylus CX3700 Series" = "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI ACL.EXE /P26 "EPSON Stylus CX3700 Series" /O6 "USB001" /M "Stylus CX3700"" ["SEIKO EPSON CORPORATION"]
"VTTimer" = "VTTimer.exe" ["S3 Graphics, Inc."]
"SunJavaUpdateSched" = ""C:\Archivos de programa\Java\jre1.6.0_02\bin\jusched.exe"" ["Sun Microsystems, Inc."]
"bgsmsnd.exe" = "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\bgsmsn d.exe" [null data]
"nod32kui" = ""C:\Archivos de programa\Eset\nod32kui.exe" /WAITSERVICE" ["Eset "]
"QuickTime Task" = ""C:\Archivos de programa\QuickTime\QTTask.exe" -atboottime" ["Apple Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
\InProcServer32\(Default) = "C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{56CF4856-ECB4-4e46-A897-A378821F97B9}\(Default) = (no title provided)
-> {HKLM...CLSID} = "pdfMachine"
\InProcServer32\(Default) = "C:\WINDOWS\system32\bgstb.dll" ["Broadgun Software"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Archivos de programa\Java\jre1.6.0_02\bin\ssv.dll" ["Sun Microsystems, Inc."]
{A5366673-E8CA-11D3-9CD9-0090271D075B}\(Default) = (no title provided)
-> {HKLM...CLSID} = "IeCatch2 Class"
\InProcServer32\(Default) = "C:\Archivos de programa\FlashGet\jccatch.dll" ["Amaze Soft"]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Helper"
\InProcServer32\(Default) = "c:\windows\googletoolbar2.dll" ["Google Inc."]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Notifier BHO"
\InProcServer32\(Default) = "C:\Archivos de programa\Google\GoogleToolbarNotifier\2.0.301.7164 \swg.dll" ["Google Inc."]
{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}\(Default) = (no title provided)
-> {HKLM...CLSID} = "EpsonToolBandKicker Class"
\InProcServer32\(Default) = "C:\Archivos de programa\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll" ["SEIKO EPSON CORPORATION"]

HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extensión de paneo de pantalla del Panel de control"
-> {HKLM...CLSID} = "Extensión de paneo de pantalla del Panel de control"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extensión de icono de HyperTerminal"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\ARCHIV~1\WinZip\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\ARCHIV~1\WinZip\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\ARCHIV~1\WinZip\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Archivos de programa\WinRAR\rarext.dll" [null data]
"{4CCEFB41-18FA-11D3-9EF3-00A0C9E897FD}" = "Componente de extensión del núcleo de CorelDRAW"
-> {HKLM...CLSID} = "Componente de extensión del núcleo de CorelDRAW"
\InProcServer32\(Default) = "C:\Archivos de programa\Corel\Graphics10\Draw\CdrViewer\CrlShell1 00.dll" [null data]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "C:\Archivos de programa\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{9A0FCE34-C7CA-4F8F-A2BD-2265244B280B}" = "YDS Icon Overlay Handler"
-> {HKLM...CLSID} = "YDS Icon Overlay Handler"
\InProcServer32\(Default) = "C:\ARCHIV~1\Yahoo!\YAHOO!~1\YDSICO~1.DLL" [empty string]
"{4469E55B-EF37-4E08-A39B-5774F91DB50B}" = "YDS Icon Handler"
-> {HKLM...CLSID} = "YDS Icon Handler"
\InProcServer32\(Default) = "C:\ARCHIV~1\Yahoo!\YAHOO!~1\YDSICO~1.DLL" [empty string]
"{1E15FD41-28D0-4AE0-902F-292FA537F6D5}" = "Add to AnyCount"
-> {HKLM...CLSID} = "Add to AnyCount"
\InProcServer32\(Default) = "C:\ARCHIV~1\ANYCOU~1.0\ACMenu.dll" ["Advanced International Translations"]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
-> {HKLM...CLSID} = "iTunes"
\InProcServer32\(Default) = "C:\Archivos de programa\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]
"{EBDF1F20-C829-11D1-8233-0020AF3E97A9}" = "PractiCount (Business) CMExt"
-> {HKLM...CLSID} = "PractiCount (Business) CMExt"
\InProcServer32\(Default) = "C:\WINDOWS\system32\PCountBuCME.dll" ["Practiline Software"]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Extensión de iconos de archivo de Outlook"
\InProcServer32\(Default) = "C:\Archivos de programa\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Archivos de programa\Microsoft Office\Office10\msohev.dll" [MS]
"{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}" = "TuneUp Shredder Shell Extension"
-> {HKLM...CLSID} = "TuneUp Shredder Shell Extension"
\InProcServer32\(Default) = "C:\Archivos de programa\TuneUp Utilities 2007\SDShelEx-win32.dll" ["TuneUp Software GmbH"]
"{44440D00-FF19-4AFC-B765-9A0970567D97}" = "TuneUp Theme Extension"
-> {HKLM...CLSID} = "TuneUp Theme Extension"
\InProcServer32\(Default) = "C:\WINDOWS\System32\uxtuneup.dll" ["TuneUp Software GmbH"]
"{B089FE88-FB52-11D3-BDF1-0050DA34150D}" = "NOD32 Context Menu Shell Extension"
-> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\Archivos de programa\Eset\nodshex.dll" [null data]
"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"
-> {HKLM...CLSID} = "My Sharing Folders"
\InProcServer32\(Default) = "C:\Archivos de programa\MSN Messenger\fsshext.8.1.0178.00.dll" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\She llServiceObjectDelayLoad\
"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
-> {HKLM...CLSID} = "WPDShServiceObj Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]

HKLM\Software\Classes\Folder\shellex\ColumnHandler s\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandler s\
AnyCountMenu\(Default) = "{1E15FD41-28D0-4AE0-902F-292FA537F6D5}"
-> {HKLM...CLSID} = "Add to AnyCount"
\InProcServer32\(Default) = "C:\ARCHIV~1\ANYCOU~1.0\ACMenu.dll" ["Advanced International Translations"]
NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"
-> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\Archivos de programa\Eset\nodshex.dll" [null data]
PractiCount.Bu\(Default) = "{EBDF1F20-C829-11D1-8233-0020AF3E97A9}"
-> {HKLM...CLSID} = "PractiCount (Business) CMExt"
\InProcServer32\(Default) = "C:\WINDOWS\system32\PCountBuCME.dll" ["Practiline Software"]
TuneUp Shredder Shell Extension\(Default) = "{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}"
-> {HKLM...CLSID} = "TuneUp Shredder Shell Extension"
\InProcServer32\(Default) = "C:\Archivos de programa\TuneUp Utilities 2007\SDShelEx-win32.dll" ["TuneUp Software GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Archivos de programa\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\ARCHIV~1\WinZip\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

HKLM\Software\Classes\Directory\shellex\ContextMen uHandlers\
PractiCount.Bu\(Default) = "{EBDF1F20-C829-11D1-8233-0020AF3E97A9}"
-> {HKLM...CLSID} = "PractiCount (Business) CMExt"
\InProcServer32\(Default) = "C:\WINDOWS\system32\PCountBuCME.dll" ["Practiline Software"]
TuneUp Shredder Shell Extension\(Default) = "{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}"
-> {HKLM...CLSID} = "TuneUp Shredder Shell Extension"
\InProcServer32\(Default) = "C:\Archivos de programa\TuneUp Utilities 2007\SDShelEx-win32.dll" ["TuneUp Software GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Archivos de programa\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\ARCHIV~1\WinZip\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

HKLM\Software\Classes\Folder\shellex\ContextMenuHa ndlers\
NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"
-> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\Archivos de programa\Eset\nodshex.dll" [null data]
PractiCount.Bu\(Default) = "{EBDF1F20-C829-11D1-8233-0020AF3E97A9}"
-> {HKLM...CLSID} = "PractiCount (Business) CMExt"
\InProcServer32\(Default) = "C:\WINDOWS\system32\PCountBuCME.dll" ["Practiline Software"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Archivos de programa\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\ARCHIV~1\WinZip\WZSHLSTB.DLL" ["WinZip Computing, Inc."]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System\

"DisableRegistryTools" = (REG_DWORD) hex:0x00000000
{User Configuration|Administrative Templates|System|
Prevent access to registry editing tools}

HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Configur ación local\Datos de programa\Microsoft\Wallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Sabrina\Configuración local\Datos de programa\Microsoft\Wallpaper1.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\ARCHIV~1\Webshots\webshots.scr" ["Webshots.com"]


Startup items in "Sabrina" & "All Users" startup folders:
---------------------------------------------------------

C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio
"Acrobat Assistant" -> shortcut to: "C:\Archivos de programa\Adobe\Acrobat 5.0 ME\Distillr\AcroTray.exe" ["Adobe Systems Inc."]
"Microsoft Office" -> shortcut to: "C:\Archivos de programa\Microsoft Office\Office10\OSA.EXE -b -l" [MS]


Enabled Scheduled Tasks:
------------------------

"AppleSoftwareUpdate" -> launches: "C:\Archivos de programa\Apple Software Update\SoftwareUpdate.exe -task" ["Apple Inc."]
"Mantenimiento con 1 clic" -> launches: "C:\Archivos de programa\TuneUp Utilities 2007\SystemOptimizer.exe /schedulestart" ["TuneUp Software GmbH"]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Pa rameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Pa rameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
C:\WINDOWS\system32\imon.dll ["Eset "], 01 - 05, 21
%SystemRoot%\system32\mswsock.dll [MS], 06 - 08, 11 - 20
%SystemRoot%\system32\rsvpsp.dll [MS], 09 - 10


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\windows\googletoolbar2.dll" ["Google Inc."]

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\windows\googletoolbar2.dll" ["Google Inc."]
"{EE5D279F-081B-4404-994D-C6B60AAEBA6D}"
-> {HKLM...CLSID} = "EPSON Web-To-Page"
\InProcServer32\(Default) = "C:\Archivos de programa\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll" ["SEIKO EPSON CORPORATION"]
"{56CF4856-ECB4-4E46-A897-A378821F97B9}"
-> {HKLM...CLSID} = "pdfMachine"
\InProcServer32\(Default) = "C:\WINDOWS\system32\bgstb.dll" ["Broadgun Software"]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{E0E899AB-F487-11D5-8D29-0050BA6940E3}" = "FlashGet Bar"
-> {HKLM...CLSID} = "FlashGet Bar"
\InProcServer32\(Default) = "C:\ARCHIV~1\FlashGet\fgiebar.dll" ["Amaze Soft"]
"{56CF4856-ECB4-4E46-A897-A378821F97B9}" = (no title provided)
-> {HKLM...CLSID} = "pdfMachine"
\InProcServer32\(Default) = "C:\WINDOWS\system32\bgstb.dll" ["Broadgun Software"]
"{EE5D279F-081B-4404-994D-C6B60AAEBA6D}" = (no title provided)
-> {HKLM...CLSID} = "EPSON Web-To-Page"
\InProcServer32\(Default) = "C:\Archivos de programa\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll" ["SEIKO EPSON CORPORATION"]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\windows\googletoolbar2.dll" ["Google Inc."]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Consola de Sun Java"
"CLSIDExtension" = "{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in 1.6.0_02"
\InProcServer32\(Default) = "C:\Archivos de programa\Java\jre1.6.0_02\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.6.0_02"
\InProcServer32\(Default) = "C:\Archivos de programa\Java\jre1.6.0_02\bin\npjpi160_02.dll" ["Sun Microsystems, Inc."]

{D6E814A0-E0C5-11D4-8D29-0050BA6940E3}\
"ButtonText" = "FlashGet"
"MenuText" = "&FlashGet"
"Exec" = "C:\Archivos de programa\FlashGet\flashget.exe" ["Amaze Soft"]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Archivos de programa\Messenger\msmsgs.exe" [MS]


Miscellaneous IE Hijack Points
------------------------------

HKLM\Software\Microsoft\Internet Explorer\AboutURLs\
<<H>> "TuneUp" = "file://C|/Documents and Settings/All Users/Datos de programa/TuneUp Software/Common/base.css" [file not found]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Machine Debug Manager, MDM, ""C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe"" [MS]
Messenger Sharing Folders USN Journal Reader service, usnjsvc, ""C:\Archivos de programa\MSN Messenger\usnsvc.exe"" [MS]
NOD32 Kernel Service, NOD32krn, ""C:\Archivos de programa\Eset\nod32krn.exe"" ["Eset "]
SoundMAX Agent Service, SoundMAX Agent Service (default), "C:\Archivos de programa\Analog Devices\SoundMAX\SMAgent.exe" ["Analog Devices, Inc."]
TuneUp Ampliación del thema, UxTuneUp, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\uxtuneup.dll" ["TuneUp Software GmbH"]}


Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monito rs\
EPSON Stylus CX3700 Series 2KMonitor5L\Driver = "E_FLMACL.DLL" ["SEIKO EPSON CORPORATION"]
PDF Port\Driver = "C:\WINDOWS\system32\pdfports.dll" ["Adobe Systems Incorporated."]
PDF Port Monitor\Driver = "bgspmnt.dll" [null data]
TCI Port\Driver = "ftprmn45.dll" ["Thought Communications, Inc."]


---------- (launch time: 2007-10-02 13:28:22)
<<H>>: Suspicious data at a browser hijack point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 121 seconds.
---------- (total run time: 209 seconds)

Hola Sa-sa

Pasate el SpyBot y nos pegas el reporte.

Salu2

Hola,

Aquí les pego el informe del SpyBot, por partes, gracias!

--- Search result list ---
SpyAgent: Ejecutable (Archivo, nothing done)
C:\WINDOWS\unvise32.exe


--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-09-20 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2007-05-23 advcheck.dll (1.5.3.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2007-07-31 Tools.dll (2.1.2.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2007-09-26 Includes\Cookies.sbi (*)
2007-07-25 Includes\Dialer.sbi (*)
2007-09-26 Includes\DialerC.sbi (*)
2007-08-29 Includes\Hijackers.sbi (*)
2007-09-26 Includes\HijackersC.sbi (*)
2007-07-25 Includes\Keyloggers.sbi (*)
2007-09-26 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2007-09-12 Includes\Malware.sbi (*)
2007-09-26 Includes\MalwareC.sbi (*)
2007-09-05 Includes\PUPS.sbi (*)
2007-09-26 Includes\PUPSC.sbi (*)
2007-09-26 Includes\Revision.sbi (*)
2007-05-30 Includes\Security.sbi (*)
2007-09-26 Includes\SecurityC.sbi (*)
2007-09-12 Includes\Spybots.sbi (*)
2007-09-26 Includes\SpybotsC.sbi (*)
2007-08-21 Includes\Tracks.uti
2007-09-12 Includes\Trojans.sbi (*)
2007-09-26 Includes\TrojansC.sbi (*)
2007-06-06 Plugins\TCPIPAddress.dll



--- System information ---
Windows XP (Build: 2600) Service Pack 2
/ .NETFramework / 1.0: Microsoft .NET Framework Service Pack 2
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB886903)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB893251)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
/ Internet Explorer 6 / SP1: Revisión de Windows XP - KB834707
/ Internet Explorer 6 / SP1: Revisión de Windows XP - KB867282
/ Internet Explorer 6 / SP1: Revisión de Windows XP - KB889293
/ MSXML4SP2: FIX: ASP stops responding when calling Response.Redirect to another server using msxml4 sp2
/ MSXML4SP2: Security update for MSXML4 SP2 (KB936181)
/ Windows Media Player 10: Actualización de seguridad para el Reproductor de Windows Media 10 (KB917734)
/ Windows Media Player 11: Actualización de seguridad para el Reproductor de Windows Media 11 (KB936782)
/ Windows Media Player 11: Revisión para el Reproductor de Windows Media 11 (KB939683)
/ Windows Media Player 6.4: Actualización de seguridad para el Reproductor de Windows Media 6.4 (KB925398)
/ Windows Media Player 9: Actualización de seguridad para el Reproductor de Windows Media 9 (KB917734)
/ Windows XP: Actualización de seguridad para Windows XP (KB923689)
/ Windows XP / SP10: Microsoft Compression Client Pack 1.0 for Windows XP
/ Windows XP / SP3: Revisión de Windows XP - KB873339
/ Windows XP / SP3: Revisión de Windows XP - KB885835
/ Windows XP / SP3: Revisión de Windows XP - KB885836
/ Windows XP / SP3: Revisión de Windows XP - KB885884
/ Windows XP / SP3: Revisión de Windows XP - KB886185
/ Windows XP / SP3: Revisión de Windows XP - KB887742
/ Windows XP / SP3: Revisión de Windows XP - KB888113
/ Windows XP / SP3: Revisión de Windows XP - KB888302
/ Windows XP / SP3: Actualización de seguridad para Windows XP (KB890046)
/ Windows XP / SP3: Revisión de Windows XP - KB890859
/ Windows XP / SP3: Revisión de Windows XP - KB891781
/ Windows XP / SP3: Actualización de seguridad para Windows XP (KB893756)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Actualización para Windows XP (KB894391)
/ Windows XP / SP3: Actualización de seguridad para Windows XP (KB896358)
/ Windows XP / SP3: Actualización de seguridad para Windows XP (KB896422)
/ Windows XP / SP3: Actualización de seguridad para Windows XP (KB896423)
/ Windows XP / SP3: Actualización de seguridad para Windows XP (KB896424)
/ Windows XP / SP3: Actualización de seguridad para Windows XP (KB896428)
/ Windows XP / SP3: Actualización de seguridad para Windows XP (KB899587)
/ Windows XP / SP3: Actualización de seguridad para Windows XP (KB899589)
/ Windows XP / SP3: Actualización de seguridad para Windows XP (KB899591)
/ Windows XP / SP3: Actualización para Windows XP (KB900485)
/ Windows XP / SP3: Actualización de seguridad para Windows XP (KB900725)
/ Windows XP / SP3: Actualización de seguridad para Windows XP (KB901017)
/ Windows XP / SP3: Actualización de seguridad para Windows XP (KB901214)
/ Windows XP / SP3: Actualización de seguridad para Windows XP (KB902400)
/ Windows XP / SP3: Actualización de seguridad para Windows XP (KB904706)
/ Windows XP / SP3: Actualización de seguridad para Windows XP (KB905414)
/ Windows XP / SP3: Actualización de seguridad para Windows XP (KB905749)
/ Windows XP / SP3: Actualización de seguridad para Windows XP (KB908519)
/ Windows XP / SP3: Actualización para Windows XP (KB908531)
/ Windows XP / SP3: Actualización para Windows XP (KB910437)
/ Windows XP / SP3: Actualización para Windows XP (KB911280)
/ Windows XP / SP3: Actualización de seguridad para Windows XP (KB911562)
/ Windows XP / SP3: Actualización de seguridad para Windows XP (KB911567)
/ Windows XP / SP3: Actualización de seguridad para Windows XP (KB911927)
/ Windows XP / SP3: Actualización de seguridad para Windows XP (KB912919)
/ Windows XP / SP3: Actualización de seguridad para Windows XP (KB913580)
/ Windows XP / SP3: Actualización de seguridad para Windows XP (KB914388)
/ Windows XP / SP3: Actualización de seguridad para Windows XP (KB914389)
/ Windows XP / SP3: Actualización de seguridad para Windows XP (KB916281)
/ Windows XP / SP3: Actualización para Windows XP (KB916595)
/ Windows XP / SP3: Actualización de seguridad para Windows XP (KB917159)
/ Windows XP / SP3: Actualización de seguridad para Windows XP (KB917344)
/ Windows XP / SP3: Actualización de seguridad para Windows XP (KB917422)
/ Windows XP / SP3: Actualización de seguridad para Windows XP (KB917953)
/ Windows XP / SP3: Actualización de seguridad para Windows XP (KB918118)
/ Windows XP / SP3: Actualización de seguridad para Windows XP (KB918439)
/ Windows XP / SP3: Actualización de seguridad para Windows XP (KB918899)
/ Windows XP / SP3: Actualización de seguridad para Windows XP (KB919007)
/ Windows XP / SP3: Actualización de seguridad para Windows XP (KB920213)
/ Windows XP / SP3: Actualización de seguridad para Windows XP (KB920214)
/ Windows XP / SP3: Actualización de seguridad para Windows XP (KB920670)
/ Windows XP / SP3: Actualización de seguridad para Windows XP (KB920683)
/ Windows XP / SP3: Actualización de seguridad para Windows XP (KB920685)
/ Windows XP / SP3: Actualización para Windows XP (KB920872)
/ Windows XP / SP3: Actualización de seguridad para Windows XP (KB921398)
/ Windows XP / SP3: Actualización de seguridad para Windows XP (KB921503)
/ Windows XP / SP3: Actualización de seguridad para Windows XP (KB921883)
/ Windows XP / SP3: Actualización para Windows XP (KB922582)
/ Windows XP / SP3: Actualización de seguridad para Windows XP (KB922616)
/ Windows XP / SP3: Actualización de seguridad para Windows XP (KB922760)
/ Windows XP / SP3: Actualización de seguridad para Windows XP (KB922819)
/ Windows XP / SP3: Actualización de seguridad para Windows XP (KB923191)
/ Windows XP / SP3: Actualización de seguridad para Windows XP (KB923414)
/ Windows XP / SP3: Actualización de seguridad para Windows XP (KB923694)
/ Windows XP / SP3: Actualización de seguridad para Windows XP (KB923980)
/ Windows XP / SP3: Actualización de seguridad para Windows XP (KB924191)
/ Windows XP / SP3: Actualización de seguridad para Windows XP (KB924270)
/ Windows XP / SP3: Actualización de seguridad para Windows XP (KB924496)
/ Windows XP / SP3: Actualización de seguridad para Windows XP (KB924667)
/ Windows XP / SP3: Actualización de seguridad para Windows XP (KB925454)
/ Windows XP / SP3: Actualización de seguridad para Windows XP (KB925486)
/ Windows XP / SP3: Actualización de seguridad para Windows XP (KB925902)
/ Windows XP / SP3: Hotfix for Windows XP (KB926239)
/ Windows XP / SP3: Actualización de seguridad para Windows XP (KB926255)
/ Windows XP / SP3: Actualización de seguridad para Windows XP (KB926436)
/ Windows XP / SP3: Actualización de seguridad para Windows XP (KB927779)
/ Windows XP / SP3: Actualización de seguridad para Windows XP (KB927802)
/ Windows XP / SP3: Actualización para Windows XP (KB927891)
/ Windows XP / SP3: Actualización de seguridad para Windows XP (KB928090)
/ Windows XP / SP3: Actualización de seguridad para Windows XP (KB928255)
/ Windows XP / SP3: Actualización de seguridad para Windows XP (KB928843)
/ Windows XP / SP3: Actualización de seguridad para Windows XP (KB929123)
/ Windows XP / SP3: Actualización para Windows XP (KB929338)
/ Windows XP / SP3: Actualización de seguridad para Windows XP (KB929969)
/ Windows XP / SP3: Actualización de seguridad para Windows XP (KB930178)
/ Windows XP / SP3: Actualización para Windows XP (KB930916)
/ Windows XP / SP3: Actualización de seguridad para Windows XP (KB931261)
/ Windows XP / SP3: Actualización de seguridad para Windows XP (KB931768)
/ Windows XP / SP3: Actualización de seguridad para Windows XP (KB931784)
/ Windows XP / SP3: Actualización para Windows XP (KB931836)
/ Windows XP / SP3: Actualización de seguridad para Windows XP (KB932168)
/ Windows XP / SP3: Actualización para Windows XP (KB933360)
/ Windows XP / SP3: Actualización de seguridad para Windows XP (KB933566)
/ Windows XP / SP3: Actualización de seguridad para Windows XP (KB935839)
/ Windows XP / SP3: Actualización de seguridad para Windows XP (KB935840)
/ Windows XP / SP3: Actualización de seguridad para Windows XP (KB936021)
/ Windows XP / SP3: Actualización de seguridad para Windows XP (KB937143)
/ Windows XP / SP3: Actualización de seguridad para Windows XP (KB938127)
/ Windows XP / SP3: Actualización para Windows XP (KB938828)
/ Windows XP / SP3: Actualización de seguridad para Windows XP (KB938829)


--- Startup entries list ---
Located: HK_LM:Run, AGRSMMSG
command: AGRSMMSG.exe
file: C:\WINDOWS\AGRSMMSG.exe
size: 88209
MD5: 230ea041666125b6812fe3ff964b2df3

Located: HK_LM:Run, bgsmsnd.exe
command: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\bgsmsnd .exe
file: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\bgsmsnd .exe
size: 151552
MD5: 8a2287345b0bccf658e417fb20e71ab0

Located: HK_LM:Run, CHotkey
command: mHotkey.exe
file: C:\WINDOWS\mHotkey.exe
size: 493056
MD5: c4e42a1e959145f967f1f0e5627f615c

Located: HK_LM:Run, EPSON Stylus CX3700 Series
command: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIA CL.EXE /P26 "EPSON Stylus CX3700 Series" /O6 "USB001" /M "Stylus CX3700"
file: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIA CL.EXE
size: 98304
MD5: a8fdb9a4af571bcda6dccb29098f8812

Located: HK_LM:Run, nod32kui
command: "C:\Archivos de programa\Eset\nod32kui.exe" /WAITSERVICE
file: C:\Archivos de programa\Eset\nod32kui.exe
size: 949376
MD5: 66bc5f3ad50fe6225d3fd1964a749d38

Located: HK_LM:Run, QuickTime Task
command: "C:\Archivos de programa\QuickTime\QTTask.exe" -atboottime
file: C:\Archivos de programa\QuickTime\QTTask.exe
size: 286720
MD5: 49ccfbe5d5225b9d3cc78c09dee147d0

Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Archivos de programa\Java\jre1.6.0_02\bin\jusched.exe"
file: C:\Archivos de programa\Java\jre1.6.0_02\bin\jusched.exe
size: 132496
MD5: 896e712a34d654a337c8cbb9deb07200

Located: HK_LM:Run, VTTimer
command: VTTimer.exe
file: C:\WINDOWS\system32\VTTimer.exe
size: 49152
MD5: 4e65c3c5accc24d0bc49a0954e5f4885

Located: HK_CU:Run, CTFMON.EXE
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 25ecfa69af1563fde8dfd31f9954497a

Located: HK_CU:Run, msnmsgr
command: "C:\Archivos de programa\MSN Messenger\msnmsgr.exe" /background
file: C:\Archivos de programa\MSN Messenger\msnmsgr.exe
size: 5674352
MD5: c4281ad865739e71fd1e4dac19a68d60

Located: HK_CU:Run, swg
command: C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolba rNotifier.exe
file: C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolba rNotifier.exe
size: 68856
MD5: e616a6a6e91b0a86f2f6217cde835ffe

Located: Inicio (común), Acrobat Assistant.lnk
command: C:\Archivos de programa\Adobe\Acrobat 5.0 ME\Distillr\AcroTray.exe
file: C:\Archivos de programa\Adobe\Acrobat 5.0 ME\Distillr\AcroTray.exe
size: 82026
MD5: 21189b8f2d747b6981a54d5c5d554c8e

Located: Inicio (común), Microsoft Office.lnk
command: C:\Archivos de programa\Microsoft Office\Office10\OSA.EXE
file: C:\Archivos de programa\Microsoft Office\Office10\OSA.EXE
size: 83360
MD5: 5bc65464354a9fd3beaa28e18839734a

Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll

Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll

Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll

Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll

Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll

Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll

Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll

Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll

Located: WinLogon, WgaLogon
command: WgaLogon.dll
file: WgaLogon.dll

Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll



--- Browser helper object list ---
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
BHO name:
CLSID name: Adobe PDF Reader Link Helper
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
info link: http://www.adobe.com/products/acrobat/readstep2.html
info source: TonyKlein
Path: C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\
Long name: AcroIEHelper.dll
Short name: ACROIE~1.DLL
Date (created): 18/12/2006 04:16:42 a.m.
Date (last access): 02/10/2007 02:58:08 p.m.
Date (last write): 18/12/2006 04:16:42 a.m.
Filesize: 59032
Attributes: archive
MD5: 4EA3A6CD9D20584FFAFDB1E47DBF0E20
CRC32: 7B0A854F
Version: 7.0.9.50

{56CF4856-ECB4-4e46-A897-A378821F97B9} (pdfMachine)
BHO name:
CLSID name: pdfMachine
Path: C:\WINDOWS\system32\
Long name: bgstb.dll
Short name:
Date (created): 06/02/2007 09:32:38 a.m.
Date (last access): 02/10/2007 02:42:06 p.m.
Date (last write): 06/05/2006 11:57:48 a.m.
Filesize: 217088
Attributes: archive
MD5: 8BE3C70766D106DF7E6094876B1FAE38
CRC32: 1A92AD22
Version: 1.0.0.1

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
BHO name:
CLSID name: SSVHelper Class
Path: C:\Archivos de programa\Java\jre1.6.0_02\bin\
Long name: ssv.dll
Short name:
Date (created): 15/08/2007 08:48:08 a.m.
Date (last access): 02/10/2007 02:58:08 p.m.
Date (last write): 12/07/2007 04:00:36 a.m.
Filesize: 501136
Attributes: archive
MD5: D6137540BDF0F9F9B9055C60ADD8007A
CRC32: 29E910AF
Version: 6.0.20.6

{7E853D72-626A-48EC-A868-BA8D5E23E045} ()
BHO name:
CLSID name:

{A5366673-E8CA-11D3-9CD9-0090271D075B} (IeCatch2 Class)
BHO name:
CLSID name: IeCatch2 Class
description: FlashGet
classification: Open for discussion
known filename: Jccatch.dll
info link: http://www.amazesoft.com/
info source: TonyKlein
Path: C:\Archivos de programa\FlashGet\
Long name: Jccatch.dll
Short name:
Date (created): 02/07/2005 05:34:28 p.m.
Date (last access): 02/10/2007 02:34:54 p.m.
Date (last write): 16/01/2002 07:12:18 p.m.
Filesize: 65536
Attributes: archive
MD5: F2FAFE3CB6412C89F43D88CCEBE308F3
CRC32: B1AEC78B
Version: 1.1.4.0

{AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
BHO name:
CLSID name: Google Toolbar Helper
description: Google toolbar
classification: Open for discussion
known filename: googletoolbar.dll<br>googletoolbar*.dll<br>(* = number)<br>googletoolbar_en_*.**-big.dll<br>Googletoolbar_en_*.*.**-deleon.dll
info link: http://toolbar.google.com/
info source: TonyKlein
Path: c:\windows\
Long name: GoogleToolbar2.dll
Short name: GOOGLE~1.DLL
Date (created): 26/01/2007 08:57:46 a.m.
Date (last access): 02/10/2007 02:34:42 p.m.
Date (last write): 19/01/2007 11:55:56 p.m.
Filesize: 2427968
Attributes: readonly archive
MD5: 55AC8D1780933CD6F36D45326D4286A6
CRC32: E8FA4D17
Version: 4.0.1601.4978

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
BHO name:
CLSID name: Google Toolbar Notifier BHO
Path: C:\Archivos de programa\Google\GoogleToolbarNotifier\2.0.301.7164 \
Long name: swg.dll
Short name:
Date (created): 16/06/2007 1010 a.m.
Date (last access): 02/10/2007 02:58:08 p.m.
Date (last write): 16/06/2007 1010 a.m.
Filesize: 325048
Attributes: archive
MD5: 1DC47CA76A0FFEAA25B45DE5706F2115
CRC32: E2052360
Version: 2.0.301.7164

{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class)
BHO name:
CLSID name: EpsonToolBandKicker Class
Path: C:\Archivos de programa\EPSON\EPSON Web-To-Page\
Long name: EPSON Web-To-Page.dll
Short name: EPSONW~1.DLL
Date (created): 29/01/2006 12:02:40 p.m.
Date (last access): 02/10/2007 02:58:08 p.m.
Date (last write): 21/02/2005 09:50:34 p.m.
Filesize: 368640
Attributes: archive
MD5: 01319CF4030B3740BA8261E7024ACAD1
CRC32: D484DB79
Version: 1.1.0.0



--- ActiveX list ---
DirectAnimation Java Classes (DirectAnimation Java Classes)
DPF name: DirectAnimation Java Classes
CLSID name:
Installer:
Codebase:
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\dajava.cab
info link:
info source: Patrick M. Kolla

Microsoft XML Parser for Java (Microsoft XML Parser for Java)
DPF name: Microsoft XML Parser for Java
CLSID name:
Installer:
Codebase:
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\xmldso.cab
info link:
info source: Patrick M. Kolla

{08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class)
DPF name:
CLSID name: PlxInstall Class
Installer: C:\WINDOWS\Downloaded Program Files\PlaxoInstall.inf
Codebase: https://www.plaxo.com/down/release/PlaxoInstall.cab
description:
classification: Open for discussion
known filename: PlaxoInstall.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: PlaxoInstall.dll
Short name: PLAXOI~1.DLL
Date (created): 29/09/2004 06:51:56 p.m.
Date (last access): 02/10/2007 02:34:26 p.m.
Date (last write): 29/09/2004 06:51:56 p.m.
Filesize: 153176
Attributes: archive
MD5: B53B514D5FE46EF05D50F22DEA21FB1E
CRC32: 379635EF
Version: 2.0.4.59

{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object)
DPF name:
CLSID name: CKAVWebScan Object
Installer: C:\WINDOWS\Downloaded Program Files\kavwebscan.inf
Codebase: http://www.kaspersky.com/kos/spanish/kavwebscan_unicode.cab
description:
classification: Legitimate
known filename:
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\
Long name: kavwebscan.dll
Short name: KAVWEB~1.DLL
Date (created): 10/09/2007 10:47:44 a.m.
Date (last access): 02/10/2007 02:58:08 p.m.
Date (last write): 10/09/2007 10:47:44 a.m.
Filesize: 798720
Attributes: archive
MD5: 381E048060B18890A6C676A4D328784B
CRC32: 70793147
Version: 5.0.84.1

{193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control)
DPF name:
CLSID name: ewidoOnlineScan Control
Installer:
Codebase: http://download.ewido.net/ewidoOnlineScan.cab
description:
classification: Legitimate
known filename: EWIDOO~1.DLL
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\DOWNLO~1\
Long name: ewidoOnlineScan.dll
Short name: EWIDOO~1.DLL
Date (created): 03/01/2006 09:20:34 a.m.
Date (last access): 02/10/2007 02:34:26 p.m.
Date (last write): 03/01/2006 09:20:34 a.m.
Filesize: 327008
Attributes: archive
MD5: D40DBB08A55751B2A390813B0EA6955A
CRC32: 7D8648A3
Version: 1.0.0.1

{6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
DPF name:
CLSID name: WUWebControl Class
Installer: C:\WINDOWS\Downloaded Program Files\wuweb.inf
Codebase: http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1151249972140
description:
classification: Legitimate
known filename: wuweb.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\
Long name: wuweb.dll
Short name:
Date (created): 29/09/2004 12:41:52 p.m.
Date (last access): 02/10/2007 02:42:10 p.m.
Date (last write): 30/07/2007 07:19:28 p.m.
Filesize: 203096
Attributes: archive
MD5: 5C9A003E7C6BA03F04DC2D9C82A7E6E0
CRC32: E29E0153
Version: 7.0.6000.381

{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_02
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Archivos de programa\Java\jre1.6.0_02\bin\
Long name: npjpi160_02.dll
Short name: NPJPI1~1.DLL
Date (created): 12/07/2007 02:22:38 a.m.
Date (last access): 02/10/2007 02:58:10 p.m.
Date (last write): 12/07/2007 04:00:36 a.m.
Filesize: 132496
Attributes: archive
MD5: E3811F1A1C5063C941EC0E2766C3EA39
CRC32: AEFD3747
Version: 6.0.20.6

{8EDAD21C-3584-4E66-A8AB-EB0E5584767D} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\activate.inf
Codebase: http://toolbar.google.com/data/GoogleActivate.cab
description:
classification: Legitimate
known filename:
info link:
info source: Safer Networking Ltd.

{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class)
DPF name:
CLSID name: ActiveScan Installer Class
Installer: C:\WINDOWS\Downloaded Program Files\asinst.inf
Codebase: http://acs.pandasoftware.com/activescan/as5free/asinst.cab
description:
classification: Legitimate
known filename: ASINST.DLL
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: asinst.dll
Short name:
Date (created): 11/04/2006 0510 p.m.
Date (last access): 02/10/2007 02:34:26 p.m.
Date (last write): 24/08/2006 08:28:54 a.m.
Filesize: 141424
Attributes: archive
MD5: CB0EBD772D7D003BD11A999FF515A89A
CRC32: 3CFE74C1
Version: 58.6.0.0

{9E265649-6E0E-4EEA-9F49-DAE0801440CF} (WebDigiNet Control)
DPF name:
CLSID name: WebDigiNet Control
Installer: C:\WINDOWS\Downloaded Program Files\Webdiginet.inf
Codebase: http://vtaroba.dyndns.org/WebDiginet.CAB
description:
classification: Open for discussion
known filename: WEBDIG~1.OCX
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\
Long name: webdiginet.ocx
Short name: WEBDIG~1.OCX
Date (created): 22/01/2003 09:18:40 a.m.
Date (last access): 02/10/2007 02:58:10 p.m.
Date (last write): 22/01/2003 09:18:40 a.m.
Filesize: 147456
Attributes: archive
MD5: 710F25D62FEF90B1B1D8F0CF86B7CEAC
CRC32: 2F56A8AB
Version: 1.0.1.1030

{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02)
DPF name: Java Runtime Environment 1.4.1_02
CLSID name: Java Plug-in 1.4.1_02
Installer:
Codebase: http://java.sun.com/products/plugin/1.4/jinstall-14_02-windows-i586.cab
description:
classification: Legitimate
known filename: NPJPI141_02.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Archivos de programa\Java\j2re1.4.1_02\bin\
Long name: NPJPI141_02.dll
Short name: NPJPI1~1.DLL
Date (created): 14/04/2005 07:45:58 a.m.
Date (last access): 02/10/2007 02:58:10 p.m.
Date (last write): 20/02/2003 04:42:34 p.m.
Filesize: 61553
Attributes: archive
MD5: E4EFF4ADF1367AA79815A9061E64C0D9
CRC32: A0446F8E
Version: 1.4.1.20

{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_06
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Archivos de programa\Java\jre1.5.0_06\bin\
Long name: NPJPI150_06.dll
Short name: NPJPI1~1.DLL
Date (created): 02/03/2006 01:52:58 p.m.
Date (last access): 02/10/2007 02:58:10 p.m.
Date (last write): 10/11/2005 01:22:12 p.m.
Filesize: 69746
Attributes: archive
MD5: D2CF6BB5E9020E6707B62575F8083954
CRC32: 7F39DC54
Version: 5.0.60.5

{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_09
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
description:
classification: Legitimate
known filename: NPJPI150_09.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Archivos de programa\Java\jre1.5.0_09\bin\
Long name: NPJPI150_09.dll
Short name: NPJPI1~1.DLL
Date (created): 12/10/2006 0358 a.m.
Date (last access): 02/10/2007 02:58:10 p.m.
Date (last write): 12/10/2006 03:25:44 a.m.
Filesize: 69746
Attributes: archive
MD5: A3CDEB59B6B8C2EA81B9ED2D3EF4C95E
CRC32: 2A32A9A2
Version: 5.0.90.3

{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_11
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_11.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Archivos de programa\Java\jre1.5.0_11\bin\
Long name: NPJPI150_11.dll
Short name: NPJPI1~1.DLL
Date (created): 15/12/2006 03:09:16 a.m.
Date (last access): 02/10/2007 02:58:10 p.m.
Date (last write): 15/12/2006 03:23:26 a.m.
Filesize: 75528
Attributes: archive
MD5: 3B3F6984DBF972DAFF1B7E9C44E2FE75
CRC32: 4BDE2041
Version: 5.0.110.3

{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_01
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi160_01.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Archivos de programa\Java\jre1.6.0_01\bin\
Long name: npjpi160_01.dll
Short name: NPJPI1~1.DLL
Date (created): 14/03/2007 02:04:46 a.m.
Date (last access): 02/10/2007 02:58:10 p.m.
Date (last write): 14/03/2007 03:43:42 a.m.
Filesize: 132760
Attributes: archive
MD5: F112FB2FD2EF66D439799E3F834DF000
CRC32: D2B09219
Version: 6.0.0.6

{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_02
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi160_02.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Archivos de programa\Java\jre1.6.0_02\bin\
Long name: npjpi160_02.dll
Short name: NPJPI1~1.DLL
Date (created): 12/07/2007 02:22:38 a.m.
Date (last access): 02/10/2007 02:58:10 p.m.
Date (last write): 12/07/2007 04:00:36 a.m.
Filesize: 132496
Attributes: archive
MD5: E3811F1A1C5063C941EC0E2766C3EA39
CRC32: AEFD3747
Version: 6.0.20.6

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_02
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Archivos de programa\Java\jre1.6.0_02\bin\
Long name: npjpi160_02.dll
Short name: NPJPI1~1.DLL
Date (created): 12/07/2007 02:22:38 a.m.
Date (last access): 02/10/2007 02:58:10 p.m.
Date (last write): 12/07/2007 04:00:36 a.m.
Filesize: 132496
Attributes: archive
MD5: E3811F1A1C5063C941EC0E2766C3EA39
CRC32: AEFD3747
Version: 6.0.20.6

{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf
Codebase: http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\Macromed\Flash\
Long name: Flash9b.ocx
Short name:
Date (created): 09/11/2006 02:46:28 p.m.
Date (last access): 02/10/2007 02:14:12 p.m.
Date (last write): 09/11/2006 02:46:28 p.m.
Filesize: 2262648
Attributes: readonly archive
MD5: F3B3EE66CA76C94510555ABE9D00A353
CRC32: A51F3CB4
Version: 9.0.28.0



--- Process list ---
PID: 0 ( 0) [System]
PID: 556 ( 4) \SystemRoot\System32\smss.exe
PID: 612 ( 556) \??\C:\WINDOWS\system32\csrss.exe
PID: 636 ( 556) \??\C:\WINDOWS\system32\winlogon.exe
PID: 684 ( 636) C:\WINDOWS\system32\services.exe
size: 108544
MD5: F9852F505E0699BB83D5C6321917040B
PID: 696 ( 636) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 2B0B88652C9F6714FD4886839B3B0442
PID: 852 ( 684) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: FA03E1FC17F38FBDBA81470D08B3E416
PID: 952 ( 684) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: FA03E1FC17F38FBDBA81470D08B3E416
PID: 1060 ( 684) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: FA03E1FC17F38FBDBA81470D08B3E416
PID: 1136 ( 684) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: FA03E1FC17F38FBDBA81470D08B3E416
PID: 1272 ( 684) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: FA03E1FC17F38FBDBA81470D08B3E416
PID: 1452 ( 684) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: DA81EC57ACD4CDC3D4C51CF3D409AF9F
PID: 1632 (1592) C:\WINDOWS\Explorer.EXE
size: 1035776
MD5: F8DDB22B6EFC5E630D65E241074C2404
PID: 1852 (1632) C:\WINDOWS\AGRSMMSG.exe
size: 88209
MD5: 230EA041666125B6812FE3FF964B2DF3
PID: 1868 (1632) C:\WINDOWS\mHotkey.exe
size: 493056
MD5: C4E42A1E959145F967F1F0E5627F615C
PID: 1900 (1632) C:\WINDOWS\system32\VTTimer.exe
size: 49152
MD5: 4E65C3C5ACCC24D0BC49A0954E5F4885
PID: 1952 (1632) C:\Archivos de programa\Java\jre1.6.0_02\bin\jusched.exe
size: 132496
MD5: 896E712A34D654A337C8CBB9DEB07200
PID: 1980 (1632) C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\bgsmsnd .exe
size: 151552
MD5: 8A2287345B0BCCF658E417FB20E71AB0
PID: 2008 (1632) C:\Archivos de programa\Eset\nod32kui.exe
size: 949376
MD5: 66BC5F3AD50FE6225D3FD1964A749D38
PID: 2044 (1632) C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 25ECFA69AF1563FDE8DFD31F9954497A
PID: 132 (1632) C:\Archivos de programa\MSN Messenger\msnmsgr.exe
size: 5674352
MD5: C4281AD865739E71FD1E4DAC19A68D60
PID: 144 (1632) C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolba rNotifier.exe
size: 68856
MD5: E616A6A6E91B0A86F2F6217CDE835FFE
PID: 244 (1632) C:\Archivos de programa\Adobe\Acrobat 5.0 ME\Distillr\AcroTray.exe
size: 82026
MD5: 21189B8F2D747B6981A54D5C5D554C8E
PID: 380 ( 684) C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe
size: 270336
MD5: 4F0079377DCE09383958ABCC2E827750
PID: 404 ( 684) C:\Archivos de programa\Eset\nod32krn.exe
size: 552064
MD5: 5300E3715347A5DA5B94AEC3177F5F31
PID: 456 ( 684) C:\Archivos de programa\Analog Devices\SoundMAX\SMAgent.exe
size: 45056
MD5: 3978F082274F723AD5A0A8058C2417DD
PID: 472 ( 684) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: FA03E1FC17F38FBDBA81470D08B3E416
PID: 2080 ( 684) C:\WINDOWS\System32\alg.exe
size: 44544
MD5: 906D6932D533F1591CAA84E846B9BA06
PID: 3984 ( 684) C:\Archivos de programa\MSN Messenger\usnsvc.exe
size: 97136
MD5: C5B70A6AA947667CE0E5FC84A05EC8B6
PID: 340 (1632) C:\Archivos de programa\Mozilla Firefox\firefox.exe
size: 7644520
MD5: 1464FC5BC1DC30D56054E443642D42B1
PID: 2488 (1632) C:\Archivos de programa\Skype\Phone\Skype.exe
size: 20058152
MD5: 32CC2915FCC207086D9B43CCECE298F7
PID: 1248 (1632) C:\ARCHIV~1\TRADOS\T65_FL\TT\TAGEDI~1.EXE
size: 1609728
MD5: BFAD8705E41C4B8FED5103F31396624B
PID: 2744 (1632) C:\Archivos de programa\TRADOS\T65_FL\TT\TW4Win.exe
size: 1560576
MD5: CE6768B47CDB4F242AFE112CA34C5776
PID: 1720 ( 340) C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
size: 71288
MD5: 6C37AD8C2212D3DDC456BB48A3AA398E
PID: 1100 (1632) C:\Archivos de programa\Outlook Express\msimn.exe
size: 60416
MD5: 797C530F664CDF1489EA8F8D37DC492A
PID: 7984 (1632) C:\Archivos de programa\Spybot - Search & Destroy\SpybotSD.exe
size: 4393096
MD5: 09CA174A605B480318731E691DC98539
PID: 4 ( 0) System
PID: 1536 (1060) C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
size: 743936
MD5: 41D7D364E17F7B4121484A4992C93F68


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 02/10/2007 02:59:20 p.m.

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.google.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
http://www.google.com/ie
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.metro951.com/media.aspx
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://www.google.com/ie
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
http://www.google.com/search?q=%s
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SU B_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.google.com/ie
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://www.google.com/ie
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


--- Winsock Layered Service Provider list ---
Protocol 0: NOD32 protected [MSAFD Tcpip [TCP/IP]]
GUID: {6BA951B1-E80A-48FF-971F-BD727266C58F}
Filename: C:\WINDOWS\system32\imon.dll

Protocol 1: NOD32 protected [MSAFD Tcpip [UDP/IP]]
GUID: {21AB55FE-3612-42DC-BEFC-B703C746B6E8}
Filename: C:\WINDOWS\system32\imon.dll

Protocol 2: NOD32 protected [MSAFD Tcpip [RAW/IP]]
GUID: {72C87179-89F3-44F1-A623-47E8207FC816}
Filename: C:\WINDOWS\system32\imon.dll

Protocol 3: NOD32 protected [RSVP UDP Service Provider]
GUID: {7F4FB2BC-A32E-47B7-BA9A-E88648922142}
Filename: C:\WINDOWS\system32\imon.dll

Protocol 4: NOD32 protected [RSVP TCP Service Provider]
GUID: {8E2C29E0-22E2-4D84-95FF-005527B4885E}
Filename: C:\WINDOWS\system32\imon.dll

Protocol 5: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]

Protocol 6: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]

Protocol 7: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]

Protocol 8: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 9: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E28BD99B-DEA1-4F44-8ED7-47B22040C835}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E28BD99B-DEA1-4F44-8ED7-47B22040C835}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{04DA4396-6229-467F-A131-D5CDBE6A860D}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{04DA4396-6229-467F-A131-D5CDBE6A860D}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{54EFC9F0-2A74-400A-A437-9F8170C08424}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{54EFC9F0-2A74-400A-A437-9F8170C08424}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{FE33AF85-F00C-4A76-B613-993117A6FF9B}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip_{FE33AF85-F00C-4A76-B613-993117A6FF9B}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 18: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A194EADC-93D5-4568-ABFE-45A580157D85}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 19: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A194EADC-93D5-4568-ABFE-45A580157D85}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 20: NOD32
GUID: {28A4D8DA-E908-4C6F-A926-A66CC7AD3224}
Filename: C:\WINDOWS\system32\imon.dll

Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS

Namespace Provider 2: Espacio de nombre NLA (Network Location Awareness)
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace



--- Uninstall list ---
AC-3 ACM Decompressor (AC3ACM)
uninstall cmd: C:\WINDOWS\System32\rundll32.exe setupapi,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\AC3ACM.inf

AC3Filter (remove only) (AC3Filter)
uninstall cmd: C:\Archivos de programa\Windows Media Player\AC3Filter\uninstall.exe

WebEx (ActiveTouchMeetingClient)
uninstall cmd: C:\ARCHIV~1\MOZILL~1\plugins\atcliun.exe
publisher: WebEx Communications, Inc
contact: Customer Support
help link: http://support.webex.com/

Ad-Aware SE Personal 1.06 (Ad-Aware SE Personal)
uninstall cmd: C:\ARCHIV~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\ARCHIV~1\Lavasoft\AD-AWA~1\INSTALL.LOG
publisher: Lavasoft
help link: http://www.lavasoft.com

Adobe Acrobat 5.0 ME 5.0 (Adobe Acrobat 5.0)
version (major): 5
install location: C:\Archivos de programa\Adobe\Acrobat 5.0 ME
install source: C:\Archivos de programa\Acrobat 5.0 ME\Acrobat 5 ME\
uninstall cmd: C:\WINDOWS\ISUNINST.EXE -f"C:\Archivos de programa\Archivos comunes\Adobe\Acrobat 5.0 ME\NT\Uninst.isu" -c"C:\Archivos de programa\Archivos comunes\Adobe\Acrobat 5.0 ME\NT\Uninst.dll"
publisher: Adobe Systems, Inc.
help link: http://www.adobe.com/prodindex/acrobat/main.html

Adobe Flash Player Plugin 9.0.47.0 (Adobe Flash Player Plugin)
uninstall cmd: C:\WINDOWS\system32\Macromed\Flash\uninstall_plugi n.exe
publisher: Adobe Systems Incorporated

Adobe Shockwave Player 10.1.4.20 (Adobe Shockwave Player)
uninstall cmd: C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
publisher: Adobe Systems, Inc.
help link: http://www.adobe.com/es/support/shockwave

Agere Systems PCI Soft Modem (Agere Systems Soft Modem)
uninstall cmd: agrsmdel

AnyCount, Version 4.0 (AnyCount 4.0_is1)
install location: C:\Archivos de programa\AnyCount 4.0\
uninstall cmd: "C:\Archivos de programa\AnyCount 4.0\unins000.exe"
publisher: Advanced International Translations
help link: http://www.anycount.com

aRGENTeaM Search Engine 0.1.0.3 beta 0.1.0.3 beta (aRGENTeaM Search Engine)
uninstall cmd: C:\Archivos de programa\aRGENTeaM\aRGENTeaM SE\uninst.exe
publisher: aRGENTeaM

Aurélio - Século XXI (Aurélio - Século XXI)
uninstall cmd: C:\WINDOWS\IsUn0416.exe -f"C:\Archivos de programa\Aurélio - Século XXI\Uninst.isu"

BlackBerry Desktop Software 4.2 4.2.0.14 (BlackBerry_{3B7DAD74-8F16-4AEF-B0CA-4072CB1BF9AA})
version: 67108864
version (major): 4
install location: C:\Archivos de programa\Research In Motion\BlackBerry\
install source: D:\files\exec\bbinstaller\
uninstall cmd: MsiExec.exe /i{3B7DAD74-8F16-4AEF-B0CA-4072CB1BF9AA}
publisher: Research In Motion Ltd.

(Branding)

BroadGun pdfMachine (BroadGun pdfMachine)
uninstall cmd: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\bgssetu p.exe -uninstall

CCleaner (remove only) (CCleaner)
uninstall cmd: "C:\Archivos de programa\CCleaner\uninst.exe"

(Connection Manager)

CorelDRAW 10 (CorelDRAW 10)
uninstall cmd: C:\WINDOWS\Corel\uninst32.exe

Crystal Player Free 1.76 (Crystal Player)
uninstall cmd: C:\Archivos de programa\Crystal Player\Uninstall.exe

D.R.A.E. (D.R.A.E.)
uninstall cmd: C:\WINDOWS\unin040a.exe -f"c:\archivos de programa\DeIsL1.isu" -c"c:\archivos de programa\_ISREG32.DLL"

Diccionario Espasa de Medicina (Diccionario Espasa de Medicina)
uninstall cmd: C:\ARCHIV~1\DEM\UNWISE.EXE C:\ARCHIV~1\DEM\INSTALL.LOG

Disk Cleaner (remove only) (DiskCleaner)
uninstall cmd: "C:\Archivos de programa\Disk Cleaner\uninstall.exe"

DivX Pro Codec Adware (DivX Codec)
uninstall cmd: C:\WINDOWS\unvise32.exe c:\archivos de programa\windows media player\UninstalDivXProCodecAdware.log

El diccionario Mosby (El diccionario Mosby)
uninstall cmd: C:\ARCHIV~1\DM\Desinstalar.exe C:\ARCHIV~1\DM\INSTALL.LOG

eMule (eMule)
uninstall cmd: "C:\Archivos de programa\eMule pHoeniX\eMule\Uninstall.exe"

eMule pHoeniX 1.14 1.14 (eMule pHoeniX)
uninstall cmd: C:\Archivos de programa\eMule pHoeniX\uninst.exe
publisher: The Phoenix Team

eMusic - 100 Free MP3 offer (eMusic Promotion)
uninstall cmd: "C:\Archivos de programa\Winamp\eMusic\Uninst-eMusic-promotion.exe"

Software de impresora EPSON (EPSON Printer and Utilities)
uninstall cmd: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDAT E.EXE /R

EPSON Scan (EPSON Scanner)
uninstall cmd: C:\Archivos de programa\epson\escndv\setup\setup.exe /r

FaxTalk Communicator 4.5 (FaxTalk Communicator 4.5)
uninstall cmd: C:\WINDOWS\IsUn040a.exe -f"C:\Archivos de programa\FaxTalk Communicator\Uninst.isu" -c"C:\Archivos de programa\FaxTalk Communicator\FTUnInUt.dll"

FlashGet(JetCar) (FlashGet(JetCar))
uninstall cmd: C:\ARCHIV~1\FlashGet\UNWISE.EXE C:\ARCHIV~1\FlashGet\INSTALL.LOG

Flickr Uploadr 2.3 (Flickr Uploadr)
uninstall cmd: "C:\Archivos de programa\Flickr Uploadr\uninstall.exe"

Garfields 9 Lives Screen Saver (Garfields 9 Lives)
uninstall cmd: C:\WINDOWS\Garfields 9 Lives.scr /u

HijackThis 1.99.1 1.99.1 (HijackThis)
uninstall cmd: C:\Documents and Settings\Sabrina\Escritorio\HijackThis.exe /uninstall
publisher: Soeperman Enterprises Ltd.

(InstallShield Uninstall Information)

SDL TeamWorks 2006 Client 3.0.743 (InstallShield_{7EE6D645-4DD9-496B-92D6-D2A6CA54F496})
version: 50332391
version (major): 3
estimated size: 37908
install date: 20060802
install location: C:\Archivos de programa\SDL International\SDLTeamWorks Client\
install source: C:\WINDOWS\Downloaded Installations\{7EE6D645-4DD9-496B-92D6-D2A6CA54F496}\
uninstall cmd: C:\ARCHIV~1\ARCHIV~1\INSTAL~1\Driver\1050\INTEL3~1 \IDriver.exe /M{7EE6D645-4DD9-496B-92D6-D2A6CA54F496}
publisher: SDL International

iTunes 6.0.1.3 (InstallShield_{872653C6-5DDC-488B-B7C2-CF9E4D9335E5})
version: 100663297
version (major): 6
estimated size: 32022
install date: 20070206
install location: C:\Archivos de programa\iTunes\
install source: C:\WINDOWS\Downloaded Installations\{872653C6-5DDC-488B-B7C2-CF9E4D9335E5}\
uninstall cmd: C:\ARCHIV~1\ARCHIV~1\INSTAL~1\Driver\11\INTEL3~1\I Driver.exe /M{872653C6-5DDC-488B-B7C2-CF9E4D9335E5} /l1034
publisher: Apple Computer, Inc.
contact: Soporte AppleCare
help link: http://www.info.apple.com/eses/index.html
help telephone: 1-800-275-2273

Java Web Start (Java Web Start)
uninstall cmd: "C:\Archivos de programa\Java Web Start\uninst-javaws.exe"

Kaspersky Online Scanner 5.0.84.1 (Kaspersky Online Scanner)
estimated size: 6040
install location: C:\WINDOWS\system32\KASPER~1\KASPER~2
uninstall cmd: C:\WINDOWS\system32\KASPER~1\KASPER~2\kavuninstall .exe
publisher: Kaspersky Lab
contact: Customer Support Department
help link: http://www.kaspersky.com/support.asp

(KB884016)

(KB884267)

(KB885353)

(KB886612)

(KB887078)

(KB887626)

(KB888656)

(KB889858)

(KB891122)

(KB892313)

(KB893240)

(KB893241)

(KB893803)

(KB895181)

(KB895316)

(KB895572)

(KB897586)

(KB898549)

(KB900399)

(KB902344)

(KB907658)

(KB911565)

(KB911854)

Microsoft .NET Framework 1.1 Hotfix (KB886903) (M886903)
uninstall cmd: "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Upda tes\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Upda tes\M886903\M886903Uninstall.msp"

Microsoft .NET Framework 1.1 Hotfix (KB893251) (M893251)
uninstall cmd: "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Upda tes\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Upda tes\M893251\M893251Uninstall.msp"

mad_ss_01 Screen Saver (mad_ss_01)
uninstall cmd: C:\WINDOWS\mad_ss_01.scr /u

Microsoft .NET Framework 1.1 (Microsoft .NET Framework 1.1 (1033))
uninstall cmd: msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
readme: file://C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\ RepairRedist.htm

Microsoft .NET Framework (English) v1.0.3705 (Microsoft .NET Framework Full v1.0.3705 (1033))
uninstall cmd: C:\WINDOWS\Microsoft.NET\Framework\Install.exe /u /p Microsoft .NET Framework Full v1.0.3705 (1033)
readme: file://C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\repai r.htm

Mozilla Firefox (2.0.0.7) 2.0.0.7 (en-US) (Mozilla Firefox (2.0.0.7))
install location: C:\Archivos de programa\Mozilla Firefox
uninstall cmd: C:\Archivos de programa\Mozilla Firefox\uninstall\helper.exe
publisher: Mozilla
comments: Mozilla Firefox

Microsoft Compression Client Pack 1.0 for Windows XP 1 (MSCompPackV1)
install date: 20070703
uninstall cmd: "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spu ninst.exe"
publisher: Microsoft Corporation
help link: http://go.microsoft.com/fwlink/?LinkId=74087

(MSI30-Beta1)

(MSI30-Beta2)

(MSI30-KB884016)

(MSI30-RC1)

(MSI30-RC2)

(MSI30a-KB884016)

(MSI31-Beta)

(MSI31-RC1)

NOD32 antivirus system (NOD32)
uninstall cmd: C:\Archivos de programa\Eset\Setup\setup.exe /UNINSTALL

Panda ActiveScan (Panda ActiveScan)
uninstall cmd: C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
publisher: Panda Software S.L.

(PCHealth)
uninstall cmd: rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

PDF Editor 2 (PDF Editor 2)
uninstall cmd: C:\WINDOWS\cadkasdeinst01s.exe "C:\Archivos de programa\PDF Editor 2\"

Picasa 2 2.0 (Picasa2)
uninstall cmd: "C:\Archivos de programa\Picasa\Picasa2\Uninstall.exe"
publisher: Google, Inc.
help link: http://www.picasa.com/

Radio Media Player (Radio Media Player)
uninstall cmd: C:\Archivos de programa\Windows Media Player\Plugins\Radios Media Player\uninst.exe
publisher: Todae.fr

(RealJukebox 1.0)
uninstall cmd: C:\Archivos de programa\Archivos comunes\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

RealPlayer (RealPlayer 6.0)
uninstall cmd: C:\Archivos de programa\Archivos comunes\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

UniChrome IGP Driver and Utilities (S3)
uninstall cmd: C:\ARCHIV~1\S3Inc\S3\s3setvga.exe -s -fC:\ARCHIV~1\S3Inc\S3\S3.uns

Adobe Flash Player 9 ActiveX 9 (ShockwaveFlash)
uninstall cmd: C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
publisher: Adobe Systems
help link: http://www.adobe.com/go/flashplayer_support/

Manual de la CX3700 (Silent Package Run-Time Sample)
uninstall cmd: C:\Archivos de programa\epson\guide\cx3700_s\uninstall.exe

Skype 2.5 2.5 (Skype_is1)
install location: C:\Archivos de programa\Skype\Phone\
uninstall cmd: "C:\Archivos de programa\Skype\Phone\unins000.exe"
publisher: Skype Technologies S.A.
help link: http://ui.skype.com/ui/0/2.5.0.151/en/help

Spybot - Search & Destroy 1.4 1.4 (Spybot - Search & Destroy_is1)
install location: C:\Archivos de programa\Spybot - Search & Destroy\
uninstall cmd: "C:\Archivos de programa\Spybot - Search & Destroy\unins000.exe"
publisher: Safer Networking Limited

S.I.Ap. (ST5UNST #1)
uninstall cmd: C:\WINDOWS\ST5UNST.EXE -n "C:\Archivos de programa\S.I.Ap\AFIPST5UNST.LOG"

Ingresos Brutos-Provincia de Buenos Aires (ST5UNST #2)
uninstall cmd: C:\WINDOWS\ST5UNST.EXE -n "C:\Archivos de programa\S.I.Ap\AFIP\IB2ST5UNST.LOG"

S3 S3Display (VTDisplay)
uninstall cmd: vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Display'

S3 S3Gamma2 (VTGamma2)
uninstall cmd: vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Gamma2'

S3 S3Info2 (VTInfo2)
uninstall cmd: vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Info2'

S3 S3Overlay (VTOverlay)
uninstall cmd: vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Overlay'

Webshots Desktop (Webshots Desktop)
uninstall cmd: C:\ARCHIV~1\Webshots\UNWISE.EXE C:\ARCHIV~1\Webshots\INSTALL.LOG

Winamp (remove only) (Winamp)
uninstall cmd: "C:\Archivos de programa\Winamp\UninstWA.exe"

Windows Media Format 11 runtime (Windows Media Format Runtime)
uninstall cmd: "C:\Archivos de programa\Windows Media Player\wmsetsdk.exe" /UninstallAll
help link: http://go.microsoft.com/fwlink/?LinkId=62768

Reproductor de Windows Media 11 (Windows Media Player)
uninstall cmd: "C:\Archivos de programa\Windows Media Player\Setup_wm.exe" /Uninstall

WinRAR archiver (WinRAR archiver)
uninstall cmd: C:\Archivos de programa\WinRAR\uninstall.exe

WinZip (WinZip)
uninstall cmd: "C:\Archivos de programa\WinZip\WINZIP32.EXE" /uninstall

(WMCSetup)

Windows Media Format 11 runtime (WMFDist11)
install date: 20070703
uninstall cmd: "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spunin st.exe"
publisher: Microsoft Corporation
help link: http:

Windows Media Player 11 (wmp11)
install date: 20070703
uninstall cmd: "C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.e xe"
publisher: Microsoft Corporation
help link: http:

Microsoft User-Mode Driver Framework Feature Pack 1.0 (Wudf01000)
install date: 20070703
uninstall cmd: "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spunin st.exe"
publisher: Microsoft Corporation
comments: Build Number 5716

XviD MPEG-4 Video Codec XviD-1.0-09052004 (XviD_is1)
uninstall cmd: "C:\Archivos de programa\Windows Media Player\XviD\unins000.exe"
publisher: XviD Team (Koepi)
help link: http://forum.doom9.org/forumdisplay.php?s=&forumid=52

Yahoo! Desktop Search (Yahoo! Desktop Search)
uninstall cmd: "C:\Archivos de programa\Yahoo!\Yahoo! Desktop Search\YahooDesktopSearch.exe" -uninstall

SDL Trados 2006 Freelance 7.50.756 ({010E52FC-DF6A-4E1A-84F4-9AB41DC9653B})
version: 120718068
version (major): 7
version (minor): 50
estimated size: 138707
install date: 20061002
install source: